Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ (https://www.trojaner-board.de/145102-windows-7-befall-mehreren-trojanern-viren-win64-conedex-b-c-i-win64-sirefef-az-bj.html)

oigen 24.11.2013 14:39
Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ
 
Liebes TB-Team,

ich habe seit gestern Probleme mit mehreren Trojanern/Viren - laut dem Log von ESET sind das:

Win64/Conedex.B trojan
Win64/Conedex.C trojan
Win64/Conedex.I trojan

Win64/Sirefef.AZ
Win64/Sirefef.BJ
Win32/Sirefef.FV

Win32/Kryptik.BPOA

Seit dem Befall bekomme ich regelmässige alle paar Minuten eine Meldung von ESET - sie werden aber einfach nicht entfernt. Auch in manuellen Scans konnte das Problem nicht behoben werden.

Damit einher gegangen sein dürfte, dass ich im Verzeichnis
C:\Program Files (x86)\Google\Desktop\Install
nichts löschen kann, und der Windows-Explorer abstürzt.

In meiner Verzweiflung habe ich mir die 30-Tage-Testversion von Emsisoft heruntergeladen und installiert. Leider konnten die Probleme auch damit nicht behoben werden.

Es folgen die Logs:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:36 on 24/11/2013 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013 03
Ran by Andi (ATTENTION: The logged in user is not administrator) on PC on 24-11-2013 14:04:13
Running from C:\Users\Andi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Orbitum] - C:\Users\Andi\AppData\Local\Orbitum\Application\chrome.exe
HKCU\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {10e3d94e-ad86-11e1-b219-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {8cf2d829-4bc2-11e2-b468-001e101f7fb6} - E:\AutoRun.exe
MountPoints2: {9a409562-acd6-11e1-9bc0-642737311941} - F:\AutoRun.exe
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)
HKLM-x32\...\Run: [emsisoft anti-malware] - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4329408 2013-09-30] (Emsisoft GmbH)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default-1382384792839
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4153784 2013-09-30] (Emsisoft GmbH)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S2 WebCakeUpdater; "C:\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe" [x]
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\  \...\???\{b76a39d9-6a23-bedc-000d-ea3828816a40}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-08-24] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-28] (Emsisoft GmbH)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-08-19] (Emsisoft GmbH)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U3 ugldapow; \??\C:\Users\Admin\AppData\Local\Temp\ugldapow.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-24 14:04 - 2013-11-24 14:04 - 00017687 _____ C:\Users\Andi\Desktop\FRST.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Downloads\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:38 - 2013-11-24 13:39 - 00036249 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-24 13:37 - 2013-11-24 13:37 - 01958396 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:55 - 2013-11-24 08:55 - 00001099 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-11-24 08:54 - 2013-11-24 13:57 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:51 - 2013-11-24 08:54 - 209467344 _____ (Emsisoft GmbH                                              ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:40 - 2013-11-24 08:42 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:26 - 2013-11-24 13:31 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 17:24 - 2013-11-23 17:25 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:22 - 2013-11-23 17:24 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:35 - 2013-11-23 16:37 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 16:32 - 2013-11-23 18:35 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-20 12:27 - 2013-11-23 09:41 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-19 06:29 - 2013-11-19 06:30 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-15 20:17 - 2013-11-15 20:21 - 00000000 ____D C:\Hörbücher
2013-11-13 08:57 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 08:57 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 08:57 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 08:57 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 07:23 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 07:23 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 07:23 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 07:23 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 07:23 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 07:23 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 07:23 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 07:23 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 07:23 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 07:23 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 07:23 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 07:23 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 07:23 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:24 - 2013-11-24 08:28 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2013-11-24 14:04 - 2013-11-24 14:04 - 00017687 _____ C:\Users\Andi\Desktop\FRST.txt
2013-11-24 13:58 - 2012-01-15 19:22 - 02024885 _____ C:\Windows\WindowsUpdate.log
2013-11-24 13:57 - 2013-11-24 08:54 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-11-24 13:55 - 2013-10-08 08:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec3fb17587276.job
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Downloads\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:40 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-24 13:40 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-24 13:39 - 2013-11-24 13:38 - 00036249 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-24 13:37 - 2013-11-24 13:37 - 01958396 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-11-24 13:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:36 - 2012-06-02 11:21 - 00000000 ____D C:\Users\Admin
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 13:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-24 13:17 - 2013-07-28 20:54 - 00001212 _____ C:\Windows\Tasks\FreeHDSport TV-updater.job
2013-11-24 13:17 - 2013-07-28 20:54 - 00001206 _____ C:\Windows\Tasks\FreeHDSport TV-codedownloader.job
2013-11-24 13:17 - 2013-07-28 20:54 - 00001116 _____ C:\Windows\Tasks\FreeHDSport TV-enabler.job
2013-11-24 13:17 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-24 13:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 13:17 - 2009-07-14 05:51 - 00180057 _____ C:\Windows\setupact.log
2013-11-24 13:14 - 2013-07-28 20:54 - 00000000 ____D C:\Program Files (x86)\FreeHDSport TV
2013-11-24 12:56 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2013-11-24 08:55 - 2013-11-24 08:55 - 00001099 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:54 - 2013-11-24 08:51 - 209467344 _____ (Emsisoft GmbH                                              ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:42 - 2013-11-24 08:40 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:31 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2013-11-24 08:31 - 2012-06-02 11:43 - 00000000 ____D C:\ProgramData\clear.fi
2013-11-24 08:28 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-24 08:23 - 2012-06-02 11:21 - 00119864 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-24 08:11 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2013-11-23 21:17 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 18:35 - 2013-11-23 16:32 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-23 17:31 - 2013-07-08 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-23 17:31 - 2012-06-02 13:19 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-11-23 17:25 - 2013-11-23 17:24 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:24 - 2013-11-23 17:22 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:37 - 2013-11-23 16:35 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 15:11 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos
2013-11-23 15:11 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2013-11-23 15:11 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2013-11-23 15:11 - 2009-07-14 06:13 - 01528554 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-23 09:41 - 2013-11-20 12:27 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-23 09:28 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2013-11-19 06:30 - 2013-11-19 06:29 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-17 16:43 - 2012-06-05 06:00 - 00000000 ____D C:\Users\Andi
2013-11-16 11:53 - 2012-07-09 11:24 - 00000000 ____D C:\Windows\Minidump
2013-11-16 11:53 - 2012-07-09 11:23 - 519110408 _____ C:\Windows\MEMORY.DMP
2013-11-15 20:21 - 2013-11-15 20:17 - 00000000 ____D C:\Hörbücher
2013-11-14 06:46 - 2013-10-16 22:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 06:46 - 2013-04-15 21:58 - 00001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 16:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 13:26 - 2010-11-21 04:47 - 00336306 _____ C:\Windows\PFRO.log
2013-11-13 08:57 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 08:55 - 2013-08-15 14:17 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 07:29 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 16:04 - 2013-02-07 07:26 - 00000000 ____D C:\Filme und Serien
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk
2013-11-02 19:58 - 2012-06-02 13:28 - 00119864 _____ C:\Users\Angi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-02 17:15 - 2012-06-02 13:52 - 00000000 ____D C:\Users\Angi\AppData\Roaming\SoftGrid Client
2013-11-02 16:55 - 2012-08-18 11:00 - 00000000 ____D C:\Users\Angi\Downloads\Rezepte
2013-10-27 09:36 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
ZeroAccess:
C:\Users\Admin\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Admin\AppData\Local\Temp\htmlayout.dll
C:\Users\Admin\AppData\Local\Temp\InstHelper.exe
C:\Users\Admin\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Andi\AppData\Local\Temp\addon.exe
C:\Users\Andi\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Andi\AppData\Local\Temp\install_flashplayer11x32au_mssa_aih.exe
C:\Users\Andi\AppData\Local\Temp\mediaget-uninstaller.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2013 03
Ran by Andi at 2013-11-24 14:04:34
Running from C:\Users\Andi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acer Backup Manager (x32 Version: 3.0.0.99)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904)
Acer ePower Management (x32 Version: 6.00.3008)
Acer eRecovery Management (x32 Version: 5.00.3504)
Acer Games (x32 Version: 1.0.2.5)
Acer Registration (x32 Version: 1.04.3504)
Acer ScreenSaver (x32 Version: 1.1.0913.2011)
Acer Updater (x32 Version: 1.02.3500)
Adobe AIR (x32 Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
Backup Manager V3 (x32 Version: 3.0.0.99)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bing Bar (x32 Version: 7.0.765.0)
BitTorrent (HKCU Version: 7.8.2.30265)
Broadcom Card Reader Driver Installer (Version: 14.8.2.2)
Broadcom NetLink Controller (Version: 14.8.4.1)
Canon MP550 series MP Drivers
Chuzzle Deluxe (x32 Version: 2.2.0.95)
clear.fi (x32 Version: 1.0.1517_36458)
clear.fi (x32 Version: 1.0.2024.00)
clear.fi (x32 Version: 9.0.8026)
clear.fi Client (x32 Version: 1.00.3500)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97)
D3DX10 (x32 Version: 15.4.2368.0902)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.7)
eBay Worldwide (x32 Version: 2.2.0409)
Emsisoft Anti-Malware (x32 Version: 8.1)
ESET Smart Security (Version: 6.0.316.0)
ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3)
Evernote v. 4.5.1 (x32 Version: 4.5.1.5451)
FATE (x32 Version: 2.2.0.97)
Final Drive: Nitro (x32 Version: 2.2.0.95)
Fooz Kids (x32 Version: 3.0.8)
Fooz Kids Platform (x32 Version: 2.1)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
FreeHDSport TV (x32 Version: 1.27.153.8)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
Garmin Communicator Plugin (x32 Version: 4.0.3)
Garmin Communicator Plugin x64 (Version: 4.0.3)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Identity Card (x32 Version: 1.00.3501)
IlemiTVApp (x32 Version: 2.1 Build 26473)
Insaniquarium Deluxe (x32 Version: 2.2.0.97)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026)
Jewel Match 3 (x32 Version: 2.2.0.97)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Launch Manager (x32 Version: 5.1.7)
McAfee Security Scan Plus (Version: 3.8.130.10)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1005)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5128.5002)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 14.0.1 (x86 de) (x32 Version: 14.0.1)
Mozilla Maintenance Service (x32 Version: 14.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98)
MyWinLocker (Version: 4.0.14.27)
MyWinLocker 4 (x32 Version: 4.0.14.27)
MyWinLocker Suite (x32 Version: 4.0.14.19)
Need For Speed™ World (x32 Version: 1.0.0.1055)
newsXpresso (x32 Version: 1.0.0.40)
Norton Online Backup (x32 Version: 2.1.17869)
NTI Media Maker 9 (x32 Version: 9.0.2.9002)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1005)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1005)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Penguins! (x32 Version: 2.2.0.95)
PerformanceTest v7.0 (64-bit) (Version: 7.0)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Polar Bowler (x32 Version: 2.2.0.97)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
QuickTime (x32 Version: 7.74.80.86)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
Skype™ 5.10 (x32 Version: 5.10.116)
Slingo Deluxe (x32 Version: 2.2.0.95)
StreamTorrent 1.0 (x32)
Tinypic 3.18 (x32 Version: Tinypic 3.18)
T-Mobile Internet Manager (x32 Version: 11.301.05.34.55)
Torchlight (x32 Version: 2.2.0.97)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97)
VLC Codec Pack 2.0.5 (x32 Version: 2.0.5)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Web Cake 3.00 (Version: 3.00)
Wedding Dash (x32 Version: 2.2.0.95)
Welcome Center (x32 Version: 1.02.3504)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
Wondershare MobileGo for Android ( Version 4.1.0 ) (x32 Version: 4.1.0)
Wsys Control 1.0.0.2557 (x32 Version: 1.0.0.2557)
Zuma Deluxe (x32 Version: 2.2.0.95)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
بريد Windows Live (x32 Version: 15.4.3502.0922)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\FreeHDSport TV-codedownloader.job => ?
Task: C:\Windows\Tasks\FreeHDSport TV-enabler.job => ?
Task: C:\Windows\Tasks\FreeHDSport TV-updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec3fb17587276.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job => ?

==================== Loaded Modules (whitelisted) =============

2011-10-14 04:57 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-23 17:15 - 2013-11-23 17:15 - 02492416 _____ () C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll
2013-11-23 17:15 - 2013-11-23 17:15 - 02179072 _____ () C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-06-02 13:17 - 2012-08-01 06:46 - 02003424 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-09 11:37 - 2013-10-09 11:37 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2013 01:51:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Name des fehlerhaften Moduls: nvinit.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x506b31f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x74a6ce39
ID des fehlerhaften Prozesses: 0x1598
Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0
Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1
Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2
Berichtskennung: gmer_2.1.19163.exe3

Error: (11/24/2013 01:19:54 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000000000054eea
ID des fehlerhaften Prozesses: 0xbe0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (11/24/2013 01:17:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2013 08:35:29 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000000000054f01
ID des fehlerhaften Prozesses: 0xf94
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (11/24/2013 08:32:27 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000000000005501f
ID des fehlerhaften Prozesses: 0xbe8
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (11/24/2013 08:32:07 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000000000005501f
ID des fehlerhaften Prozesses: 0x17cc
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (11/24/2013 08:31:46 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000000000054eea
ID des fehlerhaften Prozesses: 0x6f8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (11/24/2013 08:30:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2013 08:24:24 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000000000053520
ID des fehlerhaften Prozesses: 0x17a4
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (11/24/2013 08:23:24 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000000000054eea
ID des fehlerhaften Prozesses: 0x218
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3


System errors:
=============
Error: (11/24/2013 01:53:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (11/24/2013 01:53:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891

Error: (11/24/2013 01:20:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891

Error: (11/24/2013 01:20:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (11/24/2013 01:19:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (11/24/2013 01:19:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/24/2013 01:18:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891

Error: (11/24/2013 01:18:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (11/24/2013 01:17:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WebCakeUpdater" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (11/24/2013 01:17:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.


Microsoft Office Sessions:
=========================
Error: (11/24/2013 01:51:27 PM) (Source: Application Error)(User: )
Description: gmer_2.1.19163.exe2.1.19163.0515d31f0nvinit.dll_unloaded0.0.0.0506b31f3c000000574a6ce39159801cee912b8d33ac3C:\Users\Andi\Downloads\gmer_2.1.19163.exenvinit.dll2160d960-5507-11e3-b5af-dc0ea12b1b2b

Error: (11/24/2013 01:19:54 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd0000000000054eeabe001cee90f1a6776e8C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dllb965c702-5502-11e3-b5af-dc0ea12b1b2b

Error: (11/24/2013 01:17:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2013 08:35:29 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd0000000000054f01f9401cee8e755662322C:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dllfd502567-54da-11e3-bc90-dc0ea12b1b2b

Error: (11/24/2013 08:32:27 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd000000000005501fbe801cee8e748eb5e45C:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dll911a0a48-54da-11e3-bc90-dc0ea12b1b2b

Error: (11/24/2013 08:32:07 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd000000000005501f17cc01cee8e73cb821f5C:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dll84f9b9b5-54da-11e3-bc90-dc0ea12b1b2b

Error: (11/24/2013 08:31:46 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd0000000000054eea6f801cee8e72195d4c7C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll787f141d-54da-11e3-bc90-dc0ea12b1b2b

Error: (11/24/2013 08:30:06 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2013 08:24:24 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd000000000005352017a401cee8e61b54ee23C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll711e383e-54d9-11e3-ab73-dc0ea12b1b2b

Error: (11/24/2013 08:23:24 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd0000000000054eea21801cee8e5bca6f0ecC:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dll4d9fb392-54d9-11e3-ab73-dc0ea12b1b2b


==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 8043.86 MB
Available physical RAM: 5308.87 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13319.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:913.41 GB) (Free:610.89 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
Die Log von GMER und ESET waren leider zu groß - deshalb mußte ich sie anhängen bzw. zippen!

Herzlichen Dank im Voraus, liebe Grüße,
Andreas

schrauber 24.11.2013 16:26
hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

oigen 24.11.2013 18:31
Code:
ComboFix 13-11-23.02 - Admin 24.11.2013  16:47:28.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.8044.5805 [GMT 1:00]
ausgeführt von:: C:\Users\Andi\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.
Problem: Habe es leider nicht geschafft, ESET zu beenden - jetzt hat sich Combofix aufgehängt, und auch nach Neustart springen Fenster über mein Desktop :(

Update:

Habe es geschafft, ComboFix zu beenden und neu zu starten. Wenn fertig, stelle ich das Log wieder hier rein!

schrauber 25.11.2013 08:24
ok :)

oigen 25.11.2013 19:38
Liste der Anhänge anzeigen (Anzahl: 1)
Code:
ComboFix 13-11-23.02 - Admin 25.11.2013  2:05:37.4.4 - x64
ausgeführt von:: C:\Users\Andi\Desktop\ComboFix.exe
Leider keine Verbesserung und nur ein kurzes Log (oben) :( Beim ersten Start hatte ich ein längeres Log gesehen, aber durch den Absturz habe ich neu gestartet, und jetzt sieht es so aus. Mit "normalem" Hochfahren sieht der Bildschirm jetzt aus wie im Anhang - das Fenster läuft von links oben nach rechts unten über den Bildschirm. Dies stoppt leider nicht - die einzige Möglichkeit war, im abgesicherten Modus zu starten, und C:\Combofix vorübergehend zu löschen.

Gute Nachricht: die Trojaner werden mittlerweile nicht mehr angezeit.
Immer noch schlechte Nachricht: Das Verzeichnis ...\Google\Desktop\Install lässt sich immer noch nicht löschen.

Nochmals danke,
Andreas

schrauber 26.11.2013 10:45
hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

oigen 26.11.2013 15:36
Hi,

TDSSKiller findet offenbar nichts. Log:

Code:
15:29:55.0381 3408  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:29:57.0253 3408  ============================================================
15:29:57.0253 3408  Current date / time: 2013/11/26 15:29:57.0253
15:29:57.0253 3408  SystemInfo:
15:29:57.0253 3408 
15:29:57.0253 3408  OS Version: 6.1.7601 ServicePack: 1.0
15:29:57.0253 3408  Product type: Workstation
15:29:57.0253 3408  ComputerName: PC
15:29:57.0253 3408  UserName: Admin
15:29:57.0253 3408  Windows directory: C:\Windows
15:29:57.0253 3408  System windows directory: C:\Windows
15:29:57.0253 3408  Running under WOW64
15:29:57.0253 3408  Processor architecture: Intel x64
15:29:57.0253 3408  Number of processors: 4
15:29:57.0253 3408  Page size: 0x1000
15:29:57.0253 3408  Boot type: Normal boot
15:29:57.0253 3408  ============================================================
15:29:57.0627 3408  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:29:57.0643 3408  ============================================================
15:29:57.0643 3408  \Device\Harddisk0\DR0:
15:29:57.0643 3408  MBR partitions:
15:29:57.0643 3408  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
15:29:57.0643 3408  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x722D3800
15:29:57.0643 3408  ============================================================
15:29:57.0658 3408  C: <-> \Device\Harddisk0\DR0\Partition2
15:29:57.0658 3408  ============================================================
15:29:57.0658 3408  Initialize success
15:29:57.0658 3408  ============================================================
15:30:50.0964 4052  ============================================================
15:30:50.0964 4052  Scan started
15:30:50.0964 4052  Mode: Manual; SigCheck; TDLFS;
15:30:50.0964 4052  ============================================================
15:30:51.0104 4052  ================ Scan system memory ========================
15:30:51.0104 4052  System memory - ok
15:30:51.0104 4052  ================ Scan services =============================
15:30:51.0291 4052  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:30:51.0416 4052  1394ohci - ok
15:30:51.0463 4052  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:30:51.0510 4052  ACPI - ok
15:30:51.0525 4052  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
15:30:51.0603 4052  AcpiPmi - ok
15:30:51.0666 4052  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:30:51.0697 4052  AdobeARMservice - ok
15:30:51.0790 4052  [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:30:51.0822 4052  AdobeFlashPlayerUpdateSvc - ok
15:30:51.0837 4052  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
15:30:51.0868 4052  adp94xx - ok
15:30:51.0915 4052  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
15:30:51.0946 4052  adpahci - ok
15:30:51.0962 4052  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
15:30:51.0978 4052  adpu320 - ok
15:30:52.0024 4052  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
15:30:52.0165 4052  AeLookupSvc - ok
15:30:52.0212 4052  [ 79059559E89D06E8B80CE2944BE20228 ] AFD            C:\Windows\system32\drivers\afd.sys
15:30:52.0290 4052  AFD - ok
15:30:52.0321 4052  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:30:52.0336 4052  agp440 - ok
15:30:52.0368 4052  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
15:30:52.0414 4052  ALG - ok
15:30:52.0446 4052  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:30:52.0461 4052  aliide - ok
15:30:52.0492 4052  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:30:52.0508 4052  amdide - ok
15:30:52.0539 4052  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
15:30:52.0570 4052  AmdK8 - ok
15:30:52.0586 4052  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:30:52.0617 4052  AmdPPM - ok
15:30:52.0633 4052  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
15:30:52.0648 4052  amdsata - ok
15:30:52.0664 4052  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:30:52.0680 4052  amdsbs - ok
15:30:52.0695 4052  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
15:30:52.0711 4052  amdxata - ok
15:30:52.0742 4052  [ 1CB73619E0F0C7C0BEA7A7B6DC5D2D1E ] androidusb      C:\Windows\system32\Drivers\wsadb.sys
15:30:52.0758 4052  androidusb - ok
15:30:52.0773 4052  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
15:30:52.0960 4052  AppID - ok
15:30:52.0992 4052  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:30:53.0070 4052  AppIDSvc - ok
15:30:53.0116 4052  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo        C:\Windows\System32\appinfo.dll
15:30:53.0163 4052  Appinfo - ok
15:30:53.0179 4052  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\drivers\arc.sys
15:30:53.0194 4052  arc - ok
15:30:53.0210 4052  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:30:53.0226 4052  arcsas - ok
15:30:53.0241 4052  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:30:53.0319 4052  AsyncMac - ok
15:30:53.0350 4052  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
15:30:53.0366 4052  atapi - ok
15:30:53.0460 4052  [ 956BC6EB96AA09478BD897AF8DF55A62 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:30:53.0538 4052  athr - ok
15:30:53.0584 4052  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:30:53.0631 4052  AudioEndpointBuilder - ok
15:30:53.0647 4052  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:30:53.0678 4052  AudioSrv - ok
15:30:53.0678 4052  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:30:53.0803 4052  AxInstSV - ok
15:30:53.0834 4052  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
15:30:53.0881 4052  b06bdrv - ok
15:30:53.0896 4052  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:30:53.0928 4052  b57nd60a - ok
15:30:53.0959 4052  [ A424CB46A145E5AABF15621550976DF2 ] b57xdbd        C:\Windows\system32\DRIVERS\b57xdbd.sys
15:30:53.0974 4052  b57xdbd - ok
15:30:53.0974 4052  [ BE4E6FD5A898812B85D5817AD9754A9F ] b57xdmp        C:\Windows\system32\DRIVERS\b57xdmp.sys
15:30:53.0990 4052  b57xdmp - ok
15:30:54.0037 4052  [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc          C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:30:54.0068 4052  BBSvc - ok
15:30:54.0084 4052  [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:30:54.0099 4052  BBUpdate - ok
15:30:54.0146 4052  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:30:54.0193 4052  BDESVC - ok
15:30:54.0240 4052  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:30:54.0318 4052  Beep - ok
15:30:54.0349 4052  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
15:30:54.0396 4052  BFE - ok
15:30:54.0442 4052  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
15:30:54.0505 4052  BITS - ok
15:30:54.0552 4052  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:30:54.0598 4052  blbdrive - ok
15:30:54.0614 4052  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:30:54.0676 4052  bowser - ok
15:30:54.0708 4052  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:30:54.0723 4052  BrFiltLo - ok
15:30:54.0739 4052  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:30:54.0754 4052  BrFiltUp - ok
15:30:54.0770 4052  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:30:54.0817 4052  BridgeMP - ok
15:30:54.0879 4052  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
15:30:54.0926 4052  Browser - ok
15:30:54.0973 4052  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
15:30:55.0051 4052  Brserid - ok
15:30:55.0051 4052  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:30:55.0082 4052  BrSerWdm - ok
15:30:55.0082 4052  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:30:55.0113 4052  BrUsbMdm - ok
15:30:55.0129 4052  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:30:55.0144 4052  BrUsbSer - ok
15:30:55.0176 4052  [ 0970D8B7151E9113BF8D44CE2E954DF7 ] bScsiMSa        C:\Windows\system32\DRIVERS\bScsiMSa.sys
15:30:55.0176 4052  bScsiMSa - ok
15:30:55.0207 4052  [ 0C1EEE5AF32402D306874B110DE237EC ] bScsiSDa        C:\Windows\system32\DRIVERS\bScsiSDa.sys
15:30:55.0207 4052  bScsiSDa - ok
15:30:55.0222 4052  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:30:55.0254 4052  BTHMODEM - ok
15:30:55.0316 4052  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
15:30:55.0378 4052  bthserv - ok
15:30:55.0378 4052  catchme - ok
15:30:55.0410 4052  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:30:55.0456 4052  cdfs - ok
15:30:55.0472 4052  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
15:30:55.0488 4052  cdrom - ok
15:30:55.0550 4052  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
15:30:55.0597 4052  CertPropSvc - ok
15:30:55.0628 4052  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
15:30:55.0659 4052  circlass - ok
15:30:55.0675 4052  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:30:55.0690 4052  CLFS - ok
15:30:55.0737 4052  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:30:55.0753 4052  clr_optimization_v2.0.50727_32 - ok
15:30:55.0768 4052  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:30:55.0784 4052  clr_optimization_v2.0.50727_64 - ok
15:30:55.0862 4052  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:30:55.0893 4052  clr_optimization_v4.0.30319_32 - ok
15:30:55.0924 4052  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:30:55.0956 4052  clr_optimization_v4.0.30319_64 - ok
15:30:55.0987 4052  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:30:56.0018 4052  CmBatt - ok
15:30:56.0065 4052  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:30:56.0096 4052  cmdide - ok
15:30:56.0127 4052  [ EBF28856F69CF094A902F884CF989706 ] CNG            C:\Windows\system32\Drivers\cng.sys
15:30:56.0174 4052  CNG - ok
15:30:56.0205 4052  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:30:56.0221 4052  Compbatt - ok
15:30:56.0221 4052  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:30:56.0252 4052  CompositeBus - ok
15:30:56.0252 4052  COMSysApp - ok
15:30:56.0268 4052  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
15:30:56.0283 4052  crcdisk - ok
15:30:56.0330 4052  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:30:56.0392 4052  CryptSvc - ok
15:30:56.0486 4052  [ FD557A50A65E44041CD2FCEF4BEB04DB ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:30:56.0533 4052  cvhsvc - ok
15:30:56.0580 4052  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:30:56.0626 4052  DcomLaunch - ok
15:30:56.0658 4052  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
15:30:56.0689 4052  defragsvc - ok
15:30:56.0720 4052  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:30:56.0767 4052  DfsC - ok
15:30:56.0798 4052  [ 388039F99CE8769024EE0438352ACA99 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
15:30:56.0814 4052  dg_ssudbus - ok
15:30:56.0876 4052  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:30:56.0923 4052  Dhcp - ok
15:30:56.0938 4052  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:30:56.0985 4052  discache - ok
15:30:57.0001 4052  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
15:30:57.0016 4052  Disk - ok
15:30:57.0048 4052  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:30:57.0094 4052  Dnscache - ok
15:30:57.0126 4052  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
15:30:57.0157 4052  dot3svc - ok
15:30:57.0204 4052  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
15:30:57.0282 4052  DPS - ok
15:30:57.0313 4052  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
15:30:57.0328 4052  drmkaud - ok
15:30:57.0391 4052  [ 9DD3A22F804697606C2B7FF9E912FF6B ] DsiWMIService  C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:30:57.0422 4052  DsiWMIService - ok
15:30:57.0484 4052  [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
15:30:57.0531 4052  DXGKrnl - ok
15:30:57.0547 4052  [ 398904F1FBF13CEF0FCB822E9CA5F2D5 ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
15:30:57.0562 4052  eamonm - ok
15:30:57.0609 4052  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
15:30:57.0687 4052  EapHost - ok
15:30:57.0796 4052  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\drivers\evbda.sys
15:30:57.0874 4052  ebdrv - ok
15:30:57.0906 4052  [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS            C:\Windows\System32\lsass.exe
15:30:57.0937 4052  EFS - ok
15:30:57.0968 4052  [ 5332EC2BA1C112BD4BB1F38127848FEF ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
15:30:57.0984 4052  EgisTec Ticket Service - ok
15:30:58.0015 4052  [ 9E39134330C18CBAC0F24C1283701D7E ] ehdrv          C:\Windows\system32\DRIVERS\ehdrv.sys
15:30:58.0030 4052  ehdrv - ok
15:30:58.0093 4052  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
15:30:58.0155 4052  ehRecvr - ok
15:30:58.0171 4052  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
15:30:58.0202 4052  ehSched - ok
15:30:58.0296 4052  [ 7FE34FD5652C54BDA8D2DF8AC92E833A ] ekrn            C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
15:30:58.0342 4052  ekrn - ok
15:30:58.0405 4052  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
15:30:58.0436 4052  elxstor - ok
15:30:58.0467 4052  [ 392EC4EA0C265F5BC50D057BEAA593CD ] epfw            C:\Windows\system32\DRIVERS\epfw.sys
15:30:58.0483 4052  epfw - ok
15:30:58.0498 4052  [ 0C9EC63C5BAE9506161F14B8A5C10280 ] EpfwLWF        C:\Windows\system32\DRIVERS\EpfwLWF.sys
15:30:58.0498 4052  EpfwLWF - ok
15:30:58.0530 4052  [ AD03E0C95E750F3FBE84EDA87B2C4E08 ] epfwwfp        C:\Windows\system32\DRIVERS\epfwwfp.sys
15:30:58.0545 4052  epfwwfp - ok
15:30:58.0623 4052  [ 48425C93B6F36529707206E4FA680CF3 ] ePowerSvc      C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
15:30:58.0654 4052  ePowerSvc - ok
15:30:58.0701 4052  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:30:58.0732 4052  ErrDev - ok
15:30:58.0764 4052  [ DBAA0C650C9549DC5C599D1E81DEDAAD ] ETD            C:\Windows\system32\DRIVERS\ETD.sys
15:30:58.0779 4052  ETD - ok
15:30:58.0842 4052  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
15:30:58.0904 4052  EventSystem - ok
15:30:58.0935 4052  [ 477BC304201197F4057090BD60AF1739 ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
15:30:58.0951 4052  ewusbnet - ok
15:30:58.0998 4052  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
15:30:59.0060 4052  exfat - ok
15:30:59.0091 4052  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
15:30:59.0154 4052  fastfat - ok
15:30:59.0185 4052  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
15:30:59.0232 4052  Fax - ok
15:30:59.0278 4052  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\drivers\fdc.sys
15:30:59.0294 4052  fdc - ok
15:30:59.0325 4052  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
15:30:59.0356 4052  fdPHost - ok
15:30:59.0372 4052  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:30:59.0403 4052  FDResPub - ok
15:30:59.0434 4052  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:30:59.0434 4052  FileInfo - ok
15:30:59.0450 4052  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
15:30:59.0497 4052  Filetrace - ok
15:30:59.0544 4052  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:30:59.0559 4052  FLEXnet Licensing Service - ok
15:30:59.0575 4052  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:30:59.0590 4052  flpydisk - ok
15:30:59.0606 4052  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:30:59.0622 4052  FltMgr - ok
15:30:59.0668 4052  [ C4C183E6551084039EC862DA1C945E3D ] FontCache      C:\Windows\system32\FntCache.dll
15:30:59.0700 4052  FontCache - ok
15:30:59.0746 4052  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:30:59.0778 4052  FontCache3.0.0.0 - ok
15:30:59.0793 4052  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
15:30:59.0824 4052  FsDepends - ok
15:30:59.0856 4052  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:30:59.0871 4052  Fs_Rec - ok
15:30:59.0918 4052  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:30:59.0949 4052  fvevol - ok
15:30:59.0980 4052  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:30:59.0980 4052  gagp30kx - ok
15:31:00.0027 4052  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:31:00.0043 4052  GamesAppService - ok
15:31:00.0090 4052  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
15:31:00.0136 4052  gpsvc - ok
15:31:00.0183 4052  [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:31:00.0199 4052  GREGService - ok
15:31:00.0230 4052  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:31:00.0261 4052  gupdate - ok
15:31:00.0261 4052  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:31:00.0261 4052  gupdatem - ok
15:31:00.0292 4052  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:31:00.0324 4052  hcw85cir - ok
15:31:00.0370 4052  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:31:00.0433 4052  HdAudAddService - ok
15:31:00.0464 4052  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:31:00.0495 4052  HDAudBus - ok
15:31:00.0511 4052  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
15:31:00.0542 4052  HidBatt - ok
15:31:00.0589 4052  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:31:00.0620 4052  HidBth - ok
15:31:00.0636 4052  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\drivers\hidir.sys
15:31:00.0651 4052  HidIr - ok
15:31:00.0698 4052  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\System32\hidserv.dll
15:31:00.0792 4052  hidserv - ok
15:31:00.0823 4052  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
15:31:00.0870 4052  HidUsb - ok
15:31:00.0901 4052  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:31:00.0963 4052  hkmsvc - ok
15:31:00.0979 4052  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:31:01.0010 4052  HomeGroupListener - ok
15:31:01.0072 4052  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:31:01.0119 4052  HomeGroupProvider - ok
15:31:01.0166 4052  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:31:01.0182 4052  HpSAMD - ok
15:31:01.0244 4052  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:31:01.0306 4052  HTTP - ok
15:31:01.0322 4052  [ 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:31:01.0384 4052  hwdatacard - ok
15:31:01.0416 4052  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:31:01.0431 4052  hwpolicy - ok
15:31:01.0462 4052  [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys
15:31:01.0494 4052  hwusbdev - ok
15:31:01.0509 4052  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:31:01.0525 4052  i8042prt - ok
15:31:01.0556 4052  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
15:31:01.0572 4052  iaStor - ok
15:31:01.0650 4052  [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:31:01.0665 4052  IAStorDataMgrSvc - ok
15:31:01.0681 4052  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
15:31:01.0712 4052  iaStorV - ok
15:31:01.0759 4052  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:31:01.0821 4052  idsvc - ok
15:31:02.0086 4052  [ 9937600A1584FF00565D5379EB4C9EDB ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:31:02.0430 4052  igfx - ok
15:31:02.0492 4052  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
15:31:02.0508 4052  iirsp - ok
15:31:02.0570 4052  [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:31:02.0617 4052  IKEEXT - ok
15:31:02.0726 4052  [ CB7DADEF3D83FE2C12655A0BDCBA99F2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:31:02.0773 4052  IntcAzAudAddService - ok
15:31:02.0820 4052  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:31:02.0851 4052  IntcDAud - ok
15:31:02.0898 4052  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:31:02.0913 4052  intelide - ok
15:31:02.0960 4052  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:31:03.0007 4052  intelppm - ok
15:31:03.0038 4052  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
15:31:03.0116 4052  IPBusEnum - ok
15:31:03.0132 4052  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:31:03.0163 4052  IpFilterDriver - ok
15:31:03.0210 4052  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:31:03.0241 4052  iphlpsvc - ok
15:31:03.0288 4052  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
15:31:03.0334 4052  IPMIDRV - ok
15:31:03.0350 4052  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
15:31:03.0397 4052  IPNAT - ok
15:31:03.0412 4052  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:31:03.0412 4052  IRENUM - ok
15:31:03.0428 4052  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:31:03.0428 4052  isapnp - ok
15:31:03.0444 4052  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:31:03.0459 4052  iScsiPrt - ok
15:31:03.0475 4052  [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
15:31:03.0506 4052  k57nd60a - ok
15:31:03.0537 4052  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
15:31:03.0568 4052  kbdclass - ok
15:31:03.0584 4052  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:31:03.0615 4052  kbdhid - ok
15:31:03.0631 4052  [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
15:31:03.0631 4052  KeyIso - ok
15:31:03.0678 4052  [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:31:03.0709 4052  KSecDD - ok
15:31:03.0709 4052  [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
15:31:03.0724 4052  KSecPkg - ok
15:31:03.0756 4052  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
15:31:03.0818 4052  ksthunk - ok
15:31:03.0865 4052  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
15:31:03.0912 4052  KtmRm - ok
15:31:03.0927 4052  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:31:03.0990 4052  LanmanServer - ok
15:31:03.0990 4052  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:31:04.0036 4052  LanmanWorkstation - ok
15:31:04.0083 4052  [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:31:04.0114 4052  Live Updater Service - ok
15:31:04.0130 4052  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:31:04.0177 4052  lltdio - ok
15:31:04.0208 4052  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
15:31:04.0255 4052  lltdsvc - ok
15:31:04.0270 4052  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
15:31:04.0333 4052  lmhosts - ok
15:31:04.0380 4052  [ 50C7CE53EF461870410355F1F2E7D515 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:31:04.0411 4052  LMS - ok
15:31:04.0458 4052  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:31:04.0489 4052  LSI_FC - ok
15:31:04.0489 4052  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
15:31:04.0520 4052  LSI_SAS - ok
15:31:04.0520 4052  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:31:04.0520 4052  LSI_SAS2 - ok
15:31:04.0520 4052  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:31:04.0536 4052  LSI_SCSI - ok
15:31:04.0551 4052  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
15:31:04.0598 4052  luafv - ok
15:31:04.0676 4052  [ 968BFF74AEB683C962960ECE0CAE4135 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
15:31:04.0707 4052  McComponentHostService - ok
15:31:04.0723 4052  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
15:31:04.0754 4052  Mcx2Svc - ok
15:31:04.0785 4052  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\drivers\megasas.sys
15:31:04.0801 4052  megasas - ok
15:31:04.0816 4052  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:31:04.0848 4052  MegaSR - ok
15:31:04.0863 4052  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:31:04.0879 4052  MEIx64 - ok
15:31:04.0910 4052  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
15:31:04.0957 4052  MMCSS - ok
15:31:04.0972 4052  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
15:31:05.0004 4052  Modem - ok
15:31:05.0050 4052  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
15:31:05.0097 4052  monitor - ok
15:31:05.0144 4052  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:31:05.0160 4052  mouclass - ok
15:31:05.0191 4052  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:31:05.0222 4052  mouhid - ok
15:31:05.0253 4052  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:31:05.0269 4052  mountmgr - ok
15:31:05.0316 4052  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:31:05.0331 4052  MozillaMaintenance - ok
15:31:05.0362 4052  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:31:05.0394 4052  mpio - ok
15:31:05.0425 4052  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:31:05.0472 4052  mpsdrv - ok
15:31:05.0518 4052  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:31:05.0581 4052  MpsSvc - ok
15:31:05.0628 4052  [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:31:05.0674 4052  MRxDAV - ok
15:31:05.0737 4052  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:31:05.0799 4052  mrxsmb - ok
15:31:05.0815 4052  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:31:05.0846 4052  mrxsmb10 - ok
15:31:05.0893 4052  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:31:05.0924 4052  mrxsmb20 - ok
15:31:05.0955 4052  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:31:05.0986 4052  msahci - ok
15:31:06.0002 4052  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
15:31:06.0033 4052  msdsm - ok
15:31:06.0064 4052  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
15:31:06.0080 4052  MSDTC - ok
15:31:06.0111 4052  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:31:06.0142 4052  Msfs - ok
15:31:06.0174 4052  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
15:31:06.0236 4052  mshidkmdf - ok
15:31:06.0252 4052  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:31:06.0252 4052  msisadrv - ok
15:31:06.0283 4052  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
15:31:06.0314 4052  MSiSCSI - ok
15:31:06.0314 4052  msiserver - ok
15:31:06.0330 4052  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
15:31:06.0361 4052  MSKSSRV - ok
15:31:06.0376 4052  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:31:06.0423 4052  MSPCLOCK - ok
15:31:06.0439 4052  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
15:31:06.0470 4052  MSPQM - ok
15:31:06.0501 4052  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
15:31:06.0501 4052  MsRPC - ok
15:31:06.0532 4052  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:31:06.0532 4052  mssmbios - ok
15:31:06.0595 4052  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
15:31:06.0673 4052  MSTEE - ok
15:31:06.0673 4052  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:31:06.0688 4052  MTConfig - ok
15:31:06.0704 4052  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
15:31:06.0720 4052  Mup - ok
15:31:06.0735 4052  [ C009123B206C56854F4E88596035231D ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:31:06.0751 4052  mwlPSDFilter - ok
15:31:06.0751 4052  [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ    C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:31:06.0782 4052  mwlPSDNServ - ok
15:31:06.0798 4052  [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk    C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:31:06.0798 4052  mwlPSDVDisk - ok
15:31:06.0829 4052  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:31:06.0891 4052  napagent - ok
15:31:06.0922 4052  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
15:31:06.0954 4052  NativeWifiP - ok
15:31:07.0016 4052  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:31:07.0078 4052  NDIS - ok
15:31:07.0094 4052  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
15:31:07.0125 4052  NdisCap - ok
15:31:07.0156 4052  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:31:07.0172 4052  NdisTapi - ok
15:31:07.0188 4052  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
15:31:07.0219 4052  Ndisuio - ok
15:31:07.0250 4052  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
15:31:07.0281 4052  NdisWan - ok
15:31:07.0297 4052  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
15:31:07.0328 4052  NDProxy - ok
15:31:07.0359 4052  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
15:31:07.0375 4052  NetBIOS - ok
15:31:07.0390 4052  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
15:31:07.0422 4052  NetBT - ok
15:31:07.0437 4052  [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
15:31:07.0437 4052  Netlogon - ok
15:31:07.0468 4052  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:31:07.0515 4052  Netman - ok
15:31:07.0515 4052  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:31:07.0562 4052  netprofm - ok
15:31:07.0578 4052  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:31:07.0593 4052  NetTcpPortSharing - ok
15:31:07.0624 4052  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
15:31:07.0640 4052  nfrd960 - ok
15:31:07.0687 4052  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:31:07.0749 4052  NlaSvc - ok
15:31:07.0874 4052  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:31:07.0936 4052  NOBU - ok
15:31:07.0968 4052  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:31:07.0999 4052  Npfs - ok
15:31:08.0030 4052  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
15:31:08.0046 4052  nsi - ok
15:31:08.0061 4052  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:31:08.0108 4052  nsiproxy - ok
15:31:08.0186 4052  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:31:08.0217 4052  Ntfs - ok
15:31:08.0280 4052  [ 1873214666F6F0A883742DF91FBC48C9 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
15:31:08.0311 4052  NTI IScheduleSvc - ok
15:31:08.0358 4052  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr        C:\Windows\system32\drivers\NTIDrvr.sys
15:31:08.0373 4052  NTIDrvr - ok
15:31:08.0389 4052  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:31:08.0451 4052  Null - ok
15:31:08.0701 4052  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:31:08.0857 4052  nvlddmkm - ok
15:31:08.0904 4052  [ 918841B2454F4F2BD94479692079490B ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
15:31:08.0904 4052  nvpciflt - ok
15:31:08.0919 4052  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:31:08.0935 4052  nvraid - ok
15:31:08.0935 4052  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:31:08.0950 4052  nvstor - ok
15:31:09.0013 4052  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc          C:\Windows\system32\nvvsvc.exe
15:31:09.0044 4052  nvsvc - ok
15:31:09.0122 4052  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:31:09.0184 4052  nvUpdatusService - ok
15:31:09.0200 4052  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:31:09.0200 4052  nv_agp - ok
15:31:09.0372 4052  [ D02B9C22F789B320CD87A4A9D1C0FC09 ] OfficeSvc      C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
15:31:09.0434 4052  OfficeSvc - ok
15:31:09.0481 4052  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:31:09.0528 4052  ohci1394 - ok
15:31:09.0559 4052  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:31:09.0590 4052  ose - ok
15:31:09.0840 4052  [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:31:09.0996 4052  osppsvc - ok
15:31:10.0027 4052  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:31:10.0105 4052  p2pimsvc - ok
15:31:10.0136 4052  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:31:10.0167 4052  p2psvc - ok
15:31:10.0198 4052  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\drivers\parport.sys
15:31:10.0214 4052  Parport - ok
15:31:10.0261 4052  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
15:31:10.0261 4052  partmgr - ok
15:31:10.0292 4052  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:31:10.0339 4052  PcaSvc - ok
15:31:10.0354 4052  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
15:31:10.0370 4052  pci - ok
15:31:10.0401 4052  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:31:10.0432 4052  pciide - ok
15:31:10.0464 4052  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:31:10.0479 4052  pcmcia - ok
15:31:10.0479 4052  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
15:31:10.0495 4052  pcw - ok
15:31:10.0526 4052  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:31:10.0588 4052  PEAUTH - ok
15:31:10.0635 4052  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:31:10.0682 4052  PerfHost - ok
15:31:10.0744 4052  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
15:31:10.0838 4052  pla - ok
15:31:10.0869 4052  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:31:10.0900 4052  PlugPlay - ok
15:31:10.0916 4052  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
15:31:10.0947 4052  PNRPAutoReg - ok
15:31:10.0963 4052  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
15:31:10.0978 4052  PNRPsvc - ok
15:31:11.0010 4052  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
15:31:11.0041 4052  PolicyAgent - ok
15:31:11.0056 4052  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
15:31:11.0134 4052  Power - ok
15:31:11.0150 4052  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:31:11.0181 4052  PptpMiniport - ok
15:31:11.0212 4052  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\drivers\processr.sys
15:31:11.0244 4052  Processor - ok
15:31:11.0275 4052  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
15:31:11.0306 4052  ProfSvc - ok
15:31:11.0322 4052  [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
15:31:11.0337 4052  ProtectedStorage - ok
15:31:11.0353 4052  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:31:11.0431 4052  Psched - ok
15:31:11.0478 4052  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:31:11.0540 4052  ql2300 - ok
15:31:11.0556 4052  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:31:11.0556 4052  ql40xx - ok
15:31:11.0587 4052  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
15:31:11.0602 4052  QWAVE - ok
15:31:11.0618 4052  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:31:11.0634 4052  QWAVEdrv - ok
15:31:11.0665 4052  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:31:11.0696 4052  RasAcd - ok
15:31:11.0727 4052  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
15:31:11.0743 4052  RasAgileVpn - ok
15:31:11.0774 4052  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
15:31:11.0805 4052  RasAuto - ok
15:31:11.0821 4052  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
15:31:11.0852 4052  Rasl2tp - ok
15:31:11.0883 4052  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:31:11.0914 4052  RasMan - ok
15:31:11.0930 4052  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:31:11.0977 4052  RasPppoe - ok
15:31:12.0008 4052  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
15:31:12.0086 4052  RasSstp - ok
15:31:12.0102 4052  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
15:31:12.0133 4052  rdbss - ok
15:31:12.0148 4052  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:31:12.0180 4052  rdpbus - ok
15:31:12.0195 4052  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:31:12.0211 4052  RDPCDD - ok
15:31:12.0242 4052  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:31:12.0289 4052  RDPENCDD - ok
15:31:12.0289 4052  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:31:12.0320 4052  RDPREFMP - ok
15:31:12.0351 4052  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:31:12.0382 4052  RdpVideoMiniport - ok
15:31:12.0429 4052  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
15:31:12.0476 4052  RDPWD - ok
15:31:12.0538 4052  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:31:12.0554 4052  rdyboost - ok
15:31:12.0585 4052  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:31:12.0648 4052  RemoteRegistry - ok
15:31:12.0663 4052  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:31:12.0694 4052  RpcEptMapper - ok
15:31:12.0726 4052  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:31:12.0757 4052  RpcLocator - ok
15:31:12.0788 4052  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
15:31:12.0804 4052  RpcSs - ok
15:31:12.0835 4052  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:31:12.0897 4052  rspndr - ok
15:31:12.0913 4052  [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs          C:\Windows\system32\lsass.exe
15:31:12.0928 4052  SamSs - ok
15:31:12.0928 4052  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:31:12.0944 4052  sbp2port - ok
15:31:12.0960 4052  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:31:12.0991 4052  SCardSvr - ok
15:31:13.0006 4052  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:31:13.0053 4052  scfilter - ok
15:31:13.0084 4052  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:31:13.0131 4052  Schedule - ok
15:31:13.0162 4052  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
15:31:13.0178 4052  SCPolicySvc - ok
15:31:13.0209 4052  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
15:31:13.0240 4052  sdbus - ok
15:31:13.0272 4052  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:31:13.0303 4052  SDRSVC - ok
15:31:13.0334 4052  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:31:13.0396 4052  secdrv - ok
15:31:13.0412 4052  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:31:13.0459 4052  seclogon - ok
15:31:13.0474 4052  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
15:31:13.0506 4052  SENS - ok
15:31:13.0521 4052  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:31:13.0568 4052  SensrSvc - ok
15:31:13.0584 4052  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\drivers\serenum.sys
15:31:13.0599 4052  Serenum - ok
15:31:13.0615 4052  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
15:31:13.0630 4052  Serial - ok
15:31:13.0646 4052  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:31:13.0662 4052  sermouse - ok
15:31:13.0677 4052  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:31:13.0724 4052  SessionEnv - ok
15:31:13.0724 4052  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
15:31:13.0740 4052  sffdisk - ok
15:31:13.0755 4052  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:31:13.0771 4052  sffp_mmc - ok
15:31:13.0786 4052  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
15:31:13.0833 4052  sffp_sd - ok
15:31:13.0849 4052  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
15:31:13.0896 4052  sfloppy - ok
15:31:13.0927 4052  [ 2046AA7491DE7EFA4D70E615D9BC9D09 ] Sftfs          C:\Windows\system32\DRIVERS\Sftfslh.sys
15:31:13.0974 4052  Sftfs - ok
15:31:14.0036 4052  [ 77C5A741A7452812F278EF2C18478862 ] sftlist        C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:31:14.0067 4052  sftlist - ok
15:31:14.0083 4052  [ 0E0446BC4D51BE4263ACB7E33491191C ] Sftplay        C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:31:14.0098 4052  Sftplay - ok
15:31:14.0098 4052  [ C5FB982CD266E604ED3142102C26D62C ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:31:14.0114 4052  Sftredir - ok
15:31:14.0114 4052  [ 2575511AF67AA1FA068CCC4918E2C2A3 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
15:31:14.0130 4052  Sftvol - ok
15:31:14.0145 4052  [ 39B1D0A636A400304565D4521FAD6D77 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:31:14.0145 4052  sftvsa - ok
15:31:14.0208 4052  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:31:14.0301 4052  SharedAccess - ok
15:31:14.0317 4052  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:31:14.0379 4052  ShellHWDetection - ok
15:31:14.0410 4052  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:31:14.0426 4052  SiSRaid2 - ok
15:31:14.0442 4052  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:31:14.0442 4052  SiSRaid4 - ok
15:31:14.0504 4052  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
15:31:14.0520 4052  SkypeUpdate - ok
15:31:14.0551 4052  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
15:31:14.0629 4052  Smb - ok
15:31:14.0676 4052  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:31:14.0707 4052  SNMPTRAP - ok
15:31:14.0738 4052  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
15:31:14.0754 4052  spldr - ok
15:31:14.0832 4052  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
15:31:14.0878 4052  Spooler - ok
15:31:15.0019 4052  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:31:15.0128 4052  sppsvc - ok
15:31:15.0175 4052  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
15:31:15.0206 4052  sppuinotify - ok
15:31:15.0222 4052  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
15:31:15.0253 4052  srv - ok
15:31:15.0284 4052  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:31:15.0300 4052  srv2 - ok
15:31:15.0315 4052  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:31:15.0331 4052  srvnet - ok
15:31:15.0346 4052  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus        C:\Windows\system32\DRIVERS\ssadbus.sys
15:31:15.0378 4052  ssadbus - ok
15:31:15.0409 4052  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:31:15.0456 4052  ssadmdfl - ok
15:31:15.0471 4052  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm        C:\Windows\system32\DRIVERS\ssadmdm.sys
15:31:15.0502 4052  ssadmdm - ok
15:31:15.0534 4052  [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
15:31:15.0596 4052  ssadserd - ok
15:31:15.0658 4052  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
15:31:15.0721 4052  SSDPSRV - ok
15:31:15.0721 4052  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
15:31:15.0752 4052  SstpSvc - ok
15:31:15.0783 4052  [ AAF6F247F1DC370C593B4430974EAD9C ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
15:31:15.0830 4052  ssudmdm - ok
15:31:15.0846 4052  [ 3248B5CC4AA7942EE7BC26F1EB00210B ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
15:31:15.0861 4052  ssudserd - ok
15:31:15.0861 4052  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:31:15.0877 4052  stexstor - ok
15:31:15.0908 4052  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:31:15.0939 4052  stisvc - ok
15:31:15.0970 4052  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:31:15.0970 4052  swenum - ok
15:31:16.0002 4052  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
15:31:16.0048 4052  swprv - ok
15:31:16.0126 4052  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
15:31:16.0173 4052  SysMain - ok
15:31:16.0204 4052  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:31:16.0236 4052  TabletInputService - ok
15:31:16.0282 4052  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
15:31:16.0329 4052  TapiSrv - ok
15:31:16.0345 4052  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
15:31:16.0376 4052  TBS - ok
15:31:16.0454 4052  [ 40AF23633D197905F03AB5628C558C51 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
15:31:16.0516 4052  Tcpip - ok
15:31:16.0548 4052  [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:31:16.0579 4052  TCPIP6 - ok
15:31:16.0610 4052  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:31:16.0626 4052  tcpipreg - ok
15:31:16.0641 4052  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:31:16.0688 4052  TDPIPE - ok
15:31:16.0719 4052  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
15:31:16.0735 4052  TDTCP - ok
15:31:16.0750 4052  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
15:31:16.0813 4052  tdx - ok
15:31:16.0828 4052  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:31:16.0844 4052  TermDD - ok
15:31:16.0875 4052  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
15:31:16.0906 4052  TermService - ok
15:31:16.0922 4052  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:31:16.0938 4052  Themes - ok
15:31:16.0953 4052  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
15:31:16.0969 4052  THREADORDER - ok
15:31:16.0984 4052  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:31:17.0016 4052  TrkWks - ok
15:31:17.0062 4052  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:31:17.0109 4052  TrustedInstaller - ok
15:31:17.0156 4052  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:31:17.0203 4052  tssecsrv - ok
15:31:17.0234 4052  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:31:17.0265 4052  TsUsbFlt - ok
15:31:17.0281 4052  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
15:31:17.0312 4052  TsUsbGD - ok
15:31:17.0343 4052  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:31:17.0406 4052  tunnel - ok
15:31:17.0421 4052  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
15:31:17.0452 4052  TurboB - ok
15:31:17.0484 4052  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:31:17.0515 4052  TurboBoost - ok
15:31:17.0562 4052  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:31:17.0593 4052  uagp35 - ok
15:31:17.0608 4052  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
15:31:17.0624 4052  UBHelper - ok
15:31:17.0655 4052  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:31:17.0718 4052  udfs - ok
15:31:17.0749 4052  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
15:31:17.0764 4052  UI0Detect - ok
15:31:17.0780 4052  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:31:17.0780 4052  uliagpkx - ok
15:31:17.0811 4052  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
15:31:17.0842 4052  umbus - ok
15:31:17.0858 4052  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:31:17.0874 4052  UmPass - ok
15:31:17.0983 4052  [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:31:18.0076 4052  UNS - ok
15:31:18.0139 4052  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:31:18.0217 4052  upnphost - ok
15:31:18.0248 4052  [ ACCEA6BC68D0C9A78EB97EE159028B4E ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
15:31:18.0264 4052  usbccgp - ok
15:31:18.0326 4052  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:31:18.0373 4052  usbcir - ok
15:31:18.0420 4052  [ 311C1DD1088E55BEAE15954D17F50646 ] usbehci        C:\Windows\system32\drivers\usbehci.sys
15:31:18.0451 4052  usbehci - ok
15:31:18.0513 4052  [ 280E90CBF4B2DDD169F0728CB44D726F ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:31:18.0560 4052  usbhub - ok
15:31:18.0591 4052  [ 9406D801042FAF859CF81B2C886413DC ] usbohci        C:\Windows\system32\drivers\usbohci.sys
15:31:18.0622 4052  usbohci - ok
15:31:18.0654 4052  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:31:18.0700 4052  usbprint - ok
15:31:18.0747 4052  [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan        C:\Windows\system32\drivers\usbscan.sys
15:31:18.0794 4052  usbscan - ok
15:31:18.0825 4052  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:31:18.0888 4052  USBSTOR - ok
15:31:18.0934 4052  [ A83D0EC9AE4C31704442099D40BA2471 ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
15:31:18.0966 4052  usbuhci - ok
15:31:18.0981 4052  [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:31:19.0012 4052  usbvideo - ok
15:31:19.0044 4052  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
15:31:19.0106 4052  UxSms - ok
15:31:19.0122 4052  [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
15:31:19.0137 4052  VaultSvc - ok
15:31:19.0168 4052  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:31:19.0168 4052  vdrvroot - ok
15:31:19.0200 4052  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
15:31:19.0246 4052  vds - ok
15:31:19.0246 4052  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
15:31:19.0262 4052  vga - ok
15:31:19.0278 4052  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
15:31:19.0309 4052  VgaSave - ok
15:31:19.0340 4052  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
15:31:19.0356 4052  vhdmp - ok
15:31:19.0387 4052  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:31:19.0418 4052  viaide - ok
15:31:19.0418 4052  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:31:19.0449 4052  volmgr - ok
15:31:19.0465 4052  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
15:31:19.0480 4052  volmgrx - ok
15:31:19.0496 4052  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
15:31:19.0512 4052  volsnap - ok
15:31:19.0543 4052  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
15:31:19.0558 4052  vsmraid - ok
15:31:19.0621 4052  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
15:31:19.0714 4052  VSS - ok
15:31:19.0730 4052  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:31:19.0777 4052  vwifibus - ok
15:31:19.0792 4052  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:31:19.0808 4052  vwififlt - ok
15:31:19.0824 4052  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
15:31:19.0839 4052  vwifimp - ok
15:31:19.0855 4052  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
15:31:19.0886 4052  W32Time - ok
15:31:19.0902 4052  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:31:19.0948 4052  WacomPen - ok
15:31:19.0980 4052  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:31:20.0058 4052  WANARP - ok
15:31:20.0058 4052  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:31:20.0089 4052  Wanarpv6 - ok
15:31:20.0136 4052  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
15:31:20.0167 4052  WatAdminSvc - ok
15:31:20.0245 4052  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:31:20.0323 4052  wbengine - ok
15:31:20.0323 4052  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:31:20.0354 4052  WbioSrvc - ok
15:31:20.0385 4052  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
15:31:20.0416 4052  wcncsvc - ok
15:31:20.0448 4052  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:31:20.0463 4052  WcsPlugInService - ok
15:31:20.0494 4052  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
15:31:20.0494 4052  Wd - ok
15:31:20.0557 4052  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:31:20.0619 4052  Wdf01000 - ok
15:31:20.0650 4052  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:31:20.0744 4052  WdiServiceHost - ok
15:31:20.0744 4052  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
15:31:20.0775 4052  WdiSystemHost - ok
15:31:20.0775 4052  WebCakeUpdater - ok
15:31:20.0806 4052  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient      C:\Windows\System32\webclnt.dll
15:31:20.0822 4052  WebClient - ok
15:31:20.0853 4052  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:31:20.0916 4052  Wecsvc - ok
15:31:20.0931 4052  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
15:31:20.0962 4052  wercplsupport - ok
15:31:20.0978 4052  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:31:20.0994 4052  WerSvc - ok
15:31:21.0025 4052  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:31:21.0072 4052  WfpLwf - ok
15:31:21.0087 4052  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:31:21.0103 4052  WIMMount - ok
15:31:21.0118 4052  WinDefend - ok
15:31:21.0118 4052  WinHttpAutoProxySvc - ok
15:31:21.0181 4052  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
15:31:21.0243 4052  Winmgmt - ok
15:31:21.0306 4052  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
15:31:21.0368 4052  WinRM - ok
15:31:21.0430 4052  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:31:21.0462 4052  WinUsb - ok
15:31:21.0508 4052  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
15:31:21.0540 4052  Wlansvc - ok
15:31:21.0602 4052  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:31:21.0618 4052  wlcrasvc - ok
15:31:21.0758 4052  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:31:21.0805 4052  wlidsvc - ok
15:31:21.0836 4052  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
15:31:21.0867 4052  WmiAcpi - ok
15:31:21.0898 4052  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:31:21.0930 4052  wmiApSrv - ok
15:31:21.0945 4052  WMPNetworkSvc - ok
15:31:21.0976 4052  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:31:22.0008 4052  WPCSvc - ok
15:31:22.0023 4052  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:31:22.0054 4052  WPDBusEnum - ok
15:31:22.0086 4052  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
15:31:22.0148 4052  ws2ifsl - ok
15:31:22.0164 4052  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
15:31:22.0195 4052  wscsvc - ok
15:31:22.0195 4052  WSearch - ok
15:31:22.0273 4052  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:31:22.0335 4052  wuauserv - ok
15:31:22.0366 4052  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:31:22.0429 4052  WudfPf - ok
15:31:22.0444 4052  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:31:22.0491 4052  WUDFRd - ok
15:31:22.0522 4052  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
15:31:22.0554 4052  wudfsvc - ok
15:31:22.0616 4052  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc        C:\Windows\System32\wwansvc.dll
15:31:22.0678 4052  WwanSvc - ok
15:31:22.0725 4052  ================ Scan global ===============================
15:31:22.0756 4052  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:31:22.0803 4052  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
15:31:22.0819 4052  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
15:31:22.0850 4052  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:31:22.0866 4052  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:31:22.0881 4052  [Global] - ok
15:31:22.0881 4052  ================ Scan MBR ==================================
15:31:22.0881 4052  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:31:23.0989 4052  \Device\Harddisk0\DR0 - ok
15:31:23.0989 4052  ================ Scan VBR ==================================
15:31:24.0020 4052  [ 6ED3B2E98EFA6CB1B5ADFDA84A55A18C ] \Device\Harddisk0\DR0\Partition1
15:31:24.0020 4052  \Device\Harddisk0\DR0\Partition1 - ok
15:31:24.0036 4052  [ ED4DDEB08A25A0829582289060FAF499 ] \Device\Harddisk0\DR0\Partition2
15:31:24.0036 4052  \Device\Harddisk0\DR0\Partition2 - ok
15:31:24.0036 4052  ============================================================
15:31:24.0036 4052  Scan finished
15:31:24.0036 4052  ============================================================
15:31:24.0067 3188  Detected object count: 0
15:31:24.0067 3188  Actual detected object count: 0
15:32:27.0060 2044  Deinitialize success
Schätze, das ist ein gutes Zeichen...?

lg,
Andreas

oigen 26.11.2013 15:39
Doppelpost...sorry

schrauber 27.11.2013 09:15
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

oigen 27.11.2013 13:13
Also:

Malwarebytes Anti-Malware
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Admin :: PC [Administrator]

27.11.2013 12:05:51
mbam-log-2013-11-27 (12-05-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 301401
Laufzeit: 5 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 27
HKCR\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{11111111-1111-1111-1111-110311531136} (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311531136} (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{22222222-2222-2222-2222-220322532236} (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0035336.Sandbox.1 (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0035336.Sandbox (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\WebCakeIEClient.Api.1 (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\WebCakeIEClient.Api (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0035336.BHO (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeHDSport TV (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstalledBrowserExtensions\installdaddy (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\qvo6Software (PUP.Optional.qvo6.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\WebCakeUpdater (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload (PUP.Optional.TVApp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bösartig: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=TOSHIBAXMK1059GSMP_Z1EUT0JTTXXZ1EUT0JTT&ts=1375041299) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 8
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport.TV (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\IlemiTVApp.com (PUP.Optional.TVApp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Common Files\337\libcef (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123 (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 21
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\background.html (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\FreeHDSport TV-buttonutil.dll (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\FreeHDSport TV-buttonutil.exe (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\FreeHDSport TV-buttonutil64.dll (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\FreeHDSport TV-buttonutil64.exe (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\FreeHDSport TV.ico (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\Installer.log (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport TV\Uninstall.exe (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\FreeHDSport.TV\freehdsporttv10.crx (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\FreeHDSport TV-codedownloader.job (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\FreeHDSport TV-enabler.job (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\FreeHDSport TV-updater.job (PUP.Optional.FreeHDSport.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\IlemiTVApp.com\IlemiTVApp.exe (PUP.Optional.TVApp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\IlemiTVApp.com\uninst.exe (PUP.Optional.TVApp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
AdwCleaner Logfile:
Code:
# AdwCleaner v3.013 - Bericht erstellt am 27/11/2013 um 12:35:09
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Admin - PC
# Gestartet von : C:\Users\Andi\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Web Cake
Ordner Gelöscht : C:\Users\Angi\AppData\Roaming\Desk 365
Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\Desk 365
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default\Extensions\plugin@getwebcake.com
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn
Ordner Gelöscht : C:\Users\Angi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default\Extensions\fhdp3@freehdsp.tv.xpi
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Publ        ic\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\Desktop\iexplore - Verknüpfung.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535536}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536636}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535536}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536636}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v14.0.1 (de)

[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default\prefs.js ]


[ Datei : C:\Users\Angi\AppData\Roaming\Mozilla\Firefox\Profiles\h2qx2vyb.default\prefs.js ]


[ Datei : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\ft4qh1wm.default\prefs.js ]


[ Datei : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default-1382384792839\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "qvo6");
Zeile gelöscht : user_pref("browser.search.order.1", "qvo6");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "qvo6");
Zeile gelöscht : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Zeile gelöscht : user_pref("extentions.webcake.installId", "da97bfb5-866d-4e0b-852c-f9409fb37348");

[ Datei : C:\Users\Angi\AppData\Roaming\Mozilla\Firefox\Profiles\h2qx2vyb.default\prefs.js ]


[ Datei : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\ft4qh1wm.default\prefs.js ]


[ Datei : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default-1382384792839\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : search_url
Gelöscht : keyword
Gelöscht : urls_to_restore_on_startup

[ Datei : C:\Users\Angi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8521 octets] - [27/11/2013 12:29:29]
AdwCleaner[S0].txt - [6773 octets] - [27/11/2013 12:35:09]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [6833 octets] ##########
--- --- ---

Junkware Removal Tool
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Admin on 27.11.2013 at 12:51:00,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\webcakeupdater



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{1E716ED3-B2F6-4F0B-89A9-DA6AF8BCC5E7}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Admin\appdata\local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.11.2013 at 12:56:00,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-11-2013
Ran by Andi (ATTENTION: The logged in user is not administrator) on PC on 27-11-2013 13:03:55
Running from C:\Users\Andi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [combofix] - C:\ComboFix\CF22070.3XE /c C:\ComboFix\Combobatch.bat
HKLM\...\Runonce: [combofix] - C:\ComboFix\CF22070.3XE /c C:\ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] - 8
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Orbitum] - C:\Users\Andi\AppData\Local\Orbitum\Application\chrome.exe
HKCU\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {10e3d94e-ad86-11e1-b219-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {8cf2d829-4bc2-11e2-b468-001e101f7fb6} - E:\AutoRun.exe
MountPoints2: {9a409562-acd6-11e1-9bc0-642737311941} - F:\AutoRun.exe
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default-1382384792839
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] ()

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-27 13:01 - 2013-11-27 13:01 - 01958818 _____ (Farbar) C:\Users\Andi\Downloads\FRST64.exe
2013-11-27 12:56 - 2013-11-27 12:56 - 00001120 _____ C:\Users\Admin\Desktop\JRT.txt
2013-11-27 12:50 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:48 - 2013-11-27 12:47 - 00007207 _____ C:\Users\Andi\Desktop\AdwCleaner[S0].txt
2013-11-27 12:29 - 2013-11-27 12:41 - 00000000 ____D C:\AdwCleaner
2013-11-27 12:15 - 2013-11-27 12:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 12:11 - 2013-11-27 12:11 - 01034531 _____ (Thisisu) C:\Users\Andi\Desktop\JRT.exe
2013-11-27 12:10 - 2013-11-27 12:10 - 01091882 _____ C:\Users\Andi\Desktop\adwcleaner.exe
2013-11-27 11:58 - 2013-11-27 11:58 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-27 11:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-27 11:57 - 2013-11-27 11:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Andi\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-26 15:29 - 2013-11-26 15:29 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller(1).zip
2013-11-26 15:28 - 2013-11-26 15:28 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller.zip
2013-11-26 15:23 - 2013-11-26 15:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andi\Desktop\tdsskiller.exe
2013-11-25 01:48 - 2013-11-25 01:50 - 00000000 ___SD C:\32788R22FWJFW
2013-11-24 19:59 - 2013-11-24 19:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 18:06 - 2013-11-24 18:06 - 00000000 ____D C:\Windows\pss
2013-11-24 16:44 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-24 16:44 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-24 16:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-24 16:43 - 2013-11-24 16:54 - 00000000 ____D C:\Windows\erdnt
2013-11-24 16:43 - 2013-11-24 16:43 - 00000000 ____D C:\Qoobox
2013-11-24 16:40 - 2013-11-24 16:40 - 05149261 ____R (Swearware) C:\Users\Andi\Desktop\ComboFix.exe
2013-11-24 14:41 - 2013-11-24 14:41 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 14:13 - 2013-11-24 14:13 - 00009625 _____ C:\Users\Andi\Desktop\log_ESET.7z
2013-11-24 14:04 - 2013-11-24 14:04 - 00036850 _____ C:\Users\Andi\Desktop\FRST_alt.txt
2013-11-24 14:04 - 2013-11-24 14:04 - 00023873 _____ C:\Users\Andi\Desktop\Addition.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Desktop\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:38 - 2013-11-27 13:03 - 00013909 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Desktop\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:51 - 2013-11-24 08:54 - 209467344 _____ (Emsisoft GmbH                                              ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:40 - 2013-11-24 08:42 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:26 - 2013-11-27 12:31 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 17:24 - 2013-11-23 17:25 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:22 - 2013-11-23 17:24 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:35 - 2013-11-23 16:37 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 16:32 - 2013-11-23 18:35 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-20 12:27 - 2013-11-23 09:41 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-19 06:29 - 2013-11-19 06:30 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-15 20:17 - 2013-11-15 20:21 - 00000000 ____D C:\Hörbücher
2013-11-13 08:57 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 08:57 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 08:57 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 08:57 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 07:23 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 07:23 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 07:23 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 07:23 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 07:23 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 07:23 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 07:23 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 07:23 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 07:23 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 07:23 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 07:23 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 07:23 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 07:23 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:24 - 2013-11-24 08:28 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2013-11-27 13:04 - 2013-11-24 13:38 - 00013909 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-27 13:01 - 2013-11-27 13:01 - 01958818 _____ (Farbar) C:\Users\Andi\Downloads\FRST64.exe
2013-11-27 12:57 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-27 12:56 - 2013-11-27 12:56 - 00001120 _____ C:\Users\Admin\Desktop\JRT.txt
2013-11-27 12:56 - 2012-01-15 19:22 - 01467278 _____ C:\Windows\WindowsUpdate.log
2013-11-27 12:55 - 2013-10-08 08:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec3fb17587276.job
2013-11-27 12:50 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:49 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-27 12:49 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-27 12:47 - 2013-11-27 12:48 - 00007207 _____ C:\Users\Andi\Desktop\AdwCleaner[S0].txt
2013-11-27 12:42 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-27 12:41 - 2013-11-27 12:29 - 00000000 ____D C:\AdwCleaner
2013-11-27 12:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-27 12:41 - 2009-07-14 05:51 - 00181569 _____ C:\Windows\setupact.log
2013-11-27 12:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-27 12:35 - 2012-06-02 13:24 - 00001333 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-11-27 12:35 - 2012-06-02 13:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-11-27 12:35 - 2012-06-02 13:17 - 00001057 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-27 12:35 - 2012-06-02 13:10 - 00000891 _____ C:\Users\Admin\Desktop\iexplore - Verknüpfung.lnk
2013-11-27 12:35 - 2012-06-02 11:23 - 00001200 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-27 12:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-27 12:17 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2013-11-27 12:15 - 2013-11-27 12:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 12:14 - 2010-11-21 04:47 - 00346278 _____ C:\Windows\PFRO.log
2013-11-27 12:11 - 2013-11-27 12:11 - 01034531 _____ (Thisisu) C:\Users\Andi\Desktop\JRT.exe
2013-11-27 12:10 - 2013-11-27 12:10 - 01091882 _____ C:\Users\Andi\Desktop\adwcleaner.exe
2013-11-27 11:58 - 2013-11-27 11:58 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-27 11:57 - 2013-11-27 11:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Andi\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-27 09:23 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2013-11-26 15:29 - 2013-11-26 15:29 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller(1).zip
2013-11-26 15:28 - 2013-11-26 15:28 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller.zip
2013-11-26 15:23 - 2013-11-26 15:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andi\Desktop\tdsskiller.exe
2013-11-26 14:02 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2013-11-25 01:50 - 2013-11-25 01:48 - 00000000 ___SD C:\32788R22FWJFW
2013-11-25 01:48 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-24 23:58 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2013-11-24 23:58 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2013-11-24 23:58 - 2009-07-14 06:13 - 01528364 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-24 19:59 - 2013-11-24 19:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 19:42 - 2012-06-02 11:43 - 00000000 ____D C:\ProgramData\clear.fi
2013-11-24 18:06 - 2013-11-24 18:06 - 00000000 ____D C:\Windows\pss
2013-11-24 16:54 - 2013-11-24 16:43 - 00000000 ____D C:\Windows\erdnt
2013-11-24 16:43 - 2013-11-24 16:43 - 00000000 ____D C:\Qoobox
2013-11-24 16:40 - 2013-11-24 16:40 - 05149261 ____R (Swearware) C:\Users\Andi\Desktop\ComboFix.exe
2013-11-24 14:41 - 2013-11-24 14:41 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 14:13 - 2013-11-24 14:13 - 00009625 _____ C:\Users\Andi\Desktop\log_ESET.7z
2013-11-24 14:04 - 2013-11-24 14:04 - 00036850 _____ C:\Users\Andi\Desktop\FRST_alt.txt
2013-11-24 14:04 - 2013-11-24 14:04 - 00023873 _____ C:\Users\Andi\Desktop\Addition.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Desktop\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Desktop\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:36 - 2012-06-02 11:21 - 00000000 ____D C:\Users\Admin
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:54 - 2013-11-24 08:51 - 209467344 _____ (Emsisoft GmbH                                              ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:42 - 2013-11-24 08:40 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:28 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-24 08:23 - 2012-06-02 11:21 - 00119864 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-24 08:11 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 18:35 - 2013-11-23 16:32 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-23 17:31 - 2013-07-08 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-23 17:31 - 2012-06-02 13:19 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-11-23 17:25 - 2013-11-23 17:24 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:24 - 2013-11-23 17:22 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:37 - 2013-11-23 16:35 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 15:11 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos
2013-11-23 09:41 - 2013-11-20 12:27 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-23 09:28 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2013-11-19 06:30 - 2013-11-19 06:29 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-17 16:43 - 2012-06-05 06:00 - 00000000 ____D C:\Users\Andi
2013-11-16 11:53 - 2012-07-09 11:24 - 00000000 ____D C:\Windows\Minidump
2013-11-16 11:53 - 2012-07-09 11:23 - 519110408 _____ C:\Windows\MEMORY.DMP
2013-11-15 20:21 - 2013-11-15 20:17 - 00000000 ____D C:\Hörbücher
2013-11-14 06:46 - 2013-10-16 22:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 06:46 - 2013-04-15 21:58 - 00001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 16:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 08:57 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 08:55 - 2013-08-15 14:17 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 07:29 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 16:04 - 2013-02-07 07:26 - 00000000 ____D C:\Filme und Serien
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk
2013-11-02 19:58 - 2012-06-02 13:28 - 00119864 _____ C:\Users\Angi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-02 17:15 - 2012-06-02 13:52 - 00000000 ____D C:\Users\Angi\AppData\Roaming\SoftGrid Client
2013-11-02 16:55 - 2012-08-18 11:00 - 00000000 ____D C:\Users\Angi\Downloads\Rezepte
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 28.11.2013 09:17

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

oigen 28.11.2013 22:05
OK:

ESET
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=15abe541e46392429fea2421aa038481
# engine=16063
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-28 07:42:14
# local_time=2013-11-28 08:42:14 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 29 443528 12218231 0 0
# compatibility_mode=8216 16776701 100 98 9344463 135680686 0 0
# scanned=273717
# found=4
# cleaned=0
# scan_time=9319
# nod_component=V3 Build:0x30000000
sh=95E0A800A171FB561B0272F091950FE0A09EA10D ft=1 fh=5179a328503fe202 vn="a variant of Win32/Kryptik.BPOA trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\9519~1\A535~1\E628~1\{b76a39d9-6a23-bedc-000d-ea3828816a40}\GoogleUpdate.exe.vir"
sh=46C1319EE38510C365A4226621DE30BDF7E462FF ft=1 fh=662930a683ab766b vn="Win64/Conedex.C trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\9519~1\A535~1\E628~1\{b76a39d9-6a23-bedc-000d-ea3828816a40}\U\00000004.@.vir"
sh=A065922E48E274F827BC8A04091A44632D498373 ft=1 fh=f3684398a5f5cf1b vn="Win64/Conedex.I trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\9519~1\A535~1\E628~1\{b76a39d9-6a23-bedc-000d-ea3828816a40}\U\00000008.@.vir"
sh=810E28D4E7B28D658DC48A82F0C65B46149AAE89 ft=1 fh=120d32a29875bbd8 vn="Win64/Conedex.B trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\9519~1\A535~1\E628~1\{b76a39d9-6a23-bedc-000d-ea3828816a40}\U\000000cb.@.vir"
SecurityCheck
Code:
Results of screen317's Security Check version 0.99.76 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security 6.0 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Adobe Flash Player 11.9.900.117 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Mozilla Firefox 14.0.1 Firefox out of Date! 
 Google Chrome 23.0.1271.97 
 Google Chrome 29.0.1547.66 
````````Process Check: objlist.exe by Laurent```````` 
 ESET NOD32 Antivirus egui.exe 
 ESET NOD32 Antivirus ekrn.exe 
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013
Ran by Admin (administrator) on PC on 28-11-2013 22:00:00
Running from C:\Users\Andi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [combofix] - C:\ComboFix\CF22070.3XE /c C:\ComboFix\Combobatch.bat
HKLM\...\Runonce: [combofix] - C:\ComboFix\CF22070.3XE /c C:\ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] - 8
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKU\Angi\...\Run: [Google Update] - C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-02] (Google Inc.)
HKU\Angi\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Hans\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\UpdatusUser\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default
FF Homepage: hxxp://www.google.at/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (qvo6) - hxxp://www.google.com
CHR DefaultSuggestURL: (qvo6) -      "suggest_url": ""
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] ()

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-28 21:59 - 2013-11-28 21:59 - 01959024 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-11-28 21:56 - 2013-11-28 21:56 - 00000988 _____ C:\Users\Andi\Desktop\checkup.txt
2013-11-28 21:52 - 2013-11-28 21:52 - 00000988 _____ C:\Users\Admin\Desktop\checkup.txt
2013-11-28 17:58 - 2013-11-28 17:58 - 00891184 _____ C:\Users\Andi\Desktop\SecurityCheck.exe
2013-11-28 17:57 - 2013-11-28 17:57 - 02347384 _____ (ESET) C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe
2013-11-27 13:04 - 2013-11-28 22:00 - 00018645 _____ C:\Users\Andi\Desktop\FRST.txt
2013-11-27 12:56 - 2013-11-27 12:56 - 00001120 _____ C:\Users\Admin\Desktop\JRT.txt
2013-11-27 12:50 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:48 - 2013-11-27 12:47 - 00007207 _____ C:\Users\Andi\Desktop\AdwCleaner[S0].txt
2013-11-27 12:29 - 2013-11-27 12:41 - 00000000 ____D C:\AdwCleaner
2013-11-27 12:15 - 2013-11-27 12:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 12:11 - 2013-11-27 12:11 - 01034531 _____ (Thisisu) C:\Users\Andi\Desktop\JRT.exe
2013-11-27 12:10 - 2013-11-27 12:10 - 01091882 _____ C:\Users\Andi\Desktop\adwcleaner.exe
2013-11-27 11:58 - 2013-11-27 11:58 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-27 11:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-27 11:57 - 2013-11-27 11:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Andi\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-26 15:29 - 2013-11-26 15:29 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller(1).zip
2013-11-26 15:28 - 2013-11-26 15:28 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller.zip
2013-11-26 15:23 - 2013-11-26 15:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andi\Desktop\tdsskiller.exe
2013-11-25 01:48 - 2013-11-25 01:50 - 00000000 ___SD C:\32788R22FWJFW
2013-11-24 19:59 - 2013-11-24 19:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 18:06 - 2013-11-24 18:06 - 00000000 ____D C:\Windows\pss
2013-11-24 16:44 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-24 16:44 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-24 16:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-24 16:43 - 2013-11-24 16:54 - 00000000 ____D C:\Windows\erdnt
2013-11-24 16:43 - 2013-11-24 16:43 - 00000000 ____D C:\Qoobox
2013-11-24 16:40 - 2013-11-24 16:40 - 05149261 ____R (Swearware) C:\Users\Andi\Desktop\ComboFix.exe
2013-11-24 14:41 - 2013-11-24 14:41 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 14:13 - 2013-11-24 14:13 - 00009625 _____ C:\Users\Andi\Desktop\log_ESET.7z
2013-11-24 14:04 - 2013-11-24 14:04 - 00036850 _____ C:\Users\Andi\Desktop\FRST_alt.txt
2013-11-24 14:04 - 2013-11-24 14:04 - 00023873 _____ C:\Users\Andi\Desktop\Addition.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Desktop\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:38 - 2013-11-27 13:04 - 00037845 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Desktop\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:51 - 2013-11-24 08:54 - 209467344 _____ (Emsisoft GmbH                                              ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:40 - 2013-11-24 08:42 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:26 - 2013-11-28 21:31 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-24 08:26 - 2013-11-24 08:26 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 17:24 - 2013-11-23 17:25 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:22 - 2013-11-23 17:24 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:35 - 2013-11-23 16:37 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 16:32 - 2013-11-23 18:35 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-20 12:27 - 2013-11-23 09:41 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-19 06:29 - 2013-11-19 06:30 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-16 11:53 - 2013-11-16 11:53 - 00262144 _____ C:\Windows\Minidump\111613-22464-01.dmp
2013-11-15 20:17 - 2013-11-15 20:21 - 00000000 ____D C:\Hörbücher
2013-11-14 20:34 - 2013-11-14 20:34 - 00262144 _____ C:\Windows\Minidump\111413-24710-01.dmp
2013-11-13 08:57 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 08:57 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 08:57 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 08:57 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 07:23 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 07:23 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 07:23 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 07:23 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 07:23 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 07:23 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 07:23 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 07:23 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 07:23 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 07:23 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 07:23 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 07:23 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 07:23 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:24 - 2013-11-24 08:28 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2013-11-28 22:00 - 2013-11-27 13:04 - 00018645 _____ C:\Users\Andi\Desktop\FRST.txt
2013-11-28 21:59 - 2013-11-28 21:59 - 01959024 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-11-28 21:56 - 2013-11-28 21:56 - 00000988 _____ C:\Users\Andi\Desktop\checkup.txt
2013-11-28 21:55 - 2013-10-08 08:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec3fb17587276.job
2013-11-28 21:52 - 2013-11-28 21:52 - 00000988 _____ C:\Users\Admin\Desktop\checkup.txt
2013-11-28 21:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-28 21:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-28 21:17 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2013-11-28 21:17 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2013-11-28 18:03 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-28 18:03 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-28 18:00 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2013-11-28 18:00 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2013-11-28 18:00 - 2009-07-14 06:13 - 01528364 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-28 17:58 - 2013-11-28 17:58 - 00891184 _____ C:\Users\Andi\Desktop\SecurityCheck.exe
2013-11-28 17:57 - 2013-11-28 17:57 - 02347384 _____ (ESET) C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe
2013-11-28 17:57 - 2012-01-15 19:22 - 01626572 _____ C:\Windows\WindowsUpdate.log
2013-11-28 17:55 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-28 17:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-28 17:55 - 2009-07-14 05:51 - 00181827 _____ C:\Windows\setupact.log
2013-11-27 13:04 - 2013-11-24 13:38 - 00037845 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-27 12:57 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-27 12:56 - 2013-11-27 12:56 - 00001120 _____ C:\Users\Admin\Desktop\JRT.txt
2013-11-27 12:50 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:47 - 2013-11-27 12:48 - 00007207 _____ C:\Users\Andi\Desktop\AdwCleaner[S0].txt
2013-11-27 12:41 - 2013-11-27 12:29 - 00000000 ____D C:\AdwCleaner
2013-11-27 12:35 - 2012-06-02 13:24 - 00001333 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-11-27 12:35 - 2012-06-02 13:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-11-27 12:35 - 2012-06-02 13:17 - 00001057 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-27 12:35 - 2012-06-02 13:10 - 00000891 _____ C:\Users\Admin\Desktop\iexplore - Verknüpfung.lnk
2013-11-27 12:35 - 2012-06-02 11:23 - 00001200 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-27 12:15 - 2013-11-27 12:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 12:14 - 2010-11-21 04:47 - 00346278 _____ C:\Windows\PFRO.log
2013-11-27 12:11 - 2013-11-27 12:11 - 01034531 _____ (Thisisu) C:\Users\Andi\Desktop\JRT.exe
2013-11-27 12:10 - 2013-11-27 12:10 - 01091882 _____ C:\Users\Andi\Desktop\adwcleaner.exe
2013-11-27 11:58 - 2013-11-27 11:58 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-27 11:57 - 2013-11-27 11:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Andi\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-27 09:23 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2013-11-26 15:29 - 2013-11-26 15:29 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller(1).zip
2013-11-26 15:28 - 2013-11-26 15:28 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller.zip
2013-11-26 15:23 - 2013-11-26 15:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andi\Desktop\tdsskiller.exe
2013-11-25 01:50 - 2013-11-25 01:48 - 00000000 ___SD C:\32788R22FWJFW
2013-11-25 01:48 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-24 19:59 - 2013-11-24 19:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 19:42 - 2012-06-02 11:43 - 00000000 ____D C:\ProgramData\clear.fi
2013-11-24 18:06 - 2013-11-24 18:06 - 00000000 ____D C:\Windows\pss
2013-11-24 16:54 - 2013-11-24 16:43 - 00000000 ____D C:\Windows\erdnt
2013-11-24 16:54 - 2009-07-14 03:34 - 79691776 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-11-24 16:54 - 2009-07-14 03:34 - 23068672 _____ C:\Windows\system32\config\SYSTEM.bak
2013-11-24 16:54 - 2009-07-14 03:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-11-24 16:54 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-11-24 16:54 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-11-24 16:43 - 2013-11-24 16:43 - 00000000 ____D C:\Qoobox
2013-11-24 16:40 - 2013-11-24 16:40 - 05149261 ____R (Swearware) C:\Users\Andi\Desktop\ComboFix.exe
2013-11-24 14:41 - 2013-11-24 14:41 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 14:13 - 2013-11-24 14:13 - 00009625 _____ C:\Users\Andi\Desktop\log_ESET.7z
2013-11-24 14:04 - 2013-11-24 14:04 - 00036850 _____ C:\Users\Andi\Desktop\FRST_alt.txt
2013-11-24 14:04 - 2013-11-24 14:04 - 00023873 _____ C:\Users\Andi\Desktop\Addition.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Desktop\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Desktop\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:36 - 2012-06-02 11:21 - 00000000 ____D C:\Users\Admin
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:54 - 2013-11-24 08:51 - 209467344 _____ (Emsisoft GmbH                                              ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:42 - 2013-11-24 08:40 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:28 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-24 08:26 - 2013-11-24 08:26 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c
2013-11-24 08:26 - 2013-09-13 22:21 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316
2013-11-24 08:23 - 2012-06-02 11:21 - 00119864 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-24 08:11 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 18:35 - 2013-11-23 16:32 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-23 17:31 - 2013-07-08 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-23 17:31 - 2012-06-02 13:19 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-11-23 17:25 - 2013-11-23 17:24 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:24 - 2013-11-23 17:22 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:37 - 2013-11-23 16:35 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 15:11 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos
2013-11-23 09:41 - 2013-11-20 12:27 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-23 09:28 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2013-11-19 06:30 - 2013-11-19 06:29 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-17 16:43 - 2012-06-05 06:00 - 00000000 ____D C:\Users\Andi
2013-11-16 11:53 - 2013-11-16 11:53 - 00262144 _____ C:\Windows\Minidump\111613-22464-01.dmp
2013-11-16 11:53 - 2012-07-09 11:24 - 00000000 ____D C:\Windows\Minidump
2013-11-16 11:53 - 2012-07-09 11:23 - 519110408 _____ C:\Windows\MEMORY.DMP
2013-11-15 20:21 - 2013-11-15 20:17 - 00000000 ____D C:\Hörbücher
2013-11-14 20:34 - 2013-11-14 20:34 - 00262144 _____ C:\Windows\Minidump\111413-24710-01.dmp
2013-11-14 06:46 - 2013-10-16 22:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 06:46 - 2013-04-15 21:58 - 00001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 16:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 08:57 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 08:55 - 2013-08-15 14:17 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 07:29 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 16:04 - 2013-02-07 07:26 - 00000000 ____D C:\Filme und Serien
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk
2013-11-02 19:58 - 2012-06-02 13:28 - 00119864 _____ C:\Users\Angi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-02 17:15 - 2012-06-02 13:52 - 00000000 ____D C:\Users\Angi\AppData\Roaming\SoftGrid Client
2013-11-02 16:55 - 2012-08-18 11:00 - 00000000 ____D C:\Users\Angi\Downloads\Rezepte
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-11-20 00:09

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

schrauber 29.11.2013 19:45
Combofix bitte löschen und neu laden, und nochmal laufen lassen.

oigen 29.11.2013 21:27
Code:
ComboFix 13-11-27.01 - Admin 29.11.2013  21:00:20.5.4 - x64
ausgeführt von:: C:\Users\Andi\Desktop\ComboFix.exe
Selbes Ergebnis wie letztes Mal - wieder das laufende Fenster...

schrauber 01.12.2013 09:51
Sorry für die Verspätung, liege flach mit Grippe.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

oigen 01.12.2013 15:46
Kein Problem - bin auch stark verkühlt... :(

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Admin :: PC [Administrator]

01.12.2013 15:18:13
mbam-log-2013-12-01 (15-18-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 302020
Laufzeit: 5 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
# AdwCleaner v3.013 - Bericht erstellt am 01/12/2013 um 15:27:59
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Admin - PC
# Gestartet von : C:\Users\Andi\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v14.0.1 (de)

[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default\prefs.js ]


[ Datei : C:\Users\Angi\AppData\Roaming\Mozilla\Firefox\Profiles\h2qx2vyb.default\prefs.js ]


[ Datei : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\ft4qh1wm.default\prefs.js ]


[ Datei : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default-1382384792839\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\Angi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8521 octets] - [27/11/2013 12:29:29]
AdwCleaner[R1].txt - [2454 octets] - [27/11/2013 12:40:06]
AdwCleaner[R2].txt - [1667 octets] - [01/12/2013 15:26:37]
AdwCleaner[S0].txt - [7207 octets] - [27/11/2013 12:35:09]
AdwCleaner[S1].txt - [2529 octets] - [27/11/2013 12:40:49]
AdwCleaner[S2].txt - [1590 octets] - [01/12/2013 15:27:59]

########## EOF - \AdwCleaner\AdwCleaner[S2].txt - [1650 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Admin on 01.12.2013 at 15:33:20,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.12.2013 at 15:33:21,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by Andi (ATTENTION: The logged in user is not administrator) on PC on 01-12-2013 15:39:25
Running from C:\Users\Andi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFix\Combobatch.bat
HKLM\...\Runonce: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] - 8
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-21] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Orbitum] - C:\Users\Andi\AppData\Local\Orbitum\Application\chrome.exe
HKCU\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {10e3d94e-ad86-11e1-b219-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {8cf2d829-4bc2-11e2-b468-001e101f7fb6} - E:\AutoRun.exe
MountPoints2: {9a409562-acd6-11e1-9bc0-642737311941} - F:\AutoRun.exe
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default-1382384792839
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] ()

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-01 15:39 - 2013-12-01 15:39 - 01959184 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-12-01 15:34 - 2013-12-01 15:34 - 00000625 _____ C:\Users\Andi\Desktop\JRT.txt
2013-12-01 15:30 - 2013-12-01 15:28 - 00001728 _____ C:\Users\Andi\Desktop\AdwCleaner[S2].txt
2013-12-01 15:16 - 2013-12-01 15:16 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-01 15:15 - 2013-12-01 15:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 15:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-01 15:14 - 2013-12-01 15:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Andi\Desktop\mbam-setup-1.75.0.1300(1).exe
2013-11-29 21:20 - 2013-11-29 21:20 - 00000118 _____ C:\Users\Andi\Desktop\ComboFix.txt
2013-11-29 20:41 - 2013-11-29 20:41 - 05150163 ____R (Swearware) C:\Users\Andi\Desktop\ComboFix.exe
2013-11-28 21:56 - 2013-11-28 21:56 - 00000988 _____ C:\Users\Andi\Desktop\checkup.txt
2013-11-28 21:52 - 2013-11-28 21:52 - 00000988 _____ C:\Users\Admin\Desktop\checkup.txt
2013-11-28 17:58 - 2013-11-28 17:58 - 00891184 _____ C:\Users\Andi\Desktop\SecurityCheck.exe
2013-11-28 17:57 - 2013-11-28 17:57 - 02347384 _____ (ESET) C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe
2013-11-27 13:04 - 2013-12-01 15:39 - 00014278 _____ C:\Users\Andi\Desktop\FRST.txt
2013-11-27 12:56 - 2013-12-01 15:33 - 00000625 _____ C:\Users\Admin\Desktop\JRT.txt
2013-11-27 12:50 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:48 - 2013-11-27 12:47 - 00007207 _____ C:\Users\Andi\Desktop\AdwCleaner[S0].txt
2013-11-27 12:29 - 2013-12-01 15:28 - 00000000 ____D C:\AdwCleaner
2013-11-27 12:15 - 2013-11-27 12:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 12:11 - 2013-11-27 12:11 - 01034531 _____ (Thisisu) C:\Users\Andi\Desktop\JRT.exe
2013-11-27 12:10 - 2013-11-27 12:10 - 01091882 _____ C:\Users\Andi\Desktop\adwcleaner.exe
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 15:29 - 2013-11-26 15:29 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller(1).zip
2013-11-26 15:28 - 2013-11-26 15:28 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller.zip
2013-11-26 15:23 - 2013-11-26 15:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andi\Desktop\tdsskiller.exe
2013-11-25 01:48 - 2013-11-29 20:46 - 00000000 ___SD C:\32788R22FWJFW
2013-11-24 19:59 - 2013-11-24 19:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 18:06 - 2013-11-24 18:06 - 00000000 ____D C:\Windows\pss
2013-11-24 16:44 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-24 16:44 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-24 16:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-24 16:43 - 2013-11-24 16:54 - 00000000 ____D C:\Windows\erdnt
2013-11-24 16:43 - 2013-11-24 16:43 - 00000000 ____D C:\Qoobox
2013-11-24 14:41 - 2013-11-24 14:41 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 14:13 - 2013-11-24 14:13 - 00009625 _____ C:\Users\Andi\Desktop\log_ESET.7z
2013-11-24 14:04 - 2013-11-24 14:04 - 00036850 _____ C:\Users\Andi\Desktop\FRST_alt.txt
2013-11-24 14:04 - 2013-11-24 14:04 - 00023873 _____ C:\Users\Andi\Desktop\Addition.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Desktop\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:38 - 2013-11-27 13:04 - 00037845 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Desktop\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:51 - 2013-11-24 08:54 - 209467344 _____ (Emsisoft GmbH                                              ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:40 - 2013-11-24 08:42 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:26 - 2013-12-01 15:31 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 17:24 - 2013-11-23 17:25 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:22 - 2013-11-23 17:24 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:35 - 2013-11-23 16:37 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 16:32 - 2013-11-23 18:35 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-20 12:27 - 2013-11-23 09:41 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-19 06:29 - 2013-11-19 06:30 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-15 20:17 - 2013-11-15 20:21 - 00000000 ____D C:\Hörbücher
2013-11-13 08:57 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 08:57 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 08:57 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 08:57 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 07:23 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 07:23 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 07:23 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 07:23 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 07:23 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 07:23 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 07:23 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 07:23 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 07:23 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 07:23 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 07:23 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 07:23 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 07:23 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:24 - 2013-11-24 08:28 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2013-12-01 15:40 - 2013-11-27 13:04 - 00014278 _____ C:\Users\Andi\Desktop\FRST.txt
2013-12-01 15:39 - 2013-12-01 15:39 - 01959184 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-12-01 15:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-01 15:36 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 15:36 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 15:34 - 2013-12-01 15:34 - 00000625 _____ C:\Users\Andi\Desktop\JRT.txt
2013-12-01 15:33 - 2013-11-27 12:56 - 00000625 _____ C:\Users\Admin\Desktop\JRT.txt
2013-12-01 15:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-12-01 15:29 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 15:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 15:28 - 2013-12-01 15:30 - 00001728 _____ C:\Users\Andi\Desktop\AdwCleaner[S2].txt
2013-12-01 15:28 - 2013-11-27 12:29 - 00000000 ____D C:\AdwCleaner
2013-12-01 15:28 - 2012-01-15 19:22 - 01973235 _____ C:\Windows\WindowsUpdate.log
2013-12-01 15:28 - 2009-07-14 05:51 - 00182555 _____ C:\Windows\setupact.log
2013-12-01 15:17 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2013-12-01 15:16 - 2013-12-01 15:16 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-01 15:16 - 2013-12-01 15:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 15:15 - 2013-12-01 15:14 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Andi\Desktop\mbam-setup-1.75.0.1300(1).exe
2013-11-30 17:55 - 2013-10-08 08:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec3fb17587276.job
2013-11-30 08:31 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2013-11-29 23:45 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2013-11-29 21:20 - 2013-11-29 21:20 - 00000118 _____ C:\Users\Andi\Desktop\ComboFix.txt
2013-11-29 21:12 - 2010-11-21 04:47 - 00348232 _____ C:\Windows\PFRO.log
2013-11-29 20:46 - 2013-11-25 01:48 - 00000000 ___SD C:\32788R22FWJFW
2013-11-29 20:44 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-29 20:41 - 2013-11-29 20:41 - 05150163 ____R (Swearware) C:\Users\Andi\Desktop\ComboFix.exe
2013-11-28 21:56 - 2013-11-28 21:56 - 00000988 _____ C:\Users\Andi\Desktop\checkup.txt
2013-11-28 21:52 - 2013-11-28 21:52 - 00000988 _____ C:\Users\Admin\Desktop\checkup.txt
2013-11-28 21:17 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2013-11-28 18:00 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2013-11-28 18:00 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2013-11-28 18:00 - 2009-07-14 06:13 - 01528364 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-28 17:58 - 2013-11-28 17:58 - 00891184 _____ C:\Users\Andi\Desktop\SecurityCheck.exe
2013-11-28 17:57 - 2013-11-28 17:57 - 02347384 _____ (ESET) C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe
2013-11-27 13:04 - 2013-11-24 13:38 - 00037845 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-27 12:57 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-27 12:50 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:47 - 2013-11-27 12:48 - 00007207 _____ C:\Users\Andi\Desktop\AdwCleaner[S0].txt
2013-11-27 12:35 - 2012-06-02 13:24 - 00001333 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-11-27 12:35 - 2012-06-02 13:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-11-27 12:35 - 2012-06-02 13:17 - 00001057 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-27 12:35 - 2012-06-02 13:10 - 00000891 _____ C:\Users\Admin\Desktop\iexplore - Verknüpfung.lnk
2013-11-27 12:35 - 2012-06-02 11:23 - 00001200 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-27 12:15 - 2013-11-27 12:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 12:11 - 2013-11-27 12:11 - 01034531 _____ (Thisisu) C:\Users\Andi\Desktop\JRT.exe
2013-11-27 12:10 - 2013-11-27 12:10 - 01091882 _____ C:\Users\Andi\Desktop\adwcleaner.exe
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 15:29 - 2013-11-26 15:29 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller(1).zip
2013-11-26 15:28 - 2013-11-26 15:28 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller.zip
2013-11-26 15:23 - 2013-11-26 15:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andi\Desktop\tdsskiller.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 19:42 - 2012-06-02 11:43 - 00000000 ____D C:\ProgramData\clear.fi
2013-11-24 18:06 - 2013-11-24 18:06 - 00000000 ____D C:\Windows\pss
2013-11-24 16:54 - 2013-11-24 16:43 - 00000000 ____D C:\Windows\erdnt
2013-11-24 16:43 - 2013-11-24 16:43 - 00000000 ____D C:\Qoobox
2013-11-24 14:41 - 2013-11-24 14:41 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 14:13 - 2013-11-24 14:13 - 00009625 _____ C:\Users\Andi\Desktop\log_ESET.7z
2013-11-24 14:04 - 2013-11-24 14:04 - 00036850 _____ C:\Users\Andi\Desktop\FRST_alt.txt
2013-11-24 14:04 - 2013-11-24 14:04 - 00023873 _____ C:\Users\Andi\Desktop\Addition.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Desktop\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Desktop\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:36 - 2012-06-02 11:21 - 00000000 ____D C:\Users\Admin
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:54 - 2013-11-24 08:51 - 209467344 _____ (Emsisoft GmbH                                              ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:42 - 2013-11-24 08:40 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:28 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-24 08:23 - 2012-06-02 11:21 - 00119864 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 18:35 - 2013-11-23 16:32 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-23 17:31 - 2013-07-08 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-23 17:31 - 2012-06-02 13:19 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-11-23 17:25 - 2013-11-23 17:24 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:24 - 2013-11-23 17:22 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:37 - 2013-11-23 16:35 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 15:11 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos
2013-11-23 09:41 - 2013-11-20 12:27 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-23 09:28 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2013-11-19 06:30 - 2013-11-19 06:29 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-17 16:43 - 2012-06-05 06:00 - 00000000 ____D C:\Users\Andi
2013-11-16 11:53 - 2012-07-09 11:24 - 00000000 ____D C:\Windows\Minidump
2013-11-16 11:53 - 2012-07-09 11:23 - 519110408 _____ C:\Windows\MEMORY.DMP
2013-11-15 20:21 - 2013-11-15 20:17 - 00000000 ____D C:\Hörbücher
2013-11-14 06:46 - 2013-10-16 22:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 06:46 - 2013-04-15 21:58 - 00001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 16:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 08:57 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 08:55 - 2013-08-15 14:17 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 07:29 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 16:04 - 2013-02-07 07:26 - 00000000 ____D C:\Filme und Serien
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk
2013-11-02 19:58 - 2012-06-02 13:28 - 00119864 _____ C:\Users\Angi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-02 17:15 - 2012-06-02 13:52 - 00000000 ____D C:\Users\Angi\AppData\Roaming\SoftGrid Client
2013-11-02 16:55 - 2012-08-18 11:00 - 00000000 ____D C:\Users\Angi\Downloads\Rezepte
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

schrauber 02.12.2013 10:33

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

oigen 03.12.2013 08:15
Probleme gibt's aktuell keine...

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=15abe541e46392429fea2421aa038481
# engine=16108
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-03 05:20:37
# local_time=2013-12-03 06:20:37 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 29 827431 12598534 0 0
# compatibility_mode=8216 16776701 100 98 9724766 136060989 0 0
# scanned=233234
# found=4
# cleaned=0
# scan_time=33414
# nod_component=V3 Build:0x30000000
sh=95E0A800A171FB561B0272F091950FE0A09EA10D ft=1 fh=5179a328503fe202 vn="a variant of Win32/Kryptik.BPYF trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\9519~1\A535~1\E628~1\{b76a39d9-6a23-bedc-000d-ea3828816a40}\GoogleUpdate.exe.vir"
sh=46C1319EE38510C365A4226621DE30BDF7E462FF ft=1 fh=662930a683ab766b vn="Win64/Conedex.C trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\9519~1\A535~1\E628~1\{b76a39d9-6a23-bedc-000d-ea3828816a40}\U\00000004.@.vir"
sh=A065922E48E274F827BC8A04091A44632D498373 ft=1 fh=f3684398a5f5cf1b vn="Win64/Conedex.I trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\9519~1\A535~1\E628~1\{b76a39d9-6a23-bedc-000d-ea3828816a40}\U\00000008.@.vir"
sh=810E28D4E7B28D658DC48A82F0C65B46149AAE89 ft=1 fh=120d32a29875bbd8 vn="Win64/Conedex.B trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\9519~1\A535~1\E628~1\{b76a39d9-6a23-bedc-000d-ea3828816a40}\U\000000cb.@.vir"
Code:
Results of screen317's Security Check version 0.99.76 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security 6.0 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Adobe Flash Player 11.9.900.117 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Mozilla Firefox 14.0.1 Firefox out of Date! 
 Google Chrome 23.0.1271.97 
 Google Chrome 29.0.1547.66 
````````Process Check: objlist.exe by Laurent```````` 
 ESET NOD32 Antivirus egui.exe 
 ESET NOD32 Antivirus ekrn.exe 
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by Andi (ATTENTION: The logged in user is not administrator) on PC on 03-12-2013 07:50:35
Running from C:\Users\Andi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFix\Combobatch.bat
HKLM\...\Runonce: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] - 8
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-21] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Orbitum] - C:\Users\Andi\AppData\Local\Orbitum\Application\chrome.exe
HKCU\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {10e3d94e-ad86-11e1-b219-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {8cf2d829-4bc2-11e2-b468-001e101f7fb6} - E:\AutoRun.exe
MountPoints2: {9a409562-acd6-11e1-9bc0-642737311941} - F:\AutoRun.exe
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default-1382384792839
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] ()

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 07:50 - 2013-12-03 07:50 - 00014286 _____ C:\Users\Andi\Desktop\FRST.txt
2013-12-03 07:49 - 2013-12-03 07:49 - 00000988 _____ C:\Users\Andi\Desktop\checkup_neu.txt
2013-12-03 07:44 - 2013-12-03 07:44 - 00891184 _____ C:\Users\Andi\Desktop\SecurityCheck.exe
2013-12-02 21:00 - 2013-12-02 21:00 - 02347384 _____ (ESET) C:\Users\Andi\Downloads\esetsmartinstaller_enu.exe
2013-12-01 20:43 - 2013-12-03 06:21 - 00000000 ___RD C:\Users\Angi\Dropbox
2013-12-01 20:43 - 2013-12-01 20:43 - 00001036 _____ C:\Users\Angi\Desktop\Dropbox.lnk
2013-12-01 20:39 - 2013-12-03 06:21 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Dropbox
2013-12-01 20:39 - 2013-12-01 20:39 - 00000182 _____ C:\Windows\wininit.ini
2013-12-01 20:39 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-01 20:39 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2013-12-01 20:38 - 2013-12-01 20:39 - 35334016 _____ (Dropbox, Inc.) C:\Users\Angi\Downloads\Dropbox 2.4.7.exe
2013-12-01 15:39 - 2013-12-01 15:39 - 01959184 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-12-01 15:16 - 2013-12-01 15:16 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-01 15:15 - 2013-12-01 15:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 15:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-01 15:14 - 2013-12-01 15:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Andi\Desktop\mbam-setup-1.75.0.1300(1).exe
2013-11-29 20:41 - 2013-11-29 20:41 - 05150163 ____R (Swearware) C:\Users\Andi\Desktop\ComboFix.exe
2013-11-28 21:52 - 2013-11-28 21:52 - 00000988 _____ C:\Users\Admin\Desktop\checkup.txt
2013-11-28 17:57 - 2013-11-28 17:57 - 02347384 _____ (ESET) C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe
2013-11-27 12:56 - 2013-12-01 15:33 - 00000625 _____ C:\Users\Admin\Desktop\JRT.txt
2013-11-27 12:50 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:48 - 2013-11-27 12:47 - 00007207 _____ C:\Users\Andi\Desktop\AdwCleaner[S0].txt
2013-11-27 12:29 - 2013-12-01 15:28 - 00000000 ____D C:\AdwCleaner
2013-11-27 12:15 - 2013-11-27 12:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 12:11 - 2013-11-27 12:11 - 01034531 _____ (Thisisu) C:\Users\Andi\Desktop\JRT.exe
2013-11-27 12:10 - 2013-11-27 12:10 - 01091882 _____ C:\Users\Andi\Desktop\adwcleaner.exe
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 15:29 - 2013-11-26 15:29 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller(1).zip
2013-11-26 15:28 - 2013-11-26 15:28 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller.zip
2013-11-26 15:23 - 2013-11-26 15:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andi\Desktop\tdsskiller.exe
2013-11-25 01:48 - 2013-11-29 20:46 - 00000000 ___SD C:\32788R22FWJFW
2013-11-24 19:59 - 2013-11-24 19:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 18:06 - 2013-11-24 18:06 - 00000000 ____D C:\Windows\pss
2013-11-24 16:44 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-24 16:44 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-24 16:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-24 16:43 - 2013-11-24 16:54 - 00000000 ____D C:\Windows\erdnt
2013-11-24 16:43 - 2013-11-24 16:43 - 00000000 ____D C:\Qoobox
2013-11-24 14:41 - 2013-11-24 14:41 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 14:13 - 2013-11-24 14:13 - 00009625 _____ C:\Users\Andi\Desktop\log_ESET.7z
2013-11-24 14:04 - 2013-11-24 14:04 - 00023873 _____ C:\Users\Andi\Desktop\Addition.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Desktop\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:38 - 2013-11-27 13:04 - 00037845 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Desktop\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:51 - 2013-11-24 08:54 - 209467344 _____ (Emsisoft GmbH                                              ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:40 - 2013-11-24 08:42 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:26 - 2013-12-03 07:31 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 17:24 - 2013-11-23 17:25 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:22 - 2013-11-23 17:24 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:35 - 2013-11-23 16:37 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 16:32 - 2013-11-23 18:35 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-20 12:27 - 2013-11-23 09:41 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-19 06:29 - 2013-11-19 06:30 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-15 20:17 - 2013-11-15 20:21 - 00000000 ____D C:\Hörbücher
2013-11-13 08:57 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 08:57 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 08:57 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 08:57 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 08:57 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 08:57 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 08:57 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 08:57 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 07:23 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 07:23 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 07:23 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 07:23 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 07:23 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 07:23 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 07:23 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 07:23 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 07:23 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 07:23 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 07:23 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 07:23 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 07:23 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:24 - 2013-11-24 08:28 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2013-12-03 07:50 - 2013-12-03 07:50 - 00014286 _____ C:\Users\Andi\Desktop\FRST.txt
2013-12-03 07:49 - 2013-12-03 07:49 - 00000988 _____ C:\Users\Andi\Desktop\checkup_neu.txt
2013-12-03 07:44 - 2013-12-03 07:44 - 00891184 _____ C:\Users\Andi\Desktop\SecurityCheck.exe
2013-12-03 07:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 07:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-12-03 07:17 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2013-12-03 06:55 - 2013-10-08 08:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec3fb17587276.job
2013-12-03 06:24 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2013-12-03 06:24 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2013-12-03 06:24 - 2009-07-14 06:13 - 01528364 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 06:21 - 2013-12-01 20:43 - 00000000 ___RD C:\Users\Angi\Dropbox
2013-12-03 06:21 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Dropbox
2013-12-03 06:20 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-02 21:17 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2013-12-02 21:04 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-02 21:04 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-02 21:00 - 2013-12-02 21:00 - 02347384 _____ (ESET) C:\Users\Andi\Downloads\esetsmartinstaller_enu.exe
2013-12-02 20:59 - 2012-01-15 19:22 - 01099763 _____ C:\Windows\WindowsUpdate.log
2013-12-02 20:56 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-02 20:56 - 2009-07-14 05:51 - 00182611 _____ C:\Windows\setupact.log
2013-12-01 20:43 - 2013-12-01 20:43 - 00001036 _____ C:\Users\Angi\Desktop\Dropbox.lnk
2013-12-01 20:43 - 2012-06-02 13:28 - 00000000 ____D C:\Users\Angi
2013-12-01 20:39 - 2013-12-01 20:39 - 00000182 _____ C:\Windows\wininit.ini
2013-12-01 20:39 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-01 20:39 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2013-12-01 20:39 - 2013-12-01 20:38 - 35334016 _____ (Dropbox, Inc.) C:\Users\Angi\Downloads\Dropbox 2.4.7.exe
2013-12-01 20:39 - 2012-06-02 13:28 - 00000000 ___RD C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-01 20:31 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos
2013-12-01 15:39 - 2013-12-01 15:39 - 01959184 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-12-01 15:33 - 2013-11-27 12:56 - 00000625 _____ C:\Users\Admin\Desktop\JRT.txt
2013-12-01 15:28 - 2013-11-27 12:29 - 00000000 ____D C:\AdwCleaner
2013-12-01 15:16 - 2013-12-01 15:16 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-01 15:16 - 2013-12-01 15:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 15:15 - 2013-12-01 15:14 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Andi\Desktop\mbam-setup-1.75.0.1300(1).exe
2013-11-30 08:31 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2013-11-29 23:45 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2013-11-29 21:12 - 2010-11-21 04:47 - 00348232 _____ C:\Windows\PFRO.log
2013-11-29 20:46 - 2013-11-25 01:48 - 00000000 ___SD C:\32788R22FWJFW
2013-11-29 20:44 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-29 20:41 - 2013-11-29 20:41 - 05150163 ____R (Swearware) C:\Users\Andi\Desktop\ComboFix.exe
2013-11-28 21:52 - 2013-11-28 21:52 - 00000988 _____ C:\Users\Admin\Desktop\checkup.txt
2013-11-28 17:57 - 2013-11-28 17:57 - 02347384 _____ (ESET) C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe
2013-11-27 13:04 - 2013-11-24 13:38 - 00037845 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-27 12:57 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-27 12:50 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:47 - 2013-11-27 12:48 - 00007207 _____ C:\Users\Andi\Desktop\AdwCleaner[S0].txt
2013-11-27 12:35 - 2012-06-02 13:24 - 00001333 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-11-27 12:35 - 2012-06-02 13:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-11-27 12:35 - 2012-06-02 13:17 - 00001057 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-27 12:35 - 2012-06-02 13:10 - 00000891 _____ C:\Users\Admin\Desktop\iexplore - Verknüpfung.lnk
2013-11-27 12:35 - 2012-06-02 11:23 - 00001200 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-27 12:15 - 2013-11-27 12:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 12:11 - 2013-11-27 12:11 - 01034531 _____ (Thisisu) C:\Users\Andi\Desktop\JRT.exe
2013-11-27 12:10 - 2013-11-27 12:10 - 01091882 _____ C:\Users\Andi\Desktop\adwcleaner.exe
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 15:29 - 2013-11-26 15:29 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller(1).zip
2013-11-26 15:28 - 2013-11-26 15:28 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller.zip
2013-11-26 15:23 - 2013-11-26 15:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andi\Desktop\tdsskiller.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 19:42 - 2012-06-02 11:43 - 00000000 ____D C:\ProgramData\clear.fi
2013-11-24 18:06 - 2013-11-24 18:06 - 00000000 ____D C:\Windows\pss
2013-11-24 16:54 - 2013-11-24 16:43 - 00000000 ____D C:\Windows\erdnt
2013-11-24 16:43 - 2013-11-24 16:43 - 00000000 ____D C:\Qoobox
2013-11-24 14:41 - 2013-11-24 14:41 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 14:13 - 2013-11-24 14:13 - 00009625 _____ C:\Users\Andi\Desktop\log_ESET.7z
2013-11-24 14:04 - 2013-11-24 14:04 - 00023873 _____ C:\Users\Andi\Desktop\Addition.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Desktop\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Desktop\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:36 - 2012-06-02 11:21 - 00000000 ____D C:\Users\Admin
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:54 - 2013-11-24 08:51 - 209467344 _____ (Emsisoft GmbH                                              ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:42 - 2013-11-24 08:40 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:28 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-24 08:23 - 2012-06-02 11:21 - 00119864 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 18:35 - 2013-11-23 16:32 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-23 17:31 - 2013-07-08 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-23 17:31 - 2012-06-02 13:19 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-11-23 17:25 - 2013-11-23 17:24 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:24 - 2013-11-23 17:22 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:37 - 2013-11-23 16:35 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 09:41 - 2013-11-20 12:27 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-23 09:28 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2013-11-19 06:30 - 2013-11-19 06:29 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-17 16:43 - 2012-06-05 06:00 - 00000000 ____D C:\Users\Andi
2013-11-16 11:53 - 2012-07-09 11:24 - 00000000 ____D C:\Windows\Minidump
2013-11-16 11:53 - 2012-07-09 11:23 - 519110408 _____ C:\Windows\MEMORY.DMP
2013-11-15 20:21 - 2013-11-15 20:17 - 00000000 ____D C:\Hörbücher
2013-11-14 06:46 - 2013-10-16 22:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 06:46 - 2013-04-15 21:58 - 00001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 16:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 08:57 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 08:55 - 2013-08-15 14:17 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 07:29 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 16:04 - 2013-02-07 07:26 - 00000000 ____D C:\Filme und Serien
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
2013-11-04 22:58 - 2013-11-04 22:58 - 00001406 _____ C:\Users\Andi\Desktop\TinyPic - Verknüpfung.lnk
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== End Of Log ============================
--- --- ---


lg,
Andreas

schrauber 03.12.2013 12:42
Adobe und Firefox updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
HKLM\...\Run: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFix\Combobatch.bat
HKLM\...\Runonce: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] - 8
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


oigen 06.12.2013 07:43
Hi,

hatte schon am gleichen Tag deines letzten Posts geantwortet, aber irgendwie ging die Antwort verloren...

Hier das Log:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2013 02
Ran by Andi at 2013-12-03 22:39:20 Run:1
Running from C:\Users\Andi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
HKLM\...\Run: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFix\Combobatch.bat
HKLM\...\Runonce: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] - 8
HKLM-x32\...\RunOnce: [  Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
*****************


"C:\Program Files (x86)\Google\Desktop\Install" directory move:

Could not move "C:\Program Files (x86)\Google\Desktop\Install" directory. => Scheduled to move on reboot.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\combofix => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\combofix => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\runonceex\\flags => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\  Malwarebytes Anti-Malware  (cleanup) => Value not found.
Nach dem Reboot wurde anscheinend abgebrochen. Kann das daran liegen, dass Combofix bisher nie durgelaufen ist? Ich hatte immer das Problem mit dem laufenden Fenster, und musste es abbrechen...

lg,
Andreas

schrauber 06.12.2013 12:51
Poste bitte nochmal ein frisches FRST log.

oigen 09.12.2013 01:42
OK!


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2013 03
Ran by Andi (ATTENTION: The logged in user is not administrator) on PC on 09-12-2013 01:40:42
Running from C:\Users\Andi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFix\Combobatch.bat
HKLM\...\Runonce: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] - 8
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Orbitum] - C:\Users\Andi\AppData\Local\Orbitum\Application\chrome.exe
HKCU\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin [829832 2013-10-09] (Adobe Systems Incorporated)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {10e3d94e-ad86-11e1-b219-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {8cf2d829-4bc2-11e2-b468-001e101f7fb6} - E:\AutoRun.exe
MountPoints2: {9a409562-acd6-11e1-9bc0-642737311941} - F:\AutoRun.exe
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default-1382384792839
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] ()

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-09 01:39 - 2013-12-09 01:39 - 01927998 _____ (Farbar) C:\Users\Andi\Downloads\FRST64(1).exe
2013-12-09 01:38 - 2013-12-09 01:39 - 01927998 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-12-09 00:58 - 2013-12-09 01:03 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2013-12-03 22:25 - 2013-12-03 22:25 - 00283184 _____ (Mozilla) C:\Users\Andi\Downloads\Firefox Setup Stub 25.0.1.exe
2013-12-03 22:17 - 2013-12-03 22:17 - 00000690 _____ C:\Users\Angi\Desktop\Bestellung_HappyFoto.psc
2013-12-03 22:17 - 2013-12-03 22:17 - 00000000 ____D C:\Users\Angi\Desktop\Bestellung_HappyFoto-Dateien
2013-12-03 16:05 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-03 16:02 - 2013-12-03 16:02 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 16:02 - 2013-12-03 16:02 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 16:02 - 2013-12-03 16:02 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 16:02 - 2013-12-03 16:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 16:02 - 2013-12-03 16:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 16:02 - 2013-12-03 16:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 16:02 - 2013-12-03 16:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 16:02 - 2013-12-03 16:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 16:02 - 2013-12-03 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 16:01 - 2013-12-03 16:01 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 16:01 - 2013-12-03 16:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-03 16:00 - 2013-12-03 16:05 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 15:33 - 2013-12-03 15:33 - 00009635 _____ C:\Users\Angi\Desktop\Kreativposter.pcf
2013-12-03 15:33 - 2013-12-03 15:33 - 00000000 ____D C:\Users\Angi\Desktop\Kreativposter-Dateien
2013-12-03 13:10 - 2013-12-03 13:10 - 00001073 _____ C:\Users\Public\Desktop\HappyFoto-Designer.lnk
2013-12-03 13:10 - 2013-12-03 13:10 - 00000000 ____D C:\Users\Angi\AppData\Local\HappyFoto-Designer
2013-12-03 13:08 - 2013-12-03 13:10 - 00000000 ____D C:\Program Files (x86)\HappyFoto-Designer
2013-12-03 13:08 - 2013-12-03 13:08 - 00000000 ____D C:\ProgramData\HappyFoto-Designer
2013-12-03 13:04 - 2013-12-03 13:07 - 255251040 _____ (                                                            ) C:\Users\Angi\Downloads\HappyFoto-Designer.exe
2013-12-03 07:50 - 2013-12-09 01:40 - 00014362 _____ C:\Users\Andi\Desktop\FRST.txt
2013-12-03 07:49 - 2013-12-03 07:49 - 00000988 _____ C:\Users\Andi\Desktop\checkup_neu.txt
2013-12-03 07:44 - 2013-12-03 07:44 - 00891184 _____ C:\Users\Andi\Desktop\SecurityCheck.exe
2013-12-02 21:00 - 2013-12-02 21:00 - 02347384 _____ (ESET) C:\Users\Andi\Downloads\esetsmartinstaller_enu.exe
2013-12-01 20:43 - 2013-12-08 17:06 - 00000000 ___RD C:\Users\Angi\Dropbox
2013-12-01 20:43 - 2013-12-01 20:43 - 00001036 _____ C:\Users\Angi\Desktop\Dropbox.lnk
2013-12-01 20:39 - 2013-12-08 17:06 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Dropbox
2013-12-01 20:39 - 2013-12-01 20:39 - 00000182 _____ C:\Windows\wininit.ini
2013-12-01 20:39 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-01 20:39 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2013-12-01 20:38 - 2013-12-01 20:39 - 35334016 _____ (Dropbox, Inc.) C:\Users\Angi\Downloads\Dropbox 2.4.7.exe
2013-12-01 15:16 - 2013-12-01 15:16 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-01 15:15 - 2013-12-01 15:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 15:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-01 15:14 - 2013-12-01 15:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Andi\Desktop\mbam-setup-1.75.0.1300(1).exe
2013-11-29 20:41 - 2013-11-29 20:41 - 05150163 ____R (Swearware) C:\Users\Andi\Desktop\ComboFix.exe
2013-11-28 21:52 - 2013-11-28 21:52 - 00000988 _____ C:\Users\Admin\Desktop\checkup.txt
2013-11-28 17:57 - 2013-11-28 17:57 - 02347384 _____ (ESET) C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe
2013-11-27 12:56 - 2013-12-01 15:33 - 00000625 _____ C:\Users\Admin\Desktop\JRT.txt
2013-11-27 12:50 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:48 - 2013-11-27 12:47 - 00007207 _____ C:\Users\Andi\Desktop\AdwCleaner[S0].txt
2013-11-27 12:29 - 2013-12-01 15:28 - 00000000 ____D C:\AdwCleaner
2013-11-27 12:15 - 2013-11-27 12:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 12:11 - 2013-11-27 12:11 - 01034531 _____ (Thisisu) C:\Users\Andi\Desktop\JRT.exe
2013-11-27 12:10 - 2013-11-27 12:10 - 01091882 _____ C:\Users\Andi\Desktop\adwcleaner.exe
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 15:29 - 2013-11-26 15:29 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller(1).zip
2013-11-26 15:28 - 2013-11-26 15:28 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller.zip
2013-11-26 15:23 - 2013-11-26 15:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andi\Desktop\tdsskiller.exe
2013-11-25 01:48 - 2013-11-29 20:46 - 00000000 ___SD C:\32788R22FWJFW
2013-11-24 19:59 - 2013-11-24 19:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 18:06 - 2013-11-24 18:06 - 00000000 ____D C:\Windows\pss
2013-11-24 16:44 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-24 16:44 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-24 16:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-24 16:44 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-24 16:43 - 2013-11-24 16:54 - 00000000 ____D C:\Windows\erdnt
2013-11-24 16:43 - 2013-11-24 16:43 - 00000000 ____D C:\Qoobox
2013-11-24 14:41 - 2013-11-24 14:41 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 14:13 - 2013-11-24 14:13 - 00009625 _____ C:\Users\Andi\Desktop\log_ESET.7z
2013-11-24 14:04 - 2013-11-24 14:04 - 00023873 _____ C:\Users\Andi\Desktop\Addition.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Desktop\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:38 - 2013-11-27 13:04 - 00037845 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Desktop\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:51 - 2013-11-24 08:54 - 209467344 _____ (Emsisoft GmbH                                              ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:40 - 2013-12-09 01:40 - 00000000 ____D C:\FRST
2013-11-24 08:40 - 2013-11-24 08:42 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:26 - 2013-12-09 01:31 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 17:24 - 2013-11-23 17:25 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:22 - 2013-11-23 17:24 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:35 - 2013-11-23 16:37 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 16:32 - 2013-11-23 18:35 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-20 12:27 - 2013-11-23 09:41 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-19 06:29 - 2013-11-19 06:30 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-15 20:17 - 2013-11-15 20:21 - 00000000 ____D C:\Hörbücher
2013-11-13 07:23 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 07:23 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 07:23 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 07:23 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 07:23 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 07:23 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 07:23 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 07:23 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 07:23 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 07:23 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 07:23 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 07:23 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 07:23 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 07:23 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 07:23 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 07:23 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 07:23 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 07:23 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 07:23 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 07:23 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 07:23 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:24 - 2013-11-24 08:28 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe

==================== One Month Modified Files and Folders =======

2013-12-09 01:40 - 2013-12-03 07:50 - 00014362 _____ C:\Users\Andi\Desktop\FRST.txt
2013-12-09 01:40 - 2013-11-24 08:40 - 00000000 ____D C:\FRST
2013-12-09 01:39 - 2013-12-09 01:39 - 01927998 _____ (Farbar) C:\Users\Andi\Downloads\FRST64(1).exe
2013-12-09 01:39 - 2013-12-09 01:38 - 01927998 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-12-09 01:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-09 01:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-12-09 01:23 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2013-12-09 01:03 - 2013-12-09 00:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2013-12-09 01:03 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-08 19:29 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-08 19:29 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-08 18:37 - 2012-01-15 19:22 - 01573788 _____ C:\Windows\WindowsUpdate.log
2013-12-08 18:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-08 18:36 - 2009-07-14 05:51 - 00183619 _____ C:\Windows\setupact.log
2013-12-08 17:23 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2013-12-08 17:06 - 2013-12-01 20:43 - 00000000 ___RD C:\Users\Angi\Dropbox
2013-12-08 17:06 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Dropbox
2013-12-07 08:31 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2013-12-06 13:37 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-04 07:03 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2013-12-04 07:03 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2013-12-04 07:03 - 2009-07-14 06:13 - 01528364 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 22:39 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-03 22:39 - 2010-11-21 04:47 - 00356792 _____ C:\Windows\PFRO.log
2013-12-03 22:28 - 2012-06-05 06:34 - 00000000 ____D C:\Users\Andi\AppData\Local\Mozilla
2013-12-03 22:26 - 2012-06-02 13:17 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-03 22:25 - 2013-12-03 22:25 - 00283184 _____ (Mozilla) C:\Users\Andi\Downloads\Firefox Setup Stub 25.0.1.exe
2013-12-03 22:17 - 2013-12-03 22:17 - 00000690 _____ C:\Users\Angi\Desktop\Bestellung_HappyFoto.psc
2013-12-03 22:17 - 2013-12-03 22:17 - 00000000 ____D C:\Users\Angi\Desktop\Bestellung_HappyFoto-Dateien
2013-12-03 22:17 - 2012-06-05 06:01 - 00001429 _____ C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 22:01 - 2012-06-02 13:28 - 00001429 _____ C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 21:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-03 16:05 - 2013-12-03 16:00 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 16:02 - 2013-12-03 16:02 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 16:02 - 2013-12-03 16:02 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 16:02 - 2013-12-03 16:02 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 16:02 - 2013-12-03 16:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 16:02 - 2013-12-03 16:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 16:02 - 2013-12-03 16:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 16:02 - 2013-12-03 16:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 16:02 - 2013-12-03 16:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 16:02 - 2013-12-03 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 16:01 - 2013-12-03 16:01 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 16:01 - 2013-12-03 16:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-03 15:33 - 2013-12-03 15:33 - 00009635 _____ C:\Users\Angi\Desktop\Kreativposter.pcf
2013-12-03 15:33 - 2013-12-03 15:33 - 00000000 ____D C:\Users\Angi\Desktop\Kreativposter-Dateien
2013-12-03 13:10 - 2013-12-03 13:10 - 00001073 _____ C:\Users\Public\Desktop\HappyFoto-Designer.lnk
2013-12-03 13:10 - 2013-12-03 13:10 - 00000000 ____D C:\Users\Angi\AppData\Local\HappyFoto-Designer
2013-12-03 13:10 - 2013-12-03 13:08 - 00000000 ____D C:\Program Files (x86)\HappyFoto-Designer
2013-12-03 13:08 - 2013-12-03 13:08 - 00000000 ____D C:\ProgramData\HappyFoto-Designer
2013-12-03 13:08 - 2011-10-14 04:34 - 00000846 _____ C:\Windows\DirectX.log
2013-12-03 13:07 - 2013-12-03 13:04 - 255251040 _____ (                                                            ) C:\Users\Angi\Downloads\HappyFoto-Designer.exe
2013-12-03 07:49 - 2013-12-03 07:49 - 00000988 _____ C:\Users\Andi\Desktop\checkup_neu.txt
2013-12-03 07:44 - 2013-12-03 07:44 - 00891184 _____ C:\Users\Andi\Desktop\SecurityCheck.exe
2013-12-02 21:00 - 2013-12-02 21:00 - 02347384 _____ (ESET) C:\Users\Andi\Downloads\esetsmartinstaller_enu.exe
2013-12-01 20:43 - 2013-12-01 20:43 - 00001036 _____ C:\Users\Angi\Desktop\Dropbox.lnk
2013-12-01 20:43 - 2012-06-02 13:28 - 00000000 ____D C:\Users\Angi
2013-12-01 20:39 - 2013-12-01 20:39 - 00000182 _____ C:\Windows\wininit.ini
2013-12-01 20:39 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-01 20:39 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2013-12-01 20:39 - 2013-12-01 20:38 - 35334016 _____ (Dropbox, Inc.) C:\Users\Angi\Downloads\Dropbox 2.4.7.exe
2013-12-01 20:39 - 2012-06-02 13:28 - 00000000 ___RD C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-01 20:31 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos
2013-12-01 15:33 - 2013-11-27 12:56 - 00000625 _____ C:\Users\Admin\Desktop\JRT.txt
2013-12-01 15:28 - 2013-11-27 12:29 - 00000000 ____D C:\AdwCleaner
2013-12-01 15:16 - 2013-12-01 15:16 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-01 15:16 - 2013-12-01 15:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 15:15 - 2013-12-01 15:14 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Andi\Desktop\mbam-setup-1.75.0.1300(1).exe
2013-11-29 23:45 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2013-11-29 20:46 - 2013-11-25 01:48 - 00000000 ___SD C:\32788R22FWJFW
2013-11-29 20:41 - 2013-11-29 20:41 - 05150163 ____R (Swearware) C:\Users\Andi\Desktop\ComboFix.exe
2013-11-28 21:52 - 2013-11-28 21:52 - 00000988 _____ C:\Users\Admin\Desktop\checkup.txt
2013-11-28 17:57 - 2013-11-28 17:57 - 02347384 _____ (ESET) C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe
2013-11-27 13:04 - 2013-11-24 13:38 - 00037845 _____ C:\Users\Andi\Downloads\FRST.txt
2013-11-27 12:50 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:47 - 2013-11-27 12:48 - 00007207 _____ C:\Users\Andi\Desktop\AdwCleaner[S0].txt
2013-11-27 12:35 - 2012-06-02 13:24 - 00001333 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-11-27 12:35 - 2012-06-02 13:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-11-27 12:35 - 2012-06-02 13:10 - 00000891 _____ C:\Users\Admin\Desktop\iexplore - Verknüpfung.lnk
2013-11-27 12:35 - 2012-06-02 11:23 - 00001200 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-27 12:15 - 2013-11-27 12:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 12:11 - 2013-11-27 12:11 - 01034531 _____ (Thisisu) C:\Users\Andi\Desktop\JRT.exe
2013-11-27 12:10 - 2013-11-27 12:10 - 01091882 _____ C:\Users\Andi\Desktop\adwcleaner.exe
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 11:58 - 2013-11-27 11:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 15:29 - 2013-11-26 15:29 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller(1).zip
2013-11-26 15:28 - 2013-11-26 15:28 - 04101441 _____ C:\Users\Admin\Downloads\tdsskiller.zip
2013-11-26 15:23 - 2013-11-26 15:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andi\Desktop\tdsskiller.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 19:59 - 2013-11-24 19:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 19:42 - 2012-06-02 11:43 - 00000000 ____D C:\ProgramData\clear.fi
2013-11-24 18:06 - 2013-11-24 18:06 - 00000000 ____D C:\Windows\pss
2013-11-24 16:54 - 2013-11-24 16:43 - 00000000 ____D C:\Windows\erdnt
2013-11-24 16:43 - 2013-11-24 16:43 - 00000000 ____D C:\Qoobox
2013-11-24 14:41 - 2013-11-24 14:41 - 00000472 _____ C:\Users\Andi\Downloads\defogger_disable.log
2013-11-24 14:13 - 2013-11-24 14:13 - 00009625 _____ C:\Users\Andi\Desktop\log_ESET.7z
2013-11-24 14:04 - 2013-11-24 14:04 - 00023873 _____ C:\Users\Andi\Desktop\Addition.txt
2013-11-24 13:51 - 2013-11-24 13:51 - 00092969 _____ C:\Users\Andi\Desktop\gmer.txt
2013-11-24 13:40 - 2013-11-24 13:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-24 13:36 - 2013-11-24 13:36 - 00000472 _____ C:\Users\Andi\Desktop\defogger_disable.log
2013-11-24 13:36 - 2013-11-24 13:36 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-24 13:36 - 2012-06-02 11:21 - 00000000 ____D C:\Users\Admin
2013-11-24 13:34 - 2013-11-24 13:34 - 00050477 _____ C:\Users\Andi\Downloads\Defogger.exe
2013-11-24 08:54 - 2013-11-24 08:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-24 08:54 - 2013-11-24 08:51 - 209467344 _____ (Emsisoft GmbH                                              ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-24 08:42 - 2013-11-24 08:42 - 00028988 _____ C:\Users\Admin\Downloads\Addition.txt
2013-11-24 08:42 - 2013-11-24 08:40 - 00041653 _____ C:\Users\Admin\Downloads\FRST.txt
2013-11-24 08:40 - 2013-11-24 08:40 - 01958396 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-11-24 08:39 - 2013-11-24 08:39 - 01091525 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2013-11-24 08:28 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-11-24 08:23 - 2012-06-02 11:21 - 00119864 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 18:35 - 2013-11-23 16:32 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-23 17:31 - 2013-07-08 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-23 17:31 - 2012-06-02 13:19 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-11-23 17:25 - 2013-11-23 17:24 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 17:24 - 2013-11-23 17:22 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 16:37 - 2013-11-23 16:35 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 09:41 - 2013-11-20 12:27 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)
2013-11-23 09:28 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2013-11-19 06:30 - 2013-11-19 06:29 - 00000000 ____D C:\Users\Andi\AppData\Local\{51C3EEAD-C896-4909-B15A-D4D1A00705EF}
2013-11-19 03:33 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-17 16:43 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-11-17 16:43 - 2012-06-05 06:00 - 00000000 ____D C:\Users\Andi
2013-11-16 11:53 - 2012-07-09 11:24 - 00000000 ____D C:\Windows\Minidump
2013-11-16 11:53 - 2012-07-09 11:23 - 519110408 _____ C:\Windows\MEMORY.DMP
2013-11-15 20:21 - 2013-11-15 20:17 - 00000000 ____D C:\Hörbücher
2013-11-14 06:46 - 2013-10-16 22:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 06:46 - 2013-04-15 21:58 - 00001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 16:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 08:57 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 08:55 - 2013-08-15 14:17 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 07:29 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-10 16:04 - 2013-02-07 07:26 - 00000000 ____D C:\Filme und Serien
2013-11-10 14:25 - 2013-11-10 14:25 - 00001196 _____ C:\Users\Admin\Desktop\BitTorrent.lnk
2013-11-10 14:25 - 2013-11-10 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2013-11-10 14:23 - 2013-11-10 14:23 - 01137240 _____ (BitTorrent Inc.) C:\Users\Andi\Downloads\BitTorrent7.8.2_b30265.exe
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 09.12.2013 10:35
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



dann nochmal ein frisches FRST log bitte.

oigen 09.12.2013 23:58
Leider wieder nicht erfolgreich :(

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-12-2013
Ran by Andi at 2013-12-09 23:54:31 Run:2
Running from C:\Users\Andi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
*****************


"C:\Program Files (x86)\Google\Desktop\Install" directory move:

Could not move "C:\Program Files (x86)\Google\Desktop\Install" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-12-09 23:55:49)<=

==> ATTENTION: System is not rebooted.
"C:\Program Files (x86)\Google\Desktop\Install" => Directory could not move.

==== End of Fixlog ====

schrauber 10.12.2013 12:13
Du musst FRST auch mit Adminrechten laufen lassen.


Zitat:
Ran by Andi (ATTENTION: The logged in user is not administrator) on PC on 09-12-2013 01:40:42

oigen 10.12.2013 22:47
Sieht besser aus :)

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-12-2013
Ran by Admin at 2013-12-10 22:43:40 Run:3
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
*****************

C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.

==== End of Fixlog ====

schrauber 11.12.2013 12:59
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

oigen 13.12.2013 22:43
Hi,

nochmals vielen Dank. Ich bin die Schritte durchgegangen und prinzipiell hat alles gut ausgesehen. Das einzige, was mir aufgefallen ist: das Verzeichnis C:\FRST wurde nicht gelöscht, und wenn ich es manuell entfernen möchte, bricht der Windows-Explorer ab.

Ansonsten auch nocheinmal vielen Dank für die wertvollen Tipps im Anschluss!

Liebe Grüße,
Andreas

schrauber 14.12.2013 07:56
Lade Delfix mal neu und lass es nochmal laufen. Wenn der Ordner dann noch da ist lösche ihn im abgesicherten Modus :)

oigen 14.12.2013 10:39
DelFix schreibt zwar, dass es FRST gelöscht hat - siehe hier:
Code:
# DelFix v10.6 - Datei am 14/12/2013 um 10:21:04 erstellt
# Aktualisiert am 11/11/2013 von Xplode
# Benutzer : Admin - PC
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : \FRST

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #113 [Ende der Bereinigung | 12/13/2013 20:55:46]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########
Trotzdem war das Verzeichnis nachher noch da. Bis auf \Quarantine konnte ich es im abgesicherten Modus löschen - bei diesem Verzeichnis passiert aber leider nichts bzw. stürzt der Windows-Explorer wie zuvor ab.

schrauber 14.12.2013 16:21
Tool-Bereinigung mit OTC
Bitte lade Dir OTC von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTC.exe um das Programm auszuführen.
  • Eine Datei* sollte nun heruntergeladen werden.
    *Das ist eine Datei mit einer Liste von Helferprogrammen, die dann automatisch von Deinem System entfernt werden.
  • OTC fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTC und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind.

oigen 14.12.2013 21:37
Leider wieder kein Erfolg...

Das Programm führt gleich nach der Ausführung einen Neustart durch - nach dem Neustart (als Admin) wirkt es so, wie wenn gar nichts mehr passiert. Das Verzeichnis ist immer noch da.

schrauber 15.12.2013 08:13
LOL, das ist ja strange :)

Der Pfad ist C:\FRST oder? zu dem Ordner?

oigen 15.12.2013 10:39
Ja genau. Und drinnen ist nur noch \Quarantine\Install\... - der Pfad der schon ursprünglich in Google\Desktop genauso ausgesehen hat, und nicht zu löschen war.

Sowas dürfte wohl nicht zu oft vorkommen... :rolleyes:

schrauber 15.12.2013 18:54
Der ist in Quarasntäne, also hat das nix mit Malware zu tun.

Falls noch nicht vorhanden, lade Dir OTM von OldTimer herunter.Sollte eine Datei oder ein Ordner nicht verschoben werden können, wirst Du eventuell aufgefordert, den PC neuzustarten damit der Prozess abgeschlossen werden kann. Sollte dies der Fall sein, bestätige das mit Ja..

oigen 16.12.2013 20:30
OK - FRST ist weg :)

Code:
All processes killed
========== FILES ==========
Folder move failed. C:\FRST\Quarantine\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\  \... scheduled to be moved on reboot.
C:\FRST\Quarantine\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40}\    folder moved successfully.
Folder move failed. C:\FRST\Quarantine\Install\{b76a39d9-6a23-bedc-000d-ea3828816a40} scheduled to be moved on reboot.
C:\FRST\Quarantine\Install folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 2382751 bytes
->Temporary Internet Files folder emptied: 26275289 bytes
->FireFox cache emptied: 104879121 bytes
->Google Chrome cache emptied: 68601957 bytes
->Flash cache emptied: 58694 bytes
 
User: All Users
 
User: Andi
->Temp folder emptied: 19288529 bytes
->Temporary Internet Files folder emptied: 280497470 bytes
->FireFox cache emptied: 403571036 bytes
->Flash cache emptied: 80248 bytes
 
User: Angi
->Temp folder emptied: 1900496 bytes
->Temporary Internet Files folder emptied: 13465727 bytes
->FireFox cache emptied: 323667379 bytes
->Google Chrome cache emptied: 390280942 bytes
->Flash cache emptied: 76467 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Hans
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 100558971 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 39024 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50562 bytes
RecycleBin emptied: 5440 bytes
 
Total Files Cleaned = 1.655,00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 12162013_202043

schrauber 17.12.2013 10:40
Dann jetzt bitte in OTM auf den Cleanup Button drücken :)

oigen 19.12.2013 20:19
Ähnliches Problem - OTM läuft durch. Dafür habe ich jetzt einen Ordner C:\_OTM wo die verschobenen Dateien drin sind, und sich wieder nicht löschen lassen...

schrauber 20.12.2013 11:35
LOL, das wird ja spannend. Bitte jetzt mal OTC laufen lassen wie einige Posts zuvor.

oigen 20.12.2013 17:47
Leider keine Veränderung - C:\_OTM noch da und kann nicht gelöscht werden. :eek:

schrauber 21.12.2013 16:17
Das is ja witzig.

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


oigen 22.12.2013 16:56
OK!

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02
Ran by SYSTEM on MININT-NK9HDUA on 22-12-2013 16:49:14
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-15] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFix\Combobatch.bat
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKU\Admin\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Admin\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKU\Admin\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\Andi\...\Run: [Orbitum] - C:\Users\Andi\AppData\Local\Orbitum\Application\chrome.exe
HKU\Andi\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Angi\...\Run: [Google Update] - C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-02] (Google Inc.)
HKU\Angi\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\Hans\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\UpdatusUser\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) =================

S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-01] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] ()

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
S1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-19] (DEVGURU Co., LTD.(www.devguru.co.kr))
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-22 16:49 - 2013-12-22 16:49 - 00000000 ____D C:\FRST
2013-12-22 07:34 - 2013-12-22 07:34 - 01928024 _____ (Farbar) C:\Users\Andi\Downloads\FRST64.exe
2013-12-22 01:18 - 2013-12-22 02:11 - 262144000 _____ C:\Users\Andi\Downloads\DareDorm.11.12.30.Girls.Girls.Girls.XXX.INTERNAL.HR.FLV-KTR_mov-world.net.part1.rar
2013-12-21 02:08 - 2013-12-21 02:08 - 00000000 ____D C:\Users\Andi\AppData\Roaming\wargaming.net
2013-12-20 14:25 - 2010-06-01 19:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-12-20 14:25 - 2010-06-01 19:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-12-20 14:25 - 2010-06-01 19:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-12-20 14:25 - 2010-06-01 19:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2013-12-20 14:25 - 2010-06-01 19:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-12-20 14:25 - 2010-06-01 19:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-12-20 14:25 - 2010-05-26 02:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-12-20 14:25 - 2010-05-26 02:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2013-12-20 14:25 - 2010-05-26 02:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-12-20 14:25 - 2010-05-26 02:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-20 14:25 - 2010-05-26 02:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2013-12-20 14:25 - 2010-05-26 02:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-12-20 14:25 - 2010-05-26 02:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2013-12-20 14:25 - 2010-05-26 02:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-12-20 14:25 - 2010-05-26 02:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-12-20 14:25 - 2010-05-26 02:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-12-20 14:25 - 2010-02-04 01:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2013-12-20 14:25 - 2010-02-04 01:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-12-20 14:25 - 2010-02-04 01:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-12-20 14:25 - 2010-02-04 01:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-12-20 14:25 - 2010-02-04 01:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2013-12-20 14:25 - 2010-02-04 01:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-12-20 14:25 - 2010-02-04 01:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-12-20 14:25 - 2010-02-04 01:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-12-20 14:25 - 2009-09-04 08:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2013-12-20 14:25 - 2009-09-04 08:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-12-20 14:25 - 2009-09-04 08:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2013-12-20 14:25 - 2009-09-04 08:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2013-12-20 14:25 - 2009-09-04 08:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2013-12-20 14:25 - 2009-09-04 08:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-12-20 14:25 - 2009-09-04 08:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2013-12-20 14:25 - 2009-09-04 08:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2013-12-20 14:25 - 2009-09-04 08:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-12-20 14:25 - 2009-09-04 08:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-12-20 14:25 - 2009-09-04 08:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2013-12-20 14:25 - 2009-09-04 08:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-12-20 14:25 - 2009-03-16 05:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2013-12-20 14:25 - 2009-03-16 05:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-12-20 14:25 - 2009-03-16 05:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-12-20 14:25 - 2009-03-16 05:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2013-12-20 14:25 - 2009-03-16 05:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2013-12-20 14:25 - 2009-03-16 05:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-12-20 14:25 - 2009-03-09 06:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2013-12-20 14:25 - 2009-03-09 06:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-12-20 14:25 - 2009-03-09 06:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2013-12-20 14:25 - 2009-03-09 06:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2013-12-20 14:25 - 2008-10-27 01:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2013-12-20 14:25 - 2008-10-27 01:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-12-20 14:25 - 2008-10-27 01:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-12-20 14:25 - 2008-10-27 01:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2013-12-20 14:25 - 2008-10-27 01:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2013-12-20 14:25 - 2008-10-27 01:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-12-20 14:25 - 2008-10-27 01:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2013-12-20 14:25 - 2008-10-27 01:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-12-20 14:25 - 2008-10-09 19:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2013-12-20 14:25 - 2008-10-09 19:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-12-20 14:25 - 2008-10-09 19:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2013-12-20 14:25 - 2008-10-09 19:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-12-20 14:25 - 2008-10-09 19:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2013-12-20 14:25 - 2008-10-09 19:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-12-20 14:25 - 2008-07-31 01:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-12-20 14:25 - 2008-07-31 01:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2013-12-20 14:25 - 2008-07-31 01:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2013-12-20 14:25 - 2008-07-31 01:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-12-20 14:25 - 2008-07-31 01:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2013-12-20 14:25 - 2008-07-31 01:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-12-20 14:25 - 2008-07-10 02:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-12-20 14:25 - 2008-07-10 02:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-12-20 14:25 - 2008-07-10 02:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-12-20 14:25 - 2008-05-30 05:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2013-12-20 14:25 - 2008-05-30 05:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-12-20 14:25 - 2008-05-30 05:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-12-20 14:25 - 2008-05-30 05:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2013-12-20 14:25 - 2008-05-30 05:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2013-12-20 14:25 - 2008-05-30 05:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-12-20 14:25 - 2008-05-30 05:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-12-20 14:25 - 2008-05-30 05:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2013-12-20 14:25 - 2008-05-30 05:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2013-12-20 14:25 - 2008-05-30 05:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-12-20 14:25 - 2008-05-30 05:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2013-12-20 14:25 - 2008-05-30 05:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-12-20 14:25 - 2008-05-30 05:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2013-12-20 14:25 - 2008-05-30 05:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-12-20 14:25 - 2008-03-05 07:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2013-12-20 14:25 - 2008-03-05 07:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-12-20 14:25 - 2008-03-05 07:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-12-20 14:25 - 2008-03-05 07:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2013-12-20 14:25 - 2008-03-05 07:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2013-12-20 14:25 - 2008-03-05 07:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-12-20 14:25 - 2008-03-05 06:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2013-12-20 14:25 - 2008-03-05 06:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-12-20 14:25 - 2008-03-05 06:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2013-12-20 14:25 - 2008-03-05 06:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-12-20 14:25 - 2008-02-05 14:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2013-12-20 14:25 - 2008-02-05 14:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-12-20 14:25 - 2007-10-21 18:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2013-12-20 14:25 - 2007-10-21 18:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-12-20 14:25 - 2007-10-21 18:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2013-12-20 14:25 - 2007-10-21 18:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-12-20 14:25 - 2007-10-12 06:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2013-12-20 14:25 - 2007-10-12 06:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-12-20 14:25 - 2007-10-12 06:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2013-12-20 14:25 - 2007-10-12 06:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-12-20 14:25 - 2007-10-02 00:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2013-12-20 14:25 - 2007-10-02 00:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-12-20 14:25 - 2007-07-19 15:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2013-12-20 14:25 - 2007-07-19 15:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-12-20 14:25 - 2007-07-19 09:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2013-12-20 14:25 - 2007-07-19 09:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-12-20 14:25 - 2007-07-19 09:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2013-12-20 14:25 - 2007-07-19 09:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-12-20 14:25 - 2007-06-20 11:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2013-12-20 14:25 - 2007-06-20 11:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-12-20 14:25 - 2007-05-16 07:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2013-12-20 14:25 - 2007-05-16 07:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-12-20 14:25 - 2007-05-16 07:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2013-12-20 14:25 - 2007-05-16 07:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-12-20 14:25 - 2007-05-16 07:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2013-12-20 14:25 - 2007-05-16 07:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-12-20 14:25 - 2007-04-04 09:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2013-12-20 14:25 - 2007-04-04 09:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-12-20 14:25 - 2007-04-04 09:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2013-12-20 14:25 - 2007-04-04 09:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-12-20 14:25 - 2007-03-15 07:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2013-12-20 14:25 - 2007-03-15 07:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-12-20 14:25 - 2007-03-12 07:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2013-12-20 14:25 - 2007-03-12 07:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-12-20 14:25 - 2007-03-12 07:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2013-12-20 14:25 - 2007-03-12 07:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-12-20 14:25 - 2007-03-05 03:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2013-12-20 14:25 - 2007-03-05 03:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-12-20 14:25 - 2007-01-24 06:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2013-12-20 14:25 - 2007-01-24 06:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-12-20 14:25 - 2006-12-08 03:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-12-20 14:25 - 2006-12-08 03:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2013-12-20 14:25 - 2006-11-29 04:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2013-12-20 14:25 - 2006-11-29 04:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-12-20 14:25 - 2006-09-28 07:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-12-20 14:25 - 2006-09-28 07:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-12-20 14:25 - 2006-09-28 07:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2013-12-20 14:24 - 2006-07-28 00:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2013-12-20 14:24 - 2006-07-28 00:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2013-12-20 14:24 - 2006-07-28 00:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-12-20 14:24 - 2006-07-28 00:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-12-20 14:24 - 2006-05-30 22:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-12-20 14:24 - 2006-05-30 22:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2013-12-20 14:24 - 2006-03-31 03:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2013-12-20 14:24 - 2006-03-31 03:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-12-20 14:24 - 2006-03-31 03:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2013-12-20 14:24 - 2006-03-31 03:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-12-20 14:24 - 2006-02-02 23:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2013-12-20 14:24 - 2006-02-02 23:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-12-20 14:24 - 2006-02-02 23:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2013-12-20 14:24 - 2006-02-02 23:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-12-20 14:24 - 2006-02-02 23:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2013-12-20 14:24 - 2006-02-02 23:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-12-20 14:24 - 2005-12-05 09:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2013-12-20 14:24 - 2005-12-05 09:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-12-20 14:24 - 2005-07-22 10:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2013-12-20 14:24 - 2005-07-22 10:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-12-20 14:24 - 2005-05-26 06:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2013-12-20 14:24 - 2005-05-26 06:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-12-20 14:24 - 2005-03-18 08:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2013-12-20 14:24 - 2005-03-18 08:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-12-20 14:24 - 2005-02-05 10:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2013-12-20 14:24 - 2005-02-05 10:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-12-20 14:21 - 2013-12-21 03:02 - 00000000 ____D C:\Program Files\World of Warplanes
2013-12-20 14:21 - 2013-12-20 14:23 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-20 14:21 - 2013-12-20 14:21 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 14:20 - 2013-12-20 14:20 - 08988024 _____ (Wargaming.net                                              ) C:\Users\Andi\Downloads\WoWP_internet_install_eu.exe
2013-12-16 11:20 - 2013-12-16 11:20 - 00000000 ____D C:\_OTM
2013-12-14 01:21 - 2013-12-14 01:21 - 00000620 _____ C:\DelFix.txt
2013-12-13 11:01 - 2013-12-13 11:08 - 00000000 ____D C:\Users\Andi\AppData\Local\download.am-data
2013-12-13 10:59 - 2013-12-13 10:59 - 00001053 _____ C:\Users\Admin\Desktop\Download.am.lnk
2013-12-11 06:13 - 2013-12-11 06:13 - 00002430 _____ C:\Users\Angi\Downloads\angelswe (1).mid
2013-12-11 06:12 - 2013-12-11 06:12 - 00002430 _____ C:\Users\Angi\Downloads\angelswe.mid
2013-12-11 06:11 - 2013-12-11 06:11 - 00001406 _____ C:\Users\Angi\Downloads\regentsq.mid
2013-12-11 03:54 - 2013-12-11 03:54 - 00002768 _____ C:\Users\Angi\Desktop\Tasche Anna.pcf
2013-12-11 03:54 - 2013-12-11 03:54 - 00000000 ____D C:\Users\Angi\Desktop\Tasche Anna-Dateien
2013-12-11 03:41 - 2013-12-11 03:41 - 00008989 _____ C:\Users\Angi\Desktop\Poster Sarah.pcf
2013-12-11 03:41 - 2013-12-11 03:41 - 00000000 ____D C:\Users\Angi\Desktop\Poster Sarah-Dateien
2013-12-11 03:25 - 2013-12-11 03:25 - 00008450 _____ C:\Users\Angi\Desktop\Poster Anna.pcf
2013-12-11 03:25 - 2013-12-11 03:25 - 00000000 ____D C:\Users\Angi\Desktop\Poster Anna-Dateien
2013-12-10 16:29 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-12-10 16:29 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-12-10 16:29 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-10 16:29 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-10 16:27 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-10 16:27 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-10 16:27 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-10 16:27 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-10 16:27 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-10 16:27 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-10 16:27 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-10 16:27 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-10 16:27 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-10 16:27 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-10 16:27 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-10 16:27 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-10 16:27 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-10 16:27 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-10 16:27 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-10 16:27 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-10 16:27 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-10 16:27 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-10 16:27 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-10 16:27 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-10 16:27 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-10 16:27 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-10 16:27 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-10 16:27 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-10 16:27 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-10 16:27 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-10 16:27 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-10 16:27 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-10 16:27 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-10 16:27 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-10 16:27 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-10 14:43 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-10 14:43 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-12-10 14:43 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-12-10 14:43 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-10 14:43 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2013-12-10 14:43 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-10 14:43 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-10 14:43 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-10 14:43 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-10 14:43 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2013-12-10 14:43 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-10 14:43 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-10 14:43 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-10 14:43 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2013-12-10 14:43 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2013-12-10 14:43 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-10 14:43 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-10 14:43 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-12-10 14:43 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-12-09 14:49 - 2013-12-11 03:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-09 14:48 - 2013-12-09 14:48 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-12-08 15:58 - 2013-12-22 06:03 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2013-12-08 15:58 - 2013-12-08 15:58 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b
2013-12-03 13:25 - 2013-12-03 13:25 - 00283184 _____ (Mozilla) C:\Users\Andi\Downloads\Firefox Setup Stub 25.0.1.exe
2013-12-03 13:17 - 2013-12-03 13:17 - 00000690 _____ C:\Users\Angi\Desktop\Bestellung_HappyFoto.psc
2013-12-03 13:17 - 2013-12-03 13:17 - 00000000 ____D C:\Users\Angi\Desktop\Bestellung_HappyFoto-Dateien
2013-12-03 07:05 - 2013-10-14 09:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\System32\IEUDINIT.EXE
2013-12-03 07:02 - 2013-12-03 07:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 07:02 - 2013-12-03 07:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-12-03 07:02 - 2013-12-03 07:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-12-03 07:02 - 2013-12-03 07:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 07:02 - 2013-12-03 07:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-12-03 07:02 - 2013-12-03 07:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 07:02 - 2013-12-03 07:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 07:01 - 2013-12-03 07:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-12-03 07:01 - 2013-12-03 07:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-12-03 07:01 - 2013-12-03 07:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-12-03 07:00 - 2013-12-03 07:05 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 06:33 - 2013-12-03 06:33 - 00009635 _____ C:\Users\Angi\Desktop\Kreativposter.pcf
2013-12-03 06:33 - 2013-12-03 06:33 - 00000000 ____D C:\Users\Angi\Desktop\Kreativposter-Dateien
2013-12-03 04:10 - 2013-12-03 04:10 - 00001073 _____ C:\Users\Public\Desktop\HappyFoto-Designer.lnk
2013-12-03 04:10 - 2013-12-03 04:10 - 00000000 ____D C:\Users\Angi\AppData\Local\HappyFoto-Designer
2013-12-03 04:08 - 2013-12-03 04:10 - 00000000 ____D C:\Program Files (x86)\HappyFoto-Designer
2013-12-03 04:08 - 2013-12-03 04:08 - 00000000 ____D C:\ProgramData\HappyFoto-Designer
2013-12-03 04:04 - 2013-12-03 04:07 - 255251040 _____ (                                                            ) C:\Users\Angi\Downloads\HappyFoto-Designer.exe
2013-12-02 12:00 - 2013-12-02 12:00 - 02347384 _____ (ESET) C:\Users\Andi\Downloads\esetsmartinstaller_enu.exe
2013-12-01 11:43 - 2013-12-22 04:42 - 00000000 ___RD C:\Users\Angi\Dropbox
2013-12-01 11:43 - 2013-12-01 11:43 - 00001036 _____ C:\Users\Angi\Desktop\Dropbox.lnk
2013-12-01 11:39 - 2013-12-22 04:42 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Dropbox
2013-12-01 11:39 - 2013-12-01 11:39 - 00000182 _____ C:\Windows\wininit.ini
2013-12-01 11:39 - 2013-12-01 11:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2013-12-01 11:38 - 2013-12-01 11:39 - 35334016 _____ (Dropbox, Inc.) C:\Users\Angi\Downloads\Dropbox 2.4.7.exe
2013-12-01 06:15 - 2013-12-01 06:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 06:15 - 2013-04-04 05:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-11-27 03:50 - 2013-12-13 12:55 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 03:15 - 2013-11-27 03:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 02:58 - 2013-11-27 02:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 02:58 - 2013-11-27 02:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-24 10:59 - 2013-11-24 10:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 10:59 - 2013-11-24 10:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 09:06 - 2013-11-24 09:06 - 00000000 ____D C:\Windows\pss
2013-11-24 07:43 - 2013-12-13 12:53 - 00000000 ____D C:\Windows\erdnt
2013-11-24 04:40 - 2013-11-24 04:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-23 23:54 - 2013-11-23 23:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-23 23:51 - 2013-11-23 23:54 - 209467344 _____ (Emsisoft GmbH                                              ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-23 23:26 - 2013-12-22 06:31 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-11-23 23:26 - 2013-11-23 23:26 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c
2013-11-23 11:59 - 2013-11-23 11:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 08:24 - 2013-11-23 08:25 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 08:22 - 2013-11-23 08:24 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 07:35 - 2013-11-23 07:37 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 07:32 - 2013-11-23 09:35 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP

==================== One Month Modified Files and Folders =======

2013-12-22 16:49 - 2013-12-22 16:49 - 00000000 ____D C:\FRST
2013-12-22 07:44 - 2012-01-15 10:22 - 01330141 _____ C:\Windows\WindowsUpdate.log
2013-12-22 07:44 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-22 07:44 - 2009-07-13 20:51 - 00190040 _____ C:\Windows\setupact.log
2013-12-22 07:39 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-22 07:39 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-22 07:37 - 2012-10-10 13:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-22 07:37 - 2012-01-15 19:15 - 00669464 _____ C:\Windows\System32\perfh007.dat
2013-12-22 07:37 - 2012-01-15 19:15 - 00134990 _____ C:\Windows\System32\perfc007.dat
2013-12-22 07:37 - 2009-07-13 21:13 - 01528364 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-22 07:34 - 2013-12-22 07:34 - 01928024 _____ (Farbar) C:\Users\Andi\Downloads\FRST64.exe
2013-12-22 07:32 - 2013-07-08 07:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 06:31 - 2013-11-23 23:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2013-12-22 06:23 - 2013-10-12 11:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2013-12-22 06:03 - 2013-12-08 15:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2013-12-22 04:42 - 2013-12-01 11:43 - 00000000 ___RD C:\Users\Angi\Dropbox
2013-12-22 04:42 - 2013-12-01 11:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Dropbox
2013-12-22 03:24 - 2013-11-10 05:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-12-22 03:22 - 2013-08-26 21:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2013-12-22 02:11 - 2013-12-22 01:18 - 262144000 _____ C:\Users\Andi\Downloads\DareDorm.11.12.30.Girls.Girls.Girls.XXX.INTERNAL.HR.FLV-KTR_mov-world.net.part1.rar
2013-12-21 03:02 - 2013-12-20 14:21 - 00000000 ____D C:\Program Files\World of Warplanes
2013-12-21 02:08 - 2013-12-21 02:08 - 00000000 ____D C:\Users\Andi\AppData\Roaming\wargaming.net
2013-12-20 14:25 - 2013-12-20 14:21 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 14:25 - 2011-10-13 19:34 - 00010071 _____ C:\Windows\DirectX.log
2013-12-20 14:23 - 2013-12-20 14:21 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-20 14:20 - 2013-12-20 14:20 - 08988024 _____ (Wargaming.net                                              ) C:\Users\Andi\Downloads\WoWP_internet_install_eu.exe
2013-12-20 14:12 - 2012-06-02 04:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 08:48 - 2012-06-02 04:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 08:43 - 2010-11-20 19:47 - 00388320 _____ C:\Windows\PFRO.log
2013-12-19 11:07 - 2012-06-02 02:43 - 00000000 ____D C:\ProgramData\clear.fi
2013-12-19 08:23 - 2012-06-02 04:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2013-12-17 23:31 - 2013-09-13 13:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2013-12-16 11:20 - 2013-12-16 11:20 - 00000000 ____D C:\_OTM
2013-12-16 11:20 - 2012-08-14 11:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2013-12-16 11:11 - 2012-06-02 03:48 - 00000000 ____D C:\Fusspflege
2013-12-15 04:37 - 2012-06-02 04:32 - 00000000 ____D C:\Users\Angi\AppData\Local\Mozilla
2013-12-14 15:32 - 2013-08-15 05:17 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-14 15:32 - 2013-08-15 05:17 - 00000000 ____D C:\Windows\System32\MRT
2013-12-14 12:07 - 2012-06-02 02:21 - 00000000 ____D C:\users\Admin
2013-12-14 01:21 - 2013-12-14 01:21 - 00000620 _____ C:\DelFix.txt
2013-12-13 13:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-13 12:55 - 2013-11-27 03:50 - 00000000 ____D C:\Windows\ERUNT
2013-12-13 12:53 - 2013-11-24 07:43 - 00000000 ____D C:\Windows\erdnt
2013-12-13 11:08 - 2013-12-13 11:01 - 00000000 ____D C:\Users\Andi\AppData\Local\download.am-data
2013-12-13 10:59 - 2013-12-13 10:59 - 00001053 _____ C:\Users\Admin\Desktop\Download.am.lnk
2013-12-12 11:04 - 2013-07-08 07:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-11 06:13 - 2013-12-11 06:13 - 00002430 _____ C:\Users\Angi\Downloads\angelswe (1).mid
2013-12-11 06:12 - 2013-12-11 06:12 - 00002430 _____ C:\Users\Angi\Downloads\angelswe.mid
2013-12-11 06:11 - 2013-12-11 06:11 - 00001406 _____ C:\Users\Angi\Downloads\regentsq.mid
2013-12-11 04:37 - 2012-10-10 13:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 03:54 - 2013-12-11 03:54 - 00002768 _____ C:\Users\Angi\Desktop\Tasche Anna.pcf
2013-12-11 03:54 - 2013-12-11 03:54 - 00000000 ____D C:\Users\Angi\Desktop\Tasche Anna-Dateien
2013-12-11 03:41 - 2013-12-11 03:41 - 00008989 _____ C:\Users\Angi\Desktop\Poster Sarah.pcf
2013-12-11 03:41 - 2013-12-11 03:41 - 00000000 ____D C:\Users\Angi\Desktop\Poster Sarah-Dateien
2013-12-11 03:37 - 2013-12-09 14:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 03:37 - 2011-10-13 19:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 03:25 - 2013-12-11 03:25 - 00008450 _____ C:\Users\Angi\Desktop\Poster Anna.pcf
2013-12-11 03:25 - 2013-12-11 03:25 - 00000000 ____D C:\Users\Angi\Desktop\Poster Anna-Dateien
2013-12-11 03:09 - 2012-06-04 12:00 - 00000000 ____D C:\Fotos
2013-12-10 23:19 - 2013-09-11 21:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-10 21:41 - 2009-07-13 20:45 - 00481440 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-09 14:49 - 2013-12-09 14:48 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-12-08 15:58 - 2013-12-08 15:58 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b
2013-12-08 15:58 - 2013-07-08 07:40 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-08 08:18 - 2013-10-12 11:12 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa
2013-12-08 08:18 - 2012-06-02 04:35 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core
2013-12-06 04:37 - 2009-07-13 21:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-03 13:28 - 2012-06-04 21:34 - 00000000 ____D C:\Users\Andi\AppData\Local\Mozilla
2013-12-03 13:26 - 2012-06-02 04:17 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-03 13:25 - 2013-12-03 13:25 - 00283184 _____ (Mozilla) C:\Users\Andi\Downloads\Firefox Setup Stub 25.0.1.exe
2013-12-03 13:17 - 2013-12-03 13:17 - 00000690 _____ C:\Users\Angi\Desktop\Bestellung_HappyFoto.psc
2013-12-03 13:17 - 2013-12-03 13:17 - 00000000 ____D C:\Users\Angi\Desktop\Bestellung_HappyFoto-Dateien
2013-12-03 12:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-03 07:05 - 2013-12-03 07:00 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 07:02 - 2013-12-03 07:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 07:02 - 2013-12-03 07:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-12-03 07:02 - 2013-12-03 07:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-12-03 07:02 - 2013-12-03 07:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 07:02 - 2013-12-03 07:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-12-03 07:02 - 2013-12-03 07:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 07:02 - 2013-12-03 07:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 07:02 - 2013-12-03 07:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-12-03 07:02 - 2013-12-03 07:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 07:01 - 2013-12-03 07:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-12-03 07:01 - 2013-12-03 07:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-12-03 07:01 - 2013-12-03 07:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-12-03 07:01 - 2013-12-03 07:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-12-03 06:33 - 2013-12-03 06:33 - 00009635 _____ C:\Users\Angi\Desktop\Kreativposter.pcf
2013-12-03 06:33 - 2013-12-03 06:33 - 00000000 ____D C:\Users\Angi\Desktop\Kreativposter-Dateien
2013-12-03 04:10 - 2013-12-03 04:10 - 00001073 _____ C:\Users\Public\Desktop\HappyFoto-Designer.lnk
2013-12-03 04:10 - 2013-12-03 04:10 - 00000000 ____D C:\Users\Angi\AppData\Local\HappyFoto-Designer
2013-12-03 04:10 - 2013-12-03 04:08 - 00000000 ____D C:\Program Files (x86)\HappyFoto-Designer
2013-12-03 04:08 - 2013-12-03 04:08 - 00000000 ____D C:\ProgramData\HappyFoto-Designer
2013-12-03 04:07 - 2013-12-03 04:04 - 255251040 _____ (                                                            ) C:\Users\Angi\Downloads\HappyFoto-Designer.exe
2013-12-02 12:00 - 2013-12-02 12:00 - 02347384 _____ (ESET) C:\Users\Andi\Downloads\esetsmartinstaller_enu.exe
2013-12-01 11:43 - 2013-12-01 11:43 - 00001036 _____ C:\Users\Angi\Desktop\Dropbox.lnk
2013-12-01 11:43 - 2012-06-02 04:28 - 00000000 ____D C:\users\Angi
2013-12-01 11:39 - 2013-12-01 11:39 - 00000182 _____ C:\Windows\wininit.ini
2013-12-01 11:39 - 2013-12-01 11:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2013-12-01 11:39 - 2013-12-01 11:38 - 35334016 _____ (Dropbox, Inc.) C:\Users\Angi\Downloads\Dropbox 2.4.7.exe
2013-12-01 06:16 - 2013-12-01 06:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-27 03:35 - 2012-06-02 04:24 - 00001333 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-11-27 03:35 - 2012-06-02 04:10 - 00000891 _____ C:\Users\Admin\Desktop\iexplore - Verknüpfung.lnk
2013-11-27 03:15 - 2013-11-27 03:15 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Malwarebytes
2013-11-27 02:58 - 2013-11-27 02:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-11-27 02:58 - 2013-11-27 02:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 03:54 - 2013-12-10 16:27 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-26 03:25 - 2010-11-20 19:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-11-26 02:19 - 2013-12-10 16:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-26 02:18 - 2013-12-10 16:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 02:11 - 2013-12-10 16:27 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 01:48 - 2013-12-10 16:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-26 01:46 - 2013-12-10 16:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-11-26 01:41 - 2013-12-10 16:27 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-26 01:29 - 2013-12-10 16:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-26 01:27 - 2013-12-10 16:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-26 01:23 - 2013-12-10 16:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 01:21 - 2013-12-10 16:27 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-26 01:18 - 2013-12-10 16:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-26 01:18 - 2013-12-10 16:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-11-26 01:16 - 2013-12-10 16:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-11-26 00:57 - 2013-12-10 16:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-26 00:38 - 2013-12-10 16:27 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 00:38 - 2013-12-10 16:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 00:35 - 2013-12-10 16:27 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-26 00:32 - 2013-12-10 16:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 00:28 - 2013-12-10 16:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 00:16 - 2013-12-10 16:27 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 00:02 - 2013-12-10 16:27 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-25 23:48 - 2013-12-10 16:27 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-25 23:32 - 2013-12-10 16:27 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-25 23:26 - 2013-12-10 16:27 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-25 23:07 - 2013-12-10 16:27 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-25 22:40 - 2013-12-10 16:27 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-25 22:34 - 2013-12-10 16:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-25 22:34 - 2013-12-10 16:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-25 22:33 - 2013-12-10 16:27 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-25 22:27 - 2013-12-10 16:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-24 10:59 - 2013-11-24 10:59 - 00603312 _____ (Emsisoft GmbH) C:\Users\Andi\Downloads\emsiclean.exe
2013-11-24 10:59 - 2013-11-24 10:59 - 00122614 _____ C:\Users\Andi\Downloads\EmsiClean_2013.11.24_19.59.55.txt
2013-11-24 09:06 - 2013-11-24 09:06 - 00000000 ____D C:\Windows\pss
2013-11-24 07:54 - 2009-07-13 18:34 - 79691776 _____ C:\Windows\System32\config\SOFTWARE.bak
2013-11-24 07:54 - 2009-07-13 18:34 - 23068672 _____ C:\Windows\System32\config\SYSTEM.bak
2013-11-24 07:54 - 2009-07-13 18:34 - 00524288 _____ C:\Windows\System32\config\DEFAULT.bak
2013-11-24 07:54 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\SECURITY.bak
2013-11-24 07:54 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\SAM.bak
2013-11-24 04:40 - 2013-11-24 04:40 - 00377856 _____ C:\Users\Andi\Downloads\gmer_2.1.19163.exe
2013-11-23 23:54 - 2013-11-23 23:54 - 00000000 ____D C:\Users\Admin\Documents\Anti-Malware
2013-11-23 23:54 - 2013-11-23 23:51 - 209467344 _____ (Emsisoft GmbH                                              ) C:\Users\Andi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-11-23 23:26 - 2013-11-23 23:26 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c
2013-11-23 23:26 - 2013-09-13 13:21 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316
2013-11-23 23:23 - 2012-06-02 02:21 - 00119864 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-23 11:59 - 2013-11-23 11:59 - 00000000 ____D C:\Users\Andi\Downloads\www.torrent.to...Gefaehrten.2011.DVDScr.German.AC3MD.XViD-PWND
2013-11-23 10:26 - 2013-12-10 14:43 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 09:47 - 2013-12-10 14:43 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-11-23 09:35 - 2013-11-23 07:32 - 00000000 ____D C:\Users\Andi\Downloads\Der.Hobbit.Eine.unerwartete.Reise.2012.DVDRip.LD.German.XviD-CiNETiPP
2013-11-23 08:31 - 2012-06-02 04:19 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-11-23 08:25 - 2013-11-23 08:24 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-11-23 08:24 - 2013-11-23 08:22 - 42450960 _____ (VLC - Codec Pack) C:\Users\Andi\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
2013-11-23 07:37 - 2013-11-23 07:35 - 00000000 ____D C:\Users\Andi\Downloads\The Hobbit The Desolation of Smaug 2013
2013-11-23 00:41 - 2013-11-20 03:27 - 00000000 ____D C:\Users\Andi\Downloads\Lucky Number Slevin 2006 [German].DVDScr (Dual Audio)

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-12-14 01:21:40
Restore point made on: 2013-12-14 01:50:46
Restore point made on: 2013-12-14 15:31:53
Restore point made on: 2013-12-18 00:07:10
Restore point made on: 2013-12-20 14:24:16
Restore point made on: 2013-12-21 02:09:40

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8043.86 MB
Available physical RAM: 7137.38 MB
Total Pagefile: 8042.06 MB
Available Pagefile: 7122.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:913.41 GB) (Free:607.46 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:18 GB) (Free:4 GB) NTFS
Drive g: (UDISK 2.0) (Removable) (Total:0.46 GB) (Free:0.12 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6226A998)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=913 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 471 MB) (Disk ID: 1D701998)
Partition 1: (Active) - (Size=471 MB) - (Type=0E)


LastRegBack: 2013-12-10 00:30

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 23.12.2013 09:08
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\_OTM
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Starte mal neu und schau ob der Ordner noch da is.

oigen 28.12.2013 11:33
So weit so gut...

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2013 02
Ran by SYSTEM at 2013-12-28 11:25:20 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
C:\_OTM
*****************

C:\_OTM => Moved successfully.

==== End of Fixlog ====
Allerdings gibt es jetzt wieder einen Ordner C:\FRST den ich nicht löschen kann :(
Der Pfad sieht mittlerweile so aus:
C:\FRST\Quarantine\_OTM\MovedFiles\12162013_202043\C_FRST\Quarantine\Install

Was mir in den letzten Tagen aufgefallen ist:
Beim User meiner Frau kommt in unregelmässigen Abständen beim Herunterfahren, dass das Programm service.exe oder services.exe vor dem Herunterfahren beendet werden muss oder so ähnlich. Leider konnte ich die Meldung gerade nicht reproduzieren, weshalb ich den genauen Wortlaut nicht im Kopf habe. Wenn es wieder auftritt gebe ich ein exaktes Update!

Könnte das eine weitere Bedrohung sein?

Danke,
Andreas

schrauber 29.12.2013 11:28
Poste bitte mal FRST Logs aus deinem Account und dem deiner Frau.

oigen 01.01.2014 19:45
Also - mein Account:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2014
Ran by Andi (ATTENTION: The logged in user is not administrator) on PC on 01-01-2014 19:33:34
Running from C:\Users\Andi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Farbar) C:\Users\Andi\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFix\Combobatch.bat
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Orbitum] - C:\Users\Andi\AppData\Local\Orbitum\Application\chrome.exe
HKCU\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {10e3d94e-ad86-11e1-b219-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {8cf2d829-4bc2-11e2-b468-001e101f7fb6} - E:\AutoRun.exe
MountPoints2: {9a409562-acd6-11e1-9bc0-642737311941} - F:\AutoRun.exe
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default-1382384792839
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] ()

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 19:33 - 2014-01-01 19:33 - 00013722 _____ C:\Users\Andi\Downloads\FRST.txt
2014-01-01 19:32 - 2014-01-01 19:32 - 01931396 _____ (Farbar) C:\Users\Andi\Downloads\FRST64(1).exe
2013-12-24 15:50 - 2013-12-24 15:50 - 06183856 _____ C:\Users\Angi\Downloads\ElfYourself.mov
2013-12-23 01:49 - 2013-12-23 01:49 - 00000000 ____D C:\FRST
2013-12-22 16:34 - 2013-12-22 16:34 - 01928024 _____ (Farbar) C:\Users\Andi\Downloads\FRST64.exe
2013-12-21 11:08 - 2013-12-21 11:08 - 00000000 ____D C:\Users\Andi\AppData\Roaming\wargaming.net
2013-12-20 23:25 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-12-20 23:25 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-12-20 23:25 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-12-20 23:25 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-12-20 23:25 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-12-20 23:25 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-12-20 23:25 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-12-20 23:25 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-12-20 23:25 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-12-20 23:25 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-12-20 23:25 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-12-20 23:25 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-12-20 23:25 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-12-20 23:25 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-12-20 23:25 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-12-20 23:25 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-12-20 23:25 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-12-20 23:25 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-12-20 23:25 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-12-20 23:25 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-12-20 23:25 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-12-20 23:25 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-12-20 23:25 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-12-20 23:25 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-12-20 23:25 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-12-20 23:25 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-12-20 23:25 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-12-20 23:25 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-12-20 23:25 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-12-20 23:25 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-12-20 23:25 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-12-20 23:25 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-12-20 23:25 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-12-20 23:25 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-12-20 23:25 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-12-20 23:25 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-12-20 23:25 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-12-20 23:25 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-12-20 23:25 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-12-20 23:25 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-12-20 23:25 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-12-20 23:25 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-12-20 23:25 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-12-20 23:24 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-12-20 23:24 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-12-20 23:24 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-12-20 23:24 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-12-20 23:24 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-12-20 23:24 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-12-20 23:24 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-12-20 23:24 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-12-20 23:24 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-12-20 23:24 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-12-20 23:24 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-12-20 23:24 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-12-20 23:24 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-12-20 23:24 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-12-20 23:24 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-12-20 23:24 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-12-20 23:24 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-12-20 23:24 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-12-20 23:24 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-12-20 23:24 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-12-20 23:21 - 2013-12-21 12:02 - 00000000 ____D C:\Program Files\World of Warplanes
2013-12-20 23:21 - 2013-12-20 23:25 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 23:21 - 2013-12-20 23:23 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-20 23:20 - 2013-12-20 23:20 - 08988024 _____ (Wargaming.net                                              ) C:\Users\Andi\Downloads\WoWP_internet_install_eu.exe
2013-12-14 10:21 - 2013-12-14 10:21 - 00000620 _____ C:\DelFix.txt
2013-12-13 20:01 - 2013-12-13 20:08 - 00000000 ____D C:\Users\Andi\AppData\Local\download.am-data
2013-12-13 19:59 - 2013-12-13 19:59 - 00001053 _____ C:\Users\Admin\Desktop\Download.am.lnk
2013-12-13 19:59 - 2013-12-13 19:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am
2013-12-11 15:13 - 2013-12-11 15:13 - 00002430 _____ C:\Users\Angi\Downloads\angelswe (1).mid
2013-12-11 15:12 - 2013-12-11 15:12 - 00002430 _____ C:\Users\Angi\Downloads\angelswe.mid
2013-12-11 15:11 - 2013-12-11 15:11 - 00001406 _____ C:\Users\Angi\Downloads\regentsq.mid
2013-12-11 12:54 - 2013-12-11 12:54 - 00002768 _____ C:\Users\Angi\Desktop\Tasche Anna.pcf
2013-12-11 12:54 - 2013-12-11 12:54 - 00000000 ____D C:\Users\Angi\Desktop\Tasche Anna-Dateien
2013-12-11 12:41 - 2013-12-11 12:41 - 00008989 _____ C:\Users\Angi\Desktop\Poster Sarah.pcf
2013-12-11 12:41 - 2013-12-11 12:41 - 00000000 ____D C:\Users\Angi\Desktop\Poster Sarah-Dateien
2013-12-11 12:25 - 2013-12-11 12:25 - 00008450 _____ C:\Users\Angi\Desktop\Poster Anna.pcf
2013-12-11 12:25 - 2013-12-11 12:25 - 00000000 ____D C:\Users\Angi\Desktop\Poster Anna-Dateien
2013-12-11 01:29 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 01:29 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 01:29 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 01:29 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 01:27 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 01:27 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 01:27 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 01:27 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 01:27 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 01:27 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 01:27 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 01:27 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 01:27 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 01:27 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 01:27 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 01:27 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 01:27 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 01:27 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 01:27 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 01:27 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 01:27 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 01:27 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 01:27 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 01:27 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 01:27 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 01:27 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 01:27 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 01:27 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 01:27 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 01:27 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 01:27 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 01:27 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 01:27 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 01:27 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 01:27 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-10 23:43 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-10 23:43 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-10 23:43 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-10 23:43 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-10 23:43 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-10 23:43 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-10 23:43 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-10 23:43 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-10 23:43 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-10 23:43 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-10 23:43 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 23:43 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-10 23:43 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-10 23:43 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-10 23:43 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-10 23:43 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-10 23:43 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-10 23:43 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-10 23:43 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 23:49 - 2013-12-11 12:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-09 23:48 - 2013-12-09 23:49 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-12-09 00:58 - 2014-01-01 19:03 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2013-12-03 22:25 - 2013-12-03 22:25 - 00283184 _____ (Mozilla) C:\Users\Andi\Downloads\Firefox Setup Stub 25.0.1.exe
2013-12-03 22:17 - 2013-12-03 22:17 - 00000690 _____ C:\Users\Angi\Desktop\Bestellung_HappyFoto.psc
2013-12-03 22:17 - 2013-12-03 22:17 - 00000000 ____D C:\Users\Angi\Desktop\Bestellung_HappyFoto-Dateien
2013-12-03 16:05 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-03 16:02 - 2013-12-03 16:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 16:02 - 2013-12-03 16:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 16:02 - 2013-12-03 16:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 16:02 - 2013-12-03 16:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 16:02 - 2013-12-03 16:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 16:02 - 2013-12-03 16:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 16:02 - 2013-12-03 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 16:00 - 2013-12-03 16:05 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 15:33 - 2013-12-03 15:33 - 00009635 _____ C:\Users\Angi\Desktop\Kreativposter.pcf
2013-12-03 15:33 - 2013-12-03 15:33 - 00000000 ____D C:\Users\Angi\Desktop\Kreativposter-Dateien
2013-12-03 13:10 - 2013-12-03 13:10 - 00001073 _____ C:\Users\Public\Desktop\HappyFoto-Designer.lnk
2013-12-03 13:10 - 2013-12-03 13:10 - 00000000 ____D C:\Users\Angi\AppData\Local\HappyFoto-Designer
2013-12-03 13:08 - 2013-12-03 13:10 - 00000000 ____D C:\Program Files (x86)\HappyFoto-Designer
2013-12-03 13:08 - 2013-12-03 13:08 - 00000000 ____D C:\ProgramData\HappyFoto-Designer
2013-12-03 13:04 - 2013-12-03 13:07 - 255251040 _____ (                                                            ) C:\Users\Angi\Downloads\HappyFoto-Designer.exe
2013-12-02 21:00 - 2013-12-02 21:00 - 02347384 _____ (ESET) C:\Users\Andi\Downloads\esetsmartinstaller_enu.exe

==================== One Month Modified Files and Folders =======

2014-01-01 19:33 - 2014-01-01 19:33 - 00013722 _____ C:\Users\Andi\Downloads\FRST.txt
2014-01-01 19:32 - 2014-01-01 19:32 - 01931396 _____ (Farbar) C:\Users\Andi\Downloads\FRST64(1).exe
2014-01-01 19:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2014-01-01 19:23 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2014-01-01 19:03 - 2013-12-09 00:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2014-01-01 18:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 18:06 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2014-01-01 17:23 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2014-01-01 16:43 - 2012-01-15 19:22 - 02059153 _____ C:\Windows\WindowsUpdate.log
2014-01-01 15:10 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 15:10 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 15:03 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 15:03 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 15:03 - 2009-07-14 05:51 - 00192979 _____ C:\Windows\setupact.log
2013-12-31 17:42 - 2013-12-01 20:43 - 00000000 ___RD C:\Users\Angi\Dropbox
2013-12-31 17:42 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Dropbox
2013-12-31 17:42 - 2012-06-02 16:08 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Adobe
2013-12-31 17:42 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-31 08:31 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2013-12-30 07:57 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2013-12-30 07:57 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2013-12-30 07:57 - 2009-07-14 06:13 - 01528364 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-26 22:25 - 2012-06-05 06:01 - 00000000 ____D C:\Users\Andi\AppData\Local\VirtualStore
2013-12-26 22:12 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-12-24 15:50 - 2013-12-24 15:50 - 06183856 _____ C:\Users\Angi\Downloads\ElfYourself.mov
2013-12-24 13:52 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos
2013-12-23 15:49 - 2013-12-01 20:43 - 00001012 _____ C:\Users\Angi\Desktop\Dropbox.lnk
2013-12-23 15:49 - 2013-12-01 20:39 - 00000354 _____ C:\Windows\wininit.ini
2013-12-23 15:49 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-23 15:49 - 2012-06-02 13:28 - 00000000 ___RD C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-23 01:49 - 2013-12-23 01:49 - 00000000 ____D C:\FRST
2013-12-22 16:34 - 2013-12-22 16:34 - 01928024 _____ (Farbar) C:\Users\Andi\Downloads\FRST64.exe
2013-12-21 12:02 - 2013-12-20 23:21 - 00000000 ____D C:\Program Files\World of Warplanes
2013-12-21 11:08 - 2013-12-21 11:08 - 00000000 ____D C:\Users\Andi\AppData\Roaming\wargaming.net
2013-12-20 23:25 - 2013-12-20 23:21 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 23:25 - 2011-10-14 04:34 - 00010071 _____ C:\Windows\DirectX.log
2013-12-20 23:23 - 2013-12-20 23:21 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-20 23:20 - 2013-12-20 23:20 - 08988024 _____ (Wargaming.net                                              ) C:\Users\Andi\Downloads\WoWP_internet_install_eu.exe
2013-12-20 23:12 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 17:48 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 17:43 - 2010-11-21 04:47 - 00388320 _____ C:\Windows\PFRO.log
2013-12-19 20:07 - 2012-06-02 11:43 - 00000000 ____D C:\ProgramData\clear.fi
2013-12-16 20:20 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2013-12-16 20:11 - 2012-06-02 12:48 - 00000000 ____D C:\Fusspflege
2013-12-15 13:37 - 2012-06-02 13:32 - 00000000 ____D C:\Users\Angi\AppData\Local\Mozilla
2013-12-15 00:34 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 00:32 - 2013-08-15 14:17 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 21:07 - 2012-06-02 11:21 - 00000000 ____D C:\Users\Admin
2013-12-14 10:21 - 2013-12-14 10:21 - 00000620 _____ C:\DelFix.txt
2013-12-13 22:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-13 21:55 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-12-13 21:53 - 2013-11-24 16:43 - 00000000 ____D C:\Windows\erdnt
2013-12-13 20:08 - 2013-12-13 20:01 - 00000000 ____D C:\Users\Andi\AppData\Local\download.am-data
2013-12-13 19:59 - 2013-12-13 19:59 - 00001053 _____ C:\Users\Admin\Desktop\Download.am.lnk
2013-12-13 19:59 - 2013-12-13 19:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am
2013-12-12 20:04 - 2013-07-08 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-11 15:13 - 2013-12-11 15:13 - 00002430 _____ C:\Users\Angi\Downloads\angelswe (1).mid
2013-12-11 15:12 - 2013-12-11 15:12 - 00002430 _____ C:\Users\Angi\Downloads\angelswe.mid
2013-12-11 15:11 - 2013-12-11 15:11 - 00001406 _____ C:\Users\Angi\Downloads\regentsq.mid
2013-12-11 12:54 - 2013-12-11 12:54 - 00002768 _____ C:\Users\Angi\Desktop\Tasche Anna.pcf
2013-12-11 12:54 - 2013-12-11 12:54 - 00000000 ____D C:\Users\Angi\Desktop\Tasche Anna-Dateien
2013-12-11 12:41 - 2013-12-11 12:41 - 00008989 _____ C:\Users\Angi\Desktop\Poster Sarah.pcf
2013-12-11 12:41 - 2013-12-11 12:41 - 00000000 ____D C:\Users\Angi\Desktop\Poster Sarah-Dateien
2013-12-11 12:37 - 2013-12-09 23:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 12:37 - 2011-10-14 04:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 12:25 - 2013-12-11 12:25 - 00008450 _____ C:\Users\Angi\Desktop\Poster Anna.pcf
2013-12-11 12:25 - 2013-12-11 12:25 - 00000000 ____D C:\Users\Angi\Desktop\Poster Anna-Dateien
2013-12-11 08:19 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-11 06:41 - 2009-07-14 05:45 - 00481440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-10 22:38 - 2012-06-02 11:23 - 00001347 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-09 23:49 - 2013-12-09 23:48 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-12-03 22:28 - 2012-06-05 06:34 - 00000000 ____D C:\Users\Andi\AppData\Local\Mozilla
2013-12-03 22:26 - 2012-06-02 13:17 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-03 22:25 - 2013-12-03 22:25 - 00283184 _____ (Mozilla) C:\Users\Andi\Downloads\Firefox Setup Stub 25.0.1.exe
2013-12-03 22:17 - 2013-12-03 22:17 - 00000690 _____ C:\Users\Angi\Desktop\Bestellung_HappyFoto.psc
2013-12-03 22:17 - 2013-12-03 22:17 - 00000000 ____D C:\Users\Angi\Desktop\Bestellung_HappyFoto-Dateien
2013-12-03 22:17 - 2012-06-05 06:01 - 00001429 _____ C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 22:01 - 2012-06-02 13:28 - 00001429 _____ C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 21:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-03 16:05 - 2013-12-03 16:00 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 16:02 - 2013-12-03 16:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 16:02 - 2013-12-03 16:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 16:02 - 2013-12-03 16:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 16:02 - 2013-12-03 16:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 16:02 - 2013-12-03 16:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 16:02 - 2013-12-03 16:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 16:02 - 2013-12-03 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 15:33 - 2013-12-03 15:33 - 00009635 _____ C:\Users\Angi\Desktop\Kreativposter.pcf
2013-12-03 15:33 - 2013-12-03 15:33 - 00000000 ____D C:\Users\Angi\Desktop\Kreativposter-Dateien
2013-12-03 13:10 - 2013-12-03 13:10 - 00001073 _____ C:\Users\Public\Desktop\HappyFoto-Designer.lnk
2013-12-03 13:10 - 2013-12-03 13:10 - 00000000 ____D C:\Users\Angi\AppData\Local\HappyFoto-Designer
2013-12-03 13:10 - 2013-12-03 13:08 - 00000000 ____D C:\Program Files (x86)\HappyFoto-Designer
2013-12-03 13:08 - 2013-12-03 13:08 - 00000000 ____D C:\ProgramData\HappyFoto-Designer
2013-12-03 13:07 - 2013-12-03 13:04 - 255251040 _____ (                                                            ) C:\Users\Angi\Downloads\HappyFoto-Designer.exe
2013-12-02 21:00 - 2013-12-02 21:00 - 02347384 _____ (ESET) C:\Users\Andi\Downloads\esetsmartinstaller_enu.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
==================== End Of Log ============================
--- --- ---

--- --- ---

oigen 01.01.2014 19:46
Account meiner Frau:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2014
Ran by Angi (ATTENTION: The logged in user is not administrator) on PC on 01-01-2014 19:35:41
Running from C:\Users\Angi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Google Inc.) C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(Dropbox, Inc.) C:\Users\Angi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Google Inc.) C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MGNotification.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Farbar) C:\Users\Angi\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFix\Combobatch.bat
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-02] (Google Inc.)
HKCU\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\Run: [crsscmgr] - C:\Users\Angi\AppData\Roaming\Adobe\crsscmgr\crssc.exe
MountPoints2: E - E:\AutoRun.exe
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {10e3d94e-ad86-11e1-b219-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {8cf2d829-4bc2-11e2-b468-001e101f7fb6} - E:\AutoRun.exe
MountPoints2: {9a409562-acd6-11e1-9bc0-642737311941} - E:\AutoRun.exe
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Angi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Angi\AppData\Roaming\Mozilla\Firefox\Profiles\h2qx2vyb.default
FF Homepage: www.google.at
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Angi\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Angi\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.facebook.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Angi\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Angi\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Angi\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Angi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Angi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Angi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (Google Wallet) - C:\Users\Angi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] ()

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 19:35 - 2014-01-01 19:35 - 00016046 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:34 - 2014-01-01 19:34 - 00071190 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-01 19:34 - 2014-01-01 19:32 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe
2014-01-01 19:33 - 2014-01-01 19:34 - 00071190 _____ C:\Users\Andi\Downloads\FRST.txt
2014-01-01 19:32 - 2014-01-01 19:32 - 01931396 _____ (Farbar) C:\Users\Andi\Downloads\FRST64(1).exe
2013-12-24 15:50 - 2013-12-24 15:50 - 06183856 _____ C:\Users\Angi\Downloads\ElfYourself.mov
2013-12-23 01:49 - 2013-12-23 01:49 - 00000000 ____D C:\FRST
2013-12-22 16:34 - 2013-12-22 16:34 - 01928024 _____ (Farbar) C:\Users\Andi\Downloads\FRST64.exe
2013-12-20 23:25 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-12-20 23:25 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-12-20 23:25 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-12-20 23:25 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-12-20 23:25 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-12-20 23:25 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-12-20 23:25 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-12-20 23:25 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-12-20 23:25 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-12-20 23:25 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-12-20 23:25 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-12-20 23:25 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-12-20 23:25 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-12-20 23:25 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-12-20 23:25 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-12-20 23:25 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-12-20 23:25 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-12-20 23:25 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-12-20 23:25 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-12-20 23:25 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-12-20 23:25 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-12-20 23:25 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-12-20 23:25 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-12-20 23:25 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-12-20 23:25 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-12-20 23:25 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-12-20 23:25 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-12-20 23:25 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-12-20 23:25 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-12-20 23:25 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-12-20 23:25 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-12-20 23:25 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-12-20 23:25 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-12-20 23:25 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-12-20 23:25 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-12-20 23:25 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-12-20 23:25 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-12-20 23:25 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-12-20 23:25 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-12-20 23:25 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-12-20 23:25 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-12-20 23:25 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-12-20 23:25 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-12-20 23:24 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-12-20 23:24 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-12-20 23:24 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-12-20 23:24 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-12-20 23:24 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-12-20 23:24 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-12-20 23:24 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-12-20 23:24 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-12-20 23:24 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-12-20 23:24 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-12-20 23:24 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-12-20 23:24 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-12-20 23:24 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-12-20 23:24 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-12-20 23:24 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-12-20 23:24 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-12-20 23:24 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-12-20 23:24 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-12-20 23:24 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-12-20 23:24 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-12-20 23:21 - 2013-12-21 12:02 - 00000000 ____D C:\Program Files\World of Warplanes
2013-12-20 23:21 - 2013-12-20 23:25 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 23:21 - 2013-12-20 23:23 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-20 23:20 - 2013-12-20 23:20 - 08988024 _____ (Wargaming.net                                              ) C:\Users\Andi\Downloads\WoWP_internet_install_eu.exe
2013-12-14 10:21 - 2013-12-14 10:21 - 00000620 _____ C:\DelFix.txt
2013-12-13 20:01 - 2013-12-13 20:08 - 00000000 ____D C:\Users\Andi\AppData\Local\download.am-data
2013-12-13 19:59 - 2013-12-13 19:59 - 00001053 _____ C:\Users\Admin\Desktop\Download.am.lnk
2013-12-13 19:59 - 2013-12-13 19:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am
2013-12-11 15:13 - 2013-12-11 15:13 - 00002430 _____ C:\Users\Angi\Downloads\angelswe (1).mid
2013-12-11 15:12 - 2013-12-11 15:12 - 00002430 _____ C:\Users\Angi\Downloads\angelswe.mid
2013-12-11 15:11 - 2013-12-11 15:11 - 00001406 _____ C:\Users\Angi\Downloads\regentsq.mid
2013-12-11 12:54 - 2013-12-11 12:54 - 00002768 _____ C:\Users\Angi\Desktop\Tasche Anna.pcf
2013-12-11 12:54 - 2013-12-11 12:54 - 00000000 ____D C:\Users\Angi\Desktop\Tasche Anna-Dateien
2013-12-11 12:41 - 2013-12-11 12:41 - 00008989 _____ C:\Users\Angi\Desktop\Poster Sarah.pcf
2013-12-11 12:41 - 2013-12-11 12:41 - 00000000 ____D C:\Users\Angi\Desktop\Poster Sarah-Dateien
2013-12-11 12:25 - 2013-12-11 12:25 - 00008450 _____ C:\Users\Angi\Desktop\Poster Anna.pcf
2013-12-11 12:25 - 2013-12-11 12:25 - 00000000 ____D C:\Users\Angi\Desktop\Poster Anna-Dateien
2013-12-11 01:29 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 01:29 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 01:29 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 01:29 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 01:27 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 01:27 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 01:27 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 01:27 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 01:27 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 01:27 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 01:27 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 01:27 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 01:27 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 01:27 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 01:27 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 01:27 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 01:27 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 01:27 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 01:27 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 01:27 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 01:27 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 01:27 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 01:27 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 01:27 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 01:27 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 01:27 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 01:27 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 01:27 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 01:27 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 01:27 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 01:27 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 01:27 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 01:27 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 01:27 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 01:27 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-10 23:43 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-10 23:43 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-10 23:43 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-10 23:43 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-10 23:43 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-10 23:43 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-10 23:43 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-10 23:43 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-10 23:43 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-10 23:43 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-10 23:43 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 23:43 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-10 23:43 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-10 23:43 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-10 23:43 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-10 23:43 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-10 23:43 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-10 23:43 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-10 23:43 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 23:49 - 2013-12-11 12:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-09 23:48 - 2013-12-09 23:49 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-12-09 00:58 - 2014-01-01 19:03 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2013-12-03 22:25 - 2013-12-03 22:25 - 00283184 _____ (Mozilla) C:\Users\Andi\Downloads\Firefox Setup Stub 25.0.1.exe
2013-12-03 22:17 - 2013-12-03 22:17 - 00000690 _____ C:\Users\Angi\Desktop\Bestellung_HappyFoto.psc
2013-12-03 22:17 - 2013-12-03 22:17 - 00000000 ____D C:\Users\Angi\Desktop\Bestellung_HappyFoto-Dateien
2013-12-03 16:05 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-03 16:02 - 2013-12-03 16:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 16:02 - 2013-12-03 16:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 16:02 - 2013-12-03 16:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 16:02 - 2013-12-03 16:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 16:02 - 2013-12-03 16:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 16:02 - 2013-12-03 16:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 16:02 - 2013-12-03 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 16:00 - 2013-12-03 16:05 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 15:33 - 2013-12-03 15:33 - 00009635 _____ C:\Users\Angi\Desktop\Kreativposter.pcf
2013-12-03 15:33 - 2013-12-03 15:33 - 00000000 ____D C:\Users\Angi\Desktop\Kreativposter-Dateien
2013-12-03 13:10 - 2013-12-03 13:10 - 00001073 _____ C:\Users\Public\Desktop\HappyFoto-Designer.lnk
2013-12-03 13:10 - 2013-12-03 13:10 - 00000000 ____D C:\Users\Angi\AppData\Local\HappyFoto-Designer
2013-12-03 13:08 - 2013-12-03 13:10 - 00000000 ____D C:\Program Files (x86)\HappyFoto-Designer
2013-12-03 13:08 - 2013-12-03 13:08 - 00000000 ____D C:\ProgramData\HappyFoto-Designer
2013-12-03 13:04 - 2013-12-03 13:07 - 255251040 _____ (                                                            ) C:\Users\Angi\Downloads\HappyFoto-Designer.exe
2013-12-02 21:00 - 2013-12-02 21:00 - 02347384 _____ (ESET) C:\Users\Andi\Downloads\esetsmartinstaller_enu.exe

==================== One Month Modified Files and Folders =======

2014-01-01 19:35 - 2014-01-01 19:35 - 00016046 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:35 - 2013-12-01 20:43 - 00000000 ___RD C:\Users\Angi\Dropbox
2014-01-01 19:35 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Dropbox
2014-01-01 19:35 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 19:34 - 2014-01-01 19:34 - 00071190 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-01 19:34 - 2014-01-01 19:33 - 00071190 _____ C:\Users\Andi\Downloads\FRST.txt
2014-01-01 19:32 - 2014-01-01 19:34 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe
2014-01-01 19:32 - 2014-01-01 19:32 - 01931396 _____ (Farbar) C:\Users\Andi\Downloads\FRST64(1).exe
2014-01-01 19:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2014-01-01 19:23 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2014-01-01 19:03 - 2013-12-09 00:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2014-01-01 18:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 18:06 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2014-01-01 17:23 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2014-01-01 16:43 - 2012-01-15 19:22 - 02059337 _____ C:\Windows\WindowsUpdate.log
2014-01-01 15:10 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 15:10 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 15:03 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 15:03 - 2009-07-14 05:51 - 00192979 _____ C:\Windows\setupact.log
2013-12-31 17:42 - 2012-06-02 16:08 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Adobe
2013-12-31 17:42 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-31 08:31 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2013-12-30 07:57 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2013-12-30 07:57 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2013-12-30 07:57 - 2009-07-14 06:13 - 01528364 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-26 22:25 - 2012-06-05 06:01 - 00000000 ____D C:\Users\Andi\AppData\Local\VirtualStore
2013-12-26 22:12 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2013-12-24 15:50 - 2013-12-24 15:50 - 06183856 _____ C:\Users\Angi\Downloads\ElfYourself.mov
2013-12-24 13:52 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos
2013-12-23 15:49 - 2013-12-01 20:43 - 00001012 _____ C:\Users\Angi\Desktop\Dropbox.lnk
2013-12-23 15:49 - 2013-12-01 20:39 - 00000354 _____ C:\Windows\wininit.ini
2013-12-23 15:49 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-23 15:49 - 2012-06-02 13:28 - 00000000 ___RD C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-23 01:49 - 2013-12-23 01:49 - 00000000 ____D C:\FRST
2013-12-22 16:34 - 2013-12-22 16:34 - 01928024 _____ (Farbar) C:\Users\Andi\Downloads\FRST64.exe
2013-12-21 12:02 - 2013-12-20 23:21 - 00000000 ____D C:\Program Files\World of Warplanes
2013-12-21 11:08 - 2013-12-21 11:08 - 00000000 ____D C:\Users\Andi\AppData\Roaming\wargaming.net
2013-12-20 23:25 - 2013-12-20 23:21 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 23:25 - 2011-10-14 04:34 - 00010071 _____ C:\Windows\DirectX.log
2013-12-20 23:23 - 2013-12-20 23:21 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-20 23:20 - 2013-12-20 23:20 - 08988024 _____ (Wargaming.net                                              ) C:\Users\Andi\Downloads\WoWP_internet_install_eu.exe
2013-12-20 23:12 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 17:48 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 17:43 - 2010-11-21 04:47 - 00388320 _____ C:\Windows\PFRO.log
2013-12-19 20:07 - 2012-06-02 11:43 - 00000000 ____D C:\ProgramData\clear.fi
2013-12-16 20:20 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2013-12-16 20:11 - 2012-06-02 12:48 - 00000000 ____D C:\Fusspflege
2013-12-15 13:37 - 2012-06-02 13:32 - 00000000 ____D C:\Users\Angi\AppData\Local\Mozilla
2013-12-15 00:34 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 00:32 - 2013-08-15 14:17 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 21:07 - 2012-06-02 11:21 - 00000000 ____D C:\Users\Admin
2013-12-14 10:21 - 2013-12-14 10:21 - 00000620 _____ C:\DelFix.txt
2013-12-13 22:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-13 21:55 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-12-13 21:53 - 2013-11-24 16:43 - 00000000 ____D C:\Windows\erdnt
2013-12-13 20:08 - 2013-12-13 20:01 - 00000000 ____D C:\Users\Andi\AppData\Local\download.am-data
2013-12-13 19:59 - 2013-12-13 19:59 - 00001053 _____ C:\Users\Admin\Desktop\Download.am.lnk
2013-12-13 19:59 - 2013-12-13 19:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am
2013-12-12 20:04 - 2013-07-08 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-11 15:13 - 2013-12-11 15:13 - 00002430 _____ C:\Users\Angi\Downloads\angelswe (1).mid
2013-12-11 15:12 - 2013-12-11 15:12 - 00002430 _____ C:\Users\Angi\Downloads\angelswe.mid
2013-12-11 15:11 - 2013-12-11 15:11 - 00001406 _____ C:\Users\Angi\Downloads\regentsq.mid
2013-12-11 12:54 - 2013-12-11 12:54 - 00002768 _____ C:\Users\Angi\Desktop\Tasche Anna.pcf
2013-12-11 12:54 - 2013-12-11 12:54 - 00000000 ____D C:\Users\Angi\Desktop\Tasche Anna-Dateien
2013-12-11 12:41 - 2013-12-11 12:41 - 00008989 _____ C:\Users\Angi\Desktop\Poster Sarah.pcf
2013-12-11 12:41 - 2013-12-11 12:41 - 00000000 ____D C:\Users\Angi\Desktop\Poster Sarah-Dateien
2013-12-11 12:37 - 2013-12-09 23:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 12:37 - 2011-10-14 04:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 12:25 - 2013-12-11 12:25 - 00008450 _____ C:\Users\Angi\Desktop\Poster Anna.pcf
2013-12-11 12:25 - 2013-12-11 12:25 - 00000000 ____D C:\Users\Angi\Desktop\Poster Anna-Dateien
2013-12-11 08:19 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-11 06:41 - 2009-07-14 05:45 - 00481440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-10 22:38 - 2012-06-02 11:23 - 00001347 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-09 23:49 - 2013-12-09 23:48 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-12-03 22:28 - 2012-06-05 06:34 - 00000000 ____D C:\Users\Andi\AppData\Local\Mozilla
2013-12-03 22:26 - 2012-06-02 13:17 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-03 22:25 - 2013-12-03 22:25 - 00283184 _____ (Mozilla) C:\Users\Andi\Downloads\Firefox Setup Stub 25.0.1.exe
2013-12-03 22:17 - 2013-12-03 22:17 - 00000690 _____ C:\Users\Angi\Desktop\Bestellung_HappyFoto.psc
2013-12-03 22:17 - 2013-12-03 22:17 - 00000000 ____D C:\Users\Angi\Desktop\Bestellung_HappyFoto-Dateien
2013-12-03 22:17 - 2012-06-05 06:01 - 00001429 _____ C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 22:01 - 2012-06-02 13:28 - 00001429 _____ C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 21:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-03 16:05 - 2013-12-03 16:00 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 16:02 - 2013-12-03 16:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 16:02 - 2013-12-03 16:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 16:02 - 2013-12-03 16:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 16:02 - 2013-12-03 16:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 16:02 - 2013-12-03 16:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 16:02 - 2013-12-03 16:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 16:02 - 2013-12-03 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 16:02 - 2013-12-03 16:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 16:02 - 2013-12-03 16:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 16:01 - 2013-12-03 16:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 16:01 - 2013-12-03 16:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 15:33 - 2013-12-03 15:33 - 00009635 _____ C:\Users\Angi\Desktop\Kreativposter.pcf
2013-12-03 15:33 - 2013-12-03 15:33 - 00000000 ____D C:\Users\Angi\Desktop\Kreativposter-Dateien
2013-12-03 13:10 - 2013-12-03 13:10 - 00001073 _____ C:\Users\Public\Desktop\HappyFoto-Designer.lnk
2013-12-03 13:10 - 2013-12-03 13:10 - 00000000 ____D C:\Users\Angi\AppData\Local\HappyFoto-Designer
2013-12-03 13:10 - 2013-12-03 13:08 - 00000000 ____D C:\Program Files (x86)\HappyFoto-Designer
2013-12-03 13:08 - 2013-12-03 13:08 - 00000000 ____D C:\ProgramData\HappyFoto-Designer
2013-12-03 13:07 - 2013-12-03 13:04 - 255251040 _____ (                                                            ) C:\Users\Angi\Downloads\HappyFoto-Designer.exe
2013-12-02 21:00 - 2013-12-02 21:00 - 02347384 _____ (ESET) C:\Users\Andi\Downloads\esetsmartinstaller_enu.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

schrauber 02.01.2014 16:58
Kannst Du es löschen wenn Du von der Win DVD bootest?

oigen 02.01.2014 22:45
Gerade versucht - leider erfolglos :(

Im Fenster 'Eingabeaufforderung' sieht alles normal aus, aber ich kann die Ordner nicht löschen. Wenn ich in den Pfad hinein gehe, sieht der letzte Ordner leer aus, aber ich kann weder den Inhalt, noch den Ordner selbst löschen...

schrauber 03.01.2014 12:44
In beiden Accounts bitte diesen FRST Fix. FRST braucht Adminrechte!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


oigen 03.01.2014 21:04
Fixlog meines Users:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2014
Ran by Admin at 2014-01-03 20:58:19 Run:3
Running from C:\Users\Andi\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
*****************

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\de-DE" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====
Fixlog des Users meiner Frau:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2014
Ran by Admin at 2014-01-03 21:01:50 Run:5
Running from C:\Users\Angi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
*****************

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
==== End of Fixlog ====

schrauber 04.01.2014 15:46
Von beiden Rechnern bitte frische Scanlogs mit FRST mit Adminrechten.

oigen 08.01.2014 07:56
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by Admin (administrator) on PC on 05-01-2014 09:28:35
Running from C:\Users\Andi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(BitTorrent Inc.) C:\Users\Andi\AppData\Roaming\BitTorrent\BitTorrent.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFix\Combobatch.bat
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\Angi\...\Run: [Google Update] - C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-02] (Google Inc.)
HKU\Angi\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Angi\...\Run: [crsscmgr] - C:\Users\Angi\AppData\Roaming\Adobe\crsscmgr\crssc.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Hans\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\UpdatusUser\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default
FF Homepage: hxxp://www.google.at/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: qvo6
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-03 21:00 - 2014-01-03 20:54 - 01931750 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-01-03 20:54 - 2014-01-05 09:28 - 00000000 ____D C:\Users\Andi\Downloads\FRST-OlderVersion
2014-01-01 19:35 - 2014-01-01 19:36 - 00074060 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:34 - 2014-01-01 19:34 - 00071190 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-01 19:34 - 2014-01-01 19:32 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe
2014-01-01 19:33 - 2014-01-05 09:28 - 00018147 _____ C:\Users\Andi\Downloads\FRST.txt
2013-12-24 15:50 - 2013-12-24 15:50 - 06183856 _____ C:\Users\Angi\Downloads\ElfYourself.mov
2013-12-23 01:49 - 2014-01-05 09:28 - 00000000 ____D C:\FRST
2013-12-22 16:34 - 2014-01-05 09:28 - 01931368 _____ (Farbar) C:\Users\Andi\Downloads\FRST64.exe
2013-12-21 11:08 - 2013-12-21 11:08 - 00000000 ____D C:\Users\Andi\AppData\Roaming\wargaming.net
2013-12-20 23:25 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-12-20 23:25 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-12-20 23:25 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-12-20 23:25 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-12-20 23:25 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-12-20 23:25 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-12-20 23:25 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-12-20 23:25 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-12-20 23:25 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-12-20 23:25 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-12-20 23:25 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-12-20 23:25 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-12-20 23:25 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-12-20 23:25 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-12-20 23:25 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-12-20 23:25 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-12-20 23:25 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-12-20 23:25 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-12-20 23:25 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-12-20 23:25 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-12-20 23:25 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-12-20 23:25 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-12-20 23:25 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-12-20 23:25 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-12-20 23:25 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-12-20 23:25 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-12-20 23:25 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-12-20 23:25 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-12-20 23:25 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-12-20 23:25 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-12-20 23:25 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-12-20 23:25 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-12-20 23:25 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-12-20 23:25 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-12-20 23:25 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-12-20 23:25 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-12-20 23:25 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-12-20 23:25 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-12-20 23:25 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-12-20 23:25 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-12-20 23:25 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-12-20 23:25 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-12-20 23:25 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-12-20 23:24 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-12-20 23:24 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-12-20 23:24 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-12-20 23:24 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-12-20 23:24 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-12-20 23:24 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-12-20 23:24 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-12-20 23:24 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-12-20 23:24 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-12-20 23:24 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-12-20 23:24 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-12-20 23:24 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-12-20 23:24 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-12-20 23:24 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-12-20 23:24 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-12-20 23:24 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-12-20 23:24 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-12-20 23:24 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-12-20 23:24 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-12-20 23:24 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-12-20 23:21 - 2013-12-21 12:02 - 00000000 ____D C:\Program Files\World of Warplanes
2013-12-20 23:21 - 2013-12-20 23:25 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 23:21 - 2013-12-20 23:23 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-20 23:20 - 2013-12-20 23:20 - 08988024 _____ (Wargaming.net                                              ) C:\Users\Andi\Downloads\WoWP_internet_install_eu.exe
2013-12-14 10:21 - 2013-12-14 10:21 - 00000620 _____ C:\DelFix.txt
2013-12-13 20:01 - 2013-12-13 20:08 - 00000000 ____D C:\Users\Andi\AppData\Local\download.am-data
2013-12-13 19:59 - 2013-12-13 19:59 - 00001053 _____ C:\Users\Admin\Desktop\Download.am.lnk
2013-12-13 19:59 - 2013-12-13 19:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am
2013-12-11 15:13 - 2013-12-11 15:13 - 00002430 _____ C:\Users\Angi\Downloads\angelswe (1).mid
2013-12-11 15:12 - 2013-12-11 15:12 - 00002430 _____ C:\Users\Angi\Downloads\angelswe.mid
2013-12-11 15:11 - 2013-12-11 15:11 - 00001406 _____ C:\Users\Angi\Downloads\regentsq.mid
2013-12-11 01:29 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 01:29 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 01:29 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 01:29 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 01:27 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 01:27 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 01:27 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 01:27 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 01:27 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 01:27 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 01:27 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 01:27 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 01:27 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 01:27 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 01:27 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 01:27 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 01:27 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 01:27 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 01:27 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 01:27 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 01:27 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 01:27 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 01:27 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 01:27 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 01:27 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 01:27 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 01:27 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 01:27 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 01:27 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 01:27 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 01:27 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 01:27 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 01:27 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 01:27 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 01:27 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-10 23:43 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-10 23:43 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-10 23:43 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-10 23:43 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-10 23:43 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-10 23:43 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-10 23:43 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-10 23:43 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-10 23:43 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-10 23:43 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-10 23:43 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 23:43 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-10 23:43 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-10 23:43 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-10 23:43 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-10 23:43 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-10 23:43 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-10 23:43 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-10 23:43 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 23:49 - 2013-12-11 12:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-09 23:48 - 2013-12-09 23:49 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-12-09 00:58 - 2014-01-05 09:03 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2013-12-09 00:58 - 2013-12-09 00:58 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b

==================== One Month Modified Files and Folders =======

2014-01-05 09:29 - 2014-01-01 19:33 - 00018147 _____ C:\Users\Andi\Downloads\FRST.txt
2014-01-05 09:28 - 2014-01-03 20:54 - 00000000 ____D C:\Users\Andi\Downloads\FRST-OlderVersion
2014-01-05 09:28 - 2013-12-23 01:49 - 00000000 ____D C:\FRST
2014-01-05 09:28 - 2013-12-22 16:34 - 01931368 _____ (Farbar) C:\Users\Andi\Downloads\FRST64.exe
2014-01-05 09:28 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2014-01-05 09:23 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2014-01-05 09:03 - 2013-12-09 00:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2014-01-05 08:53 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 08:53 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 08:46 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-05 08:45 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 08:45 - 2009-07-14 05:51 - 00194043 _____ C:\Windows\setupact.log
2014-01-05 07:26 - 2012-01-15 19:22 - 01263323 _____ C:\Windows\WindowsUpdate.log
2014-01-05 06:57 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2014-01-05 06:57 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2014-01-05 06:57 - 2009-07-14 06:13 - 01528364 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-05 06:54 - 2013-12-01 20:43 - 00000000 ___RD C:\Users\Angi\Dropbox
2014-01-05 06:54 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Dropbox
2014-01-05 02:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-05 02:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2014-01-03 20:54 - 2014-01-03 21:00 - 01931750 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-01-03 17:23 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2014-01-03 01:07 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2014-01-02 08:31 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2014-01-01 19:36 - 2014-01-01 19:35 - 00074060 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:34 - 2014-01-01 19:34 - 00071190 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-01 19:32 - 2014-01-01 19:34 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe
2013-12-31 17:42 - 2012-06-02 16:08 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Adobe
2013-12-31 17:42 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-26 22:25 - 2012-06-05 06:01 - 00000000 ____D C:\Users\Andi\AppData\Local\VirtualStore
2013-12-24 15:50 - 2013-12-24 15:50 - 06183856 _____ C:\Users\Angi\Downloads\ElfYourself.mov
2013-12-24 13:52 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos
2013-12-23 15:49 - 2013-12-01 20:43 - 00001012 _____ C:\Users\Angi\Desktop\Dropbox.lnk
2013-12-23 15:49 - 2013-12-01 20:39 - 00000354 _____ C:\Windows\wininit.ini
2013-12-23 15:49 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-23 15:49 - 2012-06-02 13:28 - 00000000 ___RD C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-21 12:02 - 2013-12-20 23:21 - 00000000 ____D C:\Program Files\World of Warplanes
2013-12-21 11:08 - 2013-12-21 11:08 - 00000000 ____D C:\Users\Andi\AppData\Roaming\wargaming.net
2013-12-20 23:25 - 2013-12-20 23:21 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 23:25 - 2011-10-14 04:34 - 00010071 _____ C:\Windows\DirectX.log
2013-12-20 23:23 - 2013-12-20 23:21 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-20 23:20 - 2013-12-20 23:20 - 08988024 _____ (Wargaming.net                                              ) C:\Users\Andi\Downloads\WoWP_internet_install_eu.exe
2013-12-20 23:12 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 17:48 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 17:43 - 2010-11-21 04:47 - 00388320 _____ C:\Windows\PFRO.log
2013-12-19 20:07 - 2012-06-02 11:43 - 00000000 ____D C:\ProgramData\clear.fi
2013-12-16 20:20 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2013-12-16 20:11 - 2012-06-02 12:48 - 00000000 ____D C:\Fusspflege
2013-12-15 13:37 - 2012-06-02 13:32 - 00000000 ____D C:\Users\Angi\AppData\Local\Mozilla
2013-12-15 00:34 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 00:32 - 2013-08-15 14:17 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 21:07 - 2012-06-02 11:21 - 00000000 ____D C:\Users\Admin
2013-12-14 10:21 - 2013-12-14 10:21 - 00000620 _____ C:\DelFix.txt
2013-12-13 22:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-13 21:55 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-12-13 21:53 - 2013-11-24 16:43 - 00000000 ____D C:\Windows\erdnt
2013-12-13 20:08 - 2013-12-13 20:01 - 00000000 ____D C:\Users\Andi\AppData\Local\download.am-data
2013-12-13 19:59 - 2013-12-13 19:59 - 00001053 _____ C:\Users\Admin\Desktop\Download.am.lnk
2013-12-13 19:59 - 2013-12-13 19:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am
2013-12-12 20:04 - 2013-07-08 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-11 15:13 - 2013-12-11 15:13 - 00002430 _____ C:\Users\Angi\Downloads\angelswe (1).mid
2013-12-11 15:12 - 2013-12-11 15:12 - 00002430 _____ C:\Users\Angi\Downloads\angelswe.mid
2013-12-11 15:11 - 2013-12-11 15:11 - 00001406 _____ C:\Users\Angi\Downloads\regentsq.mid
2013-12-11 13:37 - 2012-10-10 22:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 12:37 - 2013-12-09 23:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 12:37 - 2011-10-14 04:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 08:19 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-11 06:41 - 2009-07-14 05:45 - 00481440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-10 22:38 - 2012-06-02 11:23 - 00001347 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-09 23:49 - 2013-12-09 23:48 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-12-09 00:58 - 2013-12-09 00:58 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b
2013-12-09 00:58 - 2013-07-08 16:40 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-08 17:18 - 2013-10-12 20:12 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa
2013-12-08 17:18 - 2012-06-02 13:35 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-01 16:31

==================== End Of Log ============================
--- --- ---

--- --- ---



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by Angi (ATTENTION: The logged in user is not administrator) on PC on 05-01-2014 09:36:14
Running from C:\Users\Angi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Google Inc.) C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(Dropbox, Inc.) C:\Users\Angi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFix\Combobatch.bat
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-02] (Google Inc.)
HKCU\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\Run: [crsscmgr] - C:\Users\Angi\AppData\Roaming\Adobe\crsscmgr\crssc.exe
MountPoints2: E - E:\AutoRun.exe
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {10e3d94e-ad86-11e1-b219-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {8cf2d829-4bc2-11e2-b468-001e101f7fb6} - E:\AutoRun.exe
MountPoints2: {9a409562-acd6-11e1-9bc0-642737311941} - E:\AutoRun.exe
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Angi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Angi\AppData\Roaming\Mozilla\Firefox\Profiles\h2qx2vyb.default
FF Homepage: www.google.at
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Angi\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Angi\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.facebook.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Angi\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Angi\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Angi\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Angi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Angi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Angi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (Google Wallet) - C:\Users\Angi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-05 09:36 - 2014-01-05 09:36 - 00015751 _____ C:\Users\Angi\Desktop\FRST.txt
2014-01-05 09:36 - 2014-01-05 09:36 - 00000000 ____D C:\Users\Angi\Desktop\FRST-OlderVersion
2014-01-03 21:00 - 2014-01-05 09:36 - 01931368 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-01-03 20:54 - 2014-01-05 09:28 - 00000000 ____D C:\Users\Andi\Downloads\FRST-OlderVersion
2014-01-01 19:35 - 2014-01-01 19:36 - 00074060 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:34 - 2014-01-01 19:34 - 00071190 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-01 19:34 - 2014-01-01 19:32 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe
2014-01-01 19:33 - 2014-01-05 09:32 - 00053799 _____ C:\Users\Andi\Downloads\FRST.txt
2013-12-24 15:50 - 2013-12-24 15:50 - 06183856 _____ C:\Users\Angi\Downloads\ElfYourself.mov
2013-12-23 01:49 - 2014-01-05 09:36 - 00000000 ____D C:\FRST
2013-12-22 16:34 - 2014-01-05 09:28 - 01931368 _____ (Farbar) C:\Users\Andi\Downloads\FRST64.exe
2013-12-21 11:08 - 2013-12-21 11:08 - 00000000 ____D C:\Users\Andi\AppData\Roaming\wargaming.net
2013-12-20 23:25 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-12-20 23:25 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-12-20 23:25 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-12-20 23:25 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-12-20 23:25 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-12-20 23:25 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-12-20 23:25 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-12-20 23:25 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-12-20 23:25 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-12-20 23:25 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-12-20 23:25 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-12-20 23:25 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-12-20 23:25 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-12-20 23:25 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-12-20 23:25 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-12-20 23:25 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-12-20 23:25 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-12-20 23:25 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-12-20 23:25 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-12-20 23:25 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-12-20 23:25 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-12-20 23:25 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-12-20 23:25 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-12-20 23:25 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-12-20 23:25 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-12-20 23:25 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-12-20 23:25 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-12-20 23:25 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-12-20 23:25 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-12-20 23:25 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-12-20 23:25 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-12-20 23:25 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-12-20 23:25 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-12-20 23:25 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-12-20 23:25 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-12-20 23:25 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-12-20 23:25 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-12-20 23:25 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-12-20 23:25 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-12-20 23:25 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-12-20 23:25 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-12-20 23:25 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-12-20 23:25 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-12-20 23:24 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-12-20 23:24 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-12-20 23:24 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-12-20 23:24 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-12-20 23:24 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-12-20 23:24 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-12-20 23:24 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-12-20 23:24 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-12-20 23:24 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-12-20 23:24 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-12-20 23:24 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-12-20 23:24 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-12-20 23:24 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-12-20 23:24 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-12-20 23:24 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-12-20 23:24 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-12-20 23:24 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-12-20 23:24 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-12-20 23:24 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-12-20 23:24 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-12-20 23:21 - 2013-12-21 12:02 - 00000000 ____D C:\Program Files\World of Warplanes
2013-12-20 23:21 - 2013-12-20 23:25 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 23:21 - 2013-12-20 23:23 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-20 23:20 - 2013-12-20 23:20 - 08988024 _____ (Wargaming.net                                              ) C:\Users\Andi\Downloads\WoWP_internet_install_eu.exe
2013-12-14 10:21 - 2013-12-14 10:21 - 00000620 _____ C:\DelFix.txt
2013-12-13 20:01 - 2013-12-13 20:08 - 00000000 ____D C:\Users\Andi\AppData\Local\download.am-data
2013-12-13 19:59 - 2013-12-13 19:59 - 00001053 _____ C:\Users\Admin\Desktop\Download.am.lnk
2013-12-13 19:59 - 2013-12-13 19:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am
2013-12-11 15:13 - 2013-12-11 15:13 - 00002430 _____ C:\Users\Angi\Downloads\angelswe (1).mid
2013-12-11 15:12 - 2013-12-11 15:12 - 00002430 _____ C:\Users\Angi\Downloads\angelswe.mid
2013-12-11 15:11 - 2013-12-11 15:11 - 00001406 _____ C:\Users\Angi\Downloads\regentsq.mid
2013-12-11 01:29 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 01:29 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 01:29 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 01:29 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 01:27 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 01:27 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 01:27 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 01:27 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 01:27 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 01:27 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 01:27 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 01:27 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 01:27 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 01:27 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 01:27 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 01:27 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 01:27 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 01:27 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 01:27 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 01:27 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 01:27 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 01:27 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 01:27 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 01:27 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 01:27 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 01:27 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 01:27 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 01:27 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 01:27 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 01:27 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 01:27 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 01:27 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 01:27 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 01:27 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 01:27 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-10 23:43 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-10 23:43 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-10 23:43 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-10 23:43 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-10 23:43 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-10 23:43 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-10 23:43 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-10 23:43 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-10 23:43 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-10 23:43 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-10 23:43 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 23:43 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-10 23:43 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-10 23:43 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-10 23:43 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-10 23:43 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-10 23:43 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-10 23:43 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-10 23:43 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 23:49 - 2013-12-11 12:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-09 23:48 - 2013-12-09 23:49 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-12-09 00:58 - 2014-01-05 09:03 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job

==================== One Month Modified Files and Folders =======

2014-01-05 09:36 - 2014-01-05 09:36 - 00015751 _____ C:\Users\Angi\Desktop\FRST.txt
2014-01-05 09:36 - 2014-01-05 09:36 - 00000000 ____D C:\Users\Angi\Desktop\FRST-OlderVersion
2014-01-05 09:36 - 2014-01-03 21:00 - 01931368 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-01-05 09:36 - 2013-12-23 01:49 - 00000000 ____D C:\FRST
2014-01-05 09:36 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2014-01-05 09:35 - 2013-12-01 20:43 - 00000000 ___RD C:\Users\Angi\Dropbox
2014-01-05 09:35 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Dropbox
2014-01-05 09:35 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-05 09:32 - 2014-01-01 19:33 - 00053799 _____ C:\Users\Andi\Downloads\FRST.txt
2014-01-05 09:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2014-01-05 09:28 - 2014-01-03 20:54 - 00000000 ____D C:\Users\Andi\Downloads\FRST-OlderVersion
2014-01-05 09:28 - 2013-12-22 16:34 - 01931368 _____ (Farbar) C:\Users\Andi\Downloads\FRST64.exe
2014-01-05 09:23 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2014-01-05 09:03 - 2013-12-09 00:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2014-01-05 08:53 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 08:53 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 08:45 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 08:45 - 2009-07-14 05:51 - 00194043 _____ C:\Windows\setupact.log
2014-01-05 07:26 - 2012-01-15 19:22 - 01263507 _____ C:\Windows\WindowsUpdate.log
2014-01-05 06:57 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2014-01-05 06:57 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2014-01-05 06:57 - 2009-07-14 06:13 - 01528364 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-05 02:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-03 17:23 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2014-01-03 01:07 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2014-01-02 08:31 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2014-01-01 19:36 - 2014-01-01 19:35 - 00074060 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:34 - 2014-01-01 19:34 - 00071190 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-01 19:32 - 2014-01-01 19:34 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe
2013-12-31 17:42 - 2012-06-02 16:08 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Adobe
2013-12-31 17:42 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-26 22:44 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-12-26 22:25 - 2012-06-05 06:01 - 00000000 ____D C:\Users\Andi\AppData\Local\VirtualStore
2013-12-24 15:50 - 2013-12-24 15:50 - 06183856 _____ C:\Users\Angi\Downloads\ElfYourself.mov
2013-12-24 13:52 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos
2013-12-23 15:49 - 2013-12-01 20:43 - 00001012 _____ C:\Users\Angi\Desktop\Dropbox.lnk
2013-12-23 15:49 - 2013-12-01 20:39 - 00000354 _____ C:\Windows\wininit.ini
2013-12-23 15:49 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-23 15:49 - 2012-06-02 13:28 - 00000000 ___RD C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-21 12:02 - 2013-12-20 23:21 - 00000000 ____D C:\Program Files\World of Warplanes
2013-12-21 11:08 - 2013-12-21 11:08 - 00000000 ____D C:\Users\Andi\AppData\Roaming\wargaming.net
2013-12-20 23:25 - 2013-12-20 23:21 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 23:25 - 2011-10-14 04:34 - 00010071 _____ C:\Windows\DirectX.log
2013-12-20 23:23 - 2013-12-20 23:21 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-20 23:20 - 2013-12-20 23:20 - 08988024 _____ (Wargaming.net                                              ) C:\Users\Andi\Downloads\WoWP_internet_install_eu.exe
2013-12-20 23:12 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 17:48 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 17:43 - 2010-11-21 04:47 - 00388320 _____ C:\Windows\PFRO.log
2013-12-19 20:07 - 2012-06-02 11:43 - 00000000 ____D C:\ProgramData\clear.fi
2013-12-16 20:20 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2013-12-16 20:11 - 2012-06-02 12:48 - 00000000 ____D C:\Fusspflege
2013-12-15 13:37 - 2012-06-02 13:32 - 00000000 ____D C:\Users\Angi\AppData\Local\Mozilla
2013-12-15 00:34 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 00:32 - 2013-08-15 14:17 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 21:07 - 2012-06-02 11:21 - 00000000 ____D C:\Users\Admin
2013-12-14 10:21 - 2013-12-14 10:21 - 00000620 _____ C:\DelFix.txt
2013-12-13 22:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-13 21:55 - 2013-11-27 12:50 - 00000000 ____D C:\Windows\ERUNT
2013-12-13 21:53 - 2013-11-24 16:43 - 00000000 ____D C:\Windows\erdnt
2013-12-13 20:08 - 2013-12-13 20:01 - 00000000 ____D C:\Users\Andi\AppData\Local\download.am-data
2013-12-13 19:59 - 2013-12-13 19:59 - 00001053 _____ C:\Users\Admin\Desktop\Download.am.lnk
2013-12-13 19:59 - 2013-12-13 19:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am
2013-12-12 20:04 - 2013-07-08 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-11 15:13 - 2013-12-11 15:13 - 00002430 _____ C:\Users\Angi\Downloads\angelswe (1).mid
2013-12-11 15:12 - 2013-12-11 15:12 - 00002430 _____ C:\Users\Angi\Downloads\angelswe.mid
2013-12-11 15:11 - 2013-12-11 15:11 - 00001406 _____ C:\Users\Angi\Downloads\regentsq.mid
2013-12-11 12:37 - 2013-12-09 23:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 12:37 - 2011-10-14 04:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 08:19 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-11 06:41 - 2009-07-14 05:45 - 00481440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-10 22:38 - 2012-06-02 11:23 - 00001347 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-09 23:49 - 2013-12-09 23:48 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 08.01.2014 12:33
für den ersten Account:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\Angi\...\Run: [crsscmgr] - C:\Users\Angi\AppData\Roaming\Adobe\crsscmgr\crssc.exe
C:\Users\Angi\AppData\Roaming\Adobe\crsscmgr
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST Log bitte. Noch Probleme?

oigen 10.01.2014 20:22
Also, erstmal das Log:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-01-2014
Ran by Admin at 2014-01-10 20:12:03 Run:7
Running from C:\Users\Andi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\Angi\...\Run: [crsscmgr] - C:\Users\Angi\AppData\Roaming\Adobe\crsscmgr\crssc.exe
C:\Users\Angi\AppData\Roaming\Adobe\crsscmgr
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
       
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKU\Angi\Software\Microsoft\Windows\CurrentVersion\Run\\crsscmgr => Value deleted successfully.
C:\Users\Angi\AppData\Roaming\Adobe\crsscmgr => Moved successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
RemoteAccess => Service deleted successfully.

==== End of Fixlog ====
C:\FRST\Quarantine\_OTM kann ich immer noch nicht löschen

Zusätzlich kommt beim Hochfahren jetzt folgende Meldung:

Fehler beim Laden des Moduls
"C:\Users\Andi\AppData\Local\Udbmedia\jcstums.dat"

Stellen Sie sicher, dass die Binärdatei am angegebenen Pfad gespeichert ist, oder debuggen Sie die Datei, um Probleme mit der binären Datei oder abhängigen DLL-Dateien auszuschließen.

Das angegebene Modul wurde nicht gefunden.

:wtf:

schrauber 11.01.2014 13:28
Das frische FRST log fehlt noch :)

oigen 15.01.2014 07:47
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by Andi (ATTENTION: The logged in user is not administrator) on PC on 15-01-2014 07:43:10
Running from C:\Users\Andi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official downoad link fo FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFix\Combobatch.bat
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Orbitum] - C:\Users\Andi\AppData\Local\Orbitum\Application\chrome.exe
HKCU\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\Run: [Udbmedia] - regsvr32.exe C:\Users\Andi\AppData\Local\Udbmedia\jcstums.dll <===== ATTENTION
MountPoints2: E - E:\AutoRun.exe
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {10e3d94e-ad86-11e1-b219-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {8cf2d829-4bc2-11e2-b468-001e101f7fb6} - E:\AutoRun.exe
MountPoints2: {9a409562-acd6-11e1-9bc0-642737311941} - F:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default-1382384792839
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-03]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-03]

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-10 20:09 - 2014-01-15 07:43 - 00000000 ____D C:\Users\Andi\Desktop\FRST-OlderVersion
2014-01-05 21:32 - 2014-01-10 06:24 - 00000000 ____D C:\Users\Andi\AppData\Local\Udbmedia
2014-01-05 09:36 - 2014-01-10 20:14 - 00000000 ____D C:\Users\Angi\Desktop\FRST-OlderVersion
2014-01-03 21:00 - 2014-01-10 20:14 - 01932166 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-01-03 20:54 - 2014-01-05 09:28 - 00000000 ____D C:\Users\Andi\Downloads\FRST-OlderVersion
2014-01-01 19:35 - 2014-01-01 19:36 - 00074060 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:34 - 2014-01-15 07:43 - 00013998 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-01 19:34 - 2014-01-01 19:32 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe
2014-01-01 19:33 - 2014-01-05 09:32 - 00053799 _____ C:\Users\Andi\Downloads\FRST.txt
2013-12-24 15:50 - 2013-12-24 15:50 - 06183856 _____ C:\Users\Angi\Downloads\ElfYourself.mov
2013-12-23 01:49 - 2014-01-15 07:43 - 00000000 ____D C:\FRST
2013-12-22 16:34 - 2014-01-15 07:43 - 02076160 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-12-21 11:08 - 2013-12-21 11:08 - 00000000 ____D C:\Users\Andi\AppData\Roaming\wargaming.net
2013-12-20 23:25 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-12-20 23:25 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-12-20 23:25 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-12-20 23:25 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-12-20 23:25 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-12-20 23:25 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-12-20 23:25 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-12-20 23:25 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-12-20 23:25 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-12-20 23:25 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-12-20 23:25 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-12-20 23:25 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-12-20 23:25 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-12-20 23:25 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-12-20 23:25 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-12-20 23:25 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-12-20 23:25 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-12-20 23:25 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-12-20 23:25 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-12-20 23:25 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-12-20 23:25 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-12-20 23:25 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-12-20 23:25 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-12-20 23:25 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-12-20 23:25 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-12-20 23:25 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-12-20 23:25 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-12-20 23:25 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-12-20 23:25 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-12-20 23:25 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-12-20 23:25 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-12-20 23:25 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-12-20 23:25 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-12-20 23:25 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-12-20 23:25 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-12-20 23:25 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-12-20 23:25 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-12-20 23:25 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-12-20 23:25 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-12-20 23:25 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-12-20 23:25 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-12-20 23:25 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-12-20 23:25 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-12-20 23:24 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-12-20 23:24 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-12-20 23:24 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-12-20 23:24 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-12-20 23:24 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-12-20 23:24 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-12-20 23:24 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-12-20 23:24 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-12-20 23:24 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-12-20 23:24 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-12-20 23:24 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-12-20 23:24 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-12-20 23:24 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-12-20 23:24 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-12-20 23:24 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-12-20 23:24 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-12-20 23:24 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-12-20 23:24 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-12-20 23:24 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-12-20 23:24 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-12-20 23:21 - 2013-12-21 12:02 - 00000000 ____D C:\Program Files\World of Warplanes
2013-12-20 23:21 - 2013-12-20 23:25 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 23:21 - 2013-12-20 23:23 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-20 23:20 - 2013-12-20 23:20 - 08988024 _____ (Wargaming.net                                              ) C:\Users\Andi\Downloads\WoWP_internet_install_eu.exe

==================== One Month Modified Files and Folders =======

2014-01-15 07:43 - 2014-01-10 20:09 - 00000000 ____D C:\Users\Andi\Desktop\FRST-OlderVersion
2014-01-15 07:43 - 2014-01-01 19:34 - 00013998 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-15 07:43 - 2013-12-23 01:49 - 00000000 ____D C:\FRST
2014-01-15 07:43 - 2013-12-22 16:34 - 02076160 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2014-01-15 07:42 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 07:42 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-15 07:38 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 07:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-15 07:35 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-15 07:35 - 2009-07-14 05:51 - 00196283 _____ C:\Windows\setupact.log
2014-01-15 07:26 - 2012-01-15 19:22 - 01983317 _____ C:\Windows\WindowsUpdate.log
2014-01-15 07:25 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2014-01-15 07:03 - 2013-12-09 00:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2014-01-15 06:57 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2014-01-15 06:57 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2014-01-15 06:57 - 2009-07-14 06:13 - 01528364 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-15 06:55 - 2013-12-01 20:43 - 00000000 ___RD C:\Users\Angi\Dropbox
2014-01-15 06:55 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Dropbox
2014-01-14 14:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2014-01-14 08:31 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2014-01-13 17:23 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2014-01-10 20:14 - 2014-01-05 09:36 - 00000000 ____D C:\Users\Angi\Desktop\FRST-OlderVersion
2014-01-10 20:14 - 2014-01-03 21:00 - 01932166 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-01-10 20:09 - 2012-06-02 16:08 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Adobe
2014-01-10 06:27 - 2013-12-01 20:43 - 00001012 _____ C:\Users\Angi\Desktop\Dropbox.lnk
2014-01-10 06:27 - 2013-12-01 20:39 - 00000526 _____ C:\Windows\wininit.ini
2014-01-10 06:27 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-10 06:27 - 2012-06-02 13:28 - 00000000 ___RD C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-10 06:24 - 2014-01-05 21:32 - 00000000 ____D C:\Users\Andi\AppData\Local\Udbmedia
2014-01-08 12:32 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-07 08:01 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2014-01-07 07:41 - 2013-01-31 23:48 - 00000000 ____D C:\Users\Andi\Documents\Weine
2014-01-05 23:01 - 2012-07-09 11:24 - 00000000 ____D C:\Windows\Minidump
2014-01-05 23:01 - 2012-07-09 11:23 - 530095885 _____ C:\Windows\MEMORY.DMP
2014-01-05 11:11 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2014-01-05 09:32 - 2014-01-01 19:33 - 00053799 _____ C:\Users\Andi\Downloads\FRST.txt
2014-01-05 09:28 - 2014-01-03 20:54 - 00000000 ____D C:\Users\Andi\Downloads\FRST-OlderVersion
2014-01-01 19:36 - 2014-01-01 19:35 - 00074060 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:32 - 2014-01-01 19:34 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe
2013-12-26 22:44 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-12-26 22:25 - 2012-06-05 06:01 - 00000000 ____D C:\Users\Andi\AppData\Local\VirtualStore
2013-12-24 15:50 - 2013-12-24 15:50 - 06183856 _____ C:\Users\Angi\Downloads\ElfYourself.mov
2013-12-24 13:52 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos
2013-12-21 12:02 - 2013-12-20 23:21 - 00000000 ____D C:\Program Files\World of Warplanes
2013-12-21 11:08 - 2013-12-21 11:08 - 00000000 ____D C:\Users\Andi\AppData\Roaming\wargaming.net
2013-12-20 23:25 - 2013-12-20 23:21 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 23:25 - 2011-10-14 04:34 - 00010071 _____ C:\Windows\DirectX.log
2013-12-20 23:23 - 2013-12-20 23:21 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-20 23:20 - 2013-12-20 23:20 - 08988024 _____ (Wargaming.net                                              ) C:\Users\Andi\Downloads\WoWP_internet_install_eu.exe
2013-12-20 23:12 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 17:48 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 17:43 - 2010-11-21 04:47 - 00388320 _____ C:\Windows\PFRO.log
2013-12-19 20:07 - 2012-06-02 11:43 - 00000000 ____D C:\ProgramData\clear.fi
2013-12-16 20:20 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2013-12-16 20:11 - 2012-06-02 12:48 - 00000000 ____D C:\Fusspflege

Some content of TEMP:
====================
C:\Users\Andi\AppData\Local\Temp\cvqfudns.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 15.01.2014 14:59
Ich brauch doch die Logs immer mit Adminrechten :)

oigen 18.01.2014 15:21
Ja klar - sorry... :stirn:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by Admin (administrator) on PC on 18-01-2014 15:18:15
Running from C:\Users\Andi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFix\Combobatch.bat
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKU\Angi\...\Run: [Google Update] - C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-02] (Google Inc.)
HKU\Angi\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Angi\...\Run: [Udbmedia] - regsvr32.exe C:\Users\Angi\AppData\Local\Udbmedia\EP0ICD0.DLL <===== ATTENTION
HKU\Angi\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe [839560 2013-12-11] (Adobe Systems Incorporated)
HKU\Angi\...\RunOnce: [{2A26CDE4-A316-9FA0-0686-4FC7358CF6CF}] - C:\Users\Angi\AppData\Local\Temp\tnljaqgr.exe [53248 2014-01-18] (Microsoft Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Hans\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\UpdatusUser\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default
FF Homepage: hxxp://www.google.at/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-03]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-03]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: qvo6
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 [2012-06-03]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 [2012-06-03]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2012-06-03]

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-18 12:55 - 2014-01-18 12:55 - 00000000 ____D C:\Users\Angi\AppData\Local\Udbmedia
2014-01-16 06:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 06:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 06:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 20:09 - 2014-01-15 07:43 - 00000000 ____D C:\Users\Andi\Desktop\FRST-OlderVersion
2014-01-05 23:01 - 2014-01-05 23:01 - 00262144 _____ C:\Windows\Minidump\010514-30716-01.dmp
2014-01-05 21:32 - 2014-01-10 06:24 - 00000000 ____D C:\Users\Andi\AppData\Local\Udbmedia
2014-01-05 09:36 - 2014-01-10 20:14 - 00000000 ____D C:\Users\Angi\Desktop\FRST-OlderVersion
2014-01-03 21:00 - 2014-01-10 20:14 - 01932166 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-01-03 20:54 - 2014-01-05 09:28 - 00000000 ____D C:\Users\Andi\Downloads\FRST-OlderVersion
2014-01-01 19:35 - 2014-01-01 19:36 - 00074060 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:34 - 2014-01-18 15:18 - 00018462 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-01 19:34 - 2014-01-01 19:32 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe
2014-01-01 19:33 - 2014-01-05 09:32 - 00053799 _____ C:\Users\Andi\Downloads\FRST.txt
2013-12-24 15:50 - 2013-12-24 15:50 - 06183856 _____ C:\Users\Angi\Downloads\ElfYourself.mov
2013-12-23 01:49 - 2014-01-15 07:43 - 00000000 ____D C:\FRST
2013-12-22 16:34 - 2014-01-15 07:43 - 02076160 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2013-12-21 11:08 - 2013-12-21 11:08 - 00000000 ____D C:\Users\Andi\AppData\Roaming\wargaming.net
2013-12-20 23:25 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-12-20 23:25 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-12-20 23:25 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-12-20 23:25 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-12-20 23:25 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-12-20 23:25 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-12-20 23:25 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-12-20 23:25 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-12-20 23:25 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-12-20 23:25 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-12-20 23:25 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-12-20 23:25 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-12-20 23:25 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-12-20 23:25 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-12-20 23:25 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-12-20 23:25 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-12-20 23:25 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-12-20 23:25 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-12-20 23:25 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-12-20 23:25 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-12-20 23:25 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-12-20 23:25 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-12-20 23:25 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-12-20 23:25 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-12-20 23:25 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-12-20 23:25 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-12-20 23:25 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-12-20 23:25 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-12-20 23:25 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-12-20 23:25 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-12-20 23:25 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-12-20 23:25 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-12-20 23:25 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-12-20 23:25 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-12-20 23:25 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-12-20 23:25 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-12-20 23:25 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-12-20 23:25 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-12-20 23:25 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-12-20 23:25 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-12-20 23:25 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-12-20 23:25 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-12-20 23:25 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-12-20 23:25 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-12-20 23:25 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-12-20 23:25 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-12-20 23:25 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-12-20 23:25 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-12-20 23:25 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-12-20 23:25 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-12-20 23:25 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-12-20 23:25 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-12-20 23:25 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-12-20 23:25 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-12-20 23:25 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-12-20 23:25 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-12-20 23:25 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-12-20 23:25 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-12-20 23:25 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-12-20 23:25 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-12-20 23:25 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-12-20 23:24 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-12-20 23:24 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-12-20 23:24 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-12-20 23:24 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-12-20 23:24 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-12-20 23:24 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-12-20 23:24 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-12-20 23:24 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-12-20 23:24 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-12-20 23:24 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-12-20 23:24 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-12-20 23:24 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-12-20 23:24 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-12-20 23:24 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-12-20 23:24 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-12-20 23:24 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-12-20 23:24 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-12-20 23:24 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-12-20 23:24 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-12-20 23:24 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-12-20 23:24 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-12-20 23:24 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-12-20 23:21 - 2013-12-21 12:02 - 00000000 ____D C:\Program Files\World of Warplanes
2013-12-20 23:21 - 2013-12-20 23:25 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 23:21 - 2013-12-20 23:23 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-20 23:20 - 2013-12-20 23:20 - 08988024 _____ (Wargaming.net                                              ) C:\Users\Andi\Downloads\WoWP_internet_install_eu.exe

==================== One Month Modified Files and Folders =======

2014-01-18 15:18 - 2014-01-01 19:34 - 00018462 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-18 15:16 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-18 15:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-18 15:15 - 2009-07-14 05:51 - 00196899 _____ C:\Windows\setupact.log
2014-01-18 13:22 - 2012-01-15 19:22 - 01559809 _____ C:\Windows\WindowsUpdate.log
2014-01-18 13:03 - 2013-12-09 00:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2014-01-18 12:55 - 2014-01-18 12:55 - 00000000 ____D C:\Users\Angi\AppData\Local\Udbmedia
2014-01-18 12:47 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 12:47 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 12:40 - 2013-12-01 20:43 - 00000000 ___RD C:\Users\Angi\Dropbox
2014-01-18 12:40 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Dropbox
2014-01-18 12:40 - 2012-06-02 16:08 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Adobe
2014-01-18 12:40 - 2012-06-02 13:28 - 00000000 ___RD C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-18 01:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-18 01:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2014-01-18 01:23 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2014-01-16 19:39 - 2009-07-14 05:45 - 00481440 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 17:23 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2014-01-16 08:31 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2014-01-16 06:25 - 2013-08-15 14:17 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 06:25 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 15:50 - 2010-11-21 04:47 - 00392718 _____ C:\Windows\PFRO.log
2014-01-15 13:27 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-15 07:43 - 2014-01-10 20:09 - 00000000 ____D C:\Users\Andi\Desktop\FRST-OlderVersion
2014-01-15 07:43 - 2013-12-23 01:49 - 00000000 ____D C:\FRST
2014-01-15 07:43 - 2013-12-22 16:34 - 02076160 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2014-01-15 06:57 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2014-01-15 06:57 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2014-01-15 06:57 - 2009-07-14 06:13 - 01528364 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-10 20:14 - 2014-01-05 09:36 - 00000000 ____D C:\Users\Angi\Desktop\FRST-OlderVersion
2014-01-10 20:14 - 2014-01-03 21:00 - 01932166 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-01-10 06:27 - 2013-12-01 20:43 - 00001012 _____ C:\Users\Angi\Desktop\Dropbox.lnk
2014-01-10 06:27 - 2013-12-01 20:39 - 00000526 _____ C:\Windows\wininit.ini
2014-01-10 06:27 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-10 06:24 - 2014-01-05 21:32 - 00000000 ____D C:\Users\Andi\AppData\Local\Udbmedia
2014-01-08 12:32 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-07 08:01 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2014-01-07 07:41 - 2013-01-31 23:48 - 00000000 ____D C:\Users\Andi\Documents\Weine
2014-01-05 23:01 - 2014-01-05 23:01 - 00262144 _____ C:\Windows\Minidump\010514-30716-01.dmp
2014-01-05 23:01 - 2012-07-09 11:24 - 00000000 ____D C:\Windows\Minidump
2014-01-05 23:01 - 2012-07-09 11:23 - 530095885 _____ C:\Windows\MEMORY.DMP
2014-01-05 11:11 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2014-01-05 09:32 - 2014-01-01 19:33 - 00053799 _____ C:\Users\Andi\Downloads\FRST.txt
2014-01-05 09:28 - 2014-01-03 20:54 - 00000000 ____D C:\Users\Andi\Downloads\FRST-OlderVersion
2014-01-01 19:36 - 2014-01-01 19:35 - 00074060 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:32 - 2014-01-01 19:34 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe
2013-12-26 22:44 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-12-26 22:25 - 2012-06-05 06:01 - 00000000 ____D C:\Users\Andi\AppData\Local\VirtualStore
2013-12-24 15:50 - 2013-12-24 15:50 - 06183856 _____ C:\Users\Angi\Downloads\ElfYourself.mov
2013-12-24 13:52 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos
2013-12-21 12:02 - 2013-12-20 23:21 - 00000000 ____D C:\Program Files\World of Warplanes
2013-12-21 11:08 - 2013-12-21 11:08 - 00000000 ____D C:\Users\Andi\AppData\Roaming\wargaming.net
2013-12-20 23:25 - 2013-12-20 23:21 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 23:25 - 2011-10-14 04:34 - 00010071 _____ C:\Windows\DirectX.log
2013-12-20 23:23 - 2013-12-20 23:21 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-20 23:20 - 2013-12-20 23:20 - 08988024 _____ (Wargaming.net                                              ) C:\Users\Andi\Downloads\WoWP_internet_install_eu.exe
2013-12-20 23:12 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 17:48 - 2012-06-02 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 20:07 - 2012-06-02 11:43 - 00000000 ____D C:\ProgramData\clear.fi

Some content of TEMP:
====================
C:\Users\Andi\AppData\Local\temp\cvqfudns.exe
C:\Users\Angi\AppData\Local\temp\tnljaqgr.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-11 21:58

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 19.01.2014 10:05
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM\...\Run: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFix\Combobatch.bat
HKU\Angi\...\Run: [Udbmedia] - regsvr32.exe C:\Users\Angi\AppData\Local\Udbmedia\EP0ICD0.DLL <===== ATTENTION
HKU\Angi\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe [839560 2013-12-11] (Adobe Systems Incorporated)
C:\Users\Andi\AppData\Local\temp\cvqfudns.exe
C:\Users\Angi\AppData\Local\temp\tnljaqgr.exe
C:\Users\Angi\AppData\Local\Udbmedia

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte.

oigen 20.01.2014 22:07
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2014 04
Ran by Admin at 2014-01-20 22:03:55 Run:10
Running from C:\Users\Andi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [combofix] - C:\ComboFix\CF29693.3XE /c C:\ComboFix\Combobatch.bat
HKU\Angi\...\Run: [Udbmedia] - regsvr32.exe C:\Users\Angi\AppData\Local\Udbmedia\EP0ICD0.DLL <===== ATTENTION
HKU\Angi\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe [839560 2013-12-11] (Adobe Systems Incorporated)
C:\Users\Andi\AppData\Local\temp\cvqfudns.exe
C:\Users\Angi\AppData\Local\temp\tnljaqgr.exe
C:\Users\Angi\AppData\Local\Udbmedia
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\combofix => Value deleted successfully.
HKU\Angi\Software\Microsoft\Windows\CurrentVersion\Run\\Udbmedia => Value deleted successfully.
HKU\Angi\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => Value not found.
C:\Users\Andi\AppData\Local\temp\cvqfudns.exe => Moved successfully.
"C:\Users\Angi\AppData\Local\temp\tnljaqgr.exe" => File/Directory not found.
C:\Users\Angi\AppData\Local\Udbmedia => Moved successfully.

==== End of Fixlog ====

schrauber 21.01.2014 12:08
Jetzt bitte nochmal ein frisches FRST logfile. Wie läuft der REchner?

oigen 21.01.2014 20:33
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by Admin (administrator) on PC on 21-01-2014 20:24:48
Running from C:\Users\Andi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKU\Angi\...\Run: [Google Update] - C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-02] (Google Inc.)
HKU\Angi\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Hans\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\UpdatusUser\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default
FF Homepage: hxxp://www.google.at/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-03]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-03]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: qvo6
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-02]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-02]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-02]

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-20 22:03 - 2014-01-21 20:24 - 02077184 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2014-01-20 16:46 - 2014-01-20 16:46 - 00002130 _____ C:\Users\Public\Desktop\NWZ-E380 WALKMAN Guide.lnk
2014-01-20 16:45 - 2014-01-20 16:45 - 00000000 ____D C:\Users\Admin\AppData\Local\Downloaded Installations
2014-01-20 16:44 - 2014-01-20 16:44 - 00000562 _____ C:\Windows\wmsetup.log
2014-01-20 16:44 - 2014-01-20 16:44 - 00000000 ____D C:\Program Files (x86)\Sony
2014-01-19 11:01 - 2014-01-19 11:02 - 18864072 _____ C:\Users\Angi\Downloads\CommunicatorPlugin_410 (1).exe
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D C:\Program Files\Garmin GPS Plugin
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D C:\Program Files (x86)\Garmin GPS Plugin
2014-01-19 10:55 - 2014-01-19 10:56 - 18864072 _____ C:\Users\Angi\Downloads\CommunicatorPlugin_410.exe
2014-01-16 06:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 06:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 06:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 20:09 - 2014-01-21 20:24 - 00000000 ____D C:\Users\Andi\Desktop\FRST-OlderVersion
2014-01-05 23:01 - 2014-01-05 23:01 - 00262144 _____ C:\Windows\Minidump\010514-30716-01.dmp
2014-01-05 21:32 - 2014-01-10 06:24 - 00000000 ____D C:\Users\Andi\AppData\Local\Udbmedia
2014-01-05 09:36 - 2014-01-10 20:14 - 00000000 ____D C:\Users\Angi\Desktop\FRST-OlderVersion
2014-01-03 21:00 - 2014-01-10 20:14 - 01932166 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-01-03 20:54 - 2014-01-05 09:28 - 00000000 ____D C:\Users\Andi\Downloads\FRST-OlderVersion
2014-01-01 19:35 - 2014-01-01 19:36 - 00074060 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:34 - 2014-01-21 20:25 - 00018071 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-01 19:34 - 2014-01-01 19:32 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe
2014-01-01 19:33 - 2014-01-05 09:32 - 00053799 _____ C:\Users\Andi\Downloads\FRST.txt
2013-12-24 15:50 - 2013-12-24 15:50 - 06183856 _____ C:\Users\Angi\Downloads\ElfYourself.mov
2013-12-23 01:49 - 2014-01-21 20:24 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2014-01-21 20:25 - 2014-01-01 19:34 - 00018071 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-21 20:24 - 2014-01-20 22:03 - 02077184 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2014-01-21 20:24 - 2014-01-10 20:09 - 00000000 ____D C:\Users\Andi\Desktop\FRST-OlderVersion
2014-01-21 20:24 - 2013-12-23 01:49 - 00000000 ____D C:\FRST
2014-01-21 20:23 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-21 20:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 20:23 - 2009-07-14 05:51 - 00198187 _____ C:\Windows\setupact.log
2014-01-21 20:22 - 2012-01-15 19:22 - 01862261 _____ C:\Windows\WindowsUpdate.log
2014-01-21 20:22 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 20:22 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 16:03 - 2013-12-09 00:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2014-01-21 15:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 15:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2014-01-21 15:23 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2014-01-21 15:09 - 2013-12-01 20:43 - 00000000 ___RD C:\Users\Angi\Dropbox
2014-01-21 15:09 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Dropbox
2014-01-21 08:31 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2014-01-20 19:53 - 2010-11-21 04:47 - 00393070 _____ C:\Windows\PFRO.log
2014-01-20 17:23 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2014-01-20 16:46 - 2014-01-20 16:46 - 00002130 _____ C:\Users\Public\Desktop\NWZ-E380 WALKMAN Guide.lnk
2014-01-20 16:45 - 2014-01-20 16:45 - 00000000 ____D C:\Users\Admin\AppData\Local\Downloaded Installations
2014-01-20 16:44 - 2014-01-20 16:44 - 00000562 _____ C:\Windows\wmsetup.log
2014-01-20 16:44 - 2014-01-20 16:44 - 00000000 ____D C:\Program Files (x86)\Sony
2014-01-20 16:44 - 2012-06-07 10:57 - 00000000 ____D C:\ProgramData\Sony Corporation
2014-01-20 16:34 - 2012-06-04 21:30 - 00000000 ____D C:\MP3
2014-01-19 11:02 - 2014-01-19 11:01 - 18864072 _____ C:\Users\Angi\Downloads\CommunicatorPlugin_410 (1).exe
2014-01-19 11:00 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2014-01-19 11:00 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2014-01-19 11:00 - 2009-07-14 06:13 - 01528428 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D C:\Program Files\Garmin GPS Plugin
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D C:\Program Files (x86)\Garmin GPS Plugin
2014-01-19 10:56 - 2014-01-19 10:55 - 18864072 _____ C:\Users\Angi\Downloads\CommunicatorPlugin_410.exe
2014-01-18 18:40 - 2012-06-02 16:08 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Adobe
2014-01-18 18:34 - 2012-06-02 13:28 - 00000000 ___RD C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 19:39 - 2009-07-14 05:45 - 00481440 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 06:29 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 06:25 - 2013-08-15 14:17 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 13:27 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-10 20:14 - 2014-01-05 09:36 - 00000000 ____D C:\Users\Angi\Desktop\FRST-OlderVersion
2014-01-10 20:14 - 2014-01-03 21:00 - 01932166 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-01-10 06:27 - 2013-12-01 20:43 - 00001012 _____ C:\Users\Angi\Desktop\Dropbox.lnk
2014-01-10 06:27 - 2013-12-01 20:39 - 00000526 _____ C:\Windows\wininit.ini
2014-01-10 06:27 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-10 06:24 - 2014-01-05 21:32 - 00000000 ____D C:\Users\Andi\AppData\Local\Udbmedia
2014-01-08 12:32 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-07 08:01 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2014-01-07 07:41 - 2013-01-31 23:48 - 00000000 ____D C:\Users\Andi\Documents\Weine
2014-01-05 23:01 - 2014-01-05 23:01 - 00262144 _____ C:\Windows\Minidump\010514-30716-01.dmp
2014-01-05 23:01 - 2012-07-09 11:24 - 00000000 ____D C:\Windows\Minidump
2014-01-05 23:01 - 2012-07-09 11:23 - 530095885 _____ C:\Windows\MEMORY.DMP
2014-01-05 11:11 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2014-01-05 09:32 - 2014-01-01 19:33 - 00053799 _____ C:\Users\Andi\Downloads\FRST.txt
2014-01-05 09:28 - 2014-01-03 20:54 - 00000000 ____D C:\Users\Andi\Downloads\FRST-OlderVersion
2014-01-01 19:36 - 2014-01-01 19:35 - 00074060 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:32 - 2014-01-01 19:34 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe
2013-12-26 22:44 - 2013-11-17 16:43 - 00000000 ____D C:\Users\Andi\Download
2013-12-26 22:25 - 2012-06-05 06:01 - 00000000 ____D C:\Users\Andi\AppData\Local\VirtualStore
2013-12-24 15:50 - 2013-12-24 15:50 - 06183856 _____ C:\Users\Angi\Downloads\ElfYourself.mov
2013-12-24 13:52 - 2012-06-04 21:00 - 00000000 ____D C:\Fotos

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-21 08:45

==================== End Of Log ============================
--- --- ---

--- --- ---


Den Pfad

C:\FRST\Quarantine\_OTM\MovedFiles\12162013_202043\C_FRST\Quarantine\Install

kann ich noch immer nicht löschen :(

Und die Fehlermeldung

Fehler beim Laden des Moduls
"C:\Users\Andi\AppData\Local\Udbmedia\jcstums.dat"

kommt auch nach wie vor...

schrauber 22.01.2014 13:12
Öffne mal bitte FRST, unter Whitelist alle Haken raus, dafür den Haken setzen bei Additional, und scanne. Poste bitte beide Logfiles.

oigen 30.01.2014 23:17
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Andi (ATTENTION: The logged in user is not administrator) on PC on 30-01-2014 23:08:10
Running from C:\Users\Andi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (All) =========================

(Microsoft Corporation) C:\Windows\System32\taskhost.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\taskeng.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Farbar) C:\Users\Andi\Desktop\FRST64.exe

==================== Registry (All) ===========================

HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [167704 2011-06-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [392472 2011-06-21] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [416024 2011-06-21] (Intel Corporation)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [30720 2010-11-21] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-21] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] Explorer.exe [2871808 2011-07-14] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2616320 2011-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [Orbitum] - C:\Users\Andi\AppData\Local\Orbitum\Application\chrome.exe
HKCU\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\Run: [Udbmedia] - regsvr32.exe C:\Users\Andi\AppData\Local\Udbmedia\jcstums.dll <===== ATTENTION
MountPoints2: E - E:\AutoRun.exe
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {10e3d94e-ad86-11e1-b219-001e101f1f81} - E:\AutoRun.exe
MountPoints2: {8cf2d829-4bc2-11e2-b468-001e101f7fb6} - E:\AutoRun.exe
MountPoints2: {9a409562-acd6-11e1-9bc0-642737311941} - F:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File

==================== Internet (All) ===========================

HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
URLSearchHook: HKCU - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKCU - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll (Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} -  No File
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog5-x64 01 %SystemRoot%\system32\NLAapi.dll [70656] (Microsoft Corporation)
Winsock: Catalog5-x64 02 %SystemRoot%\system32\napinsp.dll [68096] (Microsoft Corporation)
Winsock: Catalog5-x64 03 %SystemRoot%\system32\pnrpnsp.dll [86016] (Microsoft Corporation)
Winsock: Catalog5-x64 04 %SystemRoot%\system32\pnrpnsp.dll [86016] (Microsoft Corporation)
Winsock: Catalog5-x64 05 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog5-x64 06 %SystemRoot%\System32\winrnr.dll [28672] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
Winsock: Catalog9-x64 01 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 02 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 03 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 04 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 05 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 06 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 07 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 08 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 09 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 10 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default-1382384792839
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bing.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\google.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013-12-03]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-03]
FF HKLM-x32\...\Mozilla Firefox 26.0\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\components [2012-06-02]
FF HKLM-x32\...\Mozilla Firefox 26.0\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-03]
FF HKCU\...\Mozilla Firefox 14.0.1\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\components [2012-06-02]
FF HKCU\...\Mozilla Firefox 14.0.1\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins
FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

==================== Services (All) ========================

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432 2013-12-18] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257928 2014-01-27] (Adobe Systems Incorporated)
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-14] (Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-14] (Microsoft Corporation)
R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-02-27] (Microsoft Corporation)
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [679424 2010-11-21] (Microsoft Corporation)
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [679424 2010-11-21] (Microsoft Corporation)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-21] (Microsoft Corporation)
S3 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [191752 2011-06-07] (Microsoft Corporation.)
R2 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [249648 2011-05-12] (Microsoft Corporation)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-14] (Microsoft Corporation)
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-21] (Microsoft Corporation)
R2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-21] (Microsoft Corporation)
R2 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation)
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-14] (Microsoft Corporation)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-21] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
S3 COMSysApp; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation)
S3 COMSysApp; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [184320 2013-07-09] (Microsoft Corporation)
R2 cvhsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [822504 2013-04-22] (Microsoft Corporation)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-21] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Microsoft Corporation)
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-21] (Microsoft Corporation)
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-07-14] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-21] (Microsoft Corporation)
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-21] (Microsoft Corporation)
R2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360 2011-07-01] (Dritek System Inc.)
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-14] (Microsoft Corporation)
R2 EFS; C:\Windows\System32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-06-21] (Egis Technology Inc. )
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-21] (Microsoft Corporation)
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-14] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [872552 2011-08-02] (Acer Incorporated)
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-21] (Microsoft Corporation)
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-14] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-21] (Microsoft Corporation)
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-14] (Microsoft Corporation)
R3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-14] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [655624 2012-01-15] (Acresso Software Inc.)
R2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2013-01-13] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
S3 GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [206072 2010-10-12] (WildTangent, Inc.)
R2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-21] (Microsoft Corporation)
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456 2011-05-30] (Acer Incorporated)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-07-08] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-07-08] (Google Inc.)
R3 hidserv; C:\Windows\System32\hidserv.dll [38912 2009-07-14] (Microsoft Corporation)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-21] (Microsoft Corporation)
U3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-21] (Microsoft Corporation)
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-21] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592 2011-04-30] (Intel Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-21] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2013-11-26] (Microsoft Corporation)
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-12] (Microsoft Corporation)
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-14] (Microsoft Corporation)
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation)
R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-14] (Microsoft Corporation)
R2 LanmanServer; C:\Windows\System32\srvsvc.dll [236032 2010-11-21] (Microsoft Corporation)
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-21] (Microsoft Corporation)
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168 2011-02-01] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-21] (Microsoft Corporation)
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-12-20] (Mozilla Foundation)
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-21] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-14] (Microsoft Corporation)
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-14] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-21] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2010-11-21] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-21] (Microsoft Corporation)
S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-14] (Microsoft Corporation)
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-14] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [116560 2009-06-10] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 nvsvc; C:\Windows\system32\nvvsvc.exe [891240 2012-10-02] (NVIDIA Corporation)
S2 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1258856 2012-10-08] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [150600 2013-07-17] (Microsoft Corporation)
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5132888 2013-07-17] (Microsoft Corporation)
R3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation)
R3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-14] (Microsoft Corporation)
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-14] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-21] (Microsoft Corporation)
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-09-21] (Microsoft Corporation)
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-14] (Microsoft Corporation)
R3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation)
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-21] (Microsoft Corporation)
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-14] (Microsoft Corporation)
R2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-05-01] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-14] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-14] (Microsoft Corporation)
R3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-21] (Microsoft Corporation)
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-14] (Microsoft Corporation)
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-14] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-14] (Microsoft Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-21] (Microsoft Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-14] (Microsoft Corporation)
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-21] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-21] (Microsoft Corporation)
R3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-21] (Microsoft Corporation)
R2 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-21] (Microsoft Corporation)
R2 SENS; C:\Windows\system32\sens.dll [64512 2009-07-14] (Microsoft Corporation)
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-14] (Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-14] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-21] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-21] (Microsoft Corporation)
R2 sftlist; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944 2013-06-26] (Microsoft Corporation)
R3 sftvsa; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528 2013-06-26] (Microsoft Corporation)
S2 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-21] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-21] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-14] (Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-21] (Microsoft Corporation)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-14] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-14] (Microsoft Corporation)
R3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-14] (Microsoft Corporation)
R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-21] (Microsoft Corporation)
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-14] (Microsoft Corporation)
R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2010-11-21] (Microsoft Corporation)
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-21] (Microsoft Corporation)
R3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-21] (Microsoft Corporation)
R3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-21] (Microsoft Corporation)
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-14] (Microsoft Corporation)
S3 TermService; C:\Windows\System32\termsrv.dll [680960 2010-11-21] (Microsoft Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation)
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-14] (Microsoft Corporation)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-21] (Microsoft Corporation)
S3 TurboBoost; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [149504 2010-11-29] (Intel(R) Corporation)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280 2011-02-01] (Intel Corporation)
R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-14] (Microsoft Corporation)
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-14] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-21] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-21] (Microsoft Corporation)
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-14] (Microsoft Corporation)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2012-06-03] (Microsoft Corporation)
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-21] (Microsoft Corporation)
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-14] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-21] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-14] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [90624 2009-07-14] (Microsoft Corporation)
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [90624 2009-07-14] (Microsoft Corporation)
S3 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-14] (Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-14] (Microsoft Corporation)
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-14] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-21] (Microsoft Corporation)
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-14] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2018304 2010-11-21] (Microsoft Corporation)
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-14] (Microsoft Corporation)
S4 wlcrasvc; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [57184 2010-09-23] (Microsoft Corporation)
R3 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292096 2011-03-29] (Microsoft Corp.)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-14] (Microsoft Corporation)
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-21] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-21] (Microsoft Corporation)
R2 wscsvc; C:\Windows\system32\wscsvc.dll [97280 2009-07-14] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-09-21] (Microsoft Corporation)
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-09-21] (Microsoft Corporation)
R2 wuauserv; C:\Windows\system32\wuaueng.dll [2428952 2012-06-02] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-26] (Microsoft Corporation)
R2 WwanSvc; C:\Windows\System32\wwansvc.dll [230400 2013-03-19] (Microsoft Corporation)

==================== Drivers (All) ==========================

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-21] (Microsoft Corporation)
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-21] (Microsoft Corporation)
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-21] (Microsoft Corporation)
S3 adp94xx; C:\Windows\system32\drivers\adp94xx.sys [491088 2009-07-14] (Adaptec, Inc.)
S3 adpahci; C:\Windows\system32\drivers\adpahci.sys [339536 2009-07-14] (Adaptec, Inc.)
S3 adpu320; C:\Windows\system32\drivers\adpu320.sys [182864 2009-07-14] (Adaptec, Inc.)
R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2013-09-28] (Microsoft Corporation)
S3 agp440; C:\Windows\system32\drivers\agp440.sys [61008 2009-07-14] (Microsoft Corporation)
S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-14] (Acer Laboratories Inc.)
S3 amdide; C:\Windows\system32\drivers\amdide.sys [15440 2009-07-14] (Microsoft Corporation)
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-14] (Microsoft Corporation)
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-14] (Microsoft Corporation)
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [107904 2011-07-14] (Advanced Micro Devices)
S3 amdsbs; C:\Windows\system32\drivers\amdsbs.sys [194128 2009-07-14] (AMD Technologies Inc.)
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-07-14] (Advanced Micro Devices)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-21] (Microsoft Corporation)
S3 arc; C:\Windows\system32\drivers\arc.sys [87632 2009-07-14] (Adaptec, Inc.)
S3 arcsas; C:\Windows\system32\drivers\arcsas.sys [97856 2009-07-14] (Adaptec, Inc.)
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] (Microsoft Corporation)
R0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-14] (Microsoft Corporation)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2755584 2011-07-19] (Atheros Communications, Inc.)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
R3 b57xdbd; C:\Windows\System32\DRIVERS\b57xdbd.sys [67624 2011-01-20] (Broadcom Corporation)
R3 b57xdmp; C:\Windows\System32\DRIVERS\b57xdmp.sys [19496 2011-01-20] (Broadcom Corporation)
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] (Microsoft Corporation)
R1 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [45056 2009-07-14] (Microsoft Corporation)
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-07-14] (Microsoft Corporation)
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-14] (Microsoft Corporation)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] (Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
R3 bScsiMSa; C:\Windows\System32\DRIVERS\bScsiMSa.sys [51240 2011-05-16] (Broadcom Corporation)
R3 bScsiSDa; C:\Windows\System32\DRIVERS\bScsiSDa.sys [86056 2011-05-06] (Broadcom Corporation)
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-14] (Microsoft Corporation)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] (Microsoft Corporation)
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-21] (Microsoft Corporation)
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-14] (Microsoft Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] (Microsoft Corporation)
R3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [17664 2009-07-14] (Microsoft Corporation)
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] (CMD Technology, Inc.)
R0 CNG; C:\Windows\System32\Drivers\cng.sys [458712 2013-07-04] (Microsoft Corporation)
R0 Compbatt; C:\Windows\System32\drivers\compbatt.sys [21584 2009-07-14] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-21] (Microsoft Corporation)
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [24144 2009-07-14] (Microsoft Corporation)
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-21] (Microsoft Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [98616 2013-10-03] (DEVGURU Co., LTD.(www.devguru.co.kr))
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] (Microsoft Corporation)
R0 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] (Microsoft Corporation)
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-14] (Microsoft Corporation)
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [983488 2013-08-01] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [530496 2009-07-14] (Emulex)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] (Microsoft Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [142632 2011-04-05] (ELAN Microelectronics Corp.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] (Microsoft Corporation)
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] (Microsoft Corporation)
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-14] (Microsoft Corporation)
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] (Microsoft Corporation)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] (Microsoft Corporation)
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-14] (Microsoft Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-21] (Microsoft Corporation)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] (Microsoft Corporation)
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] (Microsoft Corporation)
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] (Microsoft Corporation)
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [65088 2009-07-14] (Microsoft Corporation)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-21] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-21] (Microsoft Corporation)
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-14] (Microsoft Corporation)
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-14] (Microsoft Corporation)
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-14] (Microsoft Corporation)
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-21] (Microsoft Corporation)
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-21] (Hewlett-Packard Company)
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-21] (Microsoft Corporation)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [117248 2009-09-10] (Huawei Technologies Co., Ltd.)
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] (Microsoft Corporation)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] (Microsoft Corporation)
R0 iaStor; C:\Windows\System32\drivers\iaStor.sys [557848 2011-04-26] (Intel Corporation)
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-07-14] (Intel Corporation)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12230912 2011-06-10] (Intel Corporation)
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [44112 2009-07-14] (Intel Corp./ICP vortex GmbH)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [3056360 2011-08-16] (Realtek Semiconductor Corp.)
R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Intel(R) Corporation)
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] (Microsoft Corporation)
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-21] (Microsoft Corporation)
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-21] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] (Microsoft Corporation)
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] (Microsoft Corporation)
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] (Microsoft Corporation)
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [273792 2010-11-21] (Microsoft Corporation)
R3 k57nd60a; C:\Windows\System32\DRIVERS\k57nd60a.sys [425000 2011-05-10] (Broadcom Corporation)
R3 kbdclass; C:\Windows\system32\drivers\kbdclass.sys [50768 2009-07-14] (Microsoft Corporation)
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [33280 2010-11-21] (Microsoft Corporation)
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2013-09-25] (Microsoft Corporation)
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [154560 2013-09-25] (Microsoft Corporation)
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation)
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] (Microsoft Corporation)
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [114752 2009-07-14] (LSI Corporation)
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [106560 2009-07-14] (LSI Corporation)
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [65600 2009-07-14] (LSI Corporation)
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [115776 2009-07-14] (LSI Corporation)
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] (Microsoft Corporation)
S3 megasas; C:\Windows\system32\drivers\megasas.sys [35392 2009-07-14] (LSI Corporation)
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [284736 2009-07-14] (LSI Corporation, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2010-10-20] (Intel Corporation)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] (Microsoft Corporation)
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] (Microsoft Corporation)
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] (Microsoft Corporation)
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] (Microsoft Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Microsoft Corporation)
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-21] (Microsoft Corporation)
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] (Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] (Microsoft Corporation)
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-07-14] (Microsoft Corporation)
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-09-21] (Microsoft Corporation)
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-07-14] (Microsoft Corporation)
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-21] (Microsoft Corporation)
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] (Microsoft Corporation)
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] (Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] (Microsoft Corporation)
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] (Microsoft Corporation)
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] (Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] (Microsoft Corporation)
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] (Microsoft Corporation)
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] (Microsoft Corporation)
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] (Microsoft Corporation)
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] (Microsoft Corporation)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [22648 2012-01-15] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [20520 2012-01-15] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62776 2012-01-15] (Egis Technology Inc.)
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] (Microsoft Corporation)
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] (Microsoft Corporation)
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] (Microsoft Corporation)
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] (Microsoft Corporation)
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] (Microsoft Corporation)
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] (Microsoft Corporation)
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] (Microsoft Corporation)
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] (Microsoft Corporation)
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] (IBM Corporation)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] (Microsoft Corporation)
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] (Microsoft Corporation)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1656680 2013-04-12] (Microsoft Corporation)
R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2011-09-20] (NTI Corporation)
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] (Microsoft Corporation)
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [13443944 2012-10-08] (NVIDIA Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [30056 2012-10-08] (NVIDIA Corporation)
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-07-14] (NVIDIA Corporation)
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-07-14] (NVIDIA Corporation)
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] (Microsoft Corporation)
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] (Microsoft Corporation)
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] (Microsoft Corporation)
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] (Microsoft Corporation)
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] (Microsoft Corporation)
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] (Microsoft Corporation)
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] (Microsoft Corporation)
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] (Microsoft Corporation)
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] (Microsoft Corporation)
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] (Microsoft Corporation)
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] (Microsoft Corporation)
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] (Microsoft Corporation)
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] (QLogic Corporation)
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] (QLogic Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] (Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] (Microsoft Corporation)
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] (Microsoft Corporation)
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] (Microsoft Corporation)
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] (Microsoft Corporation)
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] (Microsoft Corporation)
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] (Microsoft Corporation)
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] (Microsoft Corporation)
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] (Microsoft Corporation)
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] (Microsoft Corporation)
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] (Microsoft Corporation)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation)
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] (Microsoft Corporation)
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] (Microsoft Corporation)
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] (Microsoft Corporation)
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] (Microsoft Corporation)
S3 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [109056 2010-11-21] (Microsoft Corporation)
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-14] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Microsoft Corporation)
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] (Microsoft Corporation)
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] (Microsoft Corporation)
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] (Microsoft Corporation)
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] (Microsoft Corporation)
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] (Microsoft Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [767144 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [28840 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [23208 2013-06-26] (Microsoft Corporation)
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] (Silicon Integrated Systems Corp.)
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] (Silicon Integrated Systems)
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] (Microsoft Corporation)
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] (Microsoft Corporation)
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-07-14] (Microsoft Corporation)
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-07-14] (Microsoft Corporation)
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-07-14] (Microsoft Corporation)
S3 ssadbus; C:\Windows\System32\DRIVERS\ssadbus.sys [157672 2011-05-13] (MCCI Corporation)
S3 ssadmdfl; C:\Windows\System32\DRIVERS\ssadmdfl.sys [16872 2011-05-13] (MCCI Corporation)
S3 ssadmdm; C:\Windows\System32\DRIVERS\ssadmdm.sys [177640 2011-05-13] (MCCI Corporation)
S3 ssadserd; C:\Windows\System32\DRIVERS\ssadserd.sys [146920 2011-05-13] (MCCI Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] (Promise Technology)
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] (Microsoft Corporation)
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2013-09-08] (Microsoft Corporation)
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2013-09-08] (Microsoft Corporation)
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] (Microsoft Corporation)
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] (Microsoft Corporation)
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] (Microsoft Corporation)
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-21] (Microsoft Corporation)
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-21] (Microsoft Corporation)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] (Microsoft Corporation)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57856 2012-08-23] (Microsoft Corporation)
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] (Microsoft Corporation)
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] (Microsoft Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [16120 2010-11-29] (Intel(R) Corporation)
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] (Microsoft Corporation)
R3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [17408 2011-09-20] (NTI Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] (Microsoft Corporation)
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] (Microsoft Corporation)
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] (Microsoft Corporation)
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] (Microsoft Corporation)
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] (Microsoft Corporation)
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation)
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] (Microsoft Corporation)
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] (Microsoft Corporation)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] (Microsoft Corporation)
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] (Microsoft Corporation)
S3 usbscan; C:\Windows\system32\drivers\usbscan.sys [42496 2013-07-03] (Microsoft Corporation)
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-07-14] (Microsoft Corporation)
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] (Microsoft Corporation)
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] (Microsoft Corporation)
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] (Microsoft Corporation)
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] (Microsoft Corporation)
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] (Microsoft Corporation)
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] (VIA Technologies, Inc.)
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] (Microsoft Corporation)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Microsoft Corporation)
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-21] (Microsoft Corporation)
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] (VIA Technologies Inc.,Ltd)
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] (Microsoft Corporation)
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] (Microsoft Corporation)
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] (Microsoft Corporation)
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] (Microsoft Corporation)
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] (Microsoft Corporation)
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] (Microsoft Corporation)
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] (Microsoft Corporation)
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] (Microsoft Corporation)
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] (Microsoft Corporation)
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] (Microsoft Corporation)
S3 WIMMount; C:\Windows\SysWOW64\drivers\wimmount.sys [19008 2009-07-14] (Microsoft Corporation)
U3 Winsock; No ImagePath
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] (Microsoft Corporation)
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] (Microsoft Corporation)
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] (Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] (Microsoft Corporation)
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-28 00:11 - 2014-01-28 00:46 - 110100481 _____ C:\Users\Andi\Downloads\Medi.part03.rar
2014-01-28 00:09 - 2014-01-28 00:52 - 110100483 _____ C:\Users\Andi\Downloads\Medi.part02.rar
2014-01-28 00:09 - 2014-01-28 00:46 - 110100487 _____ C:\Users\Andi\Downloads\Medi.part01.rar
2014-01-26 17:06 - 2014-01-26 17:06 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Garmin
2014-01-22 13:52 - 2014-01-22 13:53 - 00000000 ____D C:\Users\Angi\AppData\Local\Udbmedia
2014-01-21 20:26 - 2014-01-21 20:26 - 00033206 _____ C:\Users\Andi\Desktop\Addition.txt
2014-01-20 22:03 - 2014-01-30 23:07 - 02079744 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2014-01-20 16:46 - 2014-01-20 16:46 - 00002130 _____ C:\Users\Public\Desktop\NWZ-E380 WALKMAN Guide.lnk
2014-01-20 16:45 - 2014-01-20 16:45 - 00000000 ____D C:\Users\Admin\AppData\Local\Downloaded Installations
2014-01-20 16:44 - 2014-01-20 16:44 - 00000562 _____ C:\Windows\wmsetup.log
2014-01-20 16:44 - 2014-01-20 16:44 - 00000000 ____D C:\Program Files (x86)\Sony
2014-01-19 11:01 - 2014-01-19 11:02 - 18864072 _____ C:\Users\Angi\Downloads\CommunicatorPlugin_410 (1).exe
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D C:\Program Files\Garmin GPS Plugin
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D C:\Program Files (x86)\Garmin GPS Plugin
2014-01-19 10:55 - 2014-01-19 10:56 - 18864072 _____ C:\Users\Angi\Downloads\CommunicatorPlugin_410.exe
2014-01-16 06:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 06:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 06:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 20:09 - 2014-01-30 23:07 - 00000000 ____D C:\Users\Andi\Desktop\FRST-OlderVersion
2014-01-05 21:32 - 2014-01-10 06:24 - 00000000 ____D C:\Users\Andi\AppData\Local\Udbmedia
2014-01-05 09:36 - 2014-01-10 20:14 - 00000000 ____D C:\Users\Angi\Desktop\FRST-OlderVersion
2014-01-03 21:00 - 2014-01-10 20:14 - 01932166 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-01-03 20:54 - 2014-01-05 09:28 - 00000000 ____D C:\Users\Andi\Downloads\FRST-OlderVersion
2014-01-01 19:35 - 2014-01-01 19:36 - 00074060 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:34 - 2014-01-30 23:08 - 00070477 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-01 19:34 - 2014-01-01 19:32 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe
2014-01-01 19:33 - 2014-01-05 09:32 - 00053799 _____ C:\Users\Andi\Downloads\FRST.txt

==================== One Month Modified Files and Folders =======

2014-01-30 23:08 - 2014-01-01 19:34 - 00070477 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-30 23:08 - 2013-12-23 01:49 - 00000000 ____D C:\FRST
2014-01-30 23:07 - 2014-01-20 22:03 - 02079744 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2014-01-30 23:07 - 2014-01-10 20:09 - 00000000 ____D C:\Users\Andi\Desktop\FRST-OlderVersion
2014-01-30 23:04 - 2013-12-09 00:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2014-01-30 23:04 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2014-01-30 23:04 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2014-01-30 23:04 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-30 22:06 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-30 22:05 - 2009-07-14 05:51 - 00200147 _____ C:\Windows\setupact.log
2014-01-30 17:23 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2014-01-30 14:03 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 14:03 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 13:58 - 2012-01-15 19:22 - 01436149 _____ C:\Windows\WindowsUpdate.log
2014-01-30 13:56 - 2013-12-01 20:43 - 00000000 ___RD C:\Users\Angi\Dropbox
2014-01-30 13:56 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Dropbox
2014-01-30 13:56 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 12:10 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-29 06:36 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2014-01-29 06:36 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2014-01-29 06:36 - 2009-07-14 06:13 - 01528428 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-28 08:31 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2014-01-28 08:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-28 00:52 - 2014-01-28 00:09 - 110100483 _____ C:\Users\Andi\Downloads\Medi.part02.rar
2014-01-28 00:46 - 2014-01-28 00:11 - 110100481 _____ C:\Users\Andi\Downloads\Medi.part03.rar
2014-01-28 00:46 - 2014-01-28 00:09 - 110100487 _____ C:\Users\Andi\Downloads\Medi.part01.rar
2014-01-27 15:25 - 2013-12-09 23:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-27 15:25 - 2013-12-09 23:48 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2014-01-27 15:25 - 2011-10-14 04:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-27 11:54 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2014-01-27 01:54 - 2013-09-26 22:52 - 00000000 ____D C:\Users\Andi\Documents\Urlaub
2014-01-26 17:06 - 2014-01-26 17:06 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Garmin
2014-01-25 09:06 - 2012-07-09 11:24 - 00000000 ____D C:\Windows\Minidump
2014-01-25 09:06 - 2012-07-09 11:23 - 538541837 _____ C:\Windows\MEMORY.DMP
2014-01-22 15:21 - 2012-06-04 21:30 - 00000000 ____D C:\MP3
2014-01-22 13:53 - 2014-01-22 13:52 - 00000000 ____D C:\Users\Angi\AppData\Local\Udbmedia
2014-01-22 13:37 - 2012-06-02 16:08 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Adobe
2014-01-21 20:26 - 2014-01-21 20:26 - 00033206 _____ C:\Users\Andi\Desktop\Addition.txt
2014-01-20 19:53 - 2010-11-21 04:47 - 00393070 _____ C:\Windows\PFRO.log
2014-01-20 16:46 - 2014-01-20 16:46 - 00002130 _____ C:\Users\Public\Desktop\NWZ-E380 WALKMAN Guide.lnk
2014-01-20 16:45 - 2014-01-20 16:45 - 00000000 ____D C:\Users\Admin\AppData\Local\Downloaded Installations
2014-01-20 16:44 - 2014-01-20 16:44 - 00000562 _____ C:\Windows\wmsetup.log
2014-01-20 16:44 - 2014-01-20 16:44 - 00000000 ____D C:\Program Files (x86)\Sony
2014-01-20 16:44 - 2012-06-07 10:57 - 00000000 ____D C:\ProgramData\Sony Corporation
2014-01-19 11:02 - 2014-01-19 11:01 - 18864072 _____ C:\Users\Angi\Downloads\CommunicatorPlugin_410 (1).exe
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D C:\Program Files\Garmin GPS Plugin
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D C:\Program Files (x86)\Garmin GPS Plugin
2014-01-19 10:56 - 2014-01-19 10:55 - 18864072 _____ C:\Users\Angi\Downloads\CommunicatorPlugin_410.exe
2014-01-18 18:34 - 2012-06-02 13:28 - 00000000 ___RD C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 19:39 - 2009-07-14 05:45 - 00481440 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 06:29 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 06:25 - 2013-08-15 14:17 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 13:27 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-10 20:14 - 2014-01-05 09:36 - 00000000 ____D C:\Users\Angi\Desktop\FRST-OlderVersion
2014-01-10 20:14 - 2014-01-03 21:00 - 01932166 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-01-10 06:27 - 2013-12-01 20:43 - 00001012 _____ C:\Users\Angi\Desktop\Dropbox.lnk
2014-01-10 06:27 - 2013-12-01 20:39 - 00000526 _____ C:\Windows\wininit.ini
2014-01-10 06:27 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-10 06:24 - 2014-01-05 21:32 - 00000000 ____D C:\Users\Andi\AppData\Local\Udbmedia
2014-01-07 08:01 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2014-01-07 07:41 - 2013-01-31 23:48 - 00000000 ____D C:\Users\Andi\Documents\Weine
2014-01-05 11:11 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2014-01-05 09:32 - 2014-01-01 19:33 - 00053799 _____ C:\Users\Andi\Downloads\FRST.txt
2014-01-05 09:28 - 2014-01-03 20:54 - 00000000 ____D C:\Users\Andi\Downloads\FRST-OlderVersion
2014-01-01 19:36 - 2014-01-01 19:35 - 00074060 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:32 - 2014-01-01 19:34 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe

Some content of TEMP:
====================
C:\Users\Angi\AppData\Local\Temp\dttxyztz.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by Andi at 2014-01-30 23:08:38
Running from C:\Users\Andi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (x32 Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (x32 Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 5.00.3504 - Acer Incorporated)
Acer Games (x32 Version: 1.0.2.5 - WildTangent)
Acer Registration (x32 Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0913.2011 - Acer Incorporated)
Acer Updater (x32 Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (x32 Version: 7.0.765.0 - Microsoft Corporation)
BitTorrent (HKCU Version: 7.8.2.30265 - BitTorrent Inc.)
Broadcom Card Reader Driver Installer (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (Version: 14.8.4.1 - Broadcom Corporation)
Canon MP550 series MP Drivers (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (x32 Version: 1.00.3500 - Acer Incorporated)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.7 - Dolby Laboratories Inc)
eBay Worldwide (x32 Version: 2.2.0409 - OEM)
ESET Smart Security (Version: 6.0.316.0 - ESET, spol s r. o.)
ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (x32 Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (x32 Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Communicator Plugin (x32 Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HappyFoto-Designer 5.1 (x32 Version:  - )
Identity Card (x32 Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (x32 Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Need For Speed™ World (x32 Version: 1.0.0.1055 - Electronic Arts)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 306.97 (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
NWZ-E380 WALKMAN Guide (x32 Version: 2.2.0.05230 - Sony Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PerformanceTest v7.0 (64-bit) (Version: 7.0 - Passmark Software)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
StreamTorrent 1.0 (x32 Version:  - )
Tinypic 3.18 (x32 Version: Tinypic 3.18 - E. Fiedler)
T-Mobile Internet Manager (x32 Version: 11.301.05.34.55 - Huawei Technologies Co.,Ltd)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0 - Intel)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC Codec Pack 2.0.5 (x32 Version: 2.0.5 - VLC Codec Pack)
VLC media player 2.0.7 (x32 Version: 2.0.7 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (x32 Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wondershare MobileGo for Android ( Version 4.1.0 ) (x32 Version: 4.1.0 - Wondershare)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-11-24 20:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job => ?

==================== Loaded Modules (whitelisted) =============

2013-11-23 17:15 - 2013-11-23 17:15 - 02492416 _____ () C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll
2013-11-23 17:15 - 2013-11-23 17:15 - 02179072 _____ () C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll
2011-10-14 04:57 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2012-06-02 13:17 - 2013-12-20 17:48 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-27 15:25 - 2014-01-27 15:25 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2014 03:34:45 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (01/30/2014 01:56:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2014 06:30:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2014 11:30:26 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (01/29/2014 11:20:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2014 00:53:32 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (01/29/2014 00:11:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2014 00:10:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2014 06:32:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 10:46:17 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161


System errors:
=============
Error: (01/30/2014 01:58:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/30/2014 01:58:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/30/2014 06:32:38 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/30/2014 06:32:38 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/29/2014 11:22:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/29/2014 11:22:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/29/2014 00:12:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/29/2014 00:12:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/29/2014 00:12:13 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (01/29/2014 00:12:13 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "RAS-Verbindungsverwaltung" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056


Microsoft Office Sessions:
=========================
Error: (01/30/2014 03:34:45 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (01/30/2014 01:56:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2014 06:30:37 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2014 11:30:26 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (01/29/2014 11:20:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2014 00:53:32 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (01/29/2014 00:11:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2014 00:10:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2014 06:32:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 10:46:17 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161


CodeIntegrity Errors:
===================================
  Date: 2013-11-24 20:28:57.489
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-24 20:28:57.427
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-24 20:28:57.380
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-24 20:28:57.317
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-24 16:53:36.298
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-24 16:53:36.251
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 8043.86 MB
Available physical RAM: 5796.98 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13711.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:913.41 GB) (Free:593.27 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

schrauber 31.01.2014 16:59
Ich habs glaub schon mal erwähnt. Unsere Tools brauchen Adminrechte.....

oigen 31.01.2014 17:46
Natürlich - sorry... :headbang:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Admin (administrator) on PC on 31-01-2014 17:39:44
Running from C:\Users\Andi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (All) =========================

(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\wininit.exe
(Microsoft Corporation) C:\Windows\System32\services.exe
(Microsoft Corporation) C:\Windows\System32\lsass.exe
(Microsoft Corporation) C:\Windows\System32\lsm.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\spoolsv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnetwk.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\taskeng.exe
(Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
(Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\winlogon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\taskhost.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\taskeng.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MGNotification.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Farbar) C:\Users\Andi\Desktop\FRST64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (All) ===========================

HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [167704 2011-06-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [392472 2011-06-21] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [416024 2011-06-21] (Intel Corporation)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [30720 2010-11-21] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-21] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] Explorer.exe [2871808 2011-07-14] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2616320 2011-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKCU\...\Policies\system: [disableregistrytools] 0
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Angi\...\Run: [Google Update] - C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-02] (Google Inc.)
HKU\Angi\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Angi\...\Run: [Udbmedia] - regsvr32.exe C:\Users\Angi\AppData\Local\Udbmedia\EP0NGR00.DLL <===== ATTENTION
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Hans\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\Hans\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Hans\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\UpdatusUser\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File

==================== Internet (All) ===========================

HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
URLSearchHook: HKCU - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKCU - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll (Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} -  No File
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog5-x64 01 %SystemRoot%\system32\NLAapi.dll [70656] (Microsoft Corporation)
Winsock: Catalog5-x64 02 %SystemRoot%\system32\napinsp.dll [68096] (Microsoft Corporation)
Winsock: Catalog5-x64 03 %SystemRoot%\system32\pnrpnsp.dll [86016] (Microsoft Corporation)
Winsock: Catalog5-x64 04 %SystemRoot%\system32\pnrpnsp.dll [86016] (Microsoft Corporation)
Winsock: Catalog5-x64 05 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog5-x64 06 %SystemRoot%\System32\winrnr.dll [28672] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
Winsock: Catalog9-x64 01 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 02 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 03 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 04 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 05 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 06 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 07 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 08 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 09 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 10 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default
FF Homepage: hxxp://www.google.at/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bing.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\google.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013-12-03]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-03]
FF HKLM-x32\...\Mozilla Firefox 26.0\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\components [2012-06-02]
FF HKLM-x32\...\Mozilla Firefox 26.0\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-03]
FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: qvo6
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-02]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-02]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-02]
CHR StartMenuInternet: Google Chrome - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

==================== Services (All) ========================

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432 2013-12-18] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257928 2014-01-27] (Adobe Systems Incorporated)
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-14] (Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-14] (Microsoft Corporation)
R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-02-27] (Microsoft Corporation)
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [679424 2010-11-21] (Microsoft Corporation)
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [679424 2010-11-21] (Microsoft Corporation)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-21] (Microsoft Corporation)
S3 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [191752 2011-06-07] (Microsoft Corporation.)
R2 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [249648 2011-05-12] (Microsoft Corporation)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-14] (Microsoft Corporation)
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-21] (Microsoft Corporation)
R2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-21] (Microsoft Corporation)
R2 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation)
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-14] (Microsoft Corporation)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-21] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
S3 COMSysApp; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation)
S3 COMSysApp; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [184320 2013-07-09] (Microsoft Corporation)
R2 cvhsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [822504 2013-04-22] (Microsoft Corporation)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-21] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Microsoft Corporation)
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-21] (Microsoft Corporation)
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-07-14] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-21] (Microsoft Corporation)
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-21] (Microsoft Corporation)
R2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360 2011-07-01] (Dritek System Inc.)
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-14] (Microsoft Corporation)
R2 EFS; C:\Windows\System32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-06-21] (Egis Technology Inc. )
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-21] (Microsoft Corporation)
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-14] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [872552 2011-08-02] (Acer Incorporated)
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-21] (Microsoft Corporation)
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-14] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-21] (Microsoft Corporation)
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-14] (Microsoft Corporation)
R3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-14] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [655624 2012-01-15] (Acresso Software Inc.)
R2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2013-01-13] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
S3 GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [206072 2010-10-12] (WildTangent, Inc.)
R2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-21] (Microsoft Corporation)
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456 2011-05-30] (Acer Incorporated)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-07-08] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-07-08] (Google Inc.)
R3 hidserv; C:\Windows\System32\hidserv.dll [38912 2009-07-14] (Microsoft Corporation)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-21] (Microsoft Corporation)
R3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-21] (Microsoft Corporation)
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-21] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592 2011-04-30] (Intel Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-21] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2013-11-26] (Microsoft Corporation)
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-12] (Microsoft Corporation)
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-14] (Microsoft Corporation)
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation)
R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-14] (Microsoft Corporation)
R2 LanmanServer; C:\Windows\System32\srvsvc.dll [236032 2010-11-21] (Microsoft Corporation)
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-21] (Microsoft Corporation)
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-14] (Microsoft Corporation)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168 2011-02-01] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-21] (Microsoft Corporation)
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-12-20] (Mozilla Foundation)
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-21] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-14] (Microsoft Corporation)
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-14] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-21] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2010-11-21] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-21] (Microsoft Corporation)
S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-14] (Microsoft Corporation)
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-14] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [116560 2009-06-10] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303104 2012-10-03] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 nvsvc; C:\Windows\system32\nvvsvc.exe [891240 2012-10-02] (NVIDIA Corporation)
S2 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1258856 2012-10-08] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [150600 2013-07-17] (Microsoft Corporation)
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5132888 2013-07-17] (Microsoft Corporation)
R3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation)
R3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-14] (Microsoft Corporation)
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-14] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-21] (Microsoft Corporation)
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-09-21] (Microsoft Corporation)
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-14] (Microsoft Corporation)
R3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation)
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-21] (Microsoft Corporation)
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-14] (Microsoft Corporation)
R2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-05-01] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-14] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-14] (Microsoft Corporation)
R3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-21] (Microsoft Corporation)
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-14] (Microsoft Corporation)
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-14] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-14] (Microsoft Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-21] (Microsoft Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-14] (Microsoft Corporation)
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-21] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-21] (Microsoft Corporation)
R3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-21] (Microsoft Corporation)
R2 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-21] (Microsoft Corporation)
R2 SENS; C:\Windows\system32\sens.dll [64512 2009-07-14] (Microsoft Corporation)
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-14] (Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-14] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-21] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-21] (Microsoft Corporation)
R2 sftlist; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944 2013-06-26] (Microsoft Corporation)
R3 sftvsa; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528 2013-06-26] (Microsoft Corporation)
S2 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-21] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-21] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-14] (Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-21] (Microsoft Corporation)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-14] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-14] (Microsoft Corporation)
R3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-14] (Microsoft Corporation)
R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-21] (Microsoft Corporation)
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-14] (Microsoft Corporation)
R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2010-11-21] (Microsoft Corporation)
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-21] (Microsoft Corporation)
R3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-21] (Microsoft Corporation)
R3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-21] (Microsoft Corporation)
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-14] (Microsoft Corporation)
S3 TermService; C:\Windows\System32\termsrv.dll [680960 2010-11-21] (Microsoft Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation)
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-14] (Microsoft Corporation)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-21] (Microsoft Corporation)
S3 TurboBoost; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [149504 2010-11-29] (Intel(R) Corporation)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280 2011-02-01] (Intel Corporation)
R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-14] (Microsoft Corporation)
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-14] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-21] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-21] (Microsoft Corporation)
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-14] (Microsoft Corporation)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2012-06-03] (Microsoft Corporation)
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-21] (Microsoft Corporation)
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-14] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-21] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-14] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [90624 2009-07-14] (Microsoft Corporation)
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [90624 2009-07-14] (Microsoft Corporation)
S3 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-14] (Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-14] (Microsoft Corporation)
R3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-14] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-21] (Microsoft Corporation)
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-14] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2018304 2010-11-21] (Microsoft Corporation)
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-14] (Microsoft Corporation)
S4 wlcrasvc; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [57184 2010-09-23] (Microsoft Corporation)
R3 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292096 2011-03-29] (Microsoft Corp.)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-14] (Microsoft Corporation)
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-21] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-21] (Microsoft Corporation)
R2 wscsvc; C:\Windows\system32\wscsvc.dll [97280 2009-07-14] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-09-21] (Microsoft Corporation)
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-09-21] (Microsoft Corporation)
R2 wuauserv; C:\Windows\system32\wuaueng.dll [2428952 2012-06-02] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-26] (Microsoft Corporation)
R2 WwanSvc; C:\Windows\System32\wwansvc.dll [230400 2013-03-19] (Microsoft Corporation)

==================== Drivers (All) ==========================

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-21] (Microsoft Corporation)
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-21] (Microsoft Corporation)
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-21] (Microsoft Corporation)
S3 adp94xx; C:\Windows\system32\drivers\adp94xx.sys [491088 2009-07-14] (Adaptec, Inc.)
S3 adpahci; C:\Windows\system32\drivers\adpahci.sys [339536 2009-07-14] (Adaptec, Inc.)
S3 adpu320; C:\Windows\system32\drivers\adpu320.sys [182864 2009-07-14] (Adaptec, Inc.)
R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2013-09-28] (Microsoft Corporation)
S3 agp440; C:\Windows\system32\drivers\agp440.sys [61008 2009-07-14] (Microsoft Corporation)
S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-14] (Acer Laboratories Inc.)
S3 amdide; C:\Windows\system32\drivers\amdide.sys [15440 2009-07-14] (Microsoft Corporation)
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-14] (Microsoft Corporation)
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-14] (Microsoft Corporation)
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [107904 2011-07-14] (Advanced Micro Devices)
S3 amdsbs; C:\Windows\system32\drivers\amdsbs.sys [194128 2009-07-14] (AMD Technologies Inc.)
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-07-14] (Advanced Micro Devices)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-21] (Microsoft Corporation)
S3 arc; C:\Windows\system32\drivers\arc.sys [87632 2009-07-14] (Adaptec, Inc.)
S3 arcsas; C:\Windows\system32\drivers\arcsas.sys [97856 2009-07-14] (Adaptec, Inc.)
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] (Microsoft Corporation)
R0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-14] (Microsoft Corporation)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2755584 2011-07-19] (Atheros Communications, Inc.)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
R3 b57xdbd; C:\Windows\System32\DRIVERS\b57xdbd.sys [67624 2011-01-20] (Broadcom Corporation)
R3 b57xdmp; C:\Windows\System32\DRIVERS\b57xdmp.sys [19496 2011-01-20] (Broadcom Corporation)
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] (Microsoft Corporation)
R1 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [45056 2009-07-14] (Microsoft Corporation)
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-07-14] (Microsoft Corporation)
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-14] (Microsoft Corporation)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] (Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
R3 bScsiMSa; C:\Windows\System32\DRIVERS\bScsiMSa.sys [51240 2011-05-16] (Broadcom Corporation)
R3 bScsiSDa; C:\Windows\System32\DRIVERS\bScsiSDa.sys [86056 2011-05-06] (Broadcom Corporation)
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-14] (Microsoft Corporation)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] (Microsoft Corporation)
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-21] (Microsoft Corporation)
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-14] (Microsoft Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] (Microsoft Corporation)
R3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [17664 2009-07-14] (Microsoft Corporation)
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] (CMD Technology, Inc.)
R0 CNG; C:\Windows\System32\Drivers\cng.sys [458712 2013-07-04] (Microsoft Corporation)
R0 Compbatt; C:\Windows\System32\drivers\compbatt.sys [21584 2009-07-14] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-21] (Microsoft Corporation)
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [24144 2009-07-14] (Microsoft Corporation)
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-21] (Microsoft Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [98616 2013-10-03] (DEVGURU Co., LTD.(www.devguru.co.kr))
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] (Microsoft Corporation)
R0 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] (Microsoft Corporation)
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-14] (Microsoft Corporation)
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [983488 2013-08-01] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [530496 2009-07-14] (Emulex)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] (Microsoft Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [142632 2011-04-05] (ELAN Microelectronics Corp.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] (Microsoft Corporation)
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] (Microsoft Corporation)
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-14] (Microsoft Corporation)
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] (Microsoft Corporation)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] (Microsoft Corporation)
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-14] (Microsoft Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-21] (Microsoft Corporation)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] (Microsoft Corporation)
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] (Microsoft Corporation)
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] (Microsoft Corporation)
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [65088 2009-07-14] (Microsoft Corporation)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-21] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-21] (Microsoft Corporation)
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-14] (Microsoft Corporation)
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-14] (Microsoft Corporation)
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-14] (Microsoft Corporation)
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-21] (Microsoft Corporation)
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-21] (Hewlett-Packard Company)
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-21] (Microsoft Corporation)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [117248 2009-09-10] (Huawei Technologies Co., Ltd.)
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] (Microsoft Corporation)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] (Microsoft Corporation)
R0 iaStor; C:\Windows\System32\drivers\iaStor.sys [557848 2011-04-26] (Intel Corporation)
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-07-14] (Intel Corporation)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12230912 2011-06-10] (Intel Corporation)
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [44112 2009-07-14] (Intel Corp./ICP vortex GmbH)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [3056360 2011-08-16] (Realtek Semiconductor Corp.)
R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Intel(R) Corporation)
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] (Microsoft Corporation)
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-21] (Microsoft Corporation)
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-21] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] (Microsoft Corporation)
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] (Microsoft Corporation)
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] (Microsoft Corporation)
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [273792 2010-11-21] (Microsoft Corporation)
R3 k57nd60a; C:\Windows\System32\DRIVERS\k57nd60a.sys [425000 2011-05-10] (Broadcom Corporation)
R3 kbdclass; C:\Windows\system32\drivers\kbdclass.sys [50768 2009-07-14] (Microsoft Corporation)
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [33280 2010-11-21] (Microsoft Corporation)
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2013-09-25] (Microsoft Corporation)
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [154560 2013-09-25] (Microsoft Corporation)
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation)
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] (Microsoft Corporation)
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [114752 2009-07-14] (LSI Corporation)
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [106560 2009-07-14] (LSI Corporation)
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [65600 2009-07-14] (LSI Corporation)
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [115776 2009-07-14] (LSI Corporation)
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] (Microsoft Corporation)
S3 megasas; C:\Windows\system32\drivers\megasas.sys [35392 2009-07-14] (LSI Corporation)
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [284736 2009-07-14] (LSI Corporation, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2010-10-20] (Intel Corporation)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] (Microsoft Corporation)
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] (Microsoft Corporation)
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] (Microsoft Corporation)
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] (Microsoft Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Microsoft Corporation)
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-21] (Microsoft Corporation)
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] (Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] (Microsoft Corporation)
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-07-14] (Microsoft Corporation)
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-09-21] (Microsoft Corporation)
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-07-14] (Microsoft Corporation)
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-21] (Microsoft Corporation)
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] (Microsoft Corporation)
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] (Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] (Microsoft Corporation)
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] (Microsoft Corporation)
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] (Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] (Microsoft Corporation)
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] (Microsoft Corporation)
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] (Microsoft Corporation)
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] (Microsoft Corporation)
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] (Microsoft Corporation)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [22648 2012-01-15] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [20520 2012-01-15] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62776 2012-01-15] (Egis Technology Inc.)
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] (Microsoft Corporation)
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] (Microsoft Corporation)
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] (Microsoft Corporation)
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] (Microsoft Corporation)
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] (Microsoft Corporation)
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] (Microsoft Corporation)
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] (Microsoft Corporation)
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] (Microsoft Corporation)
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] (IBM Corporation)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] (Microsoft Corporation)
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] (Microsoft Corporation)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1656680 2013-04-12] (Microsoft Corporation)
R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2011-09-20] (NTI Corporation)
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] (Microsoft Corporation)
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [13443944 2012-10-08] (NVIDIA Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [30056 2012-10-08] (NVIDIA Corporation)
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-07-14] (NVIDIA Corporation)
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-07-14] (NVIDIA Corporation)
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] (Microsoft Corporation)
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] (Microsoft Corporation)
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] (Microsoft Corporation)
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] (Microsoft Corporation)
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] (Microsoft Corporation)
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] (Microsoft Corporation)
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] (Microsoft Corporation)
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] (Microsoft Corporation)
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] (Microsoft Corporation)
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] (Microsoft Corporation)
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] (Microsoft Corporation)
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] (Microsoft Corporation)
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] (QLogic Corporation)
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] (QLogic Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] (Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] (Microsoft Corporation)
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] (Microsoft Corporation)
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] (Microsoft Corporation)
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] (Microsoft Corporation)
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] (Microsoft Corporation)
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] (Microsoft Corporation)
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] (Microsoft Corporation)
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] (Microsoft Corporation)
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] (Microsoft Corporation)
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] (Microsoft Corporation)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation)
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] (Microsoft Corporation)
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] (Microsoft Corporation)
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] (Microsoft Corporation)
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] (Microsoft Corporation)
S3 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [109056 2010-11-21] (Microsoft Corporation)
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-14] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Microsoft Corporation)
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] (Microsoft Corporation)
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] (Microsoft Corporation)
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] (Microsoft Corporation)
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] (Microsoft Corporation)
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] (Microsoft Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [767144 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [28840 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [23208 2013-06-26] (Microsoft Corporation)
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] (Silicon Integrated Systems Corp.)
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] (Silicon Integrated Systems)
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] (Microsoft Corporation)
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] (Microsoft Corporation)
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-07-14] (Microsoft Corporation)
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-07-14] (Microsoft Corporation)
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-07-14] (Microsoft Corporation)
S3 ssadbus; C:\Windows\System32\DRIVERS\ssadbus.sys [157672 2011-05-13] (MCCI Corporation)
S3 ssadmdfl; C:\Windows\System32\DRIVERS\ssadmdfl.sys [16872 2011-05-13] (MCCI Corporation)
S3 ssadmdm; C:\Windows\System32\DRIVERS\ssadmdm.sys [177640 2011-05-13] (MCCI Corporation)
S3 ssadserd; C:\Windows\System32\DRIVERS\ssadserd.sys [146920 2011-05-13] (MCCI Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] (Promise Technology)
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] (Microsoft Corporation)
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2013-09-08] (Microsoft Corporation)
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2013-09-08] (Microsoft Corporation)
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] (Microsoft Corporation)
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] (Microsoft Corporation)
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] (Microsoft Corporation)
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-21] (Microsoft Corporation)
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-21] (Microsoft Corporation)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] (Microsoft Corporation)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57856 2012-08-23] (Microsoft Corporation)
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] (Microsoft Corporation)
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] (Microsoft Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [16120 2010-11-29] (Intel(R) Corporation)
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] (Microsoft Corporation)
R3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [17408 2011-09-20] (NTI Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] (Microsoft Corporation)
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] (Microsoft Corporation)
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] (Microsoft Corporation)
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] (Microsoft Corporation)
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] (Microsoft Corporation)
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation)
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] (Microsoft Corporation)
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] (Microsoft Corporation)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] (Microsoft Corporation)
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] (Microsoft Corporation)
S3 usbscan; C:\Windows\system32\drivers\usbscan.sys [42496 2013-07-03] (Microsoft Corporation)
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-07-14] (Microsoft Corporation)
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] (Microsoft Corporation)
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] (Microsoft Corporation)
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] (Microsoft Corporation)
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] (Microsoft Corporation)
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] (Microsoft Corporation)
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] (VIA Technologies, Inc.)
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] (Microsoft Corporation)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Microsoft Corporation)
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-21] (Microsoft Corporation)
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] (VIA Technologies Inc.,Ltd)
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] (Microsoft Corporation)
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] (Microsoft Corporation)
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] (Microsoft Corporation)
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] (Microsoft Corporation)
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] (Microsoft Corporation)
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] (Microsoft Corporation)
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] (Microsoft Corporation)
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] (Microsoft Corporation)
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] (Microsoft Corporation)
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] (Microsoft Corporation)
S3 WIMMount; C:\Windows\SysWOW64\drivers\wimmount.sys [19008 2009-07-14] (Microsoft Corporation)
U3 Winsock; No ImagePath
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] (Microsoft Corporation)
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] (Microsoft Corporation)
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] (Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] (Microsoft Corporation)
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-28 00:11 - 2014-01-28 00:46 - 110100481 _____ C:\Users\Andi\Downloads\Medi.part03.rar
2014-01-28 00:09 - 2014-01-28 00:52 - 110100483 _____ C:\Users\Andi\Downloads\Medi.part02.rar
2014-01-28 00:09 - 2014-01-28 00:46 - 110100487 _____ C:\Users\Andi\Downloads\Medi.part01.rar
2014-01-26 17:06 - 2014-01-26 17:06 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Garmin
2014-01-25 09:06 - 2014-01-25 09:06 - 00262144 _____ C:\Windows\Minidump\012514-23290-01.dmp
2014-01-22 13:52 - 2014-01-22 13:53 - 00000000 ____D C:\Users\Angi\AppData\Local\Udbmedia
2014-01-21 20:26 - 2014-01-30 23:10 - 00028583 _____ C:\Users\Andi\Desktop\Addition.txt
2014-01-20 22:03 - 2014-01-30 23:07 - 02079744 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2014-01-20 16:46 - 2014-01-20 16:46 - 00002130 _____ C:\Users\Public\Desktop\NWZ-E380 WALKMAN Guide.lnk
2014-01-20 16:45 - 2014-01-20 16:45 - 00000000 ____D C:\Users\Admin\AppData\Local\Downloaded Installations
2014-01-20 16:44 - 2014-01-20 16:44 - 00000562 _____ C:\Windows\wmsetup.log
2014-01-20 16:44 - 2014-01-20 16:44 - 00000000 ____D C:\Program Files (x86)\Sony
2014-01-19 11:01 - 2014-01-19 11:02 - 18864072 _____ C:\Users\Angi\Downloads\CommunicatorPlugin_410 (1).exe
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D C:\Program Files\Garmin GPS Plugin
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D C:\Program Files (x86)\Garmin GPS Plugin
2014-01-19 10:55 - 2014-01-19 10:56 - 18864072 _____ C:\Users\Angi\Downloads\CommunicatorPlugin_410.exe
2014-01-16 06:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 06:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 06:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 20:09 - 2014-01-30 23:07 - 00000000 ____D C:\Users\Andi\Desktop\FRST-OlderVersion
2014-01-05 23:01 - 2014-01-05 23:01 - 00262144 _____ C:\Windows\Minidump\010514-30716-01.dmp
2014-01-05 21:32 - 2014-01-10 06:24 - 00000000 ____D C:\Users\Andi\AppData\Local\Udbmedia
2014-01-05 09:36 - 2014-01-10 20:14 - 00000000 ____D C:\Users\Angi\Desktop\FRST-OlderVersion
2014-01-03 21:00 - 2014-01-10 20:14 - 01932166 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-01-03 20:54 - 2014-01-05 09:28 - 00000000 ____D C:\Users\Andi\Downloads\FRST-OlderVersion
2014-01-01 19:35 - 2014-01-01 19:36 - 00074060 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:34 - 2014-01-31 17:39 - 00077836 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-01 19:34 - 2014-01-01 19:32 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe
2014-01-01 19:33 - 2014-01-05 09:32 - 00053799 _____ C:\Users\Andi\Downloads\FRST.txt

==================== One Month Modified Files and Folders =======

2014-01-31 17:39 - 2014-01-01 19:34 - 00077836 _____ C:\Users\Andi\Desktop\FRST.txt
2014-01-31 17:39 - 2013-12-23 01:49 - 00000000 ____D C:\FRST
2014-01-31 17:39 - 2013-07-08 16:40 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 17:37 - 2012-10-10 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 17:31 - 2013-11-24 08:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2014-01-31 17:23 - 2013-10-12 20:12 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2014-01-31 17:23 - 2012-06-02 13:35 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2014-01-31 17:03 - 2013-12-09 00:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2014-01-31 16:29 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 16:29 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-31 16:23 - 2012-01-15 19:22 - 01492856 _____ C:\Windows\WindowsUpdate.log
2014-01-31 16:22 - 2013-12-01 20:43 - 00000000 ___RD C:\Users\Angi\Dropbox
2014-01-31 16:22 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Dropbox
2014-01-31 16:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-31 16:21 - 2009-07-14 05:51 - 00200371 _____ C:\Windows\setupact.log
2014-01-30 23:10 - 2014-01-21 20:26 - 00028583 _____ C:\Users\Andi\Desktop\Addition.txt
2014-01-30 23:07 - 2014-01-20 22:03 - 02079744 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2014-01-30 23:07 - 2014-01-10 20:09 - 00000000 ____D C:\Users\Andi\Desktop\FRST-OlderVersion
2014-01-29 12:10 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-29 06:36 - 2012-01-16 04:15 - 00669464 _____ C:\Windows\system32\perfh007.dat
2014-01-29 06:36 - 2012-01-16 04:15 - 00134990 _____ C:\Windows\system32\perfc007.dat
2014-01-29 06:36 - 2009-07-14 06:13 - 01528428 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-28 08:31 - 2013-09-13 22:21 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2014-01-28 08:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-28 00:52 - 2014-01-28 00:09 - 110100483 _____ C:\Users\Andi\Downloads\Medi.part02.rar
2014-01-28 00:46 - 2014-01-28 00:11 - 110100481 _____ C:\Users\Andi\Downloads\Medi.part03.rar
2014-01-28 00:46 - 2014-01-28 00:09 - 110100487 _____ C:\Users\Andi\Downloads\Medi.part01.rar
2014-01-27 15:25 - 2013-12-09 23:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-27 15:25 - 2013-12-09 23:48 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2014-01-27 15:25 - 2012-10-10 22:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-27 15:25 - 2011-10-14 04:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-27 11:54 - 2012-08-14 20:29 - 00000000 ____D C:\Users\Andi\AppData\Roaming\SoftGrid Client
2014-01-27 01:54 - 2013-09-26 22:52 - 00000000 ____D C:\Users\Andi\Documents\Urlaub
2014-01-26 17:06 - 2014-01-26 17:06 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Garmin
2014-01-25 09:06 - 2014-01-25 09:06 - 00262144 _____ C:\Windows\Minidump\012514-23290-01.dmp
2014-01-25 09:06 - 2012-07-09 11:24 - 00000000 ____D C:\Windows\Minidump
2014-01-25 09:06 - 2012-07-09 11:23 - 538541837 _____ C:\Windows\MEMORY.DMP
2014-01-22 15:21 - 2012-06-04 21:30 - 00000000 ____D C:\MP3
2014-01-22 13:53 - 2014-01-22 13:52 - 00000000 ____D C:\Users\Angi\AppData\Local\Udbmedia
2014-01-22 13:37 - 2012-06-02 16:08 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Adobe
2014-01-20 19:53 - 2010-11-21 04:47 - 00393070 _____ C:\Windows\PFRO.log
2014-01-20 16:46 - 2014-01-20 16:46 - 00002130 _____ C:\Users\Public\Desktop\NWZ-E380 WALKMAN Guide.lnk
2014-01-20 16:45 - 2014-01-20 16:45 - 00000000 ____D C:\Users\Admin\AppData\Local\Downloaded Installations
2014-01-20 16:44 - 2014-01-20 16:44 - 00000562 _____ C:\Windows\wmsetup.log
2014-01-20 16:44 - 2014-01-20 16:44 - 00000000 ____D C:\Program Files (x86)\Sony
2014-01-20 16:44 - 2012-06-07 10:57 - 00000000 ____D C:\ProgramData\Sony Corporation
2014-01-19 11:02 - 2014-01-19 11:01 - 18864072 _____ C:\Users\Angi\Downloads\CommunicatorPlugin_410 (1).exe
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D C:\Program Files\Garmin GPS Plugin
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D C:\Program Files (x86)\Garmin GPS Plugin
2014-01-19 10:56 - 2014-01-19 10:55 - 18864072 _____ C:\Users\Angi\Downloads\CommunicatorPlugin_410.exe
2014-01-18 18:34 - 2012-06-02 13:28 - 00000000 ___RD C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 19:39 - 2009-07-14 05:45 - 00481440 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 06:29 - 2013-08-15 14:17 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 06:25 - 2013-08-15 14:17 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 13:27 - 2013-09-12 06:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-10 20:14 - 2014-01-05 09:36 - 00000000 ____D C:\Users\Angi\Desktop\FRST-OlderVersion
2014-01-10 20:14 - 2014-01-03 21:00 - 01932166 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-01-10 06:27 - 2013-12-01 20:43 - 00001012 _____ C:\Users\Angi\Desktop\Dropbox.lnk
2014-01-10 06:27 - 2013-12-01 20:39 - 00000526 _____ C:\Windows\wininit.ini
2014-01-10 06:27 - 2013-12-01 20:39 - 00000000 ____D C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-10 06:24 - 2014-01-05 21:32 - 00000000 ____D C:\Users\Andi\AppData\Local\Udbmedia
2014-01-07 08:01 - 2013-08-27 06:26 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2014-01-07 07:41 - 2013-01-31 23:48 - 00000000 ____D C:\Users\Andi\Documents\Weine
2014-01-05 23:01 - 2014-01-05 23:01 - 00262144 _____ C:\Windows\Minidump\010514-30716-01.dmp
2014-01-05 11:11 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Andi\AppData\Roaming\BitTorrent
2014-01-05 09:32 - 2014-01-01 19:33 - 00053799 _____ C:\Users\Andi\Downloads\FRST.txt
2014-01-05 09:28 - 2014-01-03 20:54 - 00000000 ____D C:\Users\Andi\Downloads\FRST-OlderVersion
2014-01-01 19:36 - 2014-01-01 19:35 - 00074060 _____ C:\Users\Angi\Downloads\FRST.txt
2014-01-01 19:32 - 2014-01-01 19:34 - 01931396 _____ (Farbar) C:\Users\Angi\Downloads\FRST64(1).exe

Some content of TEMP:
====================
C:\Users\Angi\AppData\Local\temp\dttxyztz.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-30 18:53

==================== End Of Log ============================
--- --- ---

--- --- ---

oigen 31.01.2014 17:47
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by Admin at 2014-01-31 17:40:46
Running from C:\Users\Andi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (x32 Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (x32 Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 5.00.3504 - Acer Incorporated)
Acer Games (x32 Version: 1.0.2.5 - WildTangent)
Acer Registration (x32 Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0913.2011 - Acer Incorporated)
Acer Updater (x32 Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (x32 Version: 7.0.765.0 - Microsoft Corporation)
BitTorrent (HKCU Version: 7.8.2.30265 - BitTorrent Inc.)
Broadcom Card Reader Driver Installer (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (Version: 14.8.4.1 - Broadcom Corporation)
Canon MP550 series MP Drivers (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (x32 Version: 1.00.3500 - Acer Incorporated)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.7 - Dolby Laboratories Inc)
eBay Worldwide (x32 Version: 2.2.0409 - OEM)
ESET Smart Security (Version: 6.0.316.0 - ESET, spol s r. o.)
ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (x32 Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (x32 Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Communicator Plugin (x32 Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKCU Version: 29.0.1547.66 - Google Inc.)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HappyFoto-Designer 5.1 (x32 Version:  - )
Identity Card (x32 Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (x32 Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Need For Speed™ World (x32 Version: 1.0.0.1055 - Electronic Arts)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 306.97 (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
NWZ-E380 WALKMAN Guide (x32 Version: 2.2.0.05230 - Sony Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PerformanceTest v7.0 (64-bit) (Version: 7.0 - Passmark Software)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
StreamTorrent 1.0 (x32 Version:  - )
Tinypic 3.18 (x32 Version: Tinypic 3.18 - E. Fiedler)
T-Mobile Internet Manager (x32 Version: 11.301.05.34.55 - Huawei Technologies Co.,Ltd)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0 - Intel)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC Codec Pack 2.0.5 (x32 Version: 2.0.5 - VLC Codec Pack)
VLC media player 2.0.7 (x32 Version: 2.0.7 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (x32 Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wondershare MobileGo for Android ( Version 4.1.0 ) (x32 Version: 4.1.0 - Wondershare)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

07-01-2014 12:50:33 Windows Update
14-01-2014 05:41:13 Windows Update
16-01-2014 05:23:43 Windows Update
16-01-2014 17:02:51 Windows Update
21-01-2014 19:21:24 Windows Update
29-01-2014 05:34:57 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-11-24 20:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {07616372-F801-458D-9C14-C9930D6095B1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-15] (Microsoft Corporation)
Task: {0ED3B60A-C1E2-4C3C-9327-B8E68F24064C} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {26E05DF4-BA16-4773-9D52-1856B958F2D4} - System32\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-08] (Google Inc.)
Task: {3866C1B3-BD31-4AAE-BE41-6B76C99E152C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-02] (Google Inc.)
Task: {43FBDE16-54EC-4AED-8476-C356CE1FD9E8} - \Desk 365 RunAsStdUser No Task File
Task: {56EDC0BA-DB57-4CAA-B1BF-984035D1F313} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-08] (Google Inc.)
Task: {85B0BB76-1E4F-485F-9FD5-7446EE98A8BE} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {8A765899-89D1-4338-84CC-7988A4094513} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core => C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-02] (Google Inc.)
Task: {8B0876B7-E6EE-4708-B12D-CEED3FE1DF23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-27] (Adobe Systems Incorporated)
Task: {9B25315B-EB80-49AB-BF95-7A3210569938} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {A308C948-BEB7-4EFF-BFD8-EF0E66F65DA0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CF2BDE07-28C1-4EAB-9E4C-55B293FD4A44} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {EF3DBADD-B74B-4C0D-8182-F928CFE3CACA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F41D5C2B-0A28-490D-A526-6CAB87484240} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316 => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-02] (Google Inc.)
Task: {F87FA238-C6DB-4B39-A405-E68BFAF7722C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa => C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-02] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job => C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job => C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-23 17:15 - 2013-11-23 17:15 - 02492416 _____ () C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll
2013-11-23 17:15 - 2013-11-23 17:15 - 02179072 _____ () C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll
2009-01-21 16:45 - 2009-01-21 16:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-10-14 04:57 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2013-08-20 08:23 - 2013-08-20 08:23 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f60b3ee2de3f41a024920486d46d49f2\IsdiInterop.ni.dll
2011-10-14 04:15 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2012-06-02 13:17 - 2013-12-20 17:48 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-27 15:25 - 2014-01-27 15:25 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2014 05:32:23 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.16428 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1cc8

Startzeit: 01cf1ea16b9fa1d5

Endzeit: 16

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (01/31/2014 04:31:57 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (01/31/2014 04:22:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2014 00:31:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2014 07:22:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2014 07:13:21 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (01/31/2014 06:31:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2014 03:34:45 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (01/30/2014 01:56:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2014 06:30:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/31/2014 04:24:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/31/2014 04:24:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/31/2014 00:33:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/31/2014 00:33:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/31/2014 00:31:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024809

Error: (01/31/2014 00:31:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024809

Error: (01/31/2014 07:24:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/31/2014 07:24:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/31/2014 06:33:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/31/2014 06:33:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (01/31/2014 05:32:23 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.164281cc801cf1ea16b9fa1d516C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (01/31/2014 04:31:57 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (01/31/2014 04:22:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2014 00:31:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2014 07:22:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2014 07:13:21 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (01/31/2014 06:31:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2014 03:34:45 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (01/30/2014 01:56:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2014 06:30:37 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-11-24 20:28:57.489
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-24 20:28:57.427
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-24 20:28:57.380
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-24 20:28:57.317
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-24 16:53:36.298
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-24 16:53:36.251
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8043.86 MB
Available physical RAM: 5909.51 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13790.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:913.41 GB) (Free:593.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6226A998)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=913 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 01.02.2014 11:31
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Angi\...\Run: [Udbmedia] - regsvr32.exe C:\Users\Angi\AppData\Local\Udbmedia\EP0NGR00.DLL <===== ATTENTION
C:\Users\Angi\AppData\Local\temp\dttxyztz.exe
Task: {43FBDE16-54EC-4AED-8476-C356CE1FD9E8} - \Desk 365 RunAsStdUser No Task File

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


oigen 01.02.2014 17:49
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by Admin at 2014-02-01 17:44:36 Run:12
Running from C:\Users\Andi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\Angi\...\Run: [Udbmedia] - regsvr32.exe C:\Users\Angi\AppData\Local\Udbmedia\EP0NGR00.DLL <===== ATTENTION
C:\Users\Angi\AppData\Local\temp\dttxyztz.exe
Task: {43FBDE16-54EC-4AED-8476-C356CE1FD9E8} - \Desk 365 RunAsStdUser No Task File
       
*****************

HKU\Angi\Software\Microsoft\Windows\CurrentVersion\Run\\Udbmedia => Value not found.
"C:\Users\Angi\AppData\Local\temp\dttxyztz.exe" => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43FBDE16-54EC-4AED-8476-C356CE1FD9E8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43FBDE16-54EC-4AED-8476-C356CE1FD9E8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully.

==== End of Fixlog ====

schrauber 02.02.2014 07:10
Dann jetzt bitte nochmal ausgiebig den REchner testen und mir mitteilen ob es noch Probleme gibt.

oigen 03.02.2014 22:39
Die beiden Probleme sind leider unverändert:

Den Pfad

C:\FRST\Quarantine\_OTM\MovedFiles\12162013_202043\C_FRST\Quarantine\Install

kann ich noch immer nicht löschen

Und die Fehlermeldung

Fehler beim Laden des Moduls
"C:\Users\Andi\AppData\Local\Udbmedia\jcstums.dat"

kommt auch nach wie vor...

schrauber 04.02.2014 17:12
FRST bitte nochmal scannen lassen, mit Haken bei Additional.

oigen 04.02.2014 20:20
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Admin (administrator) on PC on 04-02-2014 20:15:35
Running from C:\Users\Andi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-10-27] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2098008458-3402727504-3613341839-1001\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-2098008458-3402727504-3613341839-1001\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKU\S-1-5-21-2098008458-3402727504-3613341839-1003\...\Run: [Orbitum] - C:\Users\Andi\AppData\Local\Orbitum\Application\chrome.exe
HKU\S-1-5-21-2098008458-3402727504-3613341839-1003\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-2098008458-3402727504-3613341839-1003\...\Run: [Udbmedia] - regsvr32.exe C:\Users\Andi\AppData\Local\Udbmedia\jcstums.dll <===== ATTENTION
HKU\S-1-5-21-2098008458-3402727504-3613341839-1003\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2098008458-3402727504-3613341839-1003\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2098008458-3402727504-3613341839-1003\...\MountPoints2: {10e3d94e-ad86-11e1-b219-001e101f1f81} - E:\AutoRun.exe
HKU\S-1-5-21-2098008458-3402727504-3613341839-1003\...\MountPoints2: {8cf2d829-4bc2-11e2-b468-001e101f7fb6} - E:\AutoRun.exe
HKU\S-1-5-21-2098008458-3402727504-3613341839-1003\...\MountPoints2: {9a409562-acd6-11e1-9bc0-642737311941} - F:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default
FF Homepage: hxxp://www.google.at/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-03]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-03]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: qvo6
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-02]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-02]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-02]

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-04 06:19 - 2014-02-04 06:35 - 110100480 _____ () C:\Users\Andi\Downloads\Medi.part10.rar
2014-02-03 22:58 - 2014-02-03 22:58 - 03335096 _____ (Peter A. Gebhard ) C:\Users\Andi\Downloads\drh2014d.exe
2014-02-03 22:52 - 2014-02-03 23:30 - 110100480 _____ () C:\Users\Andi\Downloads\Medi.part09.rar
2014-02-03 22:30 - 2014-02-03 22:30 - 00000317 _____ () C:\Users\Andi\Desktop\Post.txt
2014-02-02 15:06 - 2014-02-02 15:06 - 00029184 _____ () C:\Users\Angi\Downloads\Helfer 1. Cup (1).xls
2014-02-02 10:05 - 2014-02-02 10:05 - 00029184 _____ () C:\Users\Angi\Downloads\Helfer 1. Cup.xls
2014-02-01 21:44 - 2014-02-01 22:08 - 110100480 _____ () C:\Users\Andi\Downloads\Medi.part08.rar
2014-02-01 20:31 - 2014-02-01 20:56 - 110100480 _____ () C:\Users\Andi\Downloads\Medi.part07.rar
2014-02-01 19:35 - 2014-02-01 20:21 - 110100483 _____ () C:\Users\Andi\Downloads\Medi.part06.rar
2014-02-01 19:34 - 2014-02-01 20:11 - 110100487 _____ () C:\Users\Andi\Downloads\Medi.part05.rar
2014-02-01 19:32 - 2014-02-01 20:08 - 110100481 _____ () C:\Users\Andi\Downloads\Medi.part04.rar
2014-01-28 00:11 - 2014-01-28 00:46 - 110100481 _____ () C:\Users\Andi\Downloads\Medi.part03.rar
2014-01-28 00:09 - 2014-01-28 00:52 - 110100483 _____ () C:\Users\Andi\Downloads\Medi.part02.rar
2014-01-28 00:09 - 2014-01-28 00:46 - 110100487 _____ () C:\Users\Andi\Downloads\Medi.part01.rar
2014-01-26 17:06 - 2014-01-26 17:06 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Garmin
2014-01-25 09:06 - 2014-01-25 09:06 - 00262144 _____ () C:\Windows\Minidump\012514-23290-01.dmp
2014-01-22 13:52 - 2014-01-22 13:53 - 00000000 ____D () C:\Users\Angi\AppData\Local\Udbmedia
2014-01-21 20:26 - 2014-01-31 17:41 - 00033323 _____ () C:\Users\Andi\Desktop\Addition.txt
2014-01-20 22:03 - 2014-02-01 17:43 - 02080256 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2014-01-20 16:46 - 2014-01-20 16:46 - 00002130 _____ () C:\Users\Public\Desktop\NWZ-E380 WALKMAN Guide.lnk
2014-01-20 16:45 - 2014-01-20 16:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2014-01-20 16:44 - 2014-01-20 16:44 - 00000562 _____ () C:\Windows\wmsetup.log
2014-01-20 16:44 - 2014-01-20 16:44 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-01-19 11:01 - 2014-01-19 11:02 - 18864072 _____ () C:\Users\Angi\Downloads\CommunicatorPlugin_410 (1).exe
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D () C:\Program Files\Garmin GPS Plugin
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D () C:\Program Files (x86)\Garmin GPS Plugin
2014-01-19 10:55 - 2014-01-19 10:56 - 18864072 _____ () C:\Users\Angi\Downloads\CommunicatorPlugin_410.exe
2014-01-16 06:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 06:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 06:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 20:09 - 2014-02-01 17:43 - 00000000 ____D () C:\Users\Andi\Desktop\FRST-OlderVersion
2014-01-05 23:01 - 2014-01-05 23:01 - 00262144 _____ () C:\Windows\Minidump\010514-30716-01.dmp
2014-01-05 21:32 - 2014-01-10 06:24 - 00000000 ____D () C:\Users\Andi\AppData\Local\Udbmedia
2014-01-05 09:36 - 2014-01-10 20:14 - 00000000 ____D () C:\Users\Angi\Desktop\FRST-OlderVersion

==================== One Month Modified Files and Folders =======

2014-02-04 20:16 - 2014-01-01 19:34 - 00018395 _____ () C:\Users\Andi\Desktop\FRST.txt
2014-02-04 20:15 - 2013-12-23 01:49 - 00000000 ____D () C:\FRST
2014-02-04 20:15 - 2012-01-15 19:22 - 01839182 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 20:13 - 2013-07-08 16:40 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 20:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-04 20:13 - 2009-07-14 05:51 - 00201435 _____ () C:\Windows\setupact.log
2014-02-04 14:31 - 2013-11-24 08:26 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2014-02-04 14:23 - 2013-10-12 20:12 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2014-02-04 14:03 - 2013-12-09 00:58 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2014-02-04 13:37 - 2012-10-10 22:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-04 12:58 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 12:58 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 12:57 - 2013-12-01 20:39 - 00000000 ____D () C:\Users\Angi\AppData\Roaming\Dropbox
2014-02-04 12:55 - 2013-12-01 20:43 - 00000000 ___RD () C:\Users\Angi\Dropbox
2014-02-04 12:48 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-04 08:31 - 2013-09-13 22:21 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2014-02-04 06:35 - 2014-02-04 06:19 - 110100480 _____ () C:\Users\Andi\Downloads\Medi.part10.rar
2014-02-03 23:30 - 2014-02-03 22:52 - 110100480 _____ () C:\Users\Andi\Downloads\Medi.part09.rar
2014-02-03 22:58 - 2014-02-03 22:58 - 03335096 _____ (Peter A. Gebhard ) C:\Users\Andi\Downloads\drh2014d.exe
2014-02-03 22:54 - 2012-01-15 19:50 - 00012914 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-02-03 22:53 - 2012-01-15 19:51 - 00003424 _____ () C:\Windows\System32\Tasks\clear.fi
2014-02-03 22:53 - 2012-01-15 19:51 - 00003372 _____ () C:\Windows\System32\Tasks\DMREngine
2014-02-03 22:53 - 2012-01-15 19:51 - 00003354 _____ () C:\Windows\System32\Tasks\clear.fiAgent
2014-02-03 22:53 - 2011-10-14 04:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-03 22:52 - 2012-06-02 13:24 - 00000000 ____D () C:\Users\Admin\AppData\Local\Cyberlink
2014-02-03 22:51 - 2012-01-15 19:50 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-03 22:30 - 2014-02-03 22:30 - 00000317 _____ () C:\Users\Andi\Desktop\Post.txt
2014-02-03 17:23 - 2012-06-02 13:35 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2014-02-02 15:06 - 2014-02-02 15:06 - 00029184 _____ () C:\Users\Angi\Downloads\Helfer 1. Cup (1).xls
2014-02-02 10:05 - 2014-02-02 10:05 - 00029184 _____ () C:\Users\Angi\Downloads\Helfer 1. Cup.xls
2014-02-01 22:08 - 2014-02-01 21:44 - 110100480 _____ () C:\Users\Andi\Downloads\Medi.part08.rar
2014-02-01 20:56 - 2014-02-01 20:31 - 110100480 _____ () C:\Users\Andi\Downloads\Medi.part07.rar
2014-02-01 20:21 - 2014-02-01 19:35 - 110100483 _____ () C:\Users\Andi\Downloads\Medi.part06.rar
2014-02-01 20:11 - 2014-02-01 19:34 - 110100487 _____ () C:\Users\Andi\Downloads\Medi.part05.rar
2014-02-01 20:08 - 2014-02-01 19:32 - 110100481 _____ () C:\Users\Andi\Downloads\Medi.part04.rar
2014-02-01 17:43 - 2014-01-20 22:03 - 02080256 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2014-02-01 17:43 - 2014-01-10 20:09 - 00000000 ____D () C:\Users\Andi\Desktop\FRST-OlderVersion
2014-01-31 17:41 - 2014-01-21 20:26 - 00033323 _____ () C:\Users\Andi\Desktop\Addition.txt
2014-01-29 06:36 - 2012-01-16 04:15 - 00669464 _____ () C:\Windows\system32\perfh007.dat
2014-01-29 06:36 - 2012-01-16 04:15 - 00134990 _____ () C:\Windows\system32\perfc007.dat
2014-01-29 06:36 - 2009-07-14 06:13 - 01528428 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-28 08:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-28 00:52 - 2014-01-28 00:09 - 110100483 _____ () C:\Users\Andi\Downloads\Medi.part02.rar
2014-01-28 00:46 - 2014-01-28 00:11 - 110100481 _____ () C:\Users\Andi\Downloads\Medi.part03.rar
2014-01-28 00:46 - 2014-01-28 00:09 - 110100487 _____ () C:\Users\Andi\Downloads\Medi.part01.rar
2014-01-27 15:25 - 2013-12-09 23:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-27 15:25 - 2013-12-09 23:48 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-01-27 15:25 - 2012-10-10 22:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-27 15:25 - 2011-10-14 04:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-27 11:54 - 2012-08-14 20:29 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\SoftGrid Client
2014-01-27 01:54 - 2013-09-26 22:52 - 00000000 ____D () C:\Users\Andi\Documents\Urlaub
2014-01-26 17:06 - 2014-01-26 17:06 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Garmin
2014-01-25 09:06 - 2014-01-25 09:06 - 00262144 _____ () C:\Windows\Minidump\012514-23290-01.dmp
2014-01-25 09:06 - 2012-07-09 11:24 - 00000000 ____D () C:\Windows\Minidump
2014-01-25 09:06 - 2012-07-09 11:23 - 538541837 _____ () C:\Windows\MEMORY.DMP
2014-01-22 15:21 - 2012-06-04 21:30 - 00000000 ____D () C:\MP3
2014-01-22 13:53 - 2014-01-22 13:52 - 00000000 ____D () C:\Users\Angi\AppData\Local\Udbmedia
2014-01-22 13:37 - 2012-06-02 16:08 - 00000000 ____D () C:\Users\Angi\AppData\Roaming\Adobe
2014-01-20 19:53 - 2010-11-21 04:47 - 00393070 _____ () C:\Windows\PFRO.log
2014-01-20 16:46 - 2014-01-20 16:46 - 00002130 _____ () C:\Users\Public\Desktop\NWZ-E380 WALKMAN Guide.lnk
2014-01-20 16:45 - 2014-01-20 16:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2014-01-20 16:44 - 2014-01-20 16:44 - 00000562 _____ () C:\Windows\wmsetup.log
2014-01-20 16:44 - 2014-01-20 16:44 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-01-20 16:44 - 2012-06-07 10:57 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-01-19 11:02 - 2014-01-19 11:01 - 18864072 _____ () C:\Users\Angi\Downloads\CommunicatorPlugin_410 (1).exe
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D () C:\Program Files\Garmin GPS Plugin
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D () C:\Program Files (x86)\Garmin GPS Plugin
2014-01-19 10:56 - 2014-01-19 10:55 - 18864072 _____ () C:\Users\Angi\Downloads\CommunicatorPlugin_410.exe
2014-01-18 18:34 - 2012-06-02 13:28 - 00000000 ___RD () C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 19:39 - 2009-07-14 05:45 - 00481440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 06:29 - 2013-08-15 14:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 06:25 - 2013-08-15 14:17 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 13:27 - 2013-09-12 06:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-10 20:14 - 2014-01-05 09:36 - 00000000 ____D () C:\Users\Angi\Desktop\FRST-OlderVersion
2014-01-10 20:14 - 2014-01-03 21:00 - 01932166 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-01-10 06:27 - 2013-12-01 20:43 - 00001012 _____ () C:\Users\Angi\Desktop\Dropbox.lnk
2014-01-10 06:27 - 2013-12-01 20:39 - 00000526 _____ () C:\Windows\wininit.ini
2014-01-10 06:27 - 2013-12-01 20:39 - 00000000 ____D () C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-10 06:24 - 2014-01-05 21:32 - 00000000 ____D () C:\Users\Andi\AppData\Local\Udbmedia
2014-01-07 08:01 - 2013-08-27 06:26 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\vlc
2014-01-07 07:41 - 2013-01-31 23:48 - 00000000 ____D () C:\Users\Andi\Documents\Weine
2014-01-05 23:01 - 2014-01-05 23:01 - 00262144 _____ () C:\Windows\Minidump\010514-30716-01.dmp
2014-01-05 11:11 - 2013-11-10 14:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\BitTorrent
2014-01-05 09:32 - 2014-01-01 19:33 - 00053799 _____ () C:\Users\Andi\Downloads\FRST.txt
2014-01-05 09:28 - 2014-01-03 20:54 - 00000000 ____D () C:\Users\Andi\Downloads\FRST-OlderVersion

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\temp\D77.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-30 18:53

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by Admin at 2014-02-04 20:17:36
Running from C:\Users\Andi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (x32 Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (x32 Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 5.00.3504 - Acer Incorporated)
Acer Games (x32 Version: 1.0.2.5 - WildTangent)
Acer Registration (x32 Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0913.2011 - Acer Incorporated)
Acer Updater (x32 Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (x32 Version: 7.0.765.0 - Microsoft Corporation)
BitTorrent (HKCU Version: 7.8.2.30265 - BitTorrent Inc.)
Broadcom Card Reader Driver Installer (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (Version: 14.8.4.1 - Broadcom Corporation)
Canon MP550 series MP Drivers (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2228.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.2228.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8228 - CyberLink Corp.) Hidden
clear.fi Client (x32 Version: 1.00.3500 - Acer Incorporated)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.7 - Dolby Laboratories Inc)
eBay Worldwide (x32 Version: 2.2.0409 - OEM)
ESET Smart Security (Version: 6.0.316.0 - ESET, spol s r. o.)
ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (x32 Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (x32 Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Communicator Plugin (x32 Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKCU Version: 29.0.1547.66 - Google Inc.)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HappyFoto-Designer 5.1 (x32 Version:  - )
Identity Card (x32 Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (x32 Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Need For Speed™ World (x32 Version: 1.0.0.1055 - Electronic Arts)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 306.97 (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
NWZ-E380 WALKMAN Guide (x32 Version: 2.2.0.05230 - Sony Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PerformanceTest v7.0 (64-bit) (Version: 7.0 - Passmark Software)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
StreamTorrent 1.0 (x32 Version:  - )
Tinypic 3.18 (x32 Version: Tinypic 3.18 - E. Fiedler)
T-Mobile Internet Manager (x32 Version: 11.301.05.34.55 - Huawei Technologies Co.,Ltd)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0 - Intel)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC Codec Pack 2.0.5 (x32 Version: 2.0.5 - VLC Codec Pack)
VLC media player 2.0.7 (x32 Version: 2.0.7 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (x32 Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wondershare MobileGo for Android ( Version 4.1.0 ) (x32 Version: 4.1.0 - Wondershare)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

21-01-2014 19:21:24 Windows Update
29-01-2014 05:34:57 Windows Update
01-02-2014 08:18:01 Windows Update
03-02-2014 21:50:27 Installiert Suite
04-02-2014 19:16:17 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-11-24 20:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {07616372-F801-458D-9C14-C9930D6095B1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-15] (Microsoft Corporation)
Task: {26E05DF4-BA16-4773-9D52-1856B958F2D4} - System32\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-08] (Google Inc.)
Task: {2AC5E9FB-C833-417D-BCA0-DF724A13DAE7} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {31292C74-82D3-42F1-AF98-72C05ED4F97A} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-28] (Acer Incorporated)
Task: {3866C1B3-BD31-4AAE-BE41-6B76C99E152C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-02] (Google Inc.)
Task: {56EDC0BA-DB57-4CAA-B1BF-984035D1F313} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-08] (Google Inc.)
Task: {8A765899-89D1-4338-84CC-7988A4094513} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core => C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-02] (Google Inc.)
Task: {8B0876B7-E6EE-4708-B12D-CEED3FE1DF23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-27] (Adobe Systems Incorporated)
Task: {8B190B07-25CD-4C60-B7DE-ED46853CA1DA} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {9B25315B-EB80-49AB-BF95-7A3210569938} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {A308C948-BEB7-4EFF-BFD8-EF0E66F65DA0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {EF3DBADD-B74B-4C0D-8182-F928CFE3CACA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F41D5C2B-0A28-490D-A526-6CAB87484240} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316 => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-02] (Google Inc.)
Task: {F87FA238-C6DB-4B39-A405-E68BFAF7722C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa => C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-02] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job => C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job => C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-23 17:15 - 2013-11-23 17:15 - 02492416 _____ () C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll
2013-11-23 17:15 - 2013-11-23 17:15 - 02179072 _____ () C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll
2009-01-21 16:45 - 2009-01-21 16:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-10-14 04:57 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2012-06-02 13:17 - 2013-12-20 17:48 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-27 15:25 - 2014-01-27 15:25 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
2013-08-20 08:23 - 2013-08-20 08:23 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f60b3ee2de3f41a024920486d46d49f2\IsdiInterop.ni.dll
2011-10-14 04:15 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2014 08:13:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 00:52:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 00:49:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 07:47:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 00:34:23 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/03/2014 10:37:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 10:27:41 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000000000054eea
ID des fehlerhaften Prozesses: 0xfa0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (02/03/2014 10:08:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 04:21:43 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/03/2014 04:12:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/04/2014 08:15:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (02/04/2014 08:15:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (02/04/2014 00:53:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (02/04/2014 00:53:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (02/04/2014 00:50:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:
%%-2147467243

Error: (02/04/2014 00:50:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (02/04/2014 00:50:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "wscsvc" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (02/04/2014 00:50:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (02/04/2014 00:50:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (02/04/2014 00:50:08 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056


Microsoft Office Sessions:
=========================
Error: (02/04/2014 08:13:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 00:52:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 00:49:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 07:47:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 00:34:23 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/03/2014 10:37:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 10:27:41 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c00000fd0000000000054eeafa001cf212412d5a694C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll0265be04-8d1a-11e3-b7b5-dc0ea12b1b2b

Error: (02/03/2014 10:08:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 04:21:43 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/03/2014 04:12:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-11-24 20:28:57.489
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-24 20:28:57.427
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-24 20:28:57.380
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-24 20:28:57.317
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-24 16:53:36.298
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-24 16:53:36.251
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 8043.86 MB
Available physical RAM: 5697.97 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13484.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:913.41 GB) (Free:595.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6226A998)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=913 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 05.02.2014 13:11
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2098008458-3402727504-3613341839-1003\...\Run: [Orbitum] - C:\Users\Andi\AppData\Local\Orbitum\Application\chrome.exe
HKU\S-1-5-21-2098008458-3402727504-3613341839-1003\...\Run: [Udbmedia] - regsvr32.exe C:\Users\Andi\AppData\Local\Udbmedia\jcstums.dll <===== ATTENTION
2014-01-22 13:52 - 2014-01-22 13:53 - 00000000 ____D () C:\Users\Angi\AppData\Local\Udbmedia
C:\Users\Admin\AppData\Local\temp\D77.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Wenn die Meldung jetzt immer noch kommt dreh ich durch :D

oigen 07.02.2014 07:00
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2014
Ran by Admin at 2014-02-07 06:52:59 Run:13
Running from C:\Users\Andi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2098008458-3402727504-3613341839-1003\...\Run: [Orbitum] - C:\Users\Andi\AppData\Local\Orbitum\Application\chrome.exe
HKU\S-1-5-21-2098008458-3402727504-3613341839-1003\...\Run: [Udbmedia] - regsvr32.exe C:\Users\Andi\AppData\Local\Udbmedia\jcstums.dll <===== ATTENTION
2014-01-22 13:52 - 2014-01-22 13:53 - 00000000 ____D () C:\Users\Angi\AppData\Local\Udbmedia
C:\Users\Admin\AppData\Local\temp\D77.exe
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.
HKU\S-1-5-21-2098008458-3402727504-3613341839-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Orbitum => Value deleted successfully.
HKU\S-1-5-21-2098008458-3402727504-3613341839-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Udbmedia => Value deleted successfully.
C:\Users\Angi\AppData\Local\Udbmedia => Moved successfully.
C:\Users\Admin\AppData\Local\temp\D77.exe => Moved successfully.

==== End of Fixlog ====
Also die Meldung ist jetzt weg - du musst nicht durchdrehen :daumenhoc

Den Pfad

C:\FRST\Quarantine\_OTM\MovedFiles\12162013_202043\C_FRST\Quarantine\Install

kann ich aber unverändert nicht löschen...

schrauber 08.02.2014 10:22
Das machen wir jetzt :D

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
DeleteQuarantine:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


oigen 08.02.2014 10:35
Gut so - hat geklappt :applaus:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2014
Ran by Admin at 2014-02-08 10:33:55 Run:14
Running from C:\Users\Andi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
DeleteQuarantine:
*****************

C:\FRST\Quarantine => Removed successfully.

==== End of Fixlog ====

schrauber 09.02.2014 08:33
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

oigen 09.02.2014 10:07
Nochmals danke für die Infos - aber es gibt noch eine Fehlermeldung die seit kurzem beim User meiner Frau auftritt:

Fehler beim Laden des Moduls

"C:\Users\Angi\AppData\Local\Ud...\EP0NGR00.DLL"

Stelln Sie sicher, dass die Binärdatei am angegebenen Pfad gespeichert ist, oder debuggen Sie die Datei,
um Probleme mit der binären Datei oder abhängigen DLL-Dateien auszuschließen.

Das angegebene Modul wurde nicht gefunden.

Danke,
Andi

schrauber 10.02.2014 08:12
Bitte nochmal kurz nen frisches FRST log :)

oigen 10.02.2014 22:38

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014
Ran by Admin (administrator) on PC on 10-02-2014 22:31:24
Running from C:\Users\Angi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Everio MediaBrowser 4\MBCameraMonitor.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(Dropbox, Inc.) C:\Users\Angi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-10-27] (CyberLink Corp.)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2012-06-02] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2098008458-3402727504-3613341839-1001\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-2098008458-3402727504-3613341839-1001\...\Run: [Wondershare Helper Compact] - "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
HKU\S-1-5-21-2098008458-3402727504-3613341839-1002\...\Run: [Google Update] - C:\Users\Angi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-02] (Google Inc.)
HKU\S-1-5-21-2098008458-3402727504-3613341839-1002\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-2098008458-3402727504-3613341839-1002\...\Run: [Udbmedia] - regsvr32.exe C:\Users\Angi\AppData\Local\Udbmedia\EP0NGR00.DLL <===== ATTENTION
HKU\S-1-5-21-2098008458-3402727504-3613341839-1002\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2098008458-3402727504-3613341839-1002\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2098008458-3402727504-3613341839-1002\...\MountPoints2: {10e3d94e-ad86-11e1-b219-001e101f1f81} - E:\AutoRun.exe
HKU\S-1-5-21-2098008458-3402727504-3613341839-1002\...\MountPoints2: {8cf2d829-4bc2-11e2-b468-001e101f7fb6} - E:\AutoRun.exe
HKU\S-1-5-21-2098008458-3402727504-3613341839-1002\...\MountPoints2: {9a409562-acd6-11e1-9bc0-642737311941} - E:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4227D410-6AA1-42B3-9995-001DD2C8E53B}: [NameServer]213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{ACF8C42B-3FAB-4EA1-9E15-28CDA0A662A4}: [NameServer]213.162.69.170 213.162.69.2
Tcpip\..\Interfaces\{EFE5D906-626A-491A-B1CC-69F3BF926A2A}: [NameServer]213.162.69.2 213.162.69.170

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kpmgns1t.default
FF Homepage: hxxp://www.google.at/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-03]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-03]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: qvo6
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-02]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-02]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-02]

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-03] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-10 22:31 - 2014-02-10 22:31 - 00018759 _____ () C:\Users\Angi\Desktop\FRST.txt
2014-02-10 21:38 - 2014-02-10 21:38 - 00000000 ____D () C:\Windows\de
2014-02-10 21:28 - 2014-02-10 21:28 - 00000000 ____D () C:\Windows\bg
2014-02-10 21:28 - 2014-02-10 21:28 - 00000000 ____D () C:\Windows\ar
2014-02-10 21:27 - 2014-02-10 21:27 - 00000000 ____D () C:\Windows\el
2014-02-10 21:27 - 2014-02-10 21:27 - 00000000 ____D () C:\Windows\da
2014-02-10 21:27 - 2014-02-10 21:27 - 00000000 ____D () C:\Windows\cs
2014-02-10 21:26 - 2014-02-10 21:26 - 00000000 ____D () C:\Windows\fi
2014-02-10 21:26 - 2014-02-10 21:26 - 00000000 ____D () C:\Windows\es
2014-02-10 21:26 - 2014-02-10 21:26 - 00000000 ____D () C:\Windows\en
2014-02-10 21:25 - 2014-02-10 21:25 - 00000000 ____D () C:\Windows\he
2014-02-10 21:25 - 2014-02-10 21:25 - 00000000 ____D () C:\Windows\fr
2014-02-10 21:24 - 2014-02-10 21:24 - 00000000 ____D () C:\Windows\it
2014-02-10 21:24 - 2014-02-10 21:24 - 00000000 ____D () C:\Windows\hu
2014-02-10 21:24 - 2014-02-10 21:24 - 00000000 ____D () C:\Windows\hr
2014-02-10 21:23 - 2014-02-10 21:23 - 00000000 ____D () C:\Windows\pl
2014-02-10 21:23 - 2014-02-10 21:23 - 00000000 ____D () C:\Windows\nl
2014-02-10 21:22 - 2014-02-10 21:22 - 00000000 ____D () C:\Windows\ro
2014-02-10 21:21 - 2014-02-10 21:21 - 00000000 ____D () C:\Windows\sl
2014-02-10 21:21 - 2014-02-10 21:21 - 00000000 ____D () C:\Windows\sk
2014-02-10 21:21 - 2014-02-10 21:21 - 00000000 ____D () C:\Windows\ru
2014-02-10 21:20 - 2014-02-10 21:20 - 00000000 ____D () C:\Windows\tr
2014-02-10 21:20 - 2014-02-10 21:20 - 00000000 ____D () C:\Windows\th
2014-02-10 21:20 - 2014-02-10 21:20 - 00000000 ____D () C:\Windows\sv
2014-02-10 21:19 - 2014-02-10 21:19 - 00000000 ____D () C:\Windows\ca
2014-02-10 20:59 - 2014-02-10 21:58 - 00000000 ____D () C:\Users\Angi\Documents\Everio MediaBrowser 4
2014-02-10 20:55 - 2014-02-10 20:55 - 00000908 _____ () C:\Users\Public\Desktop\Everio MediaBrowser 4.lnk
2014-02-10 20:55 - 2014-02-10 20:55 - 00000902 _____ () C:\Users\Public\Desktop\Everio MediaBrowser 4 Player.lnk
2014-02-10 20:55 - 2014-02-10 20:55 - 00000000 ____D () C:\Program Files (x86)\PIXELA
2014-02-10 20:50 - 2014-02-10 20:50 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-10 20:50 - 2013-02-05 22:06 - 00057840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-02-10 20:44 - 2014-02-10 20:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\Windows Live
2014-02-10 20:37 - 2014-02-10 20:39 - 142602520 _____ (Microsoft Corporation) C:\Users\Angi\Downloads\wlsetup-all.exe
2014-02-09 10:24 - 2014-02-09 10:25 - 00047104 ___SH () C:\Users\Andi\Thumbs.db
2014-02-08 06:07 - 2014-02-08 06:07 - 00029184 _____ () C:\Users\Angi\Downloads\Helfer 1. Cup (2).xls
2014-02-07 17:23 - 2014-02-07 17:24 - 00000000 ____D () C:\Bewerbungen
2014-02-03 22:58 - 2014-02-03 22:58 - 03335096 _____ (Peter A. Gebhard ) C:\Users\Andi\Downloads\drh2014d.exe
2014-02-03 22:30 - 2014-02-03 22:30 - 00000317 _____ () C:\Users\Andi\Desktop\Post.txt
2014-02-02 15:06 - 2014-02-02 15:06 - 00029184 _____ () C:\Users\Angi\Downloads\Helfer 1. Cup (1).xls
2014-02-02 10:05 - 2014-02-02 10:05 - 00029184 _____ () C:\Users\Angi\Downloads\Helfer 1. Cup.xls
2014-01-26 17:06 - 2014-01-26 17:06 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Garmin
2014-01-25 09:06 - 2014-01-25 09:06 - 00262144 _____ () C:\Windows\Minidump\012514-23290-01.dmp
2014-01-21 20:26 - 2014-02-04 20:17 - 00033630 _____ () C:\Users\Andi\Desktop\Addition.txt
2014-01-20 22:03 - 2014-02-07 06:51 - 02079744 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2014-01-20 16:46 - 2014-01-20 16:46 - 00002130 _____ () C:\Users\Public\Desktop\NWZ-E380 WALKMAN Guide.lnk
2014-01-20 16:45 - 2014-01-20 16:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2014-01-20 16:44 - 2014-01-20 16:44 - 00000562 _____ () C:\Windows\wmsetup.log
2014-01-20 16:44 - 2014-01-20 16:44 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-01-19 11:01 - 2014-01-19 11:02 - 18864072 _____ () C:\Users\Angi\Downloads\CommunicatorPlugin_410 (1).exe
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D () C:\Program Files\Garmin GPS Plugin
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D () C:\Program Files (x86)\Garmin GPS Plugin
2014-01-19 10:55 - 2014-01-19 10:56 - 18864072 _____ () C:\Users\Angi\Downloads\CommunicatorPlugin_410.exe
2014-01-16 06:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 06:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 06:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 06:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-10 22:32 - 2014-02-10 22:31 - 00018759 _____ () C:\Users\Angi\Desktop\FRST.txt
2014-02-10 22:31 - 2014-01-05 09:36 - 00000000 ____D () C:\Users\Angi\Desktop\FRST-OlderVersion
2014-02-10 22:31 - 2014-01-03 21:00 - 02150400 _____ (Farbar) C:\Users\Angi\Desktop\FRST64.exe
2014-02-10 22:31 - 2013-12-23 01:49 - 00000000 ____D () C:\FRST
2014-02-10 22:31 - 2013-11-24 08:26 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001UA1cee8e678ff332c.job
2014-02-10 22:23 - 2013-10-12 20:12 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002UA1cec77f502d0aa.job
2014-02-10 22:09 - 2012-07-25 15:09 - 00000000 ____D () C:\Users\Angi\AppData\Local\Windows Live
2014-02-10 22:04 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 22:04 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 22:03 - 2013-12-09 00:58 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef47153d6009b.job
2014-02-10 21:59 - 2012-01-15 19:22 - 01227396 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 21:58 - 2014-02-10 20:59 - 00000000 ____D () C:\Users\Angi\Documents\Everio MediaBrowser 4
2014-02-10 21:57 - 2013-12-01 20:43 - 00000000 ___RD () C:\Users\Angi\Dropbox
2014-02-10 21:57 - 2013-12-01 20:39 - 00000000 ____D () C:\Users\Angi\AppData\Roaming\Dropbox
2014-02-10 21:57 - 2013-07-08 16:40 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 21:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-10 21:56 - 2009-07-14 05:51 - 00204313 _____ () C:\Windows\setupact.log
2014-02-10 21:38 - 2014-02-10 21:38 - 00000000 ____D () C:\Windows\de
2014-02-10 21:37 - 2012-10-10 22:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-10 21:28 - 2014-02-10 21:28 - 00000000 ____D () C:\Windows\bg
2014-02-10 21:28 - 2014-02-10 21:28 - 00000000 ____D () C:\Windows\ar
2014-02-10 21:27 - 2014-02-10 21:27 - 00000000 ____D () C:\Windows\el
2014-02-10 21:27 - 2014-02-10 21:27 - 00000000 ____D () C:\Windows\da
2014-02-10 21:27 - 2014-02-10 21:27 - 00000000 ____D () C:\Windows\cs
2014-02-10 21:26 - 2014-02-10 21:26 - 00000000 ____D () C:\Windows\fi
2014-02-10 21:26 - 2014-02-10 21:26 - 00000000 ____D () C:\Windows\es
2014-02-10 21:26 - 2014-02-10 21:26 - 00000000 ____D () C:\Windows\en
2014-02-10 21:25 - 2014-02-10 21:25 - 00000000 ____D () C:\Windows\he
2014-02-10 21:25 - 2014-02-10 21:25 - 00000000 ____D () C:\Windows\fr
2014-02-10 21:24 - 2014-02-10 21:24 - 00000000 ____D () C:\Windows\it
2014-02-10 21:24 - 2014-02-10 21:24 - 00000000 ____D () C:\Windows\hu
2014-02-10 21:24 - 2014-02-10 21:24 - 00000000 ____D () C:\Windows\hr
2014-02-10 21:23 - 2014-02-10 21:23 - 00000000 ____D () C:\Windows\pl
2014-02-10 21:23 - 2014-02-10 21:23 - 00000000 ____D () C:\Windows\nl
2014-02-10 21:22 - 2014-02-10 21:22 - 00000000 ____D () C:\Windows\ro
2014-02-10 21:21 - 2014-02-10 21:21 - 00000000 ____D () C:\Windows\sl
2014-02-10 21:21 - 2014-02-10 21:21 - 00000000 ____D () C:\Windows\sk
2014-02-10 21:21 - 2014-02-10 21:21 - 00000000 ____D () C:\Windows\ru
2014-02-10 21:20 - 2014-02-10 21:20 - 00000000 ____D () C:\Windows\tr
2014-02-10 21:20 - 2014-02-10 21:20 - 00000000 ____D () C:\Windows\th
2014-02-10 21:20 - 2014-02-10 21:20 - 00000000 ____D () C:\Windows\sv
2014-02-10 21:19 - 2014-02-10 21:19 - 00000000 ____D () C:\Windows\ca
2014-02-10 20:55 - 2014-02-10 20:55 - 00000908 _____ () C:\Users\Public\Desktop\Everio MediaBrowser 4.lnk
2014-02-10 20:55 - 2014-02-10 20:55 - 00000902 _____ () C:\Users\Public\Desktop\Everio MediaBrowser 4 Player.lnk
2014-02-10 20:55 - 2014-02-10 20:55 - 00000000 ____D () C:\Program Files (x86)\PIXELA
2014-02-10 20:55 - 2011-10-14 04:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-10 20:54 - 2012-01-16 04:15 - 00669464 _____ () C:\Windows\system32\perfh007.dat
2014-02-10 20:54 - 2012-01-16 04:15 - 00134990 _____ () C:\Windows\system32\perfc007.dat
2014-02-10 20:54 - 2009-07-14 06:13 - 01528428 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-10 20:51 - 2011-10-14 04:35 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-10 20:50 - 2014-02-10 20:50 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-10 20:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-10 20:48 - 2011-10-14 04:34 - 00010451 _____ () C:\Windows\DirectX.log
2014-02-10 20:44 - 2014-02-10 20:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\Windows Live
2014-02-10 20:39 - 2014-02-10 20:37 - 142602520 _____ (Microsoft Corporation) C:\Users\Angi\Downloads\wlsetup-all.exe
2014-02-09 17:23 - 2012-06-02 13:35 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1002Core.job
2014-02-09 13:16 - 2013-11-10 14:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\BitTorrent
2014-02-09 13:14 - 2012-06-05 06:01 - 00000000 ____D () C:\Users\Andi\AppData\Local\PowerCinema
2014-02-09 13:13 - 2013-08-27 06:26 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\vlc
2014-02-09 10:25 - 2014-02-09 10:24 - 00047104 ___SH () C:\Users\Andi\Thumbs.db
2014-02-09 10:24 - 2012-06-05 06:00 - 00000000 ____D () C:\Users\Andi
2014-02-09 10:10 - 2013-11-15 20:17 - 00000000 ____D () C:\Hörbücher
2014-02-09 09:53 - 2012-06-02 13:28 - 00000000 ____D () C:\Users\Angi\AppData\Local\PowerCinema
2014-02-09 08:31 - 2013-09-13 22:21 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098008458-3402727504-3613341839-1001Core1ceb0c727a22316.job
2014-02-09 06:35 - 2014-02-09 06:35 - 00000000 ____D () C:\Users\Andi\Downloads\HazeHer_-_Running_Drills_HD_720p
2014-02-08 06:07 - 2014-02-08 06:07 - 00029184 _____ () C:\Users\Angi\Downloads\Helfer 1. Cup (2).xls
2014-02-07 23:11 - 2012-08-14 20:29 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\SoftGrid Client
2014-02-07 17:24 - 2014-02-07 17:23 - 00000000 ____D () C:\Bewerbungen
2014-02-07 07:01 - 2014-01-05 21:32 - 00000000 ____D () C:\Users\Andi\AppData\Local\Udbmedia
2014-02-07 06:52 - 2012-06-02 11:21 - 00000000 ____D () C:\Users\Admin
2014-02-07 06:51 - 2014-01-20 22:03 - 02079744 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe
2014-02-07 06:51 - 2014-01-10 20:09 - 00000000 ____D () C:\Users\Andi\Desktop\FRST-OlderVersion
2014-02-04 22:37 - 2012-10-10 22:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 21:37 - 2013-12-09 23:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 21:37 - 2011-10-14 04:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 20:18 - 2014-01-01 19:34 - 00032051 _____ () C:\Users\Andi\Desktop\FRST.txt
2014-02-04 20:17 - 2014-01-21 20:26 - 00033630 _____ () C:\Users\Andi\Desktop\Addition.txt
2014-02-04 12:48 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-03 22:58 - 2014-02-03 22:58 - 03335096 _____ (Peter A. Gebhard ) C:\Users\Andi\Downloads\drh2014d.exe
2014-02-03 22:54 - 2012-01-15 19:50 - 00012914 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-02-03 22:53 - 2012-01-15 19:51 - 00003424 _____ () C:\Windows\System32\Tasks\clear.fi
2014-02-03 22:53 - 2012-01-15 19:51 - 00003372 _____ () C:\Windows\System32\Tasks\DMREngine
2014-02-03 22:53 - 2012-01-15 19:51 - 00003354 _____ () C:\Windows\System32\Tasks\clear.fiAgent
2014-02-03 22:52 - 2012-06-02 13:24 - 00000000 ____D () C:\Users\Admin\AppData\Local\Cyberlink
2014-02-03 22:51 - 2012-01-15 19:50 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-03 22:30 - 2014-02-03 22:30 - 00000317 _____ () C:\Users\Andi\Desktop\Post.txt
2014-02-02 15:06 - 2014-02-02 15:06 - 00029184 _____ () C:\Users\Angi\Downloads\Helfer 1. Cup (1).xls
2014-02-02 10:05 - 2014-02-02 10:05 - 00029184 _____ () C:\Users\Angi\Downloads\Helfer 1. Cup.xls
2014-01-28 08:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-27 15:25 - 2013-12-09 23:48 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-01-27 01:54 - 2013-09-26 22:52 - 00000000 ____D () C:\Users\Andi\Documents\Urlaub
2014-01-26 17:06 - 2014-01-26 17:06 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Garmin
2014-01-25 09:06 - 2014-01-25 09:06 - 00262144 _____ () C:\Windows\Minidump\012514-23290-01.dmp
2014-01-25 09:06 - 2012-07-09 11:24 - 00000000 ____D () C:\Windows\Minidump
2014-01-25 09:06 - 2012-07-09 11:23 - 538541837 _____ () C:\Windows\MEMORY.DMP
2014-01-22 15:21 - 2012-06-04 21:30 - 00000000 ____D () C:\MP3
2014-01-22 13:37 - 2012-06-02 16:08 - 00000000 ____D () C:\Users\Angi\AppData\Roaming\Adobe
2014-01-20 19:53 - 2010-11-21 04:47 - 00393070 _____ () C:\Windows\PFRO.log
2014-01-20 16:46 - 2014-01-20 16:46 - 00002130 _____ () C:\Users\Public\Desktop\NWZ-E380 WALKMAN Guide.lnk
2014-01-20 16:45 - 2014-01-20 16:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2014-01-20 16:44 - 2014-01-20 16:44 - 00000562 _____ () C:\Windows\wmsetup.log
2014-01-20 16:44 - 2014-01-20 16:44 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-01-20 16:44 - 2012-06-07 10:57 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-01-19 11:02 - 2014-01-19 11:01 - 18864072 _____ () C:\Users\Angi\Downloads\CommunicatorPlugin_410 (1).exe
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D () C:\Program Files\Garmin GPS Plugin
2014-01-19 10:58 - 2014-01-19 10:58 - 00000000 ____D () C:\Program Files (x86)\Garmin GPS Plugin
2014-01-19 10:56 - 2014-01-19 10:55 - 18864072 _____ () C:\Users\Angi\Downloads\CommunicatorPlugin_410.exe
2014-01-18 18:34 - 2012-06-02 13:28 - 00000000 ___RD () C:\Users\Angi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 19:39 - 2009-07-14 05:45 - 00481440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 06:29 - 2013-08-15 14:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 06:25 - 2013-08-15 14:17 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 13:27 - 2013-09-12 06:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 09:54

==================== End Of Log ============================
--- --- ---

schrauber 11.02.2014 18:03
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-2098008458-3402727504-3613341839-1002\...\Run: [Udbmedia] - regsvr32.exe C:\Users\Angi\AppData\Local\Udbmedia\EP0NGR00.DLL <===== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


oigen 12.02.2014 00:08
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 01
Ran by Admin at 2014-02-12 00:05:21 Run:15
Running from C:\Users\Angi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2098008458-3402727504-3613341839-1002\...\Run: [Udbmedia] - regsvr32.exe C:\Users\Angi\AppData\Local\Udbmedia\EP0NGR00.DLL <===== ATTENTION
*****************

HKU\S-1-5-21-2098008458-3402727504-3613341839-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Udbmedia => Value deleted successfully.

==== End of Fixlog ====

schrauber 12.02.2014 18:33
Meldung weg?

oigen 14.02.2014 17:12
Ja - Meldung ist weg, danke! :daumenhoc

schrauber 15.02.2014 15:40
fertig :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:18 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55