Hallo an Alle!
Ich befinde mich seit etlichen Wochen in einer Klinik und benutze das dortige, offene W-Lan.
Dies wird von vielen anderen Patienten ebenfalls häufig und oft benutzt. (Mit: Smartphones, Tablets, Laptops und öffentlich benutzbare Desktop PCs die für jeden frei zugänglich sind)
Öffentliche Desktop-PCs: Leute drücken munter in ihren Spam E-Mails .exe Dateien an, AVG schlägt Alarm. (Um es nicht mit ihrem Rechner zu testen)
Laptops von anderen Patienten: Avira dort mal 9 Funde, AVG dort mal 5 Funde. usw.
Alles in allem sind manche Benutzer (für meine Begriffe) mit nicht sauberen Geräten im Wlan.
Mir ist aufgefallen das wenn ich den Task Manager/Process Explorer öffne, mehr Prozesse als vorher aufzufinden sind (obwohl ich ehrlich gesagt auch viel mehr nach schaue seitdem ich das offene W-Lan benutze.) Kann mich natürlich auch täuschen:
: -> conhost (manchmal 2x), taskhost, wlanext, crss, wininit, winlogon (kam glaube ich nach der Spybot Search & Destroy Installation) -> Ich habe mit ProcessExplorer die VirusTotal einreiche Funktion genutzt, bei keinem Prozess lt. VirusTotal etwas auffälliges)
Ich möchte bitte gerne Wissen ob bei meinem Laptop noch alles normal verläuft:
Vielen Dank im Voraus und viele Grüße
- Windows: Windows 7 Professional 64-Bit Version (6.1, Build 7601)
-> (Ich habe manuell Dienste deaktiviert/verändert, auf Wunsch kann ich die Liste posten)
- Viren Scanner: Eset Smart Security 7.0.302.26
-> (Es befinden sich von vor ein paar Monaten Objekte in der Quarantäne)
- Malwarebytes Free Version (aktuell)
-> Bissher keine Funde
- Hijackthis:
-> In der Vergangenheit meine Logs bei hijackthis.de ausgewertet und Fixes vorgenommen.
- Spybot Search and Destroy Free Version (aktuell)
-> Hat mir irgendwelche Registry Dinger angezeigt (Risiko Grün = gering) die ich nicht gefixt habe.
- CCleaner
-> (Cleaner benutzt + in der Vergangenheit das Registry Fix Ding)
Defogger: (keine Fehlermeldung) Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:37 on 16/05/2014 (Andreas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Andreas (administrator) on CHFGHT8 on 16-05-2014 11:45:17
Running from C:\Users\Andreas\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4511\Battle.net.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62
FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Andreas\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\artur.dubovoy@gmail.com [2014-05-09]
FF Extension: HTTPS-Everywhere - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\https-everywhere@eff.org [2014-04-27]
FF Extension: anonymoX - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\client@anonymox.net.xpi [2013-08-22]
FF Extension: Ghostery - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\firefox@ghostery.com.xpi [2013-08-18]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\info@convert2mp3.net.xpi [2013-06-07]
FF Extension: RefControl - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2013-08-22]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2013-08-22]
FF Extension: HTTPS Finder - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi [2013-08-22]
FF Extension: NoScript - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-07]
FF Extension: Adblock Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-04]
FF Extension: BetterPrivacy - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-08-22]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-09]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-09]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5824512 2013-05-31] (Broadcom Corporation)
==================== Drivers (Whitelisted) ====================
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-20] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-14] (Synaptics Incorporated)
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-16 11:45 - 2014-05-16 11:45 - 00010021 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-05-16 11:44 - 2014-05-16 11:45 - 02067456 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-05-16 11:38 - 2014-05-16 11:45 - 00000000 ____D () C:\FRST
2014-05-16 11:37 - 2014-05-16 11:37 - 00000476 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2014-05-16 11:37 - 2014-05-16 11:37 - 00000000 _____ () C:\Users\Andreas\defogger_reenable
2014-05-16 11:36 - 2014-05-16 11:36 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2014-05-16 11:20 - 2014-05-16 11:45 - 00001203 _____ () C:\Users\Andreas\Desktop\trojaner.txt
2014-05-15 21:37 - 2014-05-15 23:21 - 00000119 _____ () C:\Users\Andreas\Desktop\wow.txt
2014-05-15 11:00 - 2014-05-16 11:35 - 00000000 ____D () C:\Users\Andreas\Documents\bookmarks
2014-05-14 22:34 - 2014-05-16 09:59 - 00000280 _____ () C:\Windows\setupact.log
2014-05-14 22:34 - 2014-05-14 22:34 - 00294712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-14 22:34 - 2014-05-14 22:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-14 14:31 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 14:31 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 14:31 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 14:31 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 14:31 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 14:31 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 10:59 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 10:59 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 10:59 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 10:59 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 10:59 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 10:59 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 10:59 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 10:59 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 10:59 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 10:59 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 10:59 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 10:59 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 10:59 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 10:59 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 10:59 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 10:59 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 10:59 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 10:59 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 10:59 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 10:59 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 10:59 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 10:59 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 10:59 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 10:59 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 10:59 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 10:59 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 10:59 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 10:59 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 10:59 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 10:59 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 10:58 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 10:58 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 10:58 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 10:58 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-12 23:34 - 2014-05-12 23:44 - 00000254 _____ () C:\Users\Andreas\Desktop\LESEN.txt
2014-05-12 22:57 - 2014-05-12 22:57 - 00000000 ____D () C:\Users\Andreas\Documents\ProcAlyzer Dumps
2014-05-12 22:52 - 2014-05-14 15:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-12 22:52 - 2014-05-12 22:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-12 22:52 - 2014-05-12 22:52 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-12 22:52 - 2014-05-12 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-12 22:52 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-05-12 22:08 - 2014-05-12 22:08 - 00000000 __SHD () C:\Users\Andreas\AppData\Local\EmieUserList
2014-05-12 22:08 - 2014-05-12 22:08 - 00000000 __SHD () C:\Users\Andreas\AppData\Local\EmieSiteList
2014-05-12 00:07 - 2014-05-12 00:13 - 33748743 ____H () C:\Users\Andreas\Downloads\sdgsg.flv
2014-05-12 00:03 - 2014-05-12 00:05 - 51899193 ____H () C:\Users\Andreas\Downloads\sdgshsg.flv
2014-05-12 00:02 - 2014-05-12 00:04 - 12015699 ____H () C:\Users\Andreas\Downloads\segsg.flv
2014-05-12 00:01 - 2014-05-12 00:01 - 02293224 ____H () C:\Users\Andreas\Downloads\regsfg.flv
2014-05-11 23:35 - 2014-05-11 23:35 - 00000091 _____ () C:\Users\Andreas\Documents\einstellungen windows.txt
2014-05-09 10:44 - 2014-05-09 10:44 - 00000000 ____D () C:\Users\Andreas\Documents\forex
2014-05-07 20:06 - 2014-05-07 21:13 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\TS3Client
2014-05-07 20:05 - 2014-05-07 20:05 - 00001166 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-05-07 20:05 - 2014-05-07 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-07 20:05 - 2014-05-07 20:05 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-05-06 19:39 - 2014-05-06 19:39 - 00000052 _____ () C:\Users\Andreas\Desktop\nicknames.txt
2014-05-06 18:56 - 2014-05-15 13:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-06 18:56 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-06 18:56 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-06 18:56 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-29 15:39 - 2014-04-29 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader - AAAFx
2014-04-29 15:36 - 2014-04-29 15:39 - 00000000 ____D () C:\MT4
2014-04-28 19:01 - 2014-04-28 19:01 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\SanDisk
2014-04-25 23:49 - 2014-04-25 23:49 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Wireshark
2014-04-25 23:47 - 2014-04-25 23:48 - 00000000 ____D () C:\Program Files\Wireshark
2014-04-25 23:47 - 2014-04-25 23:47 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-04-25 23:47 - 2014-04-25 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-04-25 23:47 - 2014-04-25 23:47 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-04-25 21:13 - 2014-05-14 14:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-22 13:42 - 2014-05-12 00:18 - 00000000 ____D () C:\android
2014-04-21 10:27 - 2014-04-21 10:27 - 00000000 ____D () C:\Users\Andreas\.eclipse
2014-04-21 00:00 - 2014-04-21 22:57 - 00000000 ____D () C:\Users\Andreas\.android
2014-04-20 23:44 - 2014-04-20 23:44 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-20 23:44 - 2014-04-20 23:44 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-20 23:44 - 2014-04-20 23:44 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-20 23:44 - 2014-04-20 23:44 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-20 23:44 - 2014-04-20 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-04-20 23:44 - 2014-04-20 23:44 - 00000000 ____D () C:\Program Files\Java
2014-04-20 23:34 - 2014-04-20 23:33 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-20 23:33 - 2014-04-20 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 23:14 - 2014-05-14 22:20 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
2014-04-20 23:14 - 2014-04-20 23:14 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-20 23:14 - 2014-04-20 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-04-20 23:14 - 2014-04-20 23:14 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-04-20 23:13 - 2014-04-20 23:16 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-04-20 20:54 - 2014-04-20 20:54 - 00000000 ____D () C:\Users\Andreas\Documents\StarCraft II
2014-04-20 20:54 - 2014-04-20 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-04-20 20:53 - 2014-04-20 22:03 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-04-16 20:32 - 2014-04-16 20:32 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\OpenOffice
2014-04-16 20:22 - 2014-04-16 20:22 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-16 20:22 - 2014-04-16 20:22 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-16 20:21 - 2014-04-16 20:22 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-16 14:47 - 2014-04-16 14:51 - 37550135 ____H () C:\Users\Andreas\Downloads\95c0b8750b941f5779e1cab6dfc6753e.mp4
2014-04-16 14:47 - 2014-04-16 14:48 - 15205820 ____H () C:\Users\Andreas\Downloads\49911f994205fc439d20f151e21d4142.mp4
2014-04-16 14:47 - 2014-04-16 14:48 - 102803441 ____H () C:\Users\Andreas\Downloads\fa60ba935db15ecc61baf591f1c0ab71.mp4
2014-04-16 14:46 - 2014-04-16 14:48 - 78347742 ____H () C:\Users\Andreas\Downloads\yadfag.mp4
2014-04-16 14:45 - 2014-04-16 14:45 - 08345158 ____H () C:\Users\Andreas\Downloads\7e175e1d58915f87c6bb4c0e9f75d9eb.mp4
==================== One Month Modified Files and Folders =======
2014-05-16 11:45 - 2014-05-16 11:45 - 00010021 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-05-16 11:45 - 2014-05-16 11:44 - 02067456 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-05-16 11:45 - 2014-05-16 11:38 - 00000000 ____D () C:\FRST
2014-05-16 11:45 - 2014-05-16 11:20 - 00001203 _____ () C:\Users\Andreas\Desktop\trojaner.txt
2014-05-16 11:42 - 2014-01-17 22:37 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Battle.net
2014-05-16 11:42 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-16 11:42 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-16 11:37 - 2014-05-16 11:37 - 00000476 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2014-05-16 11:37 - 2014-05-16 11:37 - 00000000 _____ () C:\Users\Andreas\defogger_reenable
2014-05-16 11:37 - 2013-05-31 15:45 - 00000000 ____D () C:\Users\Andreas
2014-05-16 11:36 - 2014-05-16 11:36 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2014-05-16 11:35 - 2014-05-15 11:00 - 00000000 ____D () C:\Users\Andreas\Documents\bookmarks
2014-05-16 11:02 - 2013-05-31 15:36 - 01194197 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 10:06 - 2013-06-01 01:31 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-16 10:06 - 2013-06-01 01:31 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-16 10:06 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-16 09:59 - 2014-05-14 22:34 - 00000280 _____ () C:\Windows\setupact.log
2014-05-16 09:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-15 23:31 - 2013-06-27 17:08 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\vlc
2014-05-15 23:21 - 2014-05-15 21:37 - 00000119 _____ () C:\Users\Andreas\Desktop\wow.txt
2014-05-15 14:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 13:51 - 2014-05-06 18:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 22:34 - 2014-05-14 22:34 - 00294712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-14 22:34 - 2014-05-14 22:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-14 22:20 - 2014-04-20 23:14 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
2014-05-14 15:34 - 2014-05-12 22:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-14 14:52 - 2013-06-05 08:58 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 14:52 - 2013-06-05 08:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 14:31 - 2014-04-25 21:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 14:23 - 2013-05-31 15:46 - 00000000 ___RD () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 14:23 - 2013-05-31 15:46 - 00000000 ___RD () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 14:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 11:11 - 2013-07-12 21:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 11:10 - 2013-06-01 07:34 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 23:03 - 2014-04-01 15:10 - 03903624 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2014-05-12 23:44 - 2014-05-12 23:34 - 00000254 _____ () C:\Users\Andreas\Desktop\LESEN.txt
2014-05-12 22:59 - 2014-05-12 22:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-12 22:57 - 2014-05-12 22:57 - 00000000 ____D () C:\Users\Andreas\Documents\ProcAlyzer Dumps
2014-05-12 22:52 - 2014-05-12 22:52 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-12 22:52 - 2014-05-12 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-12 22:08 - 2014-05-12 22:08 - 00000000 __SHD () C:\Users\Andreas\AppData\Local\EmieUserList
2014-05-12 22:08 - 2014-05-12 22:08 - 00000000 __SHD () C:\Users\Andreas\AppData\Local\EmieSiteList
2014-05-12 00:18 - 2014-04-22 13:42 - 00000000 ____D () C:\android
2014-05-12 00:13 - 2014-05-12 00:07 - 33748743 ____H () C:\Users\Andreas\Downloads\sdgsg.flv
2014-05-12 00:05 - 2014-05-12 00:03 - 51899193 ____H () C:\Users\Andreas\Downloads\sdgshsg.flv
2014-05-12 00:04 - 2014-05-12 00:02 - 12015699 ____H () C:\Users\Andreas\Downloads\segsg.flv
2014-05-12 00:01 - 2014-05-12 00:01 - 02293224 ____H () C:\Users\Andreas\Downloads\regsfg.flv
2014-05-11 23:57 - 2013-06-27 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 23:35 - 2014-05-11 23:35 - 00000091 _____ () C:\Users\Andreas\Documents\einstellungen windows.txt
2014-05-11 21:24 - 2013-06-04 09:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 13:52 - 2014-03-20 13:28 - 00000000 ____D () C:\Spiele
2014-05-09 15:30 - 2014-03-28 00:01 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-05-09 10:44 - 2014-05-09 10:44 - 00000000 ____D () C:\Users\Andreas\Documents\forex
2014-05-09 08:14 - 2014-05-14 10:58 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 10:58 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 23:27 - 2014-01-17 22:40 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-07 21:13 - 2014-05-07 20:06 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\TS3Client
2014-05-07 20:05 - 2014-05-07 20:05 - 00001166 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-05-07 20:05 - 2014-05-07 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-07 20:05 - 2014-05-07 20:05 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-05-06 19:39 - 2014-05-06 19:39 - 00000052 _____ () C:\Users\Andreas\Desktop\nicknames.txt
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 18:56 - 2014-05-06 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-06 06:40 - 2014-05-14 14:31 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 14:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 14:31 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 14:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 14:31 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 14:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 19:36 - 2014-01-17 22:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-29 17:31 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-29 15:39 - 2014-04-29 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader - AAAFx
2014-04-29 15:39 - 2014-04-29 15:36 - 00000000 ____D () C:\MT4
2014-04-29 15:38 - 2014-04-01 15:10 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\MetaQuotes
2014-04-28 19:01 - 2014-04-28 19:01 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\SanDisk
2014-04-25 23:49 - 2014-04-25 23:49 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Wireshark
2014-04-25 23:48 - 2014-04-25 23:47 - 00000000 ____D () C:\Program Files\Wireshark
2014-04-25 23:47 - 2014-04-25 23:47 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-04-25 23:47 - 2014-04-25 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-04-25 23:47 - 2014-04-25 23:47 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-04-21 22:57 - 2014-04-21 00:00 - 00000000 ____D () C:\Users\Andreas\.android
2014-04-21 10:27 - 2014-04-21 10:27 - 00000000 ____D () C:\Users\Andreas\.eclipse
2014-04-20 23:44 - 2014-04-20 23:44 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-20 23:44 - 2014-04-20 23:44 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-20 23:44 - 2014-04-20 23:44 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-20 23:44 - 2014-04-20 23:44 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-20 23:44 - 2014-04-20 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-04-20 23:44 - 2014-04-20 23:44 - 00000000 ____D () C:\Program Files\Java
2014-04-20 23:44 - 2014-04-20 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 23:44 - 2014-04-15 21:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-20 23:34 - 2013-10-21 11:56 - 00000000 ____D () C:\Users\Andreas\Documents\docs
2014-04-20 23:33 - 2014-04-20 23:34 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-20 23:33 - 2014-04-15 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-20 23:33 - 2014-04-15 21:45 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-20 23:33 - 2014-04-15 21:45 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-20 23:16 - 2014-04-20 23:13 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-04-20 23:14 - 2014-04-20 23:14 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-20 23:14 - 2014-04-20 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-04-20 23:14 - 2014-04-20 23:14 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-04-20 22:03 - 2014-04-20 20:53 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-04-20 20:54 - 2014-04-20 20:54 - 00000000 ____D () C:\Users\Andreas\Documents\StarCraft II
2014-04-20 20:54 - 2014-04-20 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-04-20 20:54 - 2014-01-17 22:37 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-04-16 20:32 - 2014-04-16 20:32 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\OpenOffice
2014-04-16 20:22 - 2014-04-16 20:22 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-16 20:22 - 2014-04-16 20:22 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-16 20:22 - 2014-04-16 20:21 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-16 20:14 - 2013-08-21 20:09 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Teasi
2014-04-16 14:51 - 2014-04-16 14:47 - 37550135 ____H () C:\Users\Andreas\Downloads\95c0b8750b941f5779e1cab6dfc6753e.mp4
2014-04-16 14:48 - 2014-04-16 14:47 - 15205820 ____H () C:\Users\Andreas\Downloads\49911f994205fc439d20f151e21d4142.mp4
2014-04-16 14:48 - 2014-04-16 14:47 - 102803441 ____H () C:\Users\Andreas\Downloads\fa60ba935db15ecc61baf591f1c0ab71.mp4
2014-04-16 14:48 - 2014-04-16 14:46 - 78347742 ____H () C:\Users\Andreas\Downloads\yadfag.mp4
2014-04-16 14:45 - 2014-04-16 14:45 - 08345158 ____H () C:\Users\Andreas\Downloads\7e175e1d58915f87c6bb4c0e9f75d9eb.mp4
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2014-05-14 10:59] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 12:21
==================== End Of Log ============================
--- --- ---
FRST Additional: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014
Ran by Andreas at 2014-05-16 11:45:36
Running from C:\Users\Andreas\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.3 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.120 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
ESET Smart Security (HKLM\...\{F5A3E880-A737-48F2-A124-6F5D4CEA6AB4}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MetaTrader - AAAFx (HKLM-x32\...\MetaTrader - AAAFx) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Stellarium 0.12.2 (HKLM\...\Stellarium_is1) (Version: 0.12.2 - Stellarium team)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TEASI tool version 2.1.1.1 (HKLM-x32\...\{805FBA43-88AB-4E02-A16C-560F7D0D7CD5}_is1) (Version: 2.1.1.1 - GPS Tuner)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.10.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.7 - The Wireshark developer community, hxxp://www.wireshark.org)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {F5DE7485-495F-4EBC-A9C6-45809ACBA23A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
==================== Loaded Modules (whitelisted) =============
2013-05-31 19:33 - 2012-03-27 02:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-02 19:18 - 2014-05-02 19:18 - 26118656 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4511\libcef.dll
2014-05-02 19:18 - 2014-05-02 19:18 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4511\libglesv2.dll
2014-05-02 19:18 - 2014-05-02 19:18 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4511\libegl.dll
2014-02-19 14:18 - 2014-02-19 14:18 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2013-05-31 19:32 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-05-31 19:37 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-06-04 09:41 - 2014-05-11 21:24 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-03 08:59 - 2014-02-10 19:04 - 00430080 _____ () C:\Windows\mod_frst.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
==================== Faulty Device Manager Devices =============
Name: Broadcom Virtual Wireless Adapter
Description: Broadcom Virtual Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BcmVWL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Broadcom NetLink (TM) Gigabit Ethernet
Description: Broadcom NetLink (TM) Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: k57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/16/2014 11:45:36 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 11:45:36 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 11:38:49 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 11:38:49 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 10:01:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/15/2014 03:59:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/14/2014 10:38:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/16/2014 10:00:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/15/2014 04:21:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/15/2014 03:57:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/14/2014 10:34:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Microsoft Office Sessions:
=========================
Error: (05/16/2014 11:45:36 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 11:45:36 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 11:38:49 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 11:38:49 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
VSS-Server wird instanziiert
Error: (05/16/2014 10:01:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/15/2014 03:59:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/14/2014 10:38:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 8008.36 MB
Available physical RAM: 6254.75 MB
Total Pagefile: 20018.54 MB
Available Pagefile: 18286.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:341.69 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9ABFF84B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
GMER: Ich musste den Haken bei Devices rausnehmen (wie in der Anleitung beschrieben) weil meine Kiste mit Blue Screen abgestürzt ist Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-16 12:15:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AM00 465,76GB
Running: 82gb74s6.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\fgldqpod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1416] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000773d8791 4 bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1416] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076bf1465 2 bytes [BF, 76]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1416] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076bf14bb 2 bytes [BF, 76]
.text ... * 2
---- EOF - GMER 2.1 ----
