Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Maybe Infected Network (PC and Netbook) NAS Working Whole Time Datatransfer


  • This topic is locked This topic is locked
22 replies to this topic

#1 candelaver

candelaver

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 31 December 2013 - 09:41 AM

HI,

 

I got two Systems PC and Netbook, i connected after Xmas a NAS Server, the NAS is working/blinkig the whole Time (green Lamp for Datatransfer), i did not have any Data move on the NAS.

in The meantime i switched the NAS off and didn`turn it on.

 

I think something is going on/ wrong with my Network, i need to be sure, that it all ok, because i have personal and customer Data on both Systems. I want to know if my Systems save or compromised.

 

at First i attach the Logs of my Netbook.

 

Thank you for help

 

FRST64 LOG

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by ****** (administrator) on ******_ACER on 31-12-2013 15:07:35
Running from C:\Users\******\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Ghisler Software GmbH) C:\Program Files\Tools\totalcmd\TOTALCMD64.EXE
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1511792 2013-03-28] (Samsung)
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEB8C570C5E85CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {DEE2929B-E914-4764-A697-BACD6E77FCCC} http://192.168.178.27/classes/AverMediaCamV_H264.cab
DPF: HKLM-x32 {F140A533-BF17-4F3A-BD4E-046CDE5295AB} http://192.168.178.128:5550/PCViewX.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.235.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\b9qeorr5.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

==================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm)
S2 Palm_TCP_Relay; C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe [11776 2011-12-21] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe [71832 2009-04-22] (SiSoftware)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143624 2013-01-09] (Stardock Software, Inc)
R2 vmms; C:\Windows\system32\vmms.exe [11201536 2013-06-01] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] ()
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [67816 2012-10-11] (Microsoft Corporation)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [18944 2012-07-26] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [20992 2012-07-26] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [16384 2012-07-26] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [569344 2013-02-02] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [569344 2013-02-02] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [569344 2013-02-02] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
R4 Dokan; \??\C:\Windows\system32\drivers\dokan.sys [x]
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
U2 TMAgent;
S2 VBoxDRV; \??\F:\VirtualBox\Portable-VirtualBox\app64\drivers\VBoxDrv\VBoxDrv.sys [x]
S2 VBoxUSBMon; \??\F:\VirtualBox\Portable-VirtualBox\app64\drivers\USB\filter\VBoxUSBMon.sys [x]
U3 fgloquog; \??\C:\Users\******\AppData\Local\Temp\fgloquog.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-29 00:56 - 2013-12-29 00:56 - 00023132 _____ C:\Users\******\Desktop\Addition.txt
2013-12-29 00:54 - 2013-12-31 15:07 - 00012284 _____ C:\Users\******\Desktop\FRST.txt
2013-12-29 00:53 - 2013-12-31 15:06 - 00000000 ____D C:\Users\******\Desktop\FRST-OlderVersion
2013-12-29 00:01 - 2013-12-29 00:01 - 00015987 _____ C:\ComboFix.txt
2013-12-28 22:52 - 2013-12-28 22:52 - 05158590 ____R (Swearware) C:\Users\******\Desktop\ComboFix.exe
2013-12-28 22:52 - 2013-12-28 22:52 - 05158590 _____ (Swearware) C:\Users\******\Downloads\ComboFix(1).exe
2013-12-28 22:42 - 2013-12-28 22:42 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-28 22:42 - 2013-12-28 22:42 - 00000000 ____D C:\Users\******\AppData\Local\Mozilla
2013-12-28 22:42 - 2013-12-28 22:42 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-28 22:42 - 2013-12-28 22:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-28 22:36 - 2013-12-28 22:36 - 00008436 _____ C:\Users\******\Desktop\gmer_neu.log
2013-12-28 19:43 - 2013-12-28 19:43 - 00000750 _____ C:\Users\******\Desktop\JRT.txt
2013-12-28 19:21 - 2013-12-28 19:21 - 00423360 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 19:01 - 2013-12-28 19:01 - 00000000 ____D C:\Users\******\Downloads\BootkitRemoval (1)
2013-12-28 19:00 - 2013-12-28 19:01 - 23282905 _____ C:\Users\******\Downloads\BootkitRemoval (1).zip
2013-12-28 19:00 - 2013-12-28 19:00 - 23282905 _____ C:\Users\******\Downloads\BootkitRemoval.zip
2013-12-28 03:38 - 2013-12-28 03:38 - 00007061 _____ C:\Users\******\Desktop\gmer09.log
2013-12-28 01:19 - 2013-12-28 01:19 - 00000000 _____ C:\Users\******\defogger_reenable
2013-12-28 00:28 - 2013-12-28 00:27 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\******\Desktop\tdsskiller.exe
2013-12-28 00:27 - 2013-12-28 00:27 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\******\Downloads\tdsskiller.exe
2013-12-26 23:50 - 2013-12-26 23:50 - 00016752 _____ C:\Users\******\Downloads\DNA-Updater_OE2.0_OE1.6.rar
2013-12-26 20:34 - 2013-12-26 20:34 - 03731400 _____ C:\Users\******\Downloads\The_New_Bitdefender_UninstallTool.exe
2013-12-26 17:46 - 2013-12-26 17:46 - 00000000 ____D C:\Users\******\Downloads\UpdatePack_V134 (1)
2013-12-26 17:44 - 2013-12-26 17:45 - 24964514 _____ C:\Users\******\Downloads\UpdatePack_V134 (1).zip
2013-12-26 16:14 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-26 16:14 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-26 16:14 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-26 16:14 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-26 16:14 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-26 16:14 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-12-26 16:14 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-26 16:14 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-26 16:14 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-26 16:12 - 2013-12-29 00:02 - 00000000 ____D C:\Qoobox
2013-12-26 15:57 - 2013-12-26 15:58 - 00050477 _____ C:\Users\******\Downloads\Defogger.exe
2013-12-26 15:46 - 2013-12-26 15:46 - 00891200 _____ C:\Users\******\Downloads\SecurityCheck.exe
2013-12-26 14:56 - 2013-12-26 14:56 - 01440846 _____ C:\Users\******\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-12-26 14:16 - 2013-12-26 14:16 - 01233962 _____ C:\Users\******\Downloads\adwcleaner.exe
2013-12-26 04:31 - 2013-12-26 04:31 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-26 04:31 - 2013-12-26 04:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-26 04:31 - 2013-12-26 04:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-26 04:31 - 2013-12-26 04:31 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-26 04:31 - 2013-12-26 04:31 - 00000000 ____D C:\Program Files\Java
2013-12-26 04:29 - 2013-12-26 04:30 - 29040552 _____ (Oracle Corporation) C:\Users\******\Downloads\jre-7u45-windows-i586.exe
2013-12-26 04:28 - 2013-12-26 04:28 - 30694824 _____ (Oracle Corporation) C:\Users\******\Downloads\jre-7u45-windows-x64.exe
2013-12-26 04:27 - 2013-12-26 04:28 - 00915368 _____ (Oracle Corporation) C:\Users\******\Downloads\chromeinstall-7u45.exe
2013-12-26 04:21 - 2013-12-31 15:06 - 00000000 ____D C:\FRST
2013-12-26 04:18 - 2013-12-31 15:06 - 01931302 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2013-12-26 03:18 - 2013-12-26 03:18 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-26 03:18 - 2013-12-26 03:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 03:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-26 02:47 - 2013-12-26 02:52 - 1468432384 _____ C:\Users\******\Downloads\Ragazze.Costrette.avi
2013-12-25 14:57 - 2013-12-25 14:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\******\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-25 06:05 - 2013-12-25 06:05 - 00002515 _____ C:\Users\******\Desktop\gmer_05.log
2013-12-25 05:52 - 2013-12-25 05:52 - 00003001 _____ C:\Users\******\Desktop\gmer_04.log
2013-12-25 05:41 - 2013-12-25 05:41 - 00000458 _____ C:\Users\******\Desktop\gmer_03.log
2013-12-25 05:32 - 2013-12-29 00:53 - 00000000 ____D C:\Users\******\Desktop\Security
2013-12-25 05:11 - 2013-12-28 19:20 - 00000000 ____D C:\AdwCleaner
2013-12-25 04:49 - 2013-12-25 04:49 - 00011984 _____ C:\Users\******\Desktop\gmer_02.log
2013-12-24 16:46 - 2013-12-24 16:46 - 00000793 _____ C:\Users\******\Desktop\gmer_01.log
2013-12-24 13:59 - 2013-12-24 04:31 - 00377856 _____ C:\Users\******\Desktop\gmer_2.1.19163.exe
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 ____D C:\Users\******\Desktop\gmer
2013-12-24 11:04 - 2013-12-24 13:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-24 11:03 - 2013-12-24 11:03 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-24 04:22 - 2013-12-24 04:22 - 00000000 ____D C:\Users\******\Desktop\mbar
2013-12-24 03:18 - 2013-12-24 03:18 - 00000000 ____D C:\Windows\ERUNT
2013-12-24 02:48 - 2013-12-24 02:48 - 03950128 _____ (Microsoft Corporation) C:\Users\******\Downloads\stsupldloc2013-kb2726996-fullfile-x64-glb (3).exe
2013-12-24 02:39 - 2013-12-24 02:39 - 03950128 _____ (Microsoft Corporation) C:\Users\******\Downloads\stsupldloc2013-kb2726996-fullfile-x64-glb (2).exe
2013-12-24 01:38 - 2013-12-28 19:31 - 27901952 _____ C:\Windows\system32\vmguest.iso
2013-12-23 01:37 - 2013-12-23 01:37 - 05428186 _____ C:\Users\******\Downloads\update-134.tar.gz
2013-12-23 01:35 - 2013-12-23 01:35 - 05428186 _____ C:\Users\******\Downloads\update-134.gz
2013-12-22 19:34 - 2013-12-22 19:34 - 00000000 ____D C:\Users\******\Downloads\TM.2.YT.DL.v2.1.0.537
2013-12-22 19:33 - 2013-12-22 19:34 - 02237534 _____ C:\Users\******\Downloads\TM.2.YT.DL.v2.1.0.537.rar
2013-12-22 15:39 - 2013-12-22 15:39 - 00000000 ____D C:\Users\******\Downloads\HDD_Low_Level_Format_Tool_4.25_Software
2013-12-22 15:36 - 2013-12-22 15:36 - 01277576 _____ C:\Users\******\Downloads\HDD_Low_Level_Format_Tool_4.25_Software.rar
2013-12-22 13:53 - 2013-12-22 13:54 - 04278747 _____ C:\Users\******\Downloads\usb110511.zip
2013-12-22 13:38 - 2013-12-22 13:39 - 147571049 _____ C:\Users\******\Downloads\Biffy Clyro - Opposites Live from Glasgow (2013).zip
2013-12-22 13:38 - 2013-12-22 13:38 - 00000000 ____D C:\Users\******\Downloads\pcunlocker_trial
2013-12-22 13:34 - 2013-12-22 13:34 - 31489469 _____ C:\Users\******\Downloads\pcunlocker_trial.zip
2013-12-22 13:31 - 2013-12-22 13:32 - 71381976 _____ (Magic Rescue CD                                             ) C:\Users\******\Downloads\rescueCD_setup_free_version.exe
2013-12-22 03:05 - 2013-12-22 03:10 - 1252147200 _____ C:\Users\******\Downloads\linuxmint-16-cinnamon-dvd-64bit.iso
2013-12-22 02:31 - 2013-12-22 02:34 - 734947328 _____ C:\Users\******\Downloads\ADRIANE-KNOPPIX_V7.2.0gCD-2013-07-28-DE.iso
2013-12-22 02:23 - 2013-12-22 02:23 - 00033590 _____ C:\Users\******\Downloads\packagelist_kubuntu_64.txt
2013-12-22 01:08 - 2013-12-22 01:09 - 01094939 _____ (pendrivelinux.com) C:\Users\******\Downloads\Universal-USB-Installer-1.9.5.1.exe
2013-12-21 23:54 - 2013-12-21 23:54 - 05192704 _____ (Geza Kovacs) C:\Users\******\Downloads\unetbootin-windows-585 (3).exe
2013-12-21 23:54 - 2013-12-21 23:54 - 05192704 _____ (Geza Kovacs) C:\Users\******\Downloads\unetbootin-windows-585 (2).exe
2013-12-21 22:54 - 2013-12-21 22:54 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
2013-12-21 22:53 - 2013-12-21 22:54 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2013-12-21 22:51 - 2013-12-21 22:55 - 938475520 _____ C:\Users\******\Downloads\ubuntu-13.10-desktop-i386.iso
2013-12-21 22:49 - 2013-12-21 22:50 - 04766976 _____ (LinuxLive USB Creator) C:\Users\******\Downloads\LinuxLive USB Creator 2.8.26.exe
2013-12-21 22:28 - 2013-12-21 22:28 - 01046523 _____ (Ext2Fsd Group                                               ) C:\Users\******\Downloads\Ext2Fsd-0.51.exe
2013-12-21 21:49 - 2013-12-24 03:48 - 00000000 ____D C:\Users\******\Downloads\UpdatePack_V134
2013-12-21 20:58 - 2013-12-21 20:58 - 00001985 _____ C:\Users\******\Desktop\UFB Code Setup.lnk
2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\WCH.CN
2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UFB Code Setup
2013-12-21 20:58 - 2011-11-05 00:00 - 00039696 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341SER.SYS
2013-12-21 20:58 - 2008-12-18 00:00 - 00020089 _____ C:\Windows\system32\CH341SER.VXD
2013-12-21 20:58 - 2007-06-12 00:00 - 00019680 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341S98.SYS
2013-12-21 20:58 - 2005-07-30 00:00 - 00006712 _____ (www.winchiphead.com) C:\Windows\system32\CH341PT.DLL
2013-12-21 20:57 - 2013-12-21 21:04 - 00000000 ____D C:\Program Files (x86)\UFB Code Setup
2013-12-21 20:57 - 2013-12-21 20:57 - 00000000 ____D C:\Windows\UFB Code Setup
2013-12-21 20:57 - 2013-12-21 20:57 - 00000000 ____D C:\Users\******\Downloads\UFB234_CD-Inhalt
2013-12-21 20:55 - 2013-12-21 20:55 - 17560304 _____ C:\Users\******\Downloads\UFB234_CD-Inhalt.zip
2013-12-20 19:49 - 2013-12-20 19:49 - 00000000 ____D C:\ProgramData\ESET
2013-12-20 19:49 - 2013-12-20 19:49 - 00000000 ____D C:\Program Files\ESET
2013-12-20 19:34 - 2013-12-20 19:35 - 154561875 _____ C:\Users\******\Downloads\eset_nod32_smart security.rar
2013-12-20 19:19 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2013-12-20 19:19 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2013-12-20 19:19 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2013-12-20 19:19 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2013-12-20 19:19 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2013-12-20 19:19 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2013-12-20 19:19 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2013-12-20 19:19 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-12-20 19:19 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-12-20 19:19 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-12-20 19:19 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-12-20 18:48 - 2013-12-20 18:49 - 02888335 _____ C:\Users\******\Downloads\Greetings from Chuck (The epic christmas split).flv
2013-12-20 18:48 - 2013-12-20 18:48 - 10759552 _____ C:\Users\******\Downloads\Greetings from Chuck (The epic christmas split).mp4
2013-12-20 18:48 - 2013-12-20 18:48 - 00690824 _____ C:\Users\******\Downloads\Greetings from Chuck (The epic christmas split).3gp
2013-12-20 01:22 - 2013-12-20 01:22 - 00381540 _____ C:\Users\******\Downloads\enigma2-skin-elgato-hd_1.0.1_all.ipk
2013-12-19 01:53 - 2013-12-19 01:54 - 00000000 ____D C:\Users\******\AppData\Roaming\Notepad++
2013-12-19 01:53 - 2013-12-19 01:53 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-12-19 01:53 - 2013-12-19 01:53 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-12-19 01:48 - 2013-12-19 01:48 - 01432078 _____ C:\Users\******\Downloads\redate.zip
2013-12-19 00:28 - 2013-12-19 00:28 - 00000001 _____ C:\Users\******\AppData\Local\llftool.4.40.agreement
2013-12-18 22:01 - 2013-12-18 22:01 - 02046464 _____ C:\Users\******\Downloads\HDDLLF.4.40.exe
2013-12-18 21:39 - 2013-12-18 21:39 - 00000000 ____D C:\Users\******\Downloads\usbit (1)
2013-12-18 21:38 - 2013-12-18 21:38 - 00221471 _____ C:\Users\******\Downloads\usbit (1).zip
2013-12-18 21:35 - 2013-12-18 21:35 - 00236402 _____ C:\Users\******\Downloads\Anleitung_3_Duck-Trick_Image_USB_Stick_unter_Windows_erstellen_flor62.zip
2013-12-18 20:09 - 2013-12-18 20:09 - 00928690 _____ C:\Users\******\Downloads\DreamUP133_11.zip
2013-12-18 20:08 - 2013-12-18 20:08 - 03847349 _____ C:\Users\******\Downloads\CP210x_VCP_Windows.zip
2013-12-18 20:07 - 2013-12-18 20:07 - 54083533 _____ C:\Users\******\Downloads\newnigma2-stable-dm800-v4.0.6.zip
2013-12-18 19:30 - 2013-12-27 00:29 - 00000000 ____D C:\Users\******\Downloads\BIP2
2013-12-17 19:51 - 2013-12-17 19:51 - 04603098 _____ C:\Users\******\Downloads\e2.ipk
2013-12-17 19:51 - 2013-12-17 19:51 - 00303096 _____ C:\Users\******\Downloads\python-mechanize_0.2.5-r0_mips32el.ipk
2013-12-17 19:46 - 2013-12-17 19:47 - 00000000 ____D C:\Burgard
2013-12-17 01:52 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-17 01:52 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-17 01:52 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-17 01:52 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-17 01:52 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-17 01:52 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-17 01:52 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-17 01:52 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-17 01:52 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-17 01:52 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-17 01:51 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-17 01:51 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-17 01:51 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-17 01:51 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-17 01:50 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-17 01:50 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-17 01:50 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-17 01:50 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-17 01:50 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-17 01:50 - 2013-10-25 07:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-12-17 01:50 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-17 01:50 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-17 01:50 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-17 01:50 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-17 01:50 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-17 01:50 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-17 01:50 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2013-12-17 01:50 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-17 01:50 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-17 01:50 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-17 01:50 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-12-17 01:50 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-17 01:50 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-07 17:25 - 2013-12-07 17:41 - 00000000 ____D C:\Users\******\Documents\dave
2013-12-07 17:25 - 2013-12-07 17:25 - 04712205 _____ C:\Users\******\Documents\dave.rar
2013-12-03 19:04 - 2013-12-03 19:04 - 00000000 ____D C:\Users\******\AppData\Local\Unattneded
2013-12-03 19:00 - 2013-12-03 19:00 - 00001087 _____ C:\Users\******\Desktop\AAF Recovery tool AV700.lnk
2013-12-03 19:00 - 2013-12-03 19:00 - 00000000 ____D C:\Program Files (x86)\AAF Recovery tool AV700
2013-12-03 18:19 - 2013-12-03 18:58 - 00000000 ____D C:\Users\******\Downloads\[0000]---geier
2013-12-01 19:53 - 2013-12-01 19:56 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part03.rar
2013-12-01 19:53 - 2013-12-01 19:55 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part10.rar
2013-12-01 19:53 - 2013-12-01 19:54 - 39228144 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part14.rar
2013-12-01 19:51 - 2013-12-01 19:53 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part11.rar
2013-12-01 19:51 - 2013-12-01 19:53 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part08.rar
2013-12-01 19:51 - 2013-12-01 19:53 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part04.rar
2013-12-01 19:51 - 2013-12-01 19:53 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part02.rar
2013-12-01 19:46 - 2013-12-01 19:48 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part13.rar
2013-12-01 19:43 - 2013-12-01 19:46 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part12.rar
2013-12-01 19:43 - 2013-12-01 19:46 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part09.rar
2013-12-01 19:42 - 2013-12-01 19:47 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part07.rar
2013-12-01 19:42 - 2013-12-01 19:46 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part05.rar
2013-12-01 19:42 - 2013-12-01 19:45 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part01.rar
2013-12-01 19:42 - 2013-12-01 19:44 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part06.rar
2013-12-01 17:05 - 2013-12-01 17:06 - 00000000 ____D C:\$WINDOWS.~BT
2013-12-01 16:20 - 2013-12-01 16:21 - 60337803 _____ C:\Users\******\Downloads\W81.x64.9600.DEU.MSDN.2707227.part36.rar
2013-12-01 16:11 - 2013-12-01 16:19 - 1032666462 _____ C:\Users\******\Downloads\HMitSafFot.rar

==================== One Month Modified Files and Folders =======

2013-12-31 15:08 - 2013-04-28 11:43 - 01068684 _____ C:\Windows\WindowsUpdate.log
2013-12-31 15:07 - 2013-12-29 00:54 - 00012284 _____ C:\Users\******\Desktop\FRST.txt
2013-12-31 15:07 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-12-31 15:06 - 2013-12-29 00:53 - 00000000 ____D C:\Users\******\Desktop\FRST-OlderVersion
2013-12-31 15:06 - 2013-12-26 04:21 - 00000000 ____D C:\FRST
2013-12-31 15:06 - 2013-12-26 04:18 - 01931302 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2013-12-31 15:05 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-12-29 14:53 - 2013-07-30 04:10 - 00000000 ____D C:\ProgramData\TOSHIBA
2013-12-29 14:53 - 2012-07-26 11:27 - 00756916 _____ C:\Windows\system32\perfh007.dat
2013-12-29 14:53 - 2012-07-26 11:27 - 00157052 _____ C:\Windows\system32\perfc007.dat
2013-12-29 14:53 - 2012-07-26 08:28 - 01754280 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-29 00:56 - 2013-12-29 00:56 - 00023132 _____ C:\Users\******\Desktop\Addition.txt
2013-12-29 00:53 - 2013-12-25 05:32 - 00000000 ____D C:\Users\******\Desktop\Security
2013-12-29 00:20 - 2012-08-28 22:38 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3754388793-1346805017-1485128776-1001
2013-12-29 00:02 - 2013-12-26 16:12 - 00000000 ____D C:\Qoobox
2013-12-29 00:01 - 2013-12-29 00:01 - 00015987 _____ C:\ComboFix.txt
2013-12-28 23:55 - 2012-07-26 06:26 - 00000215 _____ C:\Windows\system.ini
2013-12-28 22:52 - 2013-12-28 22:52 - 05158590 ____R (Swearware) C:\Users\******\Desktop\ComboFix.exe
2013-12-28 22:52 - 2013-12-28 22:52 - 05158590 _____ (Swearware) C:\Users\******\Downloads\ComboFix(1).exe
2013-12-28 22:42 - 2013-12-28 22:42 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-28 22:42 - 2013-12-28 22:42 - 00000000 ____D C:\Users\******\AppData\Local\Mozilla
2013-12-28 22:42 - 2013-12-28 22:42 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-28 22:42 - 2013-12-28 22:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-28 22:42 - 2012-10-26 17:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 22:42 - 2012-10-17 12:56 - 00000000 ____D C:\Users\******\AppData\Roaming\Mozilla
2013-12-28 22:36 - 2013-12-28 22:36 - 00008436 _____ C:\Users\******\Desktop\gmer_neu.log
2013-12-28 19:55 - 2012-08-29 17:49 - 00000000 ____D C:\Users\******\AppData\Local\Google
2013-12-28 19:48 - 2013-11-29 12:41 - 00004740 _____ C:\Users\******\Desktop\Rkill.txt
2013-12-28 19:43 - 2013-12-28 19:43 - 00000750 _____ C:\Users\******\Desktop\JRT.txt
2013-12-28 19:31 - 2013-12-24 01:38 - 27901952 _____ C:\Windows\system32\vmguest.iso
2013-12-28 19:21 - 2013-12-28 19:21 - 00423360 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 19:21 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-28 19:20 - 2013-12-25 05:11 - 00000000 ____D C:\AdwCleaner
2013-12-28 19:20 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-12-28 19:14 - 2013-01-14 22:52 - 00000000 ____D C:\Windows\Minidump
2013-12-28 19:14 - 2012-09-18 10:12 - 00000000 ____D C:\Users\******\AppData\Roaming\Media Player Classic
2013-12-28 19:01 - 2013-12-28 19:01 - 00000000 ____D C:\Users\******\Downloads\BootkitRemoval (1)
2013-12-28 19:01 - 2013-12-28 19:00 - 23282905 _____ C:\Users\******\Downloads\BootkitRemoval (1).zip
2013-12-28 19:00 - 2013-12-28 19:00 - 23282905 _____ C:\Users\******\Downloads\BootkitRemoval.zip
2013-12-28 03:38 - 2013-12-28 03:38 - 00007061 _____ C:\Users\******\Desktop\gmer09.log
2013-12-28 01:19 - 2013-12-28 01:19 - 00000000 _____ C:\Users\******\defogger_reenable
2013-12-28 01:19 - 2012-08-28 16:05 - 00000000 ____D C:\Users\******
2013-12-28 00:27 - 2013-12-28 00:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\******\Desktop\tdsskiller.exe
2013-12-28 00:27 - 2013-12-28 00:27 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\******\Downloads\tdsskiller.exe
2013-12-27 15:22 - 2013-02-11 01:16 - 00001872 _____ C:\Windows\Sandboxie.ini
2013-12-27 00:29 - 2013-12-18 19:30 - 00000000 ____D C:\Users\******\Downloads\BIP2
2013-12-26 23:50 - 2013-12-26 23:50 - 00016752 _____ C:\Users\******\Downloads\DNA-Updater_OE2.0_OE1.6.rar
2013-12-26 21:48 - 2013-01-05 01:52 - 00000000 ____D C:\Users\******\AppData\Roaming\vlc
2013-12-26 21:48 - 2012-09-03 20:33 - 00000000 ____D C:\Users\******\Downloads\[0000]---JD-Load-entpackt
2013-12-26 21:32 - 2012-11-25 13:28 - 00000000 ____D C:\Users\******\Downloads\[0000]---MOVIEZ---
2013-12-26 21:19 - 2013-02-11 13:20 - 00000000 ____D C:\Users\******\Downloads\BitDefender   Bit Defender 2013 + Keys + Activator_files
2013-12-26 21:18 - 2013-05-21 12:31 - 00163328 ___SH C:\Users\******\Downloads\Thumbs.db
2013-12-26 21:15 - 2012-09-26 23:32 - 00000000 ____D C:\Users\******\AppData\Local\Mirillis
2013-12-26 20:46 - 2013-01-06 21:04 - 00000000 ____D C:\Users\******\Downloads\extracted
2013-12-26 20:34 - 2013-12-26 20:34 - 03731400 _____ C:\Users\******\Downloads\The_New_Bitdefender_UninstallTool.exe
2013-12-26 17:46 - 2013-12-26 17:46 - 00000000 ____D C:\Users\******\Downloads\UpdatePack_V134 (1)
2013-12-26 17:45 - 2013-12-26 17:44 - 24964514 _____ C:\Users\******\Downloads\UpdatePack_V134 (1).zip
2013-12-26 16:11 - 2013-11-29 12:42 - 00000000 ____D C:\Windows\erdnt
2013-12-26 16:10 - 2013-11-29 12:39 - 05158590 ____R (Swearware) C:\Users\******\Downloads\ComboFix.exe
2013-12-26 16:02 - 2012-11-07 22:13 - 00000000 ____D C:\Program Files\JDownloader 2
2013-12-26 15:58 - 2013-12-26 15:57 - 00050477 _____ C:\Users\******\Downloads\Defogger.exe
2013-12-26 15:46 - 2013-12-26 15:46 - 00891200 _____ C:\Users\******\Downloads\SecurityCheck.exe
2013-12-26 14:56 - 2013-12-26 14:56 - 01440846 _____ C:\Users\******\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-12-26 14:16 - 2013-12-26 14:16 - 01233962 _____ C:\Users\******\Downloads\adwcleaner.exe
2013-12-26 04:46 - 2013-11-12 17:28 - 00000000 ____D C:\ProgramData\Oracle
2013-12-26 04:31 - 2013-12-26 04:31 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-26 04:31 - 2013-12-26 04:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-26 04:31 - 2013-12-26 04:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-26 04:31 - 2013-12-26 04:31 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-26 04:31 - 2013-12-26 04:31 - 00000000 ____D C:\Program Files\Java
2013-12-26 04:30 - 2013-12-26 04:29 - 29040552 _____ (Oracle Corporation) C:\Users\******\Downloads\jre-7u45-windows-i586.exe
2013-12-26 04:28 - 2013-12-26 04:28 - 30694824 _____ (Oracle Corporation) C:\Users\******\Downloads\jre-7u45-windows-x64.exe
2013-12-26 04:28 - 2013-12-26 04:27 - 00915368 _____ (Oracle Corporation) C:\Users\******\Downloads\chromeinstall-7u45.exe
2013-12-26 04:24 - 2013-11-29 11:51 - 00000000 ____D C:\Program Files (x86)\Belarc
2013-12-26 03:18 - 2013-12-26 03:18 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-26 03:18 - 2013-12-26 03:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 02:52 - 2013-12-26 02:47 - 1468432384 _____ C:\Users\******\Downloads\Ragazze.Costrette.avi
2013-12-25 17:13 - 2013-04-14 20:10 - 00000000 ____D C:\Users\******\Downloads\!
2013-12-25 14:57 - 2013-12-25 14:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\******\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-25 06:05 - 2013-12-25 06:05 - 00002515 _____ C:\Users\******\Desktop\gmer_05.log
2013-12-25 05:52 - 2013-12-25 05:52 - 00003001 _____ C:\Users\******\Desktop\gmer_04.log
2013-12-25 05:41 - 2013-12-25 05:41 - 00000458 _____ C:\Users\******\Desktop\gmer_03.log
2013-12-25 04:49 - 2013-12-25 04:49 - 00011984 _____ C:\Users\******\Desktop\gmer_02.log
2013-12-24 16:46 - 2013-12-24 16:46 - 00000793 _____ C:\Users\******\Desktop\gmer_01.log
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 ____D C:\Users\******\Desktop\gmer
2013-12-24 13:57 - 2013-12-24 11:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-24 11:03 - 2013-12-24 11:03 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-24 04:31 - 2013-12-24 13:59 - 00377856 _____ C:\Users\******\Desktop\gmer_2.1.19163.exe
2013-12-24 04:22 - 2013-12-24 04:22 - 00000000 ____D C:\Users\******\Desktop\mbar
2013-12-24 03:48 - 2013-12-21 21:49 - 00000000 ____D C:\Users\******\Downloads\UpdatePack_V134
2013-12-24 03:18 - 2013-12-24 03:18 - 00000000 ____D C:\Windows\ERUNT
2013-12-24 02:48 - 2013-12-24 02:48 - 03950128 _____ (Microsoft Corporation) C:\Users\******\Downloads\stsupldloc2013-kb2726996-fullfile-x64-glb (3).exe
2013-12-24 02:39 - 2013-12-24 02:39 - 03950128 _____ (Microsoft Corporation) C:\Users\******\Downloads\stsupldloc2013-kb2726996-fullfile-x64-glb (2).exe
2013-12-23 04:14 - 2012-10-24 18:48 - 00000000 ____D C:\Users\******\Documents\Outlook-Dateien
2013-12-23 01:37 - 2013-12-23 01:37 - 05428186 _____ C:\Users\******\Downloads\update-134.tar.gz
2013-12-23 01:35 - 2013-12-23 01:35 - 05428186 _____ C:\Users\******\Downloads\update-134.gz
2013-12-22 19:34 - 2013-12-22 19:34 - 00000000 ____D C:\Users\******\Downloads\TM.2.YT.DL.v2.1.0.537
2013-12-22 19:34 - 2013-12-22 19:33 - 02237534 _____ C:\Users\******\Downloads\TM.2.YT.DL.v2.1.0.537.rar
2013-12-22 15:41 - 2013-11-02 10:28 - 00000000 ____D C:\Program Files (x86)\HDDGURU LLF Tool
2013-12-22 15:40 - 2013-11-02 10:28 - 00001060 _____ C:\Users\******\Desktop\Hard Disk Low Level Format Tool.lnk
2013-12-22 15:39 - 2013-12-22 15:39 - 00000000 ____D C:\Users\******\Downloads\HDD_Low_Level_Format_Tool_4.25_Software
2013-12-22 15:36 - 2013-12-22 15:36 - 01277576 _____ C:\Users\******\Downloads\HDD_Low_Level_Format_Tool_4.25_Software.rar
2013-12-22 13:54 - 2013-12-22 13:53 - 04278747 _____ C:\Users\******\Downloads\usb110511.zip
2013-12-22 13:39 - 2013-12-22 13:38 - 147571049 _____ C:\Users\******\Downloads\Biffy Clyro - Opposites Live from Glasgow (2013).zip
2013-12-22 13:38 - 2013-12-22 13:38 - 00000000 ____D C:\Users\******\Downloads\pcunlocker_trial
2013-12-22 13:34 - 2013-12-22 13:34 - 31489469 _____ C:\Users\******\Downloads\pcunlocker_trial.zip
2013-12-22 13:32 - 2013-12-22 13:31 - 71381976 _____ (Magic Rescue CD                                             ) C:\Users\******\Downloads\rescueCD_setup_free_version.exe
2013-12-22 03:10 - 2013-12-22 03:05 - 1252147200 _____ C:\Users\******\Downloads\linuxmint-16-cinnamon-dvd-64bit.iso
2013-12-22 02:34 - 2013-12-22 02:31 - 734947328 _____ C:\Users\******\Downloads\ADRIANE-KNOPPIX_V7.2.0gCD-2013-07-28-DE.iso
2013-12-22 02:23 - 2013-12-22 02:23 - 00033590 _____ C:\Users\******\Downloads\packagelist_kubuntu_64.txt
2013-12-22 01:09 - 2013-12-22 01:08 - 01094939 _____ (pendrivelinux.com) C:\Users\******\Downloads\Universal-USB-Installer-1.9.5.1.exe
2013-12-21 23:54 - 2013-12-21 23:54 - 05192704 _____ (Geza Kovacs) C:\Users\******\Downloads\unetbootin-windows-585 (3).exe
2013-12-21 23:54 - 2013-12-21 23:54 - 05192704 _____ (Geza Kovacs) C:\Users\******\Downloads\unetbootin-windows-585 (2).exe
2013-12-21 22:55 - 2013-12-21 22:51 - 938475520 _____ C:\Users\******\Downloads\ubuntu-13.10-desktop-i386.iso
2013-12-21 22:54 - 2013-12-21 22:54 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
2013-12-21 22:54 - 2013-12-21 22:53 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2013-12-21 22:50 - 2013-12-21 22:49 - 04766976 _____ (LinuxLive USB Creator) C:\Users\******\Downloads\LinuxLive USB Creator 2.8.26.exe
2013-12-21 22:28 - 2013-12-21 22:28 - 01046523 _____ (Ext2Fsd Group                                               ) C:\Users\******\Downloads\Ext2Fsd-0.51.exe
2013-12-21 21:04 - 2013-12-21 20:57 - 00000000 ____D C:\Program Files (x86)\UFB Code Setup
2013-12-21 20:58 - 2013-12-21 20:58 - 00001985 _____ C:\Users\******\Desktop\UFB Code Setup.lnk
2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\WCH.CN
2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UFB Code Setup
2013-12-21 20:57 - 2013-12-21 20:57 - 00000000 ____D C:\Windows\UFB Code Setup
2013-12-21 20:57 - 2013-12-21 20:57 - 00000000 ____D C:\Users\******\Downloads\UFB234_CD-Inhalt
2013-12-21 20:55 - 2013-12-21 20:55 - 17560304 _____ C:\Users\******\Downloads\UFB234_CD-Inhalt.zip
2013-12-20 22:50 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-12-20 19:49 - 2013-12-20 19:49 - 00000000 ____D C:\ProgramData\ESET
2013-12-20 19:49 - 2013-12-20 19:49 - 00000000 ____D C:\Program Files\ESET
2013-12-20 19:35 - 2013-12-20 19:34 - 154561875 _____ C:\Users\******\Downloads\eset_nod32_smart security.rar
2013-12-20 19:15 - 2013-05-06 10:42 - 00000000 ____D C:\Users\******\Downloads\utopia-ccf-s04e15-xvid
2013-12-20 19:15 - 2012-11-07 18:00 - 00000000 ____D C:\Users\******\Downloads\[0000]---Abarbeiten---
2013-12-20 19:15 - 2012-09-27 18:54 - 00000000 ____D C:\Users\******\Downloads\[0000]---UFS910 Aufnahmen---
2013-12-20 18:49 - 2013-12-20 18:48 - 02888335 _____ C:\Users\******\Downloads\Greetings from Chuck (The epic christmas split).flv
2013-12-20 18:48 - 2013-12-20 18:48 - 10759552 _____ C:\Users\******\Downloads\Greetings from Chuck (The epic christmas split).mp4
2013-12-20 18:48 - 2013-12-20 18:48 - 00690824 _____ C:\Users\******\Downloads\Greetings from Chuck (The epic christmas split).3gp
2013-12-20 16:09 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2013-12-20 01:22 - 2013-12-20 01:22 - 00381540 _____ C:\Users\******\Downloads\enigma2-skin-elgato-hd_1.0.1_all.ipk
2013-12-19 04:20 - 2013-04-29 13:26 - 00000000 ____D C:\Users\******\Downloads\HrnOvr40_29
2013-12-19 04:20 - 2012-12-04 14:18 - 00000000 ____D C:\Users\******\Downloads\!-Mui Importante
2013-12-19 04:19 - 2013-09-09 19:10 - 00000000 ____D C:\Users\******\Downloads\!!
2013-12-19 03:01 - 2013-03-04 15:18 - 00000000 ____D C:\Users\******\Documents\[0000]---dream800---
2013-12-19 02:15 - 2012-08-28 21:49 - 00000000 ____D C:\Users\******\AppData\Roaming\QuickScan
2013-12-19 01:54 - 2013-12-19 01:53 - 00000000 ____D C:\Users\******\AppData\Roaming\Notepad++
2013-12-19 01:53 - 2013-12-19 01:53 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-12-19 01:53 - 2013-12-19 01:53 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-12-19 01:48 - 2013-12-19 01:48 - 01432078 _____ C:\Users\******\Downloads\redate.zip
2013-12-19 00:28 - 2013-12-19 00:28 - 00000001 _____ C:\Users\******\AppData\Local\llftool.4.40.agreement
2013-12-18 22:01 - 2013-12-18 22:01 - 02046464 _____ C:\Users\******\Downloads\HDDLLF.4.40.exe
2013-12-18 21:39 - 2013-12-18 21:39 - 00000000 ____D C:\Users\******\Downloads\usbit (1)
2013-12-18 21:38 - 2013-12-18 21:38 - 00221471 _____ C:\Users\******\Downloads\usbit (1).zip
2013-12-18 21:35 - 2013-12-18 21:35 - 00236402 _____ C:\Users\******\Downloads\Anleitung_3_Duck-Trick_Image_USB_Stick_unter_Windows_erstellen_flor62.zip
2013-12-18 20:09 - 2013-12-18 20:09 - 00928690 _____ C:\Users\******\Downloads\DreamUP133_11.zip
2013-12-18 20:08 - 2013-12-18 20:08 - 03847349 _____ C:\Users\******\Downloads\CP210x_VCP_Windows.zip
2013-12-18 20:07 - 2013-12-18 20:07 - 54083533 _____ C:\Users\******\Downloads\newnigma2-stable-dm800-v4.0.6.zip
2013-12-17 19:51 - 2013-12-17 19:51 - 04603098 _____ C:\Users\******\Downloads\e2.ipk
2013-12-17 19:51 - 2013-12-17 19:51 - 00303096 _____ C:\Users\******\Downloads\python-mechanize_0.2.5-r0_mips32el.ipk
2013-12-17 19:47 - 2013-12-17 19:46 - 00000000 ____D C:\Burgard
2013-12-17 02:07 - 2012-10-23 21:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-17 02:06 - 2013-08-31 14:52 - 00000000 ____D C:\Windows\system32\MRT
2013-12-17 02:03 - 2012-12-16 12:11 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-17 02:01 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\oobe
2013-12-07 17:41 - 2013-12-07 17:25 - 00000000 ____D C:\Users\******\Documents\dave
2013-12-07 17:25 - 2013-12-07 17:25 - 04712205 _____ C:\Users\******\Documents\dave.rar
2013-12-04 01:53 - 2013-11-23 17:00 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-04 01:53 - 2013-11-23 16:59 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-03 19:04 - 2013-12-03 19:04 - 00000000 ____D C:\Users\******\AppData\Local\Unattneded
2013-12-03 19:00 - 2013-12-03 19:00 - 00001087 _____ C:\Users\******\Desktop\AAF Recovery tool AV700.lnk
2013-12-03 19:00 - 2013-12-03 19:00 - 00000000 ____D C:\Program Files (x86)\AAF Recovery tool AV700
2013-12-03 18:58 - 2013-12-03 18:19 - 00000000 ____D C:\Users\******\Downloads\[0000]---geier
2013-12-01 19:56 - 2013-12-01 19:53 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part03.rar
2013-12-01 19:55 - 2013-12-01 19:53 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part10.rar
2013-12-01 19:54 - 2013-12-01 19:53 - 39228144 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part14.rar
2013-12-01 19:53 - 2013-12-01 19:51 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part11.rar
2013-12-01 19:53 - 2013-12-01 19:51 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part08.rar
2013-12-01 19:53 - 2013-12-01 19:51 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part04.rar
2013-12-01 19:53 - 2013-12-01 19:51 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part02.rar
2013-12-01 19:48 - 2013-12-01 19:46 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part13.rar
2013-12-01 19:47 - 2013-12-01 19:42 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part07.rar
2013-12-01 19:46 - 2013-12-01 19:43 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part12.rar
2013-12-01 19:46 - 2013-12-01 19:43 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part09.rar
2013-12-01 19:46 - 2013-12-01 19:42 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part05.rar
2013-12-01 19:45 - 2013-12-01 19:42 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part01.rar
2013-12-01 19:44 - 2013-12-01 19:42 - 107000000 _____ C:\Users\******\Downloads\SRis21GBRA3XM.part06.rar
2013-12-01 17:08 - 2012-12-28 15:10 - 00001908 _____ C:\Windows\diagwrn.xml
2013-12-01 17:08 - 2012-12-28 15:10 - 00001908 _____ C:\Windows\diagerr.xml
2013-12-01 17:06 - 2013-12-01 17:05 - 00000000 ____D C:\$WINDOWS.~BT
2013-12-01 16:21 - 2013-12-01 16:20 - 60337803 _____ C:\Users\******\Downloads\W81.x64.9600.DEU.MSDN.2707227.part36.rar
2013-12-01 16:19 - 2013-12-01 16:11 - 1032666462 _____ C:\Users\******\Downloads\HMitSafFot.rar

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-28 20:08

==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 candelaver

candelaver
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 31 December 2013 - 09:44 AM

FRST64 Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01
Ran by ****** at 2013-12-31 15:09:56
Running from C:\Users\******\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 7.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Disabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
AAF_Recovery_tool installer V4.6 (x32 Version:  - ©  2010 Black_64)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Reader XI - Deutsch (x32 Version: 11.0.00 - Adobe Systems Incorporated)
AIDA64 Engineer v4.00 (x32 Version: 4.00 - FinalWire Ltd.)
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Artisteer 3 (x32 Version: 3.0 - Extensoft)
calibre (x32 Version: 0.9.34 - Kovid Goyal)
CCleaner (Version: 3.25 - Piriform)
dLAN Cockpit (x32 Version: 3.2.28 - devolo AG)
DVD Decrypter (Remove Only) (x32 Version:  - )
DVD Shrink 3.2 deutsch (DeCSS-frei) (x32 Version:  - DVD Shrink)
ESET Smart Security (Version: 7.0.302.26 - ESET, spol s r. o.)
FlashFXP 4 (x32 Version: 4.4.2.2022 - OpenSight Software LLC)
Hard Disk Low Level Format Tool 4.25 (x32 Version:  - HDDGURU)
HP webOS SDK (Version: 3.0.676 - HP)
ICE ECC v2.7 (x32 Version: v2.7 - ICE Graphics)
InfraRecorder (x32 Version:  - Christian Kindahl)
iTunes (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.)
JDownloader 2 (Version: 2 - AppWork GmbH)
Kindle DRM Removal (x32 Version: 1.4.1 - eBook Converter)
LinuxLive USB Creator (x32 Version: 2.8 - Thibaut Lauziere)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 16.0.1 (x86 de) (x32 Version: 16.0.1 - Mozilla)
MPC-HC 1.6.6.6957 (3975d54) (64-bit) (Version: 1.6.6.6957 - MPC-HC Team)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1 - NAVIGON)
Nitro Pro 8 (Version: 8.5.2.10 - Nitro)
Notepad++ (x32 Version: 6.5.2 - Notepad++ Team)
Novacomd (Version: 1.0.0.76 - Palm, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation)
Samsung Kies (x32 Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.06 (64-bit) (Version: 4.06 - Sandboxie Holdings, LLC)
SatChannelListEditor (x32 Version: 4.4.0 - Elemental)
Secure Eraser (x32 Version: 4.2.0.1 - ASCOMP Software GmbH)
SiSoftware Sandra Lite 2013.SP3a (Version: 19.44.2013.5 - SiSoftware)
Splash PRO (x32 Version: 1.13.1 - Mirillis)
Splash PRO EX (x32 Version: 1.13.1 - Mirillis)
Start8 (x32 Version: 1.10 - Stardock Corporation)
TeamViewer 8 (x32 Version: 8.0.22298 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (Version: 8.01 - Ghisler Software GmbH)
UFB Code Setup (x32 Version: V2.6 - Macro Technology Ltd.)
Unlocker 1.9.2 (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2727009) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2752100) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760624) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2768356) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2738044) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (Version:  - Microsoft)
USB Playback Console (x32 Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc)
VLC media player 2.0.6 (Version: 2.0.6 - VideoLAN)
Web Tools (x32 Version: 7.9.0.0029 - AVer)
WinDFT (x32 Version: 1.0.0 - HGST)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Palm (WinUSB) Palm Devices  (10/09/2009 1.0.1) (Version: 10/09/2009 1.0.1 - Palm)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.8.3 (64-bit) (x32 Version: 1.8.3 - The Wireshark developer community, http://www.wireshark.org)

==================== Restore Points  =========================

26-12-2013 15:04:42 ComboFix created restore point
27-12-2013 23:54:11 OTL Restore Point - 28.12.2013 00:54:05
29-12-2013 13:50:35 Removed Universal Adb Driver

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-12-23 22:47 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {51617BAF-1D14-435A-BDE8-4D46A8F7E9DB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7DC0AD0C-BDB1-44E1-8286-91C48A5357DA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\microsoft shared\OFFICE15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {A04185F0-F830-4528-B426-5FA3D087CD99} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D515E923-D15A-4156-963B-AE339DBF0231} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

==================== Loaded Modules (whitelisted) =============

2013-11-02 10:25 - 2012-09-07 16:57 - 00559424 _____ () C:\Program Files (x86)\ASCOMP Software\Secure Eraser\SecEraser64.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2012-11-07 20:26 - 2012-08-03 08:01 - 00150392 _____ () C:\Program Files\Tools\totalcmd\wcmzip64.dll
2012-11-07 20:26 - 2012-08-03 08:01 - 00201216 _____ () C:\Program Files\Tools\totalcmd\unRAR64.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\SysWOW64\AudioDec.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\AvsAudioCodec.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\AvsCodec51.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\decode.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\G723Codec.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\ijl15.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\IPCDCore.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\IPCHD10.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\IPCJD20.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\IPCMD10.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\IPCXD10.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\NetworkAPI.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\NVDHE50.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\NVDME50.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\postprocess.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\RTClientSDK71.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\Xrypassd.dll:BDU
AlternateDataStreams: C:\Users\******\Downloads\amddriverdownloader.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\bitdefender_is_2013_32b.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\bitdefender_is_2013_64b.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\bitdefender_tsecurity2013.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\bitdefender_ts_2013_32b.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\bitdefender_ts_2013_64b.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\bitdefender_w8se_2013_64b.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\ChromeStandaloneSetup (1).exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\ChromeStandaloneSetup.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\ClassicShellSetup_3_6_2 (1).exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\ClassicShellSetup_3_6_5.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\FRITZ!Box-Fernzugang einrichten (1).exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\FRITZ!Box-Fernzugang einrichten.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\FRITZ!VPN64_German.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\groove2013-kb2760358-fullfile-x64-glb.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\HWVendorDetection.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\install_flash_player.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\jre-7u13-windows-i586.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\jre-7u13-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\Kies_2.3.3.12085_7_5.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\Kies_2.5.0.12094_28_8.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\LiveUpdater.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\mb_bios_ga-890gpa-ud3h_v2.x_fe.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\mb_bios_ga-890gpa-ud3h_v2.x_ff.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\mb_driver_amd_sataraid_ahci_win8.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\mb_utility_3tb_unlock.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\mb_utility_3tb_unlock_f6.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\motherboard_utility_xr2.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\PortableApps.com_Platform_Setup_11.2.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\QuickTimeInstaller.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\SandboxieInstall.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\setup_phc_standard_6_9_0_2841.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\splash_pro_1_13_1_setup (1).exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\splash_pro_1_13_1_setup.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\splash_pro_ex_1_13_1_setup.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\spybotsd162.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\Start8_setup.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\StartButton8_Setup_4_47_freeware (1).exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\StartButton8_Setup_4_47_freeware.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\StartButton8_Setup_4_53_freeware.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\tazusb.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\TeamViewer_Setup_de.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\Thunderbird Setup 16.0.1.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\Ti_60_HE_SIA_EWEB.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\tweaking.com_windows_repair_aio_setup.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\Universal-USB-Installer-1.9.2.4.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\UsenetNLSetup_427156f.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\Win64OpenSSL_Light-1_0_1c.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\Windows_7_IE8.part01.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\Windows_XP_IE6 (1).exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\Windows_XP_IE6.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\Wireshark-win64-1.8.3.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\wmpfirefoxplugin.exe:BDU
AlternateDataStreams: C:\Users\******\Downloads\ZendServer-CE-php-5.3.14-5.6.0-SP4-Windows_x86.exe:BDU

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: WAN-Miniport (IP)
Description: WAN-Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30)
Description: Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (IPv6)
Description: WAN-Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #6
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (Netzwerkmonitor)
Description: WAN-Miniport (Netzwerkmonitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: COM65
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/29/2013 03:24:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070663 fehlgeschlagen: Update für Microsoft SkyDrive Pro (KB2837652) 64-Bit-Edition

Error: (12/29/2013 03:24:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070663 fehlgeschlagen: Update für Microsoft SkyDrive Pro (KB2817495) 64-Bit-Edition

Error: (12/29/2013 03:24:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070663 fehlgeschlagen: Update für Microsoft Office 2013 (KB2726996) 64-Bit-Edition

Error: (12/29/2013 03:15:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070663 fehlgeschlagen: Update für Microsoft SkyDrive Pro (KB2837652) 64-Bit-Edition

Error: (12/29/2013 03:15:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070663 fehlgeschlagen: Update für Microsoft SkyDrive Pro (KB2817495) 64-Bit-Edition

Error: (12/29/2013 03:15:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070663 fehlgeschlagen: Update für Microsoft Office 2013 (KB2726996) 64-Bit-Edition

Error: (12/29/2013 02:54:46 PM) (Source: DCOM) (User: ******_ACER)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/29/2013 00:55:07 AM) (Source: DCOM) (User: ******_ACER)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/29/2013 00:54:37 AM) (Source: DCOM) (User: ******_ACER)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/29/2013 00:54:07 AM) (Source: DCOM) (User: ******_ACER)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-11-29 13:00:26.154
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-11 13:08:34.279
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wwapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-29 23:06:32.583
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-29 23:06:30.487
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-29 23:06:28.372
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-29 23:06:26.264
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-29 23:06:24.164
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-29 23:06:22.050
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-11 14:12:11.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Windows 8 Security\active virus control\Avc3_00177_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-11 14:10:21.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Windows 8 Security\active virus control\Avc3_00177_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 3818.9 MB
Available physical RAM: 1604.25 MB
Total Pagefile: 7658.9 MB
Available Pagefile: 5481.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:595.83 GB) (Free:165.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: BA29BD2B)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 



#3 candelaver

candelaver
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 31 December 2013 - 09:50 AM

OTL LOG

OTL logfile created on: 31.12.2013 15:25:37 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*******\Desktop\Security
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,73 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 40,82% Memory free
7,48 Gb Paging File | 5,25 Gb Available in Paging File | 70,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 595,83 Gb Total Space | 165,67 Gb Free Space | 27,80% Space Free | Partition Type: NTFS
 
Computer Name: *******_ACER | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.12.25 06:11:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Desktop\Security\OTL.exe
PRC - [2013.12.05 20:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.10.01 13:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013.09.12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.25 18:27:28 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2013.01.09 23:04:05 | 000,143,624 | ---- | M] (Stardock Software, Inc) -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
PRC - [2012.09.23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.12.05 20:36:56 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.08.16 06:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013.06.24 23:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013.06.01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013.06.01 02:02:46 | 011,201,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\vmms.exe -- (vmms)
SRV:64bit: - [2013.05.04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.05.04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013.04.09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.12.05 20:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.10.16 14:08:06 | 000,186,056 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2013.10.01 13:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.09.12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.25 18:27:28 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2013.03.25 18:27:22 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV - [2013.01.09 23:04:05 | 000,143,624 | ---- | M] (Stardock Software, Inc) [Auto | Running] -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe -- (Start8)
SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.10.01 19:34:38 | 000,178,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2012.09.23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2011.12.21 15:28:00 | 000,011,776 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe -- (Palm_TCP_Relay)
SRV - [2011.06.24 20:16:58 | 000,072,192 | ---- | M] (Palm) [Auto | Running] -- C:\Programme\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.04.22 22:35:52 | 000,071,832 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe -- (SandraAgentSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.10.25 02:32:08 | 000,167,936 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2013.10.10 12:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013.10.05 07:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.10.02 03:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.09.17 15:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013.09.17 15:17:38 | 000,220,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013.09.17 15:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2013.09.17 15:17:38 | 000,062,136 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013.09.17 15:17:38 | 000,044,120 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013.08.16 06:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013.08.10 07:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.07.09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013.07.02 02:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.07.02 02:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013.07.02 01:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.07.01 23:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.06.29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.06.04 08:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.06.04 08:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013.06.01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.02 08:22:43 | 000,569,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmswitch.sys -- (VMSVSP)
DRV:64bit: - [2013.02.02 08:22:43 | 000,569,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmswitch.sys -- (VMSP)
DRV:64bit: - [2013.02.02 08:22:43 | 000,569,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vmswitch.sys -- (VMSMP)
DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:42:55 | 000,067,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\hvservice.sys -- (hvservice)
DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 03:28:37 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vhdparser.sys -- (vhdparser)
DRV:64bit: - [2012.07.26 03:28:35 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\passthruparser.sys -- (passthruparser)
DRV:64bit: - [2012.07.26 03:28:26 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lunparser.sys -- (lunparser)
DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 03:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 03:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 03:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 03:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.25 23:53:22 | 011,926,528 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.06.29 03:00:48 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.06.22 05:02:52 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012.06.02 15:31:33 | 005,139,968 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS -- (BCM43XX)
DRV:64bit: - [2011.11.04 16:00:00 | 000,058,368 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\CH341S64.SYS -- (CH341SER_A64)
DRV:64bit: - [2010.12.11 23:09:08 | 000,291,760 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010.12.02 18:30:00 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010.11.29 10:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010.11.11 09:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010.08.30 09:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.04.29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010.04.26 10:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009.07.24 10:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009.06.17 11:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2008.07.10 17:20:40 | 000,040,448 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthav.sys -- (bthav)
DRV - [2013.10.16 14:08:04 | 000,200,552 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2013.03.20 09:07:16 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\WNt500x64\sandra.sys -- (SANDRA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
 
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3754388793-1346805017-1485128776-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3754388793-1346805017-1485128776-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3754388793-1346805017-1485128776-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB 8C 57 0C 5E 85 CD 01  [binary data]
IE - HKU\S-1-5-21-3754388793-1346805017-1485128776-1001\..\SearchScopes,DefaultScope = {C178D991-BE42-4677-A9C3-35D1864EFE35}
IE - HKU\S-1-5-21-3754388793-1346805017-1485128776-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3754388793-1346805017-1485128776-1001\..\SearchScopes\{C178D991-BE42-4677-A9C3-35D1864EFE35}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3754388793-1346805017-1485128776-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013.12.20 19:49:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 17:41:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.17 12:56:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.12.20 19:49:48 | 000,000,000 | ---D | M]
 
[2012.10.17 12:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Extensions
[2013.12.28 22:42:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.12.28 22:42:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.10.01 19:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
O1 HOSTS File: ([2012.12.23 22:47:00 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3754388793-1346805017-1485128776-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-3754388793-1346805017-1485128776-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3754388793-1346805017-1485128776-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKU\S-1-5-21-3754388793-1346805017-1485128776-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3754388793-1346805017-1485128776-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3754388793-1346805017-1485128776-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {DEE2929B-E914-4764-A697-BACD6E77FCCC} http://192.168.178.27/classes/AverMediaCamV_H264.cab (AVerMedia IPCamera Control)
O16 - DPF: {F140A533-BF17-4F3A-BD4E-046CDE5295AB} http://192.168.178.128:5550/PCViewX.cab (WebCamX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.235.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19355000-B6FB-45BF-9A25-B79793B518B5}: DhcpNameServer = 192.168.235.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.12.31 15:17:31 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\*******\Desktop\dds.com
[2013.12.31 15:12:52 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\Macromedia
[2013.12.29 00:53:48 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\FRST-OlderVersion
[2013.12.29 00:02:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.12.29 00:02:00 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\temp
[2013.12.28 22:52:58 | 005,158,590 | R--- | C] (Swearware) -- C:\Users\*******\Desktop\ComboFix.exe
[2013.12.28 22:42:33 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\Mozilla
[2013.12.28 22:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.12.28 22:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.12.28 00:28:37 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\*******\Desktop\tdsskiller.exe
[2013.12.26 16:14:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.12.26 16:14:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.12.26 16:14:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2013.12.26 16:14:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.12.26 16:12:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.12.26 04:31:46 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.12.26 04:31:34 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.12.26 04:31:34 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.12.26 04:31:34 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.12.26 04:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.12.26 04:21:16 | 000,000,000 | ---D | C] -- C:\FRST
[2013.12.26 04:18:34 | 001,931,302 | ---- | C] (Farbar) -- C:\Users\*******\Desktop\FRST64.exe
[2013.12.26 03:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.12.26 03:18:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.12.26 03:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.12.25 05:32:49 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\Security
[2013.12.25 05:11:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.12.24 13:58:46 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\gmer
[2013.12.24 11:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.12.24 11:03:27 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.12.24 04:22:27 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\mbar
[2013.12.24 03:18:21 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.12.21 22:54:06 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
[2013.12.21 22:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LinuxLive USB Creator
[2013.12.21 20:58:11 | 000,039,696 | ---- | C] (www.winchiphead.com) -- C:\Windows\SysNative\drivers\CH341SER.SYS
[2013.12.21 20:58:11 | 000,019,680 | ---- | C] (www.winchiphead.com) -- C:\Windows\SysNative\drivers\CH341S98.SYS
[2013.12.21 20:58:11 | 000,006,712 | ---- | C] (www.winchiphead.com) -- C:\Windows\SysNative\CH341PT.DLL
[2013.12.21 20:58:11 | 000,000,000 | ---D | C] -- C:\WCH.CN
[2013.12.21 20:58:04 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UFB Code Setup
[2013.12.21 20:57:50 | 000,000,000 | ---D | C] -- C:\Windows\UFB Code Setup
[2013.12.21 20:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UFB Code Setup
[2013.12.20 19:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013.12.20 19:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013.12.20 19:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.12.20 19:19:23 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallAPI.dll
[2013.12.20 19:19:23 | 000,588,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll
[2013.12.20 19:19:23 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll
[2013.12.20 19:19:22 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013.12.19 01:53:19 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.12.19 01:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.12.19 01:53:15 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Notepad++
[2013.12.19 01:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2013.12.17 19:46:05 | 000,000,000 | ---D | C] -- C:\Burgard
[2013.12.17 01:52:13 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.12.17 01:52:09 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.12.17 01:51:04 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.12.17 01:51:04 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.12.17 01:50:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.12.17 01:50:39 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.12.17 01:50:34 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013.12.17 01:50:31 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013.12.17 01:50:30 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrobj.dll
[2013.12.17 01:50:30 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013.12.17 01:50:30 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrobj.dll
[2013.12.17 01:50:30 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013.12.17 01:50:30 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013.12.17 01:50:30 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013.12.17 01:50:30 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013.12.17 01:50:29 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013.12.17 01:50:29 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013.12.17 01:50:23 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.12.17 01:50:23 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.12.07 17:25:56 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\dave
[2013.12.03 19:04:38 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\Unattneded
[2013.12.03 19:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AAF Recovery tool AV700
[2013.12.03 19:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AAF Recovery tool AV700
[2013.12.01 17:05:31 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
 
========== Files - Modified Within 30 Days ==========
 
[2013.12.31 15:17:37 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\*******\Desktop\dds.com
[2013.12.31 15:06:58 | 001,931,302 | ---- | M] (Farbar) -- C:\Users\*******\Desktop\FRST64.exe
[2013.12.31 15:05:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.29 14:53:15 | 001,754,280 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.12.29 14:53:15 | 000,756,916 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.12.29 14:53:15 | 000,713,292 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.12.29 14:53:15 | 000,157,052 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.12.29 14:53:15 | 000,133,602 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.12.28 22:52:01 | 005,158,590 | R--- | M] (Swearware) -- C:\Users\*******\Desktop\ComboFix.exe
[2013.12.28 22:42:25 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.12.28 19:31:16 | 027,901,952 | ---- | M] () -- C:\Windows\SysNative\vmguest.iso
[2013.12.28 19:21:34 | 000,423,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.12.28 19:21:12 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.12.28 19:21:08 | 3203,522,560 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.28 01:19:24 | 000,000,000 | ---- | M] () -- C:\Users\*******\defogger_reenable
[2013.12.28 00:27:43 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\*******\Desktop\tdsskiller.exe
[2013.12.27 15:22:57 | 000,001,872 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013.12.26 04:31:17 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.12.26 04:31:08 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.12.26 04:31:08 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.12.26 04:31:07 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.12.26 03:18:36 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.12.24 11:03:27 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.12.24 04:31:38 | 000,377,856 | ---- | M] () -- C:\Users\*******\Desktop\gmer_2.1.19163.exe
[2013.12.22 15:40:47 | 000,001,060 | ---- | M] () -- C:\Users\*******\Desktop\Hard Disk Low Level Format Tool.lnk
[2013.12.21 20:58:04 | 000,001,985 | ---- | M] () -- C:\Users\*******\Desktop\UFB Code Setup.lnk
[2013.12.19 00:28:08 | 000,000,001 | ---- | M] () -- C:\Users\*******\AppData\Local\llftool.4.40.agreement
[2013.12.07 17:25:21 | 004,712,205 | ---- | M] () -- C:\Users\*******\Documents\dave.rar
[2013.12.04 01:53:54 | 000,694,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.12.04 01:53:54 | 000,078,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.12.03 19:00:16 | 000,001,087 | ---- | M] () -- C:\Users\*******\Desktop\AAF Recovery tool AV700.lnk
[2013.12.01 17:08:02 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013.12.01 17:08:02 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
 
========== Files Created - No Company Name ==========
 
[2013.12.28 22:42:25 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.12.28 22:42:24 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.12.28 19:21:16 | 000,423,360 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.12.28 01:19:24 | 000,000,000 | ---- | C] () -- C:\Users\*******\defogger_reenable
[2013.12.26 16:14:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.12.26 16:14:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.12.26 16:14:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.12.26 16:14:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.12.26 16:14:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.12.26 03:18:36 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.12.24 13:59:26 | 000,377,856 | ---- | C] () -- C:\Users\*******\Desktop\gmer_2.1.19163.exe
[2013.12.24 01:38:09 | 027,901,952 | ---- | C] () -- C:\Windows\SysNative\vmguest.iso
[2013.12.21 20:58:11 | 000,020,089 | ---- | C] () -- C:\Windows\SysNative\CH341SER.VXD
[2013.12.21 20:58:04 | 000,001,985 | ---- | C] () -- C:\Users\*******\Desktop\UFB Code Setup.lnk
[2013.12.19 00:28:08 | 000,000,001 | ---- | C] () -- C:\Users\*******\AppData\Local\llftool.4.40.agreement
[2013.12.07 17:25:20 | 004,712,205 | ---- | C] () -- C:\Users\*******\Documents\dave.rar
[2013.12.03 19:00:16 | 000,001,087 | ---- | C] () -- C:\Users\*******\Desktop\AAF Recovery tool AV700.lnk
[2013.11.06 22:07:01 | 002,345,528 | ---- | C] () -- C:\Users\*******\dl.7z
[2013.11.06 22:06:02 | 000,928,896 | ---- | C] () -- C:\Users\*******\skin.xzp
[2013.11.06 22:05:53 | 001,708,032 | ---- | C] () -- C:\Users\*******\default.xex
[2013.09.15 18:45:10 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013.07.21 12:19:07 | 000,000,001 | ---- | C] () -- C:\Users\*******\AppData\Local\llftool.4.30.agreement
[2013.05.31 13:18:45 | 013,492,224 | ---- | C] () -- C:\Users\*******\AppData\Roaming\Sandra.mdb
[2013.03.29 23:06:03 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.03.29 23:06:03 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013.02.11 01:16:26 | 000,001,872 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.02.09 12:59:41 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.02.09 12:47:54 | 000,000,036 | ---- | C] () -- C:\Users\*******\AppData\Local\housecall.guid.cache
[2012.12.23 22:41:27 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-*******_MOBILE-Microsoft-Windows-8-Pro-(64-Bit).dat
[2012.10.08 14:08:48 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.10.08 14:08:48 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.08.28 21:54:01 | 000,402,912 | ---- | C] () -- C:\ProgramData\1346186852.bdinstall.bin
[2012.08.28 16:00:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.20 12:16:50 | 001,051,136 | ---- | C] () -- C:\Windows\SysWow64\RTClientSDK71.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.03.14 14:20:48 | 000,541,696 | ---- | C] () -- C:\Windows\SysWow64\IPCDCore.dll
[2012.01.11 08:44:08 | 000,000,396 | ---- | C] () -- C:\Windows\SysWow64\wm.bin
 
========== ZeroAccess Check ==========
 
[2012.09.10 20:32:05 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.08.02 07:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.08.02 06:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >



#4 candelaver

candelaver
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 31 December 2013 - 09:53 AM

GMER LOG

 

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-28 22:36:53
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003d SAMSUNG_HM641JI rev.2AJ10001 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\*********\AppData\Local\Temp\fgloquog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\vmms.exe[2312] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                                                                                                                      000007fc048a177a 4 bytes [8A, 04, FC, 07]
.text   C:\Windows\system32\vmms.exe[2312] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                                                                                                                      000007fc048a1782 4 bytes [8A, 04, FC, 07]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[2896] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                                                                                                                                                              000007fbf8d41b32 4 bytes [D4, F8, FB, 07]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[2896] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                                                                                                                                                              000007fbf8d41b3a 4 bytes [D4, F8, FB, 07]
.text   C:\Program Files\ESET\ESET Smart Security\egui.exe[1556] C:\Windows\SYSTEM32\msimg32.dll!GradientFill + 690                                                                                                                                                                                          000007fc00f11532 4 bytes [F1, 00, FC, 07]
.text   C:\Program Files\ESET\ESET Smart Security\egui.exe[1556] C:\Windows\SYSTEM32\msimg32.dll!GradientFill + 698                                                                                                                                                                                          000007fc00f1153a 4 bytes [F1, 00, FC, 07]
.text   C:\Program Files\ESET\ESET Smart Security\egui.exe[1556] C:\Windows\SYSTEM32\msimg32.dll!TransparentBlt + 246                                                                                                                                                                                        000007fc00f1165a 4 bytes [F1, 00, FC, 07]
.text   C:\Program Files\Sandboxie\SbieCtrl.exe[2016] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                                                                                                           000007fc048a177a 4 bytes [8A, 04, FC, 07]
.text   C:\Program Files\Sandboxie\SbieCtrl.exe[2016] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                                                                                                           000007fc048a1782 4 bytes [8A, 04, FC, 07]
.text   C:\Windows\explorer.exe[5080] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                                                                                                                                     000007fc00f11532 4 bytes [F1, 00, FC, 07]
.text   C:\Windows\explorer.exe[5080] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                                                                                                                                     000007fc00f1153a 4 bytes [F1, 00, FC, 07]
.text   C:\Windows\explorer.exe[5080] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                                                                                                                                   000007fc00f1165a 4 bytes [F1, 00, FC, 07]
.text   C:\Program Files\Internet Explorer\IEXPLORE.EXE[3404] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                                                                                                             000007fc00f11532 4 bytes [F1, 00, FC, 07]
.text   C:\Program Files\Internet Explorer\IEXPLORE.EXE[3404] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                                                                                                             000007fc00f1153a 4 bytes [F1, 00, FC, 07]
.text   C:\Program Files\Internet Explorer\IEXPLORE.EXE[3404] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                                                                                                           000007fc00f1165a 4 bytes [F1, 00, FC, 07]

---- Threads - GMER 2.1 ----

Thread  System [4:752]                                                                                                                                                                                                                                                                                       fffffa8005715630
Thread  C:\Windows\system32\csrss.exe [532:556]                                                                                                                                                                                                                                                              fffff960009375e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                                                                                                                                                    1397639444
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd508976                                                                                                                                                                                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd508976@c4731e05de87                                                                                                                                                                                                             0x78 0x0E 0x41 0x6F ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd508976@0808c29c97e5                                                                                                                                                                                                             0xA7 0xD9 0x72 0x31 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                                                                                                                                                                      20358
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                                                                                                                                                                     18503

---- Files - GMER 2.1 ----

File    C:\Users\*********\Downloads\extracted\[0000]---ausmisten---\The 150 Most Effective Ways to Boost Your Energy - The Surprising, Unbiased Truth About Using Nutrition, Exercise, Supplements, Stress Relief, and Personal Empowerment to Stay Energized All Day -Mantesh\The 150 Most Effective Ways.pdf  126221004 bytes

---- EOF - GMER 2.1 ----
 

 



#5 candelaver

candelaver
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 31 December 2013 - 09:56 AM

DDS LOG

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.45.2
Run by ***** at 15:19:02 on 2013-12-31
Microsoft Windows 8 Pro  6.2.9200.0.1252.49.1031.18.3819.1537 [GMT 1:00]
.
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\vmms.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
C:\Program Files\Tools\totalcmd\TOTALCMD64.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Users\*****\Desktop\FRST64.exe
C:\Windows\SYSTEM32\notepad.exe
C:\Windows\SYSTEM32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe -update plugin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {DEE2929B-E914-4764-A697-BACD6E77FCCC} - hxxp://192.168.178.27/classes/AverMediaCamV_H264.cab
DPF: {F140A533-BF17-4F3A-BD4E-046CDE5295AB} - hxxp://192.168.178.128:5550/PCViewX.cab
TCP: NameServer = 192.168.235.1
TCP: Interfaces\{19355000-B6FB-45BF-9A25-B79793B518B5} : DHCPNameServer = 192.168.235.1
TCP: Interfaces\{19355000-B6FB-45BF-9A25-B79793B518B5}\44F5E4564777F627B6F50323F51405 : DHCPNameServer = 192.168.235.1
TCP: Interfaces\{19355000-B6FB-45BF-9A25-B79793B518B5}\5416379724F687D2336353432323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{19355000-B6FB-45BF-9A25-B79793B518B5}\64259445A51224F6870264F6E60275C414E40273137303 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{19355000-B6FB-45BF-9A25-B79793B518B5}\75C414E4D2038383131353 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{19355000-B6FB-45BF-9A25-B79793B518B5}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{19355000-B6FB-45BF-9A25-B79793B518B5}\D457C64796D656469616D2642463336303 : DHCPNameServer = 192.168.235.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
x64-mPolicies-Explorer: NoDriveAutoRun = dword:67108863
x64-mPolicies-Explorer: NoDrives = dword:0
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\b9qeorr5.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\Drivers\epfwwfp.sys [2013-9-17 62136]
R1 eamonm;eamonm;C:\Windows\System32\Drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\Drivers\EpfwLWF.sys [2013-9-17 44120]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-26 418376]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-3-25 230408]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-3-25 70152]
R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-6-24 72192]
R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2013-1-9 143624]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-11-20 5087584]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-12-26 25928]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-10-16 200552]
R3 vmbusr;Anbieter für Bus des virtuellen Computers;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
R3 VMSMP;VMSMP;C:\Windows\System32\Drivers\vmswitch.sys [2013-3-17 569344]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-26 701512]
S2 Palm_TCP_Relay;Palm TCP Relay;C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe [2011-12-21 11776]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\Drivers\androidusb.sys [2010-4-29 32768]
S3 bthav;Bluetooth-AV-Profil;C:\Windows\System32\Drivers\bthav.sys [2008-7-10 40448]
S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\Drivers\CH341S64.SYS [2011-11-4 58368]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-6-4 103448]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-3-29 37344]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-22 110744]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe [2013-5-31 71832]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-6-4 203672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vhdparser;vhdparser;C:\Windows\System32\Drivers\vhdparser.sys [2012-7-26 16384]
S3 VMSP;VMSP;C:\Windows\System32\Drivers\vmswitch.sys [2013-3-17 569344]
S3 VMSVSP;VMSVSP;C:\Windows\System32\Drivers\vmswitch.sys [2013-3-17 569344]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-12-31 14:12:52    --------    d-----w-    C:\Users\*****\AppData\Local\Macromedia
2013-12-28 23:02:14    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-12-28 23:02:00    --------    d-----w-    C:\Users\*****\AppData\Local\temp
2013-12-26 15:14:45    98816    ----a-w-    C:\Windows\sed.exe
2013-12-26 15:14:45    256000    ----a-w-    C:\Windows\PEV.exe
2013-12-26 15:14:45    208896    ----a-w-    C:\Windows\MBR.exe
2013-12-26 03:31:34    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-12-26 03:21:16    --------    d-----w-    C:\FRST
2013-12-26 02:18:27    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-12-26 02:18:26    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 04:11:12    --------    d-----w-    C:\AdwCleaner
2013-12-24 10:04:06    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-24 10:03:27    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-24 02:18:21    --------    d-----w-    C:\Windows\ERUNT
2013-12-21 21:53:58    --------    d-----w-    C:\Program Files (x86)\LinuxLive USB Creator
2013-12-21 19:58:11    6712    ----a-w-    C:\Windows\System32\CH341PT.DLL
2013-12-21 19:58:11    39696    ----a-w-    C:\Windows\System32\drivers\CH341SER.SYS
2013-12-21 19:58:11    20089    ----a-w-    C:\Windows\System32\CH341SER.VXD
2013-12-21 19:58:11    19680    ----a-w-    C:\Windows\System32\drivers\CH341S98.SYS
2013-12-21 19:58:11    --------    d-----w-    C:\WCH.CN
2013-12-21 19:57:50    --------    d-----w-    C:\Windows\UFB Code Setup
2013-12-21 19:57:49    --------    d-----w-    C:\Program Files (x86)\UFB Code Setup
2013-12-20 18:49:25    --------    d-----w-    C:\Program Files\ESET
2013-12-20 18:19:24    915968    ----a-w-    C:\Windows\System32\MPSSVC.dll
2013-12-20 18:19:23    758784    ----a-w-    C:\Windows\System32\FirewallAPI.dll
2013-12-20 18:19:23    588288    ----a-w-    C:\Windows\System32\SHCore.dll
2013-12-20 18:19:23    550400    ----a-w-    C:\Windows\SysWow64\FirewallAPI.dll
2013-12-20 18:19:23    452608    ----a-w-    C:\Windows\SysWow64\SHCore.dll
2013-12-20 18:19:23    227840    ----a-w-    C:\Windows\System32\WebClnt.dll
2013-12-20 18:19:23    199168    ----a-w-    C:\Windows\SysWow64\WebClnt.dll
2013-12-20 18:19:23    100696    ----a-w-    C:\Windows\System32\drivers\disk.sys
2013-12-20 18:19:22    86016    ----a-w-    C:\Windows\SysWow64\davclnt.dll
2013-12-20 18:19:22    74752    ----a-w-    C:\Windows\System32\drivers\mpsdrv.sys
2013-12-20 18:19:22    104448    ----a-w-    C:\Windows\System32\davclnt.dll
2013-12-17 18:46:05    --------    d-----w-    C:\Burgard
2013-12-17 00:51:10    1084928    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-12-17 00:51:04    3959808    ----a-w-    C:\Windows\System32\jscript9.dll
2013-12-03 18:04:38    --------    d-----w-    C:\Users\*****\AppData\Local\Unattneded
2013-12-03 18:00:08    --------    d-----w-    C:\Program Files (x86)\AAF Recovery tool AV700
2013-12-01 16:05:31    --------    d-----w-    C:\$WINDOWS.~BT
.
==================== Find3M  ====================
.
2013-12-04 00:53:54    78304    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53:54    694240    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-23 06:43:58    420864    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-23 05:05:01    368640    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-06 23:18:57    4036608    ----a-w-    C:\Windows\System32\win32k.sys
2013-11-01 05:38:21    312320    ----a-w-    C:\Windows\System32\msieftp.dll
2013-11-01 03:49:24    273408    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-25 06:19:22    2241536    ----a-w-    C:\Windows\System32\wininet.dll
2013-10-25 06:19:12    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2013-10-25 04:45:11    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-10-25 01:32:08    167936    ----a-w-    C:\Windows\System32\drivers\ser2pl64.sys
2013-10-19 05:45:45    62976    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 04:04:07    59392    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-10-10 11:53:35    96600    ----a-w-    C:\Windows\System32\drivers\wfplwfs.sys
2013-10-10 09:32:09    115712    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-10-10 09:30:50    162304    ----a-w-    C:\Windows\SysWow64\scrobj.dll
2013-10-10 09:30:50    156160    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-10-10 09:24:02    143872    ----a-w-    C:\Windows\System32\wshom.ocx
2013-10-10 09:23:41    146944    ----a-w-    C:\Windows\System32\cscript.exe
2013-10-10 09:22:46    222720    ----a-w-    C:\Windows\System32\scrobj.dll
2013-10-10 09:22:46    194048    ----a-w-    C:\Windows\System32\scrrun.dll
2013-10-10 09:21:20    1160192    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-10 09:20:43    723968    ----a-w-    C:\Windows\System32\BFE.DLL
2013-10-08 22:30:32    35328    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2013-10-08 22:30:17    84992    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2013-10-08 22:30:17    126976    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2013-10-08 22:28:11    40448    ----a-w-    C:\Windows\System32\wuapp.exe
2013-10-08 22:27:56    99328    ----a-w-    C:\Windows\System32\wudriver.dll
2013-10-08 22:27:56    252928    ----a-w-    C:\Windows\System32\WUSettingsProvider.dll
2013-10-08 22:27:56    1622016    ----a-w-    C:\Windows\System32\wucltux.dll
2013-10-08 22:27:56    142848    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-10-08 22:27:45    175104    ----a-w-    C:\Windows\System32\storewuauth.dll
2013-10-08 06:50:37    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 06:10:20    285016    ----a-w-    C:\Windows\System32\drivers\spaceport.sys
2013-10-03 01:56:48    1133400    ----a-w-    C:\Windows\System32\hvix64.exe
2013-10-03 01:56:48    1116504    ----a-w-    C:\Windows\System32\hvax64.exe
2013-10-02 23:25:41    1300992    ----a-w-    C:\Windows\System32\gdi32.dll
.
============= FINISH: 15:20:22,97 ===============
 

 



#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 05 January 2014 - 09:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/519153 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#7 candelaver

candelaver
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 10 January 2014 - 06:30 AM

Deleted because DDS was noct in Force Mode,

 

see new DDS and Attach Forced in next Reply

Attached Files


Edited by candelaver, 10 January 2014 - 06:49 AM.


#8 candelaver

candelaver
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 10 January 2014 - 06:47 AM

DDS LOG & Attach.zip (Forced)

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.45.2
Run by ****** at 12:37:29 on 2014-01-10
#Option Extended Search is enabled.
Microsoft Windows 8 Pro  6.2.9200.0.1252.49.1031.18.3819.2404 [GMT 1:00]
.
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\vmms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Tools\totalcmd\TOTALCMD64.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\Sandboxie\32\SbieSvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {DEE2929B-E914-4764-A697-BACD6E77FCCC} - hxxp://192.168.178.27/classes/AverMediaCamV_H264.cab
DPF: {F140A533-BF17-4F3A-BD4E-046CDE5295AB} - hxxp://192.168.178.128:5550/PCViewX.cab
TCP: NameServer = 192.168.235.1
TCP: Interfaces\{19355000-B6FB-45BF-9A25-B79793B518B5} : DHCPNameServer = 192.168.235.1
TCP: Interfaces\{19355000-B6FB-45BF-9A25-B79793B518B5}\44F5E4564777F627B6F50323 : DHCPNameServer = 192.168.235.1
TCP: Interfaces\{19355000-B6FB-45BF-9A25-B79793B518B5}\44F5E4564777F627B6F50323F51405 : DHCPNameServer = 192.168.235.1
TCP: Interfaces\{19355000-B6FB-45BF-9A25-B79793B518B5}\5416379724F687D2336353432323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{19355000-B6FB-45BF-9A25-B79793B518B5}\64259445A51224F6870264F6E60275C414E40273137303 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{19355000-B6FB-45BF-9A25-B79793B518B5}\75C414E4D2038383131353 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{19355000-B6FB-45BF-9A25-B79793B518B5}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
x64-mPolicies-Explorer: NoDriveAutoRun = dword:67108863
x64-mPolicies-Explorer: NoDrives = dword:0
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\b9qeorr5.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\Drivers\epfwwfp.sys [2013-9-17 62136]
R1 eamonm;eamonm;C:\Windows\System32\Drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\Drivers\EpfwLWF.sys [2013-9-17 44120]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-26 418376]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-3-25 230408]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-3-25 70152]
R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-6-24 72192]
R2 Palm_TCP_Relay;Palm TCP Relay;C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe [2011-12-21 11776]
R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2013-1-9 143624]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-11-20 5087584]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-12-26 25928]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-10-16 200552]
R3 vmbusr;Anbieter für Bus des virtuellen Computers;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
R3 VMSMP;VMSMP;C:\Windows\System32\Drivers\vmswitch.sys [2013-3-17 569344]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-26 701512]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\Drivers\androidusb.sys [2010-4-29 32768]
S3 bthav;Bluetooth-AV-Profil;C:\Windows\System32\Drivers\bthav.sys [2008-7-10 40448]
S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\Drivers\CH341S64.SYS [2011-11-4 58368]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-6-4 103448]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-3-29 37344]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-22 110744]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe [2013-5-31 71832]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-6-4 203672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vhdparser;vhdparser;C:\Windows\System32\Drivers\vhdparser.sys [2012-7-26 16384]
S3 VMSP;VMSP;C:\Windows\System32\Drivers\vmswitch.sys [2013-3-17 569344]
S3 VMSVSP;VMSVSP;C:\Windows\System32\Drivers\vmswitch.sys [2013-3-17 569344]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 60 ================
.
2014-01-04 01:04:02    --------    d-----w-    C:\Program Files\ARPCache
2014-01-04 01:03:57    4608    ----a-w-    C:\Windows\SysWow64\W95Inf32.DLL
2014-01-04 01:03:57    2272    ----a-w-    C:\Windows\SysWow64\W95Inf16.DLL
2014-01-02 22:47:02    --------    d-----w-    C:\TCPView
2014-01-02 22:32:50    --------    d-----w-    C:\getservice
2014-01-02 22:12:47    --------    d-----w-    C:\Users\******\AppData\Roaming\SUPERAntiSpyware.com
2014-01-02 22:11:56    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-01-02 22:11:56    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-12-31 14:12:52    --------    d-----w-    C:\Users\******\AppData\Local\Macromedia
2013-12-28 23:02:14    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-12-28 23:02:00    --------    d-----w-    C:\Users\******\AppData\Local\temp
2013-12-26 03:31:34    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-12-26 02:18:27    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-12-26 02:18:26    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 04:11:12    --------    d-----w-    C:\AdwCleaner
2013-12-24 10:04:06    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-24 10:03:27    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-24 02:18:21    --------    d-----w-    C:\Windows\ERUNT
2013-12-21 21:53:58    --------    d-----w-    C:\Program Files (x86)\LinuxLive USB Creator
2013-12-21 19:58:11    6712    ----a-w-    C:\Windows\System32\CH341PT.DLL
2013-12-21 19:58:11    39696    ----a-w-    C:\Windows\System32\drivers\CH341SER.SYS
2013-12-21 19:58:11    20089    ----a-w-    C:\Windows\System32\CH341SER.VXD
2013-12-21 19:58:11    19680    ----a-w-    C:\Windows\System32\drivers\CH341S98.SYS
2013-12-21 19:58:11    --------    d-----w-    C:\WCH.CN
2013-12-21 19:57:50    --------    d-----w-    C:\Windows\UFB Code Setup
2013-12-21 19:57:49    --------    d-----w-    C:\Program Files (x86)\UFB Code Setup
2013-12-20 18:49:25    --------    d-----w-    C:\Program Files\ESET
2013-12-20 18:19:24    915968    ----a-w-    C:\Windows\System32\MPSSVC.dll
2013-12-20 18:19:23    758784    ----a-w-    C:\Windows\System32\FirewallAPI.dll
2013-12-20 18:19:23    588288    ----a-w-    C:\Windows\System32\SHCore.dll
2013-12-20 18:19:23    550400    ----a-w-    C:\Windows\SysWow64\FirewallAPI.dll
2013-12-20 18:19:23    452608    ----a-w-    C:\Windows\SysWow64\SHCore.dll
2013-12-20 18:19:23    227840    ----a-w-    C:\Windows\System32\WebClnt.dll
2013-12-20 18:19:23    199168    ----a-w-    C:\Windows\SysWow64\WebClnt.dll
2013-12-20 18:19:23    100696    ----a-w-    C:\Windows\System32\drivers\disk.sys
2013-12-20 18:19:22    86016    ----a-w-    C:\Windows\SysWow64\davclnt.dll
2013-12-20 18:19:22    74752    ----a-w-    C:\Windows\System32\drivers\mpsdrv.sys
2013-12-20 18:19:22    104448    ----a-w-    C:\Windows\System32\davclnt.dll
2013-12-17 18:46:05    --------    d-----w-    C:\Burgard
2013-12-17 00:51:10    1084928    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-12-17 00:51:04    3959808    ----a-w-    C:\Windows\System32\jscript9.dll
2013-12-03 18:04:38    --------    d-----w-    C:\Users\******\AppData\Local\Unattneded
2013-12-03 18:00:08    --------    d-----w-    C:\Program Files (x86)\AAF Recovery tool AV700
2013-11-29 11:19:02    --------    d-----w-    C:\Program Files (x86)\FinalWire
2013-11-29 10:51:14    --------    d-----w-    C:\Program Files (x86)\Belarc
2013-11-29 10:20:25    --------    d-----w-    C:\ProgramData\Microsoft Toolkit
2013-11-23 16:00:00    78304    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-23 15:59:59    694240    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-20 13:23:20    --------    d-----w-    C:\Program Files (x86)\TeamViewer
2013-11-18 14:10:52    190144    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1031\OSFINTL.DLL
2013-11-18 12:02:30    3002048    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1031\MSOINTL.DLL
2013-11-17 11:33:18    --------    d-----w-    C:\Users\******\AppData\Roaming\FlashFXP
2013-11-17 11:33:13    --------    d-----w-    C:\ProgramData\regid.2000-02.com.flashfxp
2013-11-17 11:33:12    --------    d-----w-    C:\ProgramData\FlashFXP
2013-11-17 11:33:11    --------    d-----w-    C:\Program Files (x86)\FlashFXP 4
2013-11-17 11:33:08    --------    dc-h--w-    C:\ProgramData\{449C500F-7C88-4670-96CF-1398F4F077C1}
2013-11-17 11:01:54    1890816    ----a-w-    C:\Windows\System32\crypt32.dll
2013-11-17 11:01:54    1569280    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-11-17 11:01:23    576512    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-11-17 11:01:21    1160192    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-11-17 11:01:20    96600    ----a-w-    C:\Windows\System32\drivers\wfplwfs.sys
2013-11-17 11:01:20    723968    ----a-w-    C:\Windows\System32\BFE.DLL
2013-11-17 11:01:19    419328    ----a-w-    C:\Windows\System32\schannel.dll
2013-11-17 11:01:18    323072    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-11-17 10:59:13    2062848    ----a-w-    C:\Windows\System32\d3d11.dll
2013-11-17 10:59:12    1711616    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-11-17 10:58:56    1133400    ----a-w-    C:\Windows\System32\hvix64.exe
2013-11-17 10:58:56    1116504    ----a-w-    C:\Windows\System32\hvax64.exe
2013-11-17 10:58:43    2035712    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-11-17 10:58:42    2304512    ----a-w-    C:\Windows\System32\authui.dll
2013-11-12 16:28:13    --------    d-----w-    C:\ProgramData\Oracle
2013-11-12 16:27:50    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find6M  ====================
.
2013-11-23 06:43:58    420864    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-23 05:05:01    368640    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-06 23:18:57    4036608    ----a-w-    C:\Windows\System32\win32k.sys
2013-11-01 05:38:21    312320    ----a-w-    C:\Windows\System32\msieftp.dll
2013-11-01 03:49:24    273408    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-25 06:19:22    2241536    ----a-w-    C:\Windows\System32\wininet.dll
2013-10-25 06:19:12    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2013-10-25 04:45:11    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-10-25 01:32:08    167936    ----a-w-    C:\Windows\System32\drivers\ser2pl64.sys
2013-10-19 05:45:45    62976    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 04:04:07    59392    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-10-10 09:32:09    115712    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-10-10 09:30:50    162304    ----a-w-    C:\Windows\SysWow64\scrobj.dll
2013-10-10 09:30:50    156160    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-10-10 09:24:02    143872    ----a-w-    C:\Windows\System32\wshom.ocx
2013-10-10 09:23:41    146944    ----a-w-    C:\Windows\System32\cscript.exe
2013-10-10 09:22:46    222720    ----a-w-    C:\Windows\System32\scrobj.dll
2013-10-10 09:22:46    194048    ----a-w-    C:\Windows\System32\scrrun.dll
2013-10-08 22:30:32    35328    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2013-10-08 22:30:17    84992    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2013-10-08 22:30:17    126976    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2013-10-08 22:28:11    40448    ----a-w-    C:\Windows\System32\wuapp.exe
2013-10-08 22:27:56    99328    ----a-w-    C:\Windows\System32\wudriver.dll
2013-10-08 22:27:56    252928    ----a-w-    C:\Windows\System32\WUSettingsProvider.dll
2013-10-08 22:27:56    1622016    ----a-w-    C:\Windows\System32\wucltux.dll
2013-10-08 22:27:56    142848    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-10-08 22:27:45    175104    ----a-w-    C:\Windows\System32\storewuauth.dll
2013-10-05 06:10:20    285016    ----a-w-    C:\Windows\System32\drivers\spaceport.sys
2013-10-02 23:25:41    1300992    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-02 02:50:07    447320    ----a-w-    C:\Windows\System32\drivers\USBHUB3.SYS
2013-10-01 22:22:19    1022976    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 05:48:00    778752    ----a-w-    C:\Windows\System32\oleaut32.dll
2013-09-28 03:58:44    551424    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2013-09-28 03:35:36    288768    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-09-19 07:32:10    1455448    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-09-17 14:17:38    62136    ----a-w-    C:\Windows\System32\drivers\epfwwfp.sys
2013-09-17 14:17:38    44120    ----a-w-    C:\Windows\System32\drivers\EpfwLWF.sys
2013-09-17 14:17:38    239320    ----a-w-    C:\Windows\System32\drivers\eamonm.sys
2013-09-17 14:17:38    239296    ----a-w-    C:\Windows\System32\drivers\edevmon.sys
2013-09-17 14:17:38    220232    ----a-w-    C:\Windows\System32\drivers\epfw.sys
2013-09-17 14:17:38    168256    ----a-w-    C:\Windows\System32\drivers\ehdrv.sys
2013-09-13 22:36:14    247296    ----a-w-    C:\Windows\SysWow64\ubpm.dll
2013-09-13 22:33:42    328192    ----a-w-    C:\Windows\System32\ubpm.dll
2013-08-30 05:43:40    61784    ----a-w-    C:\Windows\System32\drivers\crashdmp.sys
2013-08-30 05:20:13    1173504    ----a-w-    C:\Windows\System32\UIAutomationCore.dll
2013-08-30 05:19:53    626688    ----a-w-    C:\Windows\System32\resutils.dll
2013-08-30 05:18:36    374784    ----a-w-    C:\Windows\System32\clusapi.dll
2013-08-29 23:48:12    914432    ----a-w-    C:\Windows\SysWow64\UIAutomationCore.dll
2013-08-29 23:48:02    488960    ----a-w-    C:\Windows\SysWow64\resutils.dll
2013-08-29 23:47:28    302080    ----a-w-    C:\Windows\SysWow64\clusapi.dll
2013-08-21 06:39:29    465240    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-08-16 05:41:13    58200    ----a-w-    C:\Windows\System32\drivers\dam.sys
2013-08-16 05:39:26    2371728    ----a-w-    C:\Windows\System32\WSService.dll
2013-08-16 05:32:48    209200    ----a-w-    C:\Windows\System32\NotificationUI.exe
2013-08-16 05:22:11    4917760    ----a-w-    C:\Windows\System32\sppsvc.exe
2013-08-16 05:21:43    688640    ----a-w-    C:\Windows\System32\WSShared.dll
2013-08-16 05:21:43    183808    ----a-w-    C:\Windows\System32\WSSync.dll
2013-08-16 05:21:42    204800    ----a-w-    C:\Windows\System32\WSClient.dll
2013-08-16 05:21:42    198656    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.dll
2013-08-16 05:21:42    163840    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-16 05:21:18    368640    ----a-w-    C:\Windows\System32\sppwinob.dll
2013-08-16 05:21:18    1164288    ----a-w-    C:\Windows\System32\sppobjs.dll
2013-08-16 05:21:12    81408    ----a-w-    C:\Windows\System32\setupcln.dll
2013-08-16 05:21:00    120320    ----a-w-    C:\Windows\System32\sppc.dll
2013-08-16 05:20:30    105984    ----a-w-    C:\Windows\System32\WinSetupUI.dll
2013-08-15 22:43:03    562688    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2013-08-15 22:43:03    159232    ----a-w-    C:\Windows\SysWow64\WSSync.dll
2013-08-15 22:43:02    83968    ----a-w-    C:\Windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02    167424    ----a-w-    C:\Windows\SysWow64\WSClient.dll
2013-08-15 22:43:02    143872    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52    76800    ----a-w-    C:\Windows\SysWow64\setupcln.dll
2013-08-15 22:42:47    91648    ----a-w-    C:\Windows\SysWow64\sppc.dll
2013-08-10 06:30:22    151896    ----a-w-    C:\Windows\System32\drivers\tpm.sys
2013-08-10 05:21:51    448512    ----a-w-    C:\Windows\System32\SettingSync.dll
2013-08-10 05:21:51    128512    ----a-w-    C:\Windows\System32\SettingSyncInfo.dll
2013-08-10 05:21:01    817152    ----a-w-    C:\Windows\System32\kerberos.dll
2013-08-10 03:58:51    356352    ----a-w-    C:\Windows\SysWow64\SettingSync.dll
2013-08-10 03:58:09    656896    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2013-08-07 05:15:02    144896    ----a-w-    C:\Windows\System32\tssdisai.dll
2013-08-03 06:40:49    462336    ----a-w-    C:\Windows\System32\sysmon.ocx
2013-08-03 06:40:17    566784    ----a-w-    C:\Windows\System32\wvc.dll
2013-08-03 06:40:01    1374208    ----a-w-    C:\Windows\System32\wdc.dll
2013-08-03 05:14:15    399360    ----a-w-    C:\Windows\SysWow64\sysmon.ocx
2013-08-03 05:13:57    437248    ----a-w-    C:\Windows\SysWow64\wvc.dll
2013-08-03 05:13:43    1245696    ----a-w-    C:\Windows\SysWow64\wdc.dll
2013-08-02 06:28:29    10116608    ----a-w-    C:\Windows\System32\twinui.dll
2013-08-02 05:08:18    8858112    ----a-w-    C:\Windows\SysWow64\twinui.dll
2013-08-01 10:41:31    2233688    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-07-27 03:58:39    2207232    ----a-w-    C:\Windows\SysWow64\PrintConfig.dll
2013-07-24 23:10:31    10799104    ----a-w-    C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-07-24 23:10:08    158208    ----a-w-    C:\Windows\SysWow64\mbsmsapi.dll
2013-07-24 23:07:09    13661696    ----a-w-    C:\Windows\System32\Windows.UI.Xaml.dll
2013-07-24 23:06:39    225280    ----a-w-    C:\Windows\System32\mbsmsapi.dll
2013-07-19 22:13:34    124112    ----a-w-    C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-07-19 22:13:15    102608    ----a-w-    C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
.
============= FINISH: 12:38:00,60 ===============
 

 

 

 

Attached File  attach.zip   2.4KB   0 downloads

 

 

Yes, i´ve genuine Windows 8 x64bit CD/DVD and USB Stick here



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 PM

Posted 12 January 2014 - 07:01 PM

Greetings candelaver and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 PM

Posted 12 January 2014 - 07:29 PM

Greetings,

It looks like you have already done an extensive amount of poking around inside your Netbook. Can you tell me if the Netbook itself is displaying any issues? In scanning over your logs, at first glance I do not see anything of concern. I would like you to run and post a fresh FRST log please.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 candelaver

candelaver
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 13 January 2014 - 08:03 AM

Thank you for You Assisstance
did you want any other Scan Logs of the Netbook ??
 
I can tmake today evening The whole Scan Logs for my PC, have you any Tip to scan the NAS Server over the Network ??
 
I tried to connect/log in this Netbook to the NAS Server and Eset send me the Message ARP Cache Poising. Maybe False/positve ??
 
 
FRST64 LOG
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 01
Ran by ********* (administrator) on *********_ACER on 13-01-2014 13:44:54
Running from C:\Users\*********\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
() C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Ghisler Software GmbH) C:\Program Files\Tools\totalcmd\TOTALCMD64.EXE
(Farbar) C:\Users\*********\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1511792 2013-03-28] (Samsung)
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563096 2013-12-20] (SUPERAntiSpyware)
HKCU\...\Run: [LiveSupport] - "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
AppInit_DLLs: C:\Program Files (x86)\GS_x64.Enabler [2759168 2014-01-12] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.toolksearchbook.info/?pid=377&r=2014/01/12&hid=14812056794073920219&lg=EN&cc=DE&unqvl=46
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEB8C570C5E85CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.toolksearchbook.info/?pid=377&r=2014/01/12&hid=14812056794073920219&lg=EN&cc=DE&unqvl=46
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.toolksearchbook.info/?l=1&q={searchTerms}&pid=377&r=2014/01/12&hid=14812056794073920219&lg=EN&cc=DE&unqvl=46
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.toolksearchbook.info/?l=1&q={searchTerms}&pid=377&r=2014/01/12&hid=14812056794073920219&lg=EN&cc=DE&unqvl=46
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.toolksearchbook.info/?l=1&q={searchTerms}&pid=377&r=2014/01/12&hid=14812056794073920219&lg=EN&cc=DE&unqvl=46
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SNT - {4E2AD2BA-8EBF-D04E-7A74-5CAC8FA20C3E} - C:\Program Files (x86)\SNT\sr_fD14R.x64.dll No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: YoutubeAdblocker - {FFEAD4D4-C854-FCB9-0C0C-54E3FA659A54} - C:\Program Files (x86)\YoutubeAdblocker\R.x64.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {DEE2929B-E914-4764-A697-BACD6E77FCCC} http://192.168.178.27/classes/AverMediaCamV_H264.cab
DPF: HKLM-x32 {F140A533-BF17-4F3A-BD4E-046CDE5295AB} http://192.168.178.128:5550/PCViewX.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.235.1

FireFox:
========
FF ProfilePath: C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\b9qeorr5.default
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: WebSearch
FF Homepage: hxxp://websearch.toolksearchbook.info/?pid=377&r=2014/01/12&hid=14812056794073920219&lg=EN&cc=DE&unqvl=46
FF Keyword.URL: hxxp://websearch.toolksearchbook.info/?pid=377&r=2014/01/12&hid=14812056794073920219&lg=EN&cc=DE&unqvl=46&l=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\b9qeorr5.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\b9qeorr5.default\searchplugins\privatelee-https.xml
FF SearchPlugin: C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\b9qeorr5.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: greAtsavEEro - C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\b9qeorr5.default\Extensions\aeyeaeib9lw@uyuk.com [2014-01-12]
FF Extension: YoutubeAdblocker - C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\b9qeorr5.default\Extensions\pynj_ptz@htpualha.co.uk [2014-01-12]
FF Extension: SNT - C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\b9qeorr5.default\Extensions\rmg.k3@oa-gllh.com [2014-01-12]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\b9qeorr5.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-01-02]
FF Extension: NoScript - C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\b9qeorr5.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-02]
FF Extension: Adblock Plus - C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\b9qeorr5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-02]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-12-20]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-12-20]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Download Accelerator Plus) - C:\Users\*********\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\239 [2014-01-12]
CHR Extension: (YeTBOokMoark) - C:\Users\*********\AppData\Local\Google\Chrome\User Data\Default\Extensions\ighgegkhglfkemkohgpijeeniochodnf\1.1 [2014-01-12]
CHR Extension: (greAtsavEEro) - C:\Users\*********\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhlmkbkipkmlaggbdedhicmcnkcgjphc\2.7 [2014-01-12]
CHR Extension: (SNT) - C:\Users\*********\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlleglehppkoeainmknjfclanhipmhch\2.1 [2014-01-12]
CHR Extension: (YoutubeAdblocker) - C:\Users\*********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcmodedoanoameafhicakgefoapceoa\1.0 [2014-01-12]

==================== Services (Whitelisted) =================

U2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
U2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
U2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm)
U2 Palm_TCP_Relay; C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe [11776 2011-12-21] ()
U3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
U3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe [71832 2009-04-22] (SiSoftware)
U2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
U2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143624 2013-01-09] (Stardock Software, Inc)
U2 vmms; C:\Windows\system32\vmms.exe [11201536 2013-06-01] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
U2 1a34a8e0; "C:\Windows\system32\rundll32.exe" "c:\progra~2\GSSvc.dll",service

==================== Drivers (Whitelisted) ====================

U3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
U3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
U3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
U3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
U1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
U2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
U1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
U0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
U3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] ()
U1 hvservice; C:\Windows\System32\drivers\hvservice.sys [67816 2012-10-11] (Microsoft Corporation)
U3 lunparser; C:\Windows\System32\drivers\lunparser.sys [18944 2012-07-26] (Microsoft Corporation)
U3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
U3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [20992 2012-07-26] (Microsoft Corporation)
U1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
U3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [16384 2012-07-26] (Microsoft Corporation)
U3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [569344 2013-02-02] (Microsoft Corporation)
U3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [569344 2013-02-02] (Microsoft Corporation)
U3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [569344 2013-02-02] (Microsoft Corporation)
U3 dgderdrv; System32\drivers\dgderdrv.sys [x]
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
U2 TMAgent;
U2 VBoxDRV; \??\F:\VirtualBox\Portable-VirtualBox\app64\drivers\VBoxDrv\VBoxDrv.sys [x]
U2 VBoxUSBMon; \??\F:\VirtualBox\Portable-VirtualBox\app64\drivers\USB\filter\VBoxUSBMon.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-13 13:44 - 2014-01-13 13:45 - 00016551 _____ C:\Users\*********\Desktop\FRST.txt
2014-01-13 13:44 - 2014-01-13 13:44 - 00000000 ____D C:\FRST
2014-01-13 13:44 - 2014-01-13 13:42 - 02075648 _____ (Farbar) C:\Users\*********\Desktop\FRST64(1).exe
2014-01-13 13:42 - 2014-01-13 13:42 - 02075648 _____ (Farbar) C:\Users\*********\Downloads\FRST64(1).exe
2014-01-12 21:36 - 2014-01-12 21:36 - 00000632 _____ C:\Windows\PFRO.log
2014-01-12 20:23 - 2014-01-12 22:24 - 00000000 ____D C:\WinSetupFromUSB
2014-01-12 20:22 - 2014-01-12 21:58 - 00000000 ____D C:\Program Files (x86)\SNT
2014-01-12 20:22 - 2014-01-12 20:22 - 00000000 ____D C:\ProgramData\SNT
2014-01-12 20:21 - 2014-01-12 22:23 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-12 20:20 - 2014-01-12 21:58 - 00000000 ____D C:\Program Files (x86)\YoutubeAdblocker
2014-01-12 20:20 - 2014-01-12 20:22 - 00000000 ____D C:\ProgramData\SoftWarehouse
2014-01-12 20:20 - 2014-01-12 20:20 - 02759168 _____ C:\Program Files (x86)\GS_x64.Enabler
2014-01-12 20:20 - 2014-01-12 20:20 - 00000000 ____D C:\ProgramData\YoutubeAdblocker
2014-01-12 20:19 - 2014-01-13 00:09 - 00000000 ____D C:\ProgramData\gRReatsaverr
2014-01-12 20:19 - 2014-01-12 22:23 - 00000000 ____D C:\ProgramData\8f410a7d6f36a750
2014-01-12 20:19 - 2014-01-12 22:23 - 00000000 ____D C:\Program Files (x86)\gRReatsaverr
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Gast\AppData\Local\Torch
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Gast\AppData\Local\Comodo
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Gast
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\*********\AppData\Local\Torch
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\*********\AppData\Local\Comodo
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Administrator
2014-01-12 20:18 - 2014-01-12 20:22 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-12 20:07 - 2014-01-12 20:07 - 620494848 _____ C:\Users\*********\Documents\WinLite.iso
2014-01-12 20:04 - 2014-01-12 20:14 - 00000000 ____D C:\Program Files (x86)\nLite
2014-01-12 20:04 - 2014-01-12 20:04 - 00000967 _____ C:\Users\*********\Desktop\nLite.lnk
2014-01-12 20:03 - 2014-01-12 20:03 - 03092150 _____ (Dino Nuhagic (nuhi)                                         ) C:\Users\*********\Downloads\nLite-1.4.9.3.setup.exe
2014-01-12 19:18 - 2014-01-12 19:18 - 00983080 _____ (Microsoft Corporation) C:\Users\*********\Downloads\KeyUpdateTool_enu.exe
2014-01-12 19:15 - 2014-01-12 19:48 - 619769988 _____ C:\Users\*********\Downloads\German.XP.DVD.rar
2014-01-12 18:44 - 2014-01-12 18:44 - 02031992 _____ (Microsoft Corporation) C:\Users\*********\Downloads\MGADiag.exe
2014-01-12 18:19 - 2014-01-12 18:19 - 00000797 _____ C:\Windows\setupact.log
2014-01-12 18:19 - 2014-01-12 18:19 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 18:18 - 2014-01-12 18:18 - 00978472 _____ (Microsoft Corporation) C:\Users\*********\Downloads\KeyUpdateTool_ger.exe
2014-01-11 21:48 - 2014-01-11 21:49 - 583233624 _____ C:\Users\*********\Downloads\Wissen in Stein VI (Die verborgene Ordnung der Schöpfung) Axel Klitzke(480p_H.264-AAC).mp4
2014-01-11 21:17 - 2014-01-11 21:22 - 328324136 _____ (Microsoft Corporation) C:\Users\*********\Downloads\WindowsXP-KB936929-SP3-x86-DEU.exe
2014-01-11 20:04 - 2014-01-11 20:05 - 35103743 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part11.rar
2014-01-11 20:02 - 2014-01-11 20:04 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part10.rar
2014-01-11 20:02 - 2014-01-11 20:04 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part09.rar
2014-01-11 20:02 - 2014-01-11 20:04 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part08.rar
2014-01-11 20:00 - 2014-01-11 20:02 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part07.rar
2014-01-11 19:59 - 2014-01-11 20:02 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part06.rar
2014-01-11 19:59 - 2014-01-11 20:02 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part05.rar
2014-01-11 19:57 - 2014-01-11 20:07 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part03.rar
2014-01-11 19:57 - 2014-01-11 20:00 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part02.rar
2014-01-11 19:57 - 2014-01-11 19:59 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part04.rar
2014-01-11 19:57 - 2014-01-11 19:59 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part01.rar
2014-01-10 16:10 - 2014-01-10 16:11 - 00000000 ____D C:\Users\*********\Downloads\oFrech.In.Den.Arsch
2014-01-10 15:53 - 2014-01-10 15:54 - 236532837 _____ C:\Users\*********\Downloads\DOKU] Das verlorene Wissen der Hochkulturen Mittelamerikas (Axel Klitzke Wissen in Stein Teil 5)(240p_H.264-AAC).mp4
2014-01-10 15:40 - 2014-01-10 15:40 - 203626016 _____ C:\Users\*********\Downloads\DOKU] Die Königskammer und der geheime Code des Sarkophags (Axel Klitzke Wissen in Stein Teil 3)(240p_H.264-AAC).mp4
2014-01-10 15:30 - 2014-01-10 15:31 - 435709149 _____ C:\Users\*********\Downloads\Mysterium Ägypten - Es ist längst noch nicht alles gesagt (2013) - HQ - Deutsch_German(480p_H.264-AAC).mp4
2014-01-10 15:01 - 2014-01-10 15:02 - 287391972 _____ C:\Users\*********\Downloads\Stumme Zeugen - Rätsel der Archäologie (Doku)(480p_H.264-AAC).mp4
2014-01-10 12:28 - 2014-01-10 12:45 - 00002456 _____ C:\Users\*********\Desktop\attach.zip
2014-01-10 12:19 - 2014-01-10 12:40 - 00024444 _____ C:\Users\*********\Desktop\dds.txt
2014-01-10 12:15 - 2014-01-10 12:11 - 00688992 ____R (Swearware) C:\Users\*********\Desktop\dds.com
2014-01-10 12:11 - 2014-01-10 12:11 - 00688992 _____ (Swearware) C:\Users\*********\Downloads\dds.com
2014-01-09 16:08 - 2014-01-09 16:08 - 00000000 ____D C:\Users\*********\Downloads\ffmpeg
2014-01-09 14:47 - 2014-01-09 14:48 - 84994878 _____ C:\Users\*********\Downloads\Mysterium Ägypten (mit Axel Klitzke)_hd.mp4
2014-01-06 12:25 - 2014-01-06 12:28 - 209715200 _____ C:\Users\*********\Downloads\Epos.Dei.Doku.2011.AC3.2.0.XviD.German-iND.part2.rar
2014-01-06 12:25 - 2014-01-06 12:27 - 209715200 _____ C:\Users\*********\Downloads\Epos.Dei.Doku.2011.AC3.2.0.XviD.German-iND.part3.rar
2014-01-06 12:25 - 2014-01-06 12:27 - 209715200 _____ C:\Users\*********\Downloads\Epos.Dei.Doku.2011.AC3.2.0.XviD.German-iND.part1.rar
2014-01-06 12:25 - 2014-01-06 12:26 - 104895614 _____ C:\Users\*********\Downloads\Epos.Dei.Doku.2011.AC3.2.0.XviD.German-iND.part4.rar
2014-01-05 23:06 - 2014-01-05 23:06 - 00000000 ____D C:\Users\*********\Downloads\gbox(1)
2014-01-05 23:05 - 2014-01-05 23:05 - 00338111 _____ C:\Users\*********\Downloads\gbox(1).zip
2014-01-05 21:18 - 2014-01-05 21:18 - 00512232 _____ C:\Users\*********\Downloads\enigma2-plugin-extensions-greekstreamtv_oeALL_v2.8.ipk
2014-01-05 21:18 - 2014-01-05 21:18 - 00481552 _____ C:\Users\*********\Downloads\enigma2-plugin-extensions-greekstreamtv_oeALL_v3.0.ipk
2014-01-05 21:12 - 2014-01-05 21:12 - 04603232 _____ C:\Users\*********\Downloads\enigma2-plugin-extensions-mediaportal_5.0.6_all.ipk
2014-01-04 18:50 - 2014-01-04 18:50 - 04101441 _____ C:\Users\*********\Downloads\tdsskiller(2).zip
2014-01-04 18:18 - 2014-01-04 18:18 - 01931368 _____ (Farbar) C:\Users\*********\Downloads\FRST64.exe
2014-01-04 13:37 - 2014-01-04 13:37 - 00000000 ____D C:\Users\*********\Downloads\141
2014-01-04 13:35 - 2014-01-04 13:36 - 201638463 _____ C:\Users\*********\Downloads\141.part14.rar
2014-01-04 13:34 - 2014-01-04 13:36 - 209715200 _____ C:\Users\*********\Downloads\141.part13.rar
2014-01-04 13:33 - 2014-01-04 13:35 - 209715200 _____ C:\Users\*********\Downloads\141.part12.rar
2014-01-04 13:33 - 2014-01-04 13:35 - 209715200 _____ C:\Users\*********\Downloads\141.part11.rar
2014-01-04 13:32 - 2014-01-04 13:34 - 209715200 _____ C:\Users\*********\Downloads\141.part10.rar
2014-01-04 13:31 - 2014-01-04 13:33 - 209715200 _____ C:\Users\*********\Downloads\141.part09.rar
2014-01-04 13:31 - 2014-01-04 13:33 - 209715200 _____ C:\Users\*********\Downloads\141.part08.rar
2014-01-04 13:30 - 2014-01-04 13:32 - 209715200 _____ C:\Users\*********\Downloads\141.part07.rar
2014-01-04 13:29 - 2014-01-04 13:31 - 209715200 _____ C:\Users\*********\Downloads\141.part06.rar
2014-01-04 13:29 - 2014-01-04 13:31 - 209715200 _____ C:\Users\*********\Downloads\141.part05.rar
2014-01-04 13:29 - 2014-01-04 13:30 - 209715200 _____ C:\Users\*********\Downloads\141.part04.rar
2014-01-04 13:26 - 2014-01-04 13:29 - 209715200 _____ C:\Users\*********\Downloads\141.part03.rar
2014-01-04 13:26 - 2014-01-04 13:29 - 209715200 _____ C:\Users\*********\Downloads\141.part02.rar
2014-01-04 13:26 - 2014-01-04 13:29 - 209715200 _____ C:\Users\*********\Downloads\141.part01.rar
2014-01-04 12:53 - 2014-01-04 12:53 - 04101441 _____ C:\Users\*********\Downloads\tdsskiller(1).zip
2014-01-04 12:53 - 2014-01-04 12:53 - 00602112 _____ (OldTimer Tools) C:\Users\*********\Downloads\OTL.exe
2014-01-04 12:52 - 2014-01-04 12:52 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\*********\Downloads\mbam-setup.exe
2014-01-04 12:52 - 2014-01-04 12:52 - 04101441 _____ C:\Users\*********\Downloads\tdsskiller.zip
2014-01-04 12:52 - 2014-01-04 12:52 - 01233962 _____ C:\Users\*********\Downloads\AdwCleaner(1).exe
2014-01-04 12:51 - 2014-01-04 12:51 - 00368554 _____ C:\Users\*********\Downloads\gmer.zip
2014-01-04 12:51 - 2014-01-04 12:51 - 00050477 _____ C:\Users\*********\Downloads\Defogger(1).exe
2014-01-04 02:04 - 2014-01-04 02:04 - 00000000 ____D C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ARPCache Viewer
2014-01-04 02:04 - 2014-01-04 02:04 - 00000000 ____D C:\Program Files\ARPCache
2014-01-04 02:03 - 2014-01-04 02:03 - 00632003 _____ C:\Users\*********\Downloads\arpcachz.exe
2014-01-04 02:03 - 1999-07-17 02:21 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\W95Inf32.DLL
2014-01-04 02:03 - 1999-07-17 02:21 - 00002272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\W95Inf16.DLL
2014-01-04 00:51 - 2014-01-04 01:02 - 209008991 _____ C:\Users\*********\Downloads\Nox.to_-_Geldschrankknacker.part3.rar
2014-01-04 00:12 - 2014-01-04 00:26 - 209715200 _____ C:\Users\*********\Downloads\Nox.to_-_Geldschrankknacker.part1.rar
2014-01-03 23:37 - 2014-01-03 23:49 - 209715200 _____ C:\Users\*********\Downloads\Nox.to_-_Geldschrankknacker.part2.rar
2014-01-03 23:06 - 2014-01-03 23:06 - 79312597 _____ C:\Users\*********\Downloads\superhirn.part13.rar
2014-01-03 23:05 - 2014-01-03 23:06 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part12.rar
2014-01-03 23:05 - 2014-01-03 23:06 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part11.rar
2014-01-03 23:05 - 2014-01-03 23:06 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part10.rar
2014-01-03 23:05 - 2014-01-03 23:05 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part09.rar
2014-01-03 23:04 - 2014-01-03 23:05 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part08.rar
2014-01-03 23:04 - 2014-01-03 23:05 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part07.rar
2014-01-03 23:03 - 2014-01-03 23:04 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part06.rar
2014-01-03 23:03 - 2014-01-03 23:04 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part05.rar
2014-01-03 23:03 - 2014-01-03 23:04 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part04.rar
2014-01-03 23:02 - 2014-01-03 23:03 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part03.rar
2014-01-03 23:02 - 2014-01-03 23:03 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part02.rar
2014-01-03 23:02 - 2014-01-03 23:03 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part01.rar
2014-01-03 19:37 - 2014-01-03 19:37 - 00423360 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-02 23:47 - 2014-01-02 23:47 - 00000000 ____D C:\TCPView
2014-01-02 23:32 - 2014-01-02 23:32 - 00000000 ____D C:\getservice
2014-01-02 23:31 - 2014-01-02 23:33 - 00000000 _____ C:\Windows\system32\getservice.txt
2014-01-02 23:30 - 2014-01-02 23:30 - 00000000 ____D C:\Users\*********\Downloads\getservices
2014-01-02 23:29 - 2014-01-02 23:29 - 00130337 _____ C:\Users\*********\Downloads\getservices.zip
2014-01-02 23:12 - 2014-01-02 23:12 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-02 23:12 - 2014-01-02 23:12 - 00000000 ____D C:\Users\*********\AppData\Roaming\SUPERAntiSpyware.com
2014-01-02 23:11 - 2014-01-02 23:12 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-02 23:11 - 2014-01-02 23:11 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-02 23:10 - 2014-01-02 23:10 - 00000000 ____D C:\Users\*********\Downloads\TCPView
2014-01-02 23:08 - 2014-01-02 23:08 - 00291606 _____ C:\Users\*********\Downloads\TCPView.zip
2014-01-02 23:05 - 2014-01-02 23:05 - 29249704 _____ (SUPERAntiSpyware) C:\Users\*********\Downloads\SUPERAntiSpyware.exe
2014-01-02 23:04 - 2014-01-02 23:04 - 00550371 _____ C:\Users\*********\Downloads\Autoruns.zip
2014-01-01 19:43 - 2014-01-01 19:43 - 00201728 _____ (OldTimer Tools) C:\Users\*********\Downloads\OTC(1).exe
2014-01-01 19:21 - 2014-01-01 19:25 - 00000000 ___SD C:\32788R22FWJFW
2014-01-01 19:20 - 2014-01-01 19:20 - 00201728 _____ (OldTimer Tools) C:\Users\*********\Downloads\OTC.exe
2014-01-01 18:47 - 2014-01-01 18:47 - 51358740 _____ C:\Users\*********\Downloads\poi.xvid.S03E11.part4.rar
2014-01-01 18:46 - 2014-01-01 18:47 - 105906176 _____ C:\Users\*********\Downloads\poi.xvid.S03E11.part3.rar
2014-01-01 18:46 - 2014-01-01 18:47 - 105906176 _____ C:\Users\*********\Downloads\poi.xvid.S03E11.part2.rar
2014-01-01 18:46 - 2014-01-01 18:47 - 105906176 _____ C:\Users\*********\Downloads\poi.xvid.S03E11.part1.rar
2014-01-01 18:44 - 2014-01-01 18:44 - 00020789 _____ C:\Users\*********\Downloads\Person.of.Interest.S03E11.HDTV.x264-LOL.VO.rar
2013-12-31 15:24 - 2013-12-31 15:24 - 00017410 _____ C:\Users\*********\Documents\DDS.txt
2013-12-31 15:24 - 2013-12-31 15:24 - 00006643 _____ C:\Users\*********\Documents\Attach_DDS.txt
2013-12-31 15:20 - 2014-01-10 12:41 - 00006652 _____ C:\Users\*********\Desktop\attach.txt
2013-12-31 15:12 - 2013-12-31 15:12 - 00000000 ____D C:\Users\*********\AppData\Local\Macromedia
2013-12-31 15:11 - 2013-12-31 15:11 - 00052014 _____ C:\Users\*********\Documents\FRST.txt
2013-12-31 15:11 - 2013-12-31 15:11 - 00026162 _____ C:\Users\*********\Documents\Addition.txt
2013-12-28 22:42 - 2013-12-28 22:42 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-28 22:42 - 2013-12-28 22:42 - 00000000 ____D C:\Users\*********\AppData\Local\Mozilla
2013-12-28 22:42 - 2013-12-28 22:42 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-28 22:42 - 2013-12-28 22:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-28 19:01 - 2014-01-02 23:15 - 00000000 ____D C:\Users\*********\Downloads\BootkitRemoval (1)
2013-12-28 19:00 - 2013-12-28 19:01 - 23282905 _____ C:\Users\*********\Downloads\BootkitRemoval (1).zip
2013-12-28 19:00 - 2013-12-28 19:00 - 23282905 _____ C:\Users\*********\Downloads\BootkitRemoval.zip
2013-12-28 00:27 - 2013-12-28 00:27 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\*********\Downloads\tdsskiller.exe
2013-12-26 23:50 - 2013-12-26 23:50 - 00016752 _____ C:\Users\*********\Downloads\DNA-Updater_OE2.0_OE1.6.rar
2013-12-26 20:34 - 2013-12-26 20:34 - 03731400 _____ C:\Users\*********\Downloads\The_New_Bitdefender_UninstallTool.exe
2013-12-26 17:46 - 2013-12-26 17:46 - 00000000 ____D C:\Users\*********\Downloads\UpdatePack_V134 (1)
2013-12-26 17:44 - 2013-12-26 17:45 - 24964514 _____ C:\Users\*********\Downloads\UpdatePack_V134 (1).zip
2013-12-26 15:57 - 2013-12-26 15:58 - 00050477 _____ C:\Users\*********\Downloads\Defogger.exe
2013-12-26 15:46 - 2013-12-26 15:46 - 00891200 _____ C:\Users\*********\Downloads\SecurityCheck.exe
2013-12-26 14:56 - 2013-12-26 14:56 - 01440846 _____ C:\Users\*********\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-12-26 14:16 - 2013-12-26 14:16 - 01233962 _____ C:\Users\*********\Downloads\adwcleaner.exe
2013-12-26 04:31 - 2013-12-26 04:31 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-26 04:31 - 2013-12-26 04:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-26 04:31 - 2013-12-26 04:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-26 04:31 - 2013-12-26 04:31 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-26 04:31 - 2013-12-26 04:31 - 00000000 ____D C:\Program Files\Java
2013-12-26 04:29 - 2013-12-26 04:30 - 29040552 _____ (Oracle Corporation) C:\Users\*********\Downloads\jre-7u45-windows-i586.exe
2013-12-26 04:28 - 2013-12-26 04:28 - 30694824 _____ (Oracle Corporation) C:\Users\*********\Downloads\jre-7u45-windows-x64.exe
2013-12-26 04:27 - 2013-12-26 04:28 - 00915368 _____ (Oracle Corporation) C:\Users\*********\Downloads\chromeinstall-7u45.exe
2013-12-26 03:18 - 2013-12-26 03:18 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-26 03:18 - 2013-12-26 03:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 03:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-25 14:57 - 2013-12-25 14:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*********\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-25 05:11 - 2013-12-28 19:20 - 00000000 ____D C:\AdwCleaner
2013-12-24 11:04 - 2013-12-24 13:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-24 11:03 - 2013-12-24 11:03 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-24 03:18 - 2013-12-24 03:18 - 00000000 ____D C:\Windows\ERUNT
2013-12-24 02:48 - 2013-12-24 02:48 - 03950128 _____ (Microsoft Corporation) C:\Users\*********\Downloads\stsupldloc2013-kb2726996-fullfile-x64-glb (3).exe
2013-12-24 02:39 - 2013-12-24 02:39 - 03950128 _____ (Microsoft Corporation) C:\Users\*********\Downloads\stsupldloc2013-kb2726996-fullfile-x64-glb (2).exe
2013-12-24 01:38 - 2014-01-13 00:18 - 27901952 _____ C:\Windows\system32\vmguest.iso
2013-12-23 01:37 - 2013-12-23 01:37 - 05428186 _____ C:\Users\*********\Downloads\update-134.tar.gz
2013-12-23 01:35 - 2013-12-23 01:35 - 05428186 _____ C:\Users\*********\Downloads\update-134.gz
2013-12-22 19:34 - 2013-12-22 19:34 - 00000000 ____D C:\Users\*********\Downloads\TM.2.YT.DL.v2.1.0.537
2013-12-22 19:33 - 2013-12-22 19:34 - 02237534 _____ C:\Users\*********\Downloads\TM.2.YT.DL.v2.1.0.537.rar
2013-12-22 15:39 - 2013-12-22 15:39 - 00000000 ____D C:\Users\*********\Downloads\HDD_Low_Level_Format_Tool_4.25_Software
2013-12-22 15:36 - 2013-12-22 15:36 - 01277576 _____ C:\Users\*********\Downloads\HDD_Low_Level_Format_Tool_4.25_Software.rar
2013-12-22 13:53 - 2013-12-22 13:54 - 04278747 _____ C:\Users\*********\Downloads\usb110511.zip
2013-12-22 13:38 - 2013-12-22 13:39 - 147571049 _____ C:\Users\*********\Downloads\Biffy Clyro - Opposites Live from Glasgow (2013).zip
2013-12-22 13:38 - 2013-12-22 13:38 - 00000000 ____D C:\Users\*********\Downloads\pcunlocker_trial
2013-12-22 13:34 - 2013-12-22 13:34 - 31489469 _____ C:\Users\*********\Downloads\pcunlocker_trial.zip
2013-12-22 13:31 - 2013-12-22 13:32 - 71381976 _____ (Magic Rescue CD                                             ) C:\Users\*********\Downloads\rescueCD_setup_free_version.exe
2013-12-22 03:05 - 2013-12-22 03:10 - 1252147200 _____ C:\Users\*********\Downloads\linuxmint-16-cinnamon-dvd-64bit.iso
2013-12-22 02:31 - 2013-12-22 02:34 - 734947328 _____ C:\Users\*********\Downloads\ADRIANE-KNOPPIX_V7.2.0gCD-2013-07-28-DE.iso
2013-12-22 02:23 - 2013-12-22 02:23 - 00033590 _____ C:\Users\*********\Downloads\packagelist_kubuntu_64.txt
2013-12-22 01:08 - 2013-12-22 01:09 - 01094939 _____ (pendrivelinux.com) C:\Users\*********\Downloads\Universal-USB-Installer-1.9.5.1.exe
2013-12-21 23:54 - 2013-12-21 23:54 - 05192704 _____ (Geza Kovacs) C:\Users\*********\Downloads\unetbootin-windows-585 (3).exe
2013-12-21 23:54 - 2013-12-21 23:54 - 05192704 _____ (Geza Kovacs) C:\Users\*********\Downloads\unetbootin-windows-585 (2).exe
2013-12-21 22:54 - 2013-12-21 22:54 - 00000000 ____D C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
2013-12-21 22:53 - 2013-12-21 22:54 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2013-12-21 22:51 - 2013-12-21 22:55 - 938475520 _____ C:\Users\*********\Downloads\ubuntu-13.10-desktop-i386.iso
2013-12-21 22:49 - 2013-12-21 22:50 - 04766976 _____ (LinuxLive USB Creator) C:\Users\*********\Downloads\LinuxLive USB Creator 2.8.26.exe
2013-12-21 22:28 - 2013-12-21 22:28 - 01046523 _____ (Ext2Fsd Group                                               ) C:\Users\*********\Downloads\Ext2Fsd-0.51.exe
2013-12-21 21:49 - 2013-12-24 03:48 - 00000000 ____D C:\Users\*********\Downloads\UpdatePack_V134
2013-12-21 20:58 - 2013-12-21 20:58 - 00001985 _____ C:\Users\*********\Desktop\UFB Code Setup.lnk
2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\WCH.CN
2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UFB Code Setup
2013-12-21 20:58 - 2011-11-05 00:00 - 00039696 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341SER.SYS
2013-12-21 20:58 - 2008-12-18 00:00 - 00020089 _____ C:\Windows\system32\CH341SER.VXD
2013-12-21 20:58 - 2007-06-12 00:00 - 00019680 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341S98.SYS
2013-12-21 20:58 - 2005-07-30 00:00 - 00006712 _____ (www.winchiphead.com) C:\Windows\system32\CH341PT.DLL
2013-12-21 20:57 - 2013-12-21 21:04 - 00000000 ____D C:\Program Files (x86)\UFB Code Setup
2013-12-21 20:57 - 2013-12-21 20:57 - 00000000 ____D C:\Windows\UFB Code Setup
2013-12-21 20:57 - 2013-12-21 20:57 - 00000000 ____D C:\Users\*********\Downloads\UFB234_CD-Inhalt
2013-12-21 20:55 - 2013-12-21 20:55 - 17560304 _____ C:\Users\*********\Downloads\UFB234_CD-Inhalt.zip
2013-12-20 19:49 - 2013-12-20 19:49 - 00000000 ____D C:\ProgramData\ESET
2013-12-20 19:49 - 2013-12-20 19:49 - 00000000 ____D C:\Program Files\ESET
2013-12-20 19:34 - 2013-12-20 19:35 - 154561875 _____ C:\Users\*********\Downloads\eset_nod32_smart security.rar
2013-12-20 19:19 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2013-12-20 19:19 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2013-12-20 19:19 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2013-12-20 19:19 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2013-12-20 19:19 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2013-12-20 19:19 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2013-12-20 19:19 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2013-12-20 19:19 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-12-20 19:19 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-12-20 19:19 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-12-20 19:19 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-12-20 18:48 - 2013-12-20 18:49 - 02888335 _____ C:\Users\*********\Downloads\Greetings from Chuck (The epic christmas split).flv
2013-12-20 18:48 - 2013-12-20 18:48 - 10759552 _____ C:\Users\*********\Downloads\Greetings from Chuck (The epic christmas split).mp4
2013-12-20 18:48 - 2013-12-20 18:48 - 00690824 _____ C:\Users\*********\Downloads\Greetings from Chuck (The epic christmas split).3gp
2013-12-20 01:22 - 2013-12-20 01:22 - 00381540 _____ C:\Users\*********\Downloads\enigma2-skin-elgato-hd_1.0.1_all.ipk
2013-12-19 01:53 - 2014-01-05 18:37 - 00000000 ____D C:\Users\*********\AppData\Roaming\Notepad++
2013-12-19 01:53 - 2013-12-19 01:53 - 00000000 ____D C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-12-19 01:53 - 2013-12-19 01:53 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-12-19 01:48 - 2013-12-19 01:48 - 01432078 _____ C:\Users\*********\Downloads\redate.zip
2013-12-19 00:28 - 2013-12-19 00:28 - 00000001 _____ C:\Users\*********\AppData\Local\llftool.4.40.agreement
2013-12-18 22:01 - 2013-12-18 22:01 - 02046464 _____ C:\Users\*********\Downloads\HDDLLF.4.40.exe
2013-12-18 21:39 - 2013-12-18 21:39 - 00000000 ____D C:\Users\*********\Downloads\usbit (1)
2013-12-18 21:38 - 2013-12-18 21:38 - 00221471 _____ C:\Users\*********\Downloads\usbit (1).zip
2013-12-18 21:35 - 2013-12-18 21:35 - 00236402 _____ C:\Users\*********\Downloads\Anleitung_3_Duck-Trick_Image_USB_Stick_unter_Windows_erstellen_flor62.zip
2013-12-18 20:09 - 2013-12-18 20:09 - 00928690 _____ C:\Users\*********\Downloads\DreamUP133_11.zip
2013-12-18 20:08 - 2013-12-18 20:08 - 03847349 _____ C:\Users\*********\Downloads\CP210x_VCP_Windows.zip
2013-12-18 20:07 - 2013-12-18 20:07 - 54083533 _____ C:\Users\*********\Downloads\newnigma2-stable-dm800-v4.0.6.zip
2013-12-18 19:30 - 2013-12-27 00:29 - 00000000 ____D C:\Users\*********\Downloads\BIP2
2013-12-17 19:51 - 2013-12-17 19:51 - 04603098 _____ C:\Users\*********\Downloads\e2.ipk
2013-12-17 19:51 - 2013-12-17 19:51 - 00303096 _____ C:\Users\*********\Downloads\python-mechanize_0.2.5-r0_mips32el.ipk
2013-12-17 19:46 - 2013-12-17 19:47 - 00000000 ____D C:\Burgard
2013-12-17 01:52 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-17 01:52 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-17 01:52 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-17 01:52 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-17 01:52 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-17 01:52 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-17 01:52 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-17 01:52 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-17 01:52 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-17 01:52 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-17 01:51 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-17 01:51 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-17 01:51 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-17 01:51 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-17 01:50 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-17 01:50 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-17 01:50 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-17 01:50 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-17 01:50 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-17 01:50 - 2013-10-25 07:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-12-17 01:50 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-17 01:50 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-17 01:50 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-17 01:50 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-17 01:50 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-17 01:50 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-17 01:50 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2013-12-17 01:50 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-17 01:50 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-17 01:50 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-17 01:50 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-12-17 01:50 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-17 01:50 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-13 13:45 - 2014-01-13 13:44 - 00016551 _____ C:\Users\*********\Desktop\FRST.txt
2014-01-13 13:44 - 2014-01-13 13:44 - 00000000 ____D C:\FRST
2014-01-13 13:42 - 2014-01-13 13:44 - 02075648 _____ (Farbar) C:\Users\*********\Desktop\FRST64(1).exe
2014-01-13 13:42 - 2014-01-13 13:42 - 02075648 _____ (Farbar) C:\Users\*********\Downloads\FRST64(1).exe
2014-01-13 13:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-13 12:25 - 2013-04-28 11:43 - 01773146 _____ C:\Windows\WindowsUpdate.log
2014-01-13 00:18 - 2013-12-24 01:38 - 27901952 _____ C:\Windows\system32\vmguest.iso
2014-01-13 00:09 - 2014-01-12 20:19 - 00000000 ____D C:\ProgramData\gRReatsaverr
2014-01-13 00:09 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-12 22:24 - 2014-01-12 20:23 - 00000000 ____D C:\WinSetupFromUSB
2014-01-12 22:23 - 2014-01-12 20:21 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-12 22:23 - 2014-01-12 20:19 - 00000000 ____D C:\ProgramData\8f410a7d6f36a750
2014-01-12 22:23 - 2014-01-12 20:19 - 00000000 ____D C:\Program Files (x86)\gRReatsaverr
2014-01-12 21:58 - 2014-01-12 20:22 - 00000000 ____D C:\Program Files (x86)\SNT
2014-01-12 21:58 - 2014-01-12 20:20 - 00000000 ____D C:\Program Files (x86)\YoutubeAdblocker
2014-01-12 21:36 - 2014-01-12 21:36 - 00000632 _____ C:\Windows\PFRO.log
2014-01-12 20:22 - 2014-01-12 20:22 - 00000000 ____D C:\ProgramData\SNT
2014-01-12 20:22 - 2014-01-12 20:20 - 00000000 ____D C:\ProgramData\SoftWarehouse
2014-01-12 20:22 - 2014-01-12 20:18 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-12 20:20 - 2014-01-12 20:20 - 02759168 _____ C:\Program Files (x86)\GS_x64.Enabler
2014-01-12 20:20 - 2014-01-12 20:20 - 00000000 ____D C:\ProgramData\YoutubeAdblocker
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Gast\AppData\Local\Torch
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Gast\AppData\Local\Comodo
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Gast
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\*********\AppData\Local\Torch
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\*********\AppData\Local\Comodo
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2014-01-12 20:19 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Administrator
2014-01-12 20:19 - 2012-08-29 17:49 - 00000000 ____D C:\Users\*********\AppData\Local\Google
2014-01-12 20:14 - 2014-01-12 20:04 - 00000000 ____D C:\Program Files (x86)\nLite
2014-01-12 20:07 - 2014-01-12 20:07 - 620494848 _____ C:\Users\*********\Documents\WinLite.iso
2014-01-12 20:04 - 2014-01-12 20:04 - 00000967 _____ C:\Users\*********\Desktop\nLite.lnk
2014-01-12 20:03 - 2014-01-12 20:03 - 03092150 _____ (Dino Nuhagic (nuhi)                                         ) C:\Users\*********\Downloads\nLite-1.4.9.3.setup.exe
2014-01-12 20:03 - 2012-07-26 11:27 - 00756916 _____ C:\Windows\system32\perfh007.dat
2014-01-12 20:03 - 2012-07-26 11:27 - 00157052 _____ C:\Windows\system32\perfc007.dat
2014-01-12 20:03 - 2012-07-26 08:28 - 01754280 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-12 19:54 - 2013-01-06 21:04 - 00000000 ____D C:\Users\*********\Downloads\extracted
2014-01-12 19:48 - 2014-01-12 19:15 - 619769988 _____ C:\Users\*********\Downloads\German.XP.DVD.rar
2014-01-12 19:18 - 2014-01-12 19:18 - 00983080 _____ (Microsoft Corporation) C:\Users\*********\Downloads\KeyUpdateTool_enu.exe
2014-01-12 19:11 - 2012-11-07 22:13 - 00000000 ____D C:\Program Files\JDownloader 2
2014-01-12 18:44 - 2014-01-12 18:44 - 02031992 _____ (Microsoft Corporation) C:\Users\*********\Downloads\MGADiag.exe
2014-01-12 18:19 - 2014-01-12 18:19 - 00000797 _____ C:\Windows\setupact.log
2014-01-12 18:19 - 2014-01-12 18:19 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 18:18 - 2014-01-12 18:18 - 00978472 _____ (Microsoft Corporation) C:\Users\*********\Downloads\KeyUpdateTool_ger.exe
2014-01-12 14:12 - 2013-01-05 01:52 - 00000000 ____D C:\Users\*********\AppData\Roaming\vlc
2014-01-12 00:45 - 2012-10-24 18:48 - 00000000 ____D C:\Users\*********\Documents\Outlook-Dateien
2014-01-11 21:49 - 2014-01-11 21:48 - 583233624 _____ C:\Users\*********\Downloads\Wissen in Stein VI (Die verborgene Ordnung der Schöpfung) Axel Klitzke(480p_H.264-AAC).mp4
2014-01-11 21:22 - 2014-01-11 21:17 - 328324136 _____ (Microsoft Corporation) C:\Users\*********\Downloads\WindowsXP-KB936929-SP3-x86-DEU.exe
2014-01-11 20:07 - 2014-01-11 19:57 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part03.rar
2014-01-11 20:05 - 2014-01-11 20:04 - 35103743 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part11.rar
2014-01-11 20:04 - 2014-01-11 20:02 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part10.rar
2014-01-11 20:04 - 2014-01-11 20:02 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part09.rar
2014-01-11 20:04 - 2014-01-11 20:02 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part08.rar
2014-01-11 20:02 - 2014-01-11 20:00 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part07.rar
2014-01-11 20:02 - 2014-01-11 19:59 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part06.rar
2014-01-11 20:02 - 2014-01-11 19:59 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part05.rar
2014-01-11 20:00 - 2014-01-11 19:57 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part02.rar
2014-01-11 19:59 - 2014-01-11 19:57 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part04.rar
2014-01-11 19:59 - 2014-01-11 19:57 - 107520012 _____ C:\Users\*********\Downloads\ZweiPPVCRG.part01.rar
2014-01-11 18:57 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-10 16:16 - 2012-09-26 23:32 - 00000000 ____D C:\Users\*********\AppData\Local\Mirillis
2014-01-10 16:11 - 2014-01-10 16:10 - 00000000 ____D C:\Users\*********\Downloads\oFrech.In.Den.Arsch
2014-01-10 15:54 - 2014-01-10 15:53 - 236532837 _____ C:\Users\*********\Downloads\DOKU] Das verlorene Wissen der Hochkulturen Mittelamerikas (Axel Klitzke Wissen in Stein Teil 5)(240p_H.264-AAC).mp4
2014-01-10 15:40 - 2014-01-10 15:40 - 203626016 _____ C:\Users\*********\Downloads\DOKU] Die Königskammer und der geheime Code des Sarkophags (Axel Klitzke Wissen in Stein Teil 3)(240p_H.264-AAC).mp4
2014-01-10 15:31 - 2014-01-10 15:30 - 435709149 _____ C:\Users\*********\Downloads\Mysterium Ägypten - Es ist längst noch nicht alles gesagt (2013) - HQ - Deutsch_German(480p_H.264-AAC).mp4
2014-01-10 15:02 - 2014-01-10 15:01 - 287391972 _____ C:\Users\*********\Downloads\Stumme Zeugen - Rätsel der Archäologie (Doku)(480p_H.264-AAC).mp4
2014-01-10 12:45 - 2014-01-10 12:28 - 00002456 _____ C:\Users\*********\Desktop\attach.zip
2014-01-10 12:41 - 2013-12-31 15:20 - 00006652 _____ C:\Users\*********\Desktop\attach.txt
2014-01-10 12:40 - 2014-01-10 12:19 - 00024444 _____ C:\Users\*********\Desktop\dds.txt
2014-01-10 12:11 - 2014-01-10 12:15 - 00688992 ____R (Swearware) C:\Users\*********\Desktop\dds.com
2014-01-10 12:11 - 2014-01-10 12:11 - 00688992 _____ (Swearware) C:\Users\*********\Downloads\dds.com
2014-01-09 16:08 - 2014-01-09 16:08 - 00000000 ____D C:\Users\*********\Downloads\ffmpeg
2014-01-09 14:48 - 2014-01-09 14:47 - 84994878 _____ C:\Users\*********\Downloads\Mysterium Ägypten (mit Axel Klitzke)_hd.mp4
2014-01-07 11:25 - 2013-02-11 01:16 - 00001872 _____ C:\Windows\Sandboxie.ini
2014-01-06 12:28 - 2014-01-06 12:25 - 209715200 _____ C:\Users\*********\Downloads\Epos.Dei.Doku.2011.AC3.2.0.XviD.German-iND.part2.rar
2014-01-06 12:27 - 2014-01-06 12:25 - 209715200 _____ C:\Users\*********\Downloads\Epos.Dei.Doku.2011.AC3.2.0.XviD.German-iND.part3.rar
2014-01-06 12:27 - 2014-01-06 12:25 - 209715200 _____ C:\Users\*********\Downloads\Epos.Dei.Doku.2011.AC3.2.0.XviD.German-iND.part1.rar
2014-01-06 12:26 - 2014-01-06 12:25 - 104895614 _____ C:\Users\*********\Downloads\Epos.Dei.Doku.2011.AC3.2.0.XviD.German-iND.part4.rar
2014-01-05 23:06 - 2014-01-05 23:06 - 00000000 ____D C:\Users\*********\Downloads\gbox(1)
2014-01-05 23:05 - 2014-01-05 23:05 - 00338111 _____ C:\Users\*********\Downloads\gbox(1).zip
2014-01-05 21:18 - 2014-01-05 21:18 - 00512232 _____ C:\Users\*********\Downloads\enigma2-plugin-extensions-greekstreamtv_oeALL_v2.8.ipk
2014-01-05 21:18 - 2014-01-05 21:18 - 00481552 _____ C:\Users\*********\Downloads\enigma2-plugin-extensions-greekstreamtv_oeALL_v3.0.ipk
2014-01-05 21:12 - 2014-01-05 21:12 - 04603232 _____ C:\Users\*********\Downloads\enigma2-plugin-extensions-mediaportal_5.0.6_all.ipk
2014-01-05 18:37 - 2013-12-19 01:53 - 00000000 ____D C:\Users\*********\AppData\Roaming\Notepad++
2014-01-04 18:50 - 2014-01-04 18:50 - 04101441 _____ C:\Users\*********\Downloads\tdsskiller(2).zip
2014-01-04 18:18 - 2014-01-04 18:18 - 01931368 _____ (Farbar) C:\Users\*********\Downloads\FRST64.exe
2014-01-04 13:37 - 2014-01-04 13:37 - 00000000 ____D C:\Users\*********\Downloads\141
2014-01-04 13:36 - 2014-01-04 13:35 - 201638463 _____ C:\Users\*********\Downloads\141.part14.rar
2014-01-04 13:36 - 2014-01-04 13:34 - 209715200 _____ C:\Users\*********\Downloads\141.part13.rar
2014-01-04 13:35 - 2014-01-04 13:33 - 209715200 _____ C:\Users\*********\Downloads\141.part12.rar
2014-01-04 13:35 - 2014-01-04 13:33 - 209715200 _____ C:\Users\*********\Downloads\141.part11.rar
2014-01-04 13:34 - 2014-01-04 13:32 - 209715200 _____ C:\Users\*********\Downloads\141.part10.rar
2014-01-04 13:33 - 2014-01-04 13:31 - 209715200 _____ C:\Users\*********\Downloads\141.part09.rar
2014-01-04 13:33 - 2014-01-04 13:31 - 209715200 _____ C:\Users\*********\Downloads\141.part08.rar
2014-01-04 13:32 - 2014-01-04 13:30 - 209715200 _____ C:\Users\*********\Downloads\141.part07.rar
2014-01-04 13:31 - 2014-01-04 13:29 - 209715200 _____ C:\Users\*********\Downloads\141.part06.rar
2014-01-04 13:31 - 2014-01-04 13:29 - 209715200 _____ C:\Users\*********\Downloads\141.part05.rar
2014-01-04 13:30 - 2014-01-04 13:29 - 209715200 _____ C:\Users\*********\Downloads\141.part04.rar
2014-01-04 13:29 - 2014-01-04 13:26 - 209715200 _____ C:\Users\*********\Downloads\141.part03.rar
2014-01-04 13:29 - 2014-01-04 13:26 - 209715200 _____ C:\Users\*********\Downloads\141.part02.rar
2014-01-04 13:29 - 2014-01-04 13:26 - 209715200 _____ C:\Users\*********\Downloads\141.part01.rar
2014-01-04 12:53 - 2014-01-04 12:53 - 04101441 _____ C:\Users\*********\Downloads\tdsskiller(1).zip
2014-01-04 12:53 - 2014-01-04 12:53 - 00602112 _____ (OldTimer Tools) C:\Users\*********\Downloads\OTL.exe
2014-01-04 12:52 - 2014-01-04 12:52 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\*********\Downloads\mbam-setup.exe
2014-01-04 12:52 - 2014-01-04 12:52 - 04101441 _____ C:\Users\*********\Downloads\tdsskiller.zip
2014-01-04 12:52 - 2014-01-04 12:52 - 01233962 _____ C:\Users\*********\Downloads\AdwCleaner(1).exe
2014-01-04 12:51 - 2014-01-04 12:51 - 00368554 _____ C:\Users\*********\Downloads\gmer.zip
2014-01-04 12:51 - 2014-01-04 12:51 - 00050477 _____ C:\Users\*********\Downloads\Defogger(1).exe
2014-01-04 02:04 - 2014-01-04 02:04 - 00000000 ____D C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ARPCache Viewer
2014-01-04 02:04 - 2014-01-04 02:04 - 00000000 ____D C:\Program Files\ARPCache
2014-01-04 02:03 - 2014-01-04 02:03 - 00632003 _____ C:\Users\*********\Downloads\arpcachz.exe
2014-01-04 01:02 - 2014-01-04 00:51 - 209008991 _____ C:\Users\*********\Downloads\Nox.to_-_Geldschrankknacker.part3.rar
2014-01-04 00:26 - 2014-01-04 00:12 - 209715200 _____ C:\Users\*********\Downloads\Nox.to_-_Geldschrankknacker.part1.rar
2014-01-03 23:49 - 2014-01-03 23:37 - 209715200 _____ C:\Users\*********\Downloads\Nox.to_-_Geldschrankknacker.part2.rar
2014-01-03 23:06 - 2014-01-03 23:06 - 79312597 _____ C:\Users\*********\Downloads\superhirn.part13.rar
2014-01-03 23:06 - 2014-01-03 23:05 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part12.rar
2014-01-03 23:06 - 2014-01-03 23:05 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part11.rar
2014-01-03 23:06 - 2014-01-03 23:05 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part10.rar
2014-01-03 23:05 - 2014-01-03 23:05 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part09.rar
2014-01-03 23:05 - 2014-01-03 23:04 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part08.rar
2014-01-03 23:05 - 2014-01-03 23:04 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part07.rar
2014-01-03 23:04 - 2014-01-03 23:03 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part06.rar
2014-01-03 23:04 - 2014-01-03 23:03 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part05.rar
2014-01-03 23:04 - 2014-01-03 23:03 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part04.rar
2014-01-03 23:03 - 2014-01-03 23:02 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part03.rar
2014-01-03 23:03 - 2014-01-03 23:02 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part02.rar
2014-01-03 23:03 - 2014-01-03 23:02 - 104857600 _____ C:\Users\*********\Downloads\superhirn.part01.rar
2014-01-03 19:37 - 2014-01-03 19:37 - 00423360 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-02 23:47 - 2014-01-02 23:47 - 00000000 ____D C:\TCPView
2014-01-02 23:33 - 2014-01-02 23:31 - 00000000 _____ C:\Windows\system32\getservice.txt
2014-01-02 23:32 - 2014-01-02 23:32 - 00000000 ____D C:\getservice
2014-01-02 23:30 - 2014-01-02 23:30 - 00000000 ____D C:\Users\*********\Downloads\getservices
2014-01-02 23:29 - 2014-01-02 23:29 - 00130337 _____ C:\Users\*********\Downloads\getservices.zip
2014-01-02 23:15 - 2013-12-28 19:01 - 00000000 ____D C:\Users\*********\Downloads\BootkitRemoval (1)
2014-01-02 23:12 - 2014-01-02 23:12 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-02 23:12 - 2014-01-02 23:12 - 00000000 ____D C:\Users\*********\AppData\Roaming\SUPERAntiSpyware.com
2014-01-02 23:12 - 2014-01-02 23:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-02 23:11 - 2014-01-02 23:11 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-02 23:10 - 2014-01-02 23:10 - 00000000 ____D C:\Users\*********\Downloads\TCPView
2014-01-02 23:08 - 2014-01-02 23:08 - 00291606 _____ C:\Users\*********\Downloads\TCPView.zip
2014-01-02 23:05 - 2014-01-02 23:05 - 29249704 _____ (SUPERAntiSpyware) C:\Users\*********\Downloads\SUPERAntiSpyware.exe
2014-01-02 23:04 - 2014-01-02 23:04 - 00550371 _____ C:\Users\*********\Downloads\Autoruns.zip
2014-01-02 22:26 - 2012-11-01 12:56 - 00000000 ____D C:\Users\*********\Documents\CCleaner - Backup
2014-01-01 19:43 - 2014-01-01 19:43 - 00201728 _____ (OldTimer Tools) C:\Users\*********\Downloads\OTC(1).exe
2014-01-01 19:25 - 2014-01-01 19:21 - 00000000 ___SD C:\32788R22FWJFW
2014-01-01 19:20 - 2014-01-01 19:20 - 00201728 _____ (OldTimer Tools) C:\Users\*********\Downloads\OTC.exe
2014-01-01 19:19 - 2012-08-28 16:05 - 00000000 ____D C:\Users\*********
2014-01-01 18:47 - 2014-01-01 18:47 - 51358740 _____ C:\Users\*********\Downloads\poi.xvid.S03E11.part4.rar
2014-01-01 18:47 - 2014-01-01 18:46 - 105906176 _____ C:\Users\*********\Downloads\poi.xvid.S03E11.part3.rar
2014-01-01 18:47 - 2014-01-01 18:46 - 105906176 _____ C:\Users\*********\Downloads\poi.xvid.S03E11.part2.rar
2014-01-01 18:47 - 2014-01-01 18:46 - 105906176 _____ C:\Users\*********\Downloads\poi.xvid.S03E11.part1.rar
2014-01-01 18:44 - 2014-01-01 18:44 - 00020789 _____ C:\Users\*********\Downloads\Person.of.Interest.S03E11.HDTV.x264-LOL.VO.rar
2013-12-31 15:24 - 2013-12-31 15:24 - 00017410 _____ C:\Users\*********\Documents\DDS.txt
2013-12-31 15:24 - 2013-12-31 15:24 - 00006643 _____ C:\Users\*********\Documents\Attach_DDS.txt
2013-12-31 15:12 - 2013-12-31 15:12 - 00000000 ____D C:\Users\*********\AppData\Local\Macromedia
2013-12-31 15:11 - 2013-12-31 15:11 - 00052014 _____ C:\Users\*********\Documents\FRST.txt
2013-12-31 15:11 - 2013-12-31 15:11 - 00026162 _____ C:\Users\*********\Documents\Addition.txt
2013-12-29 14:53 - 2013-07-30 04:10 - 00000000 ____D C:\ProgramData\TOSHIBA
2013-12-29 00:20 - 2012-08-28 22:38 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3754388793-1346805017-1485128776-1001
2013-12-28 23:55 - 2012-07-26 06:26 - 00000215 _____ C:\Windows\system.ini
2013-12-28 22:42 - 2013-12-28 22:42 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-28 22:42 - 2013-12-28 22:42 - 00000000 ____D C:\Users\*********\AppData\Local\Mozilla
2013-12-28 22:42 - 2013-12-28 22:42 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-28 22:42 - 2013-12-28 22:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-28 22:42 - 2012-10-26 17:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 22:42 - 2012-10-17 12:56 - 00000000 ____D C:\Users\*********\AppData\Roaming\Mozilla
2013-12-28 19:20 - 2013-12-25 05:11 - 00000000 ____D C:\AdwCleaner
2013-12-28 19:20 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-12-28 19:14 - 2013-01-14 22:52 - 00000000 ____D C:\Windows\Minidump
2013-12-28 19:14 - 2012-09-18 10:12 - 00000000 ____D C:\Users\*********\AppData\Roaming\Media Player Classic
2013-12-28 19:01 - 2013-12-28 19:00 - 23282905 _____ C:\Users\*********\Downloads\BootkitRemoval (1).zip
2013-12-28 19:00 - 2013-12-28 19:00 - 23282905 _____ C:\Users\*********\Downloads\BootkitRemoval.zip
2013-12-28 00:27 - 2013-12-28 00:27 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\*********\Downloads\tdsskiller.exe
2013-12-27 00:29 - 2013-12-18 19:30 - 00000000 ____D C:\Users\*********\Downloads\BIP2
2013-12-26 23:50 - 2013-12-26 23:50 - 00016752 _____ C:\Users\*********\Downloads\DNA-Updater_OE2.0_OE1.6.rar
2013-12-26 21:48 - 2012-09-03 20:33 - 00000000 ____D C:\Users\*********\Downloads\[0000]---JD-Load-entpackt
2013-12-26 21:32 - 2012-11-25 13:28 - 00000000 ____D C:\Users\*********\Downloads\[0000]---MOVIEZ---
2013-12-26 21:19 - 2013-02-11 13:20 - 00000000 ____D C:\Users\*********\Downloads\BitDefender   Bit Defender 2013 + Keys + Activator_files
2013-12-26 21:18 - 2013-05-21 12:31 - 00163328 ___SH C:\Users\*********\Downloads\Thumbs.db
2013-12-26 20:34 - 2013-12-26 20:34 - 03731400 _____ C:\Users\*********\Downloads\The_New_Bitdefender_UninstallTool.exe
2013-12-26 17:46 - 2013-12-26 17:46 - 00000000 ____D C:\Users\*********\Downloads\UpdatePack_V134 (1)
2013-12-26 17:45 - 2013-12-26 17:44 - 24964514 _____ C:\Users\*********\Downloads\UpdatePack_V134 (1).zip
2013-12-26 16:11 - 2013-11-29 12:42 - 00000000 ____D C:\Windows\erdnt
2013-12-26 16:10 - 2013-11-29 12:39 - 05158590 ____R (Swearware) C:\Users\*********\Downloads\ComboFix.exe
2013-12-26 15:58 - 2013-12-26 15:57 - 00050477 _____ C:\Users\*********\Downloads\Defogger.exe
2013-12-26 15:46 - 2013-12-26 15:46 - 00891200 _____ C:\Users\*********\Downloads\SecurityCheck.exe
2013-12-26 14:56 - 2013-12-26 14:56 - 01440846 _____ C:\Users\*********\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-12-26 14:16 - 2013-12-26 14:16 - 01233962 _____ C:\Users\*********\Downloads\adwcleaner.exe
2013-12-26 04:46 - 2013-11-12 17:28 - 00000000 ____D C:\ProgramData\Oracle
2013-12-26 04:31 - 2013-12-26 04:31 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-26 04:31 - 2013-12-26 04:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-26 04:31 - 2013-12-26 04:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-26 04:31 - 2013-12-26 04:31 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-26 04:31 - 2013-12-26 04:31 - 00000000 ____D C:\Program Files\Java
2013-12-26 04:30 - 2013-12-26 04:29 - 29040552 _____ (Oracle Corporation) C:\Users\*********\Downloads\jre-7u45-windows-i586.exe
2013-12-26 04:28 - 2013-12-26 04:28 - 30694824 _____ (Oracle Corporation) C:\Users\*********\Downloads\jre-7u45-windows-x64.exe
2013-12-26 04:28 - 2013-12-26 04:27 - 00915368 _____ (Oracle Corporation) C:\Users\*********\Downloads\chromeinstall-7u45.exe
2013-12-26 04:24 - 2013-11-29 11:51 - 00000000 ____D C:\Program Files (x86)\Belarc
2013-12-26 03:18 - 2013-12-26 03:18 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-26 03:18 - 2013-12-26 03:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 17:13 - 2013-04-14 20:10 - 00000000 ____D C:\Users\*********\Downloads\!
2013-12-25 14:57 - 2013-12-25 14:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*********\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-24 13:57 - 2013-12-24 11:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-24 11:03 - 2013-12-24 11:03 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-24 03:48 - 2013-12-21 21:49 - 00000000 ____D C:\Users\*********\Downloads\UpdatePack_V134
2013-12-24 03:18 - 2013-12-24 03:18 - 00000000 ____D C:\Windows\ERUNT
2013-12-24 02:48 - 2013-12-24 02:48 - 03950128 _____ (Microsoft Corporation) C:\Users\*********\Downloads\stsupldloc2013-kb2726996-fullfile-x64-glb (3).exe
2013-12-24 02:39 - 2013-12-24 02:39 - 03950128 _____ (Microsoft Corporation) C:\Users\*********\Downloads\stsupldloc2013-kb2726996-fullfile-x64-glb (2).exe
2013-12-23 01:37 - 2013-12-23 01:37 - 05428186 _____ C:\Users\*********\Downloads\update-134.tar.gz
2013-12-23 01:35 - 2013-12-23 01:35 - 05428186 _____ C:\Users\*********\Downloads\update-134.gz
2013-12-22 19:34 - 2013-12-22 19:34 - 00000000 ____D C:\Users\*********\Downloads\TM.2.YT.DL.v2.1.0.537
2013-12-22 19:34 - 2013-12-22 19:33 - 02237534 _____ C:\Users\*********\Downloads\TM.2.YT.DL.v2.1.0.537.rar
2013-12-22 15:41 - 2013-11-02 10:28 - 00000000 ____D C:\Program Files (x86)\HDDGURU LLF Tool
2013-12-22 15:40 - 2013-11-02 10:28 - 00001060 _____ C:\Users\*********\Desktop\Hard Disk Low Level Format Tool.lnk
2013-12-22 15:39 - 2013-12-22 15:39 - 00000000 ____D C:\Users\*********\Downloads\HDD_Low_Level_Format_Tool_4.25_Software
2013-12-22 15:36 - 2013-12-22 15:36 - 01277576 _____ C:\Users\*********\Downloads\HDD_Low_Level_Format_Tool_4.25_Software.rar
2013-12-22 13:54 - 2013-12-22 13:53 - 04278747 _____ C:\Users\*********\Downloads\usb110511.zip
2013-12-22 13:39 - 2013-12-22 13:38 - 147571049 _____ C:\Users\*********\Downloads\Biffy Clyro - Opposites Live from Glasgow (2013).zip
2013-12-22 13:38 - 2013-12-22 13:38 - 00000000 ____D C:\Users\*********\Downloads\pcunlocker_trial
2013-12-22 13:34 - 2013-12-22 13:34 - 31489469 _____ C:\Users\*********\Downloads\pcunlocker_trial.zip
2013-12-22 13:32 - 2013-12-22 13:31 - 71381976 _____ (Magic Rescue CD                                             ) C:\Users\*********\Downloads\rescueCD_setup_free_version.exe
2013-12-22 03:10 - 2013-12-22 03:05 - 1252147200 _____ C:\Users\*********\Downloads\linuxmint-16-cinnamon-dvd-64bit.iso
2013-12-22 02:34 - 2013-12-22 02:31 - 734947328 _____ C:\Users\*********\Downloads\ADRIANE-KNOPPIX_V7.2.0gCD-2013-07-28-DE.iso
2013-12-22 02:23 - 2013-12-22 02:23 - 00033590 _____ C:\Users\*********\Downloads\packagelist_kubuntu_64.txt
2013-12-22 01:09 - 2013-12-22 01:08 - 01094939 _____ (pendrivelinux.com) C:\Users\*********\Downloads\Universal-USB-Installer-1.9.5.1.exe
2013-12-21 23:54 - 2013-12-21 23:54 - 05192704 _____ (Geza Kovacs) C:\Users\*********\Downloads\unetbootin-windows-585 (3).exe
2013-12-21 23:54 - 2013-12-21 23:54 - 05192704 _____ (Geza Kovacs) C:\Users\*********\Downloads\unetbootin-windows-585 (2).exe
2013-12-21 22:55 - 2013-12-21 22:51 - 938475520 _____ C:\Users\*********\Downloads\ubuntu-13.10-desktop-i386.iso
2013-12-21 22:54 - 2013-12-21 22:54 - 00000000 ____D C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
2013-12-21 22:54 - 2013-12-21 22:53 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2013-12-21 22:50 - 2013-12-21 22:49 - 04766976 _____ (LinuxLive USB Creator) C:\Users\*********\Downloads\LinuxLive USB Creator 2.8.26.exe
2013-12-21 22:28 - 2013-12-21 22:28 - 01046523 _____ (Ext2Fsd Group                                               ) C:\Users\*********\Downloads\Ext2Fsd-0.51.exe
2013-12-21 21:04 - 2013-12-21 20:57 - 00000000 ____D C:\Program Files (x86)\UFB Code Setup
2013-12-21 20:58 - 2013-12-21 20:58 - 00001985 _____ C:\Users\*********\Desktop\UFB Code Setup.lnk
2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\WCH.CN
2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UFB Code Setup
2013-12-21 20:57 - 2013-12-21 20:57 - 00000000 ____D C:\Windows\UFB Code Setup
2013-12-21 20:57 - 2013-12-21 20:57 - 00000000 ____D C:\Users\*********\Downloads\UFB234_CD-Inhalt
2013-12-21 20:55 - 2013-12-21 20:55 - 17560304 _____ C:\Users\*********\Downloads\UFB234_CD-Inhalt.zip
2013-12-20 22:50 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-12-20 19:49 - 2013-12-20 19:49 - 00000000 ____D C:\ProgramData\ESET
2013-12-20 19:49 - 2013-12-20 19:49 - 00000000 ____D C:\Program Files\ESET
2013-12-20 19:35 - 2013-12-20 19:34 - 154561875 _____ C:\Users\*********\Downloads\eset_nod32_smart security.rar
2013-12-20 19:15 - 2013-05-06 10:42 - 00000000 ____D C:\Users\*********\Downloads\utopia-ccf-s04e15-xvid
2013-12-20 19:15 - 2012-11-07 18:00 - 00000000 ____D C:\Users\*********\Downloads\[0000]---Abarbeiten---
2013-12-20 19:15 - 2012-09-27 18:54 - 00000000 ____D C:\Users\*********\Downloads\[0000]---UFS910 Aufnahmen---
2013-12-20 18:49 - 2013-12-20 18:48 - 02888335 _____ C:\Users\*********\Downloads\Greetings from Chuck (The epic christmas split).flv
2013-12-20 18:48 - 2013-12-20 18:48 - 10759552 _____ C:\Users\*********\Downloads\Greetings from Chuck (The epic christmas split).mp4
2013-12-20 18:48 - 2013-12-20 18:48 - 00690824 _____ C:\Users\*********\Downloads\Greetings from Chuck (The epic christmas split).3gp
2013-12-20 16:09 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2013-12-20 01:22 - 2013-12-20 01:22 - 00381540 _____ C:\Users\*********\Downloads\enigma2-skin-elgato-hd_1.0.1_all.ipk
2013-12-19 04:20 - 2013-04-29 13:26 - 00000000 ____D C:\Users\*********\Downloads\HrnOvr40_29
2013-12-19 04:20 - 2012-12-04 14:18 - 00000000 ____D C:\Users\*********\Downloads\!-Mui Importante
2013-12-19 04:19 - 2013-09-09 19:10 - 00000000 ____D C:\Users\*********\Downloads\!!
2013-12-19 03:01 - 2013-03-04 15:18 - 00000000 ____D C:\Users\*********\Documents\[0000]---dream800---
2013-12-19 02:15 - 2012-08-28 21:49 - 00000000 ____D C:\Users\*********\AppData\Roaming\QuickScan
2013-12-19 01:53 - 2013-12-19 01:53 - 00000000 ____D C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-12-19 01:53 - 2013-12-19 01:53 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-12-19 01:48 - 2013-12-19 01:48 - 01432078 _____ C:\Users\*********\Downloads\redate.zip
2013-12-19 00:28 - 2013-12-19 00:28 - 00000001 _____ C:\Users\*********\AppData\Local\llftool.4.40.agreement
2013-12-18 22:01 - 2013-12-18 22:01 - 02046464 _____ C:\Users\*********\Downloads\HDDLLF.4.40.exe
2013-12-18 21:39 - 2013-12-18 21:39 - 00000000 ____D C:\Users\*********\Downloads\usbit (1)
2013-12-18 21:38 - 2013-12-18 21:38 - 00221471 _____ C:\Users\*********\Downloads\usbit (1).zip
2013-12-18 21:35 - 2013-12-18 21:35 - 00236402 _____ C:\Users\*********\Downloads\Anleitung_3_Duck-Trick_Image_USB_Stick_unter_Windows_erstellen_flor62.zip
2013-12-18 20:09 - 2013-12-18 20:09 - 00928690 _____ C:\Users\*********\Downloads\DreamUP133_11.zip
2013-12-18 20:08 - 2013-12-18 20:08 - 03847349 _____ C:\Users\*********\Downloads\CP210x_VCP_Windows.zip
2013-12-18 20:07 - 2013-12-18 20:07 - 54083533 _____ C:\Users\*********\Downloads\newnigma2-stable-dm800-v4.0.6.zip
2013-12-17 19:51 - 2013-12-17 19:51 - 04603098 _____ C:\Users\*********\Downloads\e2.ipk
2013-12-17 19:51 - 2013-12-17 19:51 - 00303096 _____ C:\Users\*********\Downloads\python-mechanize_0.2.5-r0_mips32el.ipk
2013-12-17 19:47 - 2013-12-17 19:46 - 00000000 ____D C:\Burgard
2013-12-17 02:07 - 2012-10-23 21:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-17 02:06 - 2013-08-31 14:52 - 00000000 ____D C:\Windows\system32\MRT
2013-12-17 02:03 - 2012-12-16 12:11 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-17 02:01 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\oobe

Some content of TEMP:
====================
C:\Users\*********\AppData\Local\temp\LiveSupport_setup.exe
C:\Users\*********\AppData\Local\temp\Tsu023F09D0.dll
C:\Users\*********\AppData\Local\temp\Tsu0D61E85A.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-07 11:34

==================== End Of Log ============================
 
 
 
FRST64 ATTACH
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-01-2014 01
Ran by ******* at 2014-01-13 13:47:41
Running from C:\Users\*******\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
AAF_Recovery_tool installer V4.6 (x32 Version:  - ©  2010 Black_64)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (x32 Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Reader XI - Deutsch (x32 Version: 11.0.00 - Adobe Systems Incorporated)
AIDA64 Engineer v4.00 (x32 Version: 4.00 - FinalWire Ltd.)
ARPCache Viewer (x32 Version:  - )
Artisteer 3 (x32 Version: 3.0 - Extensoft)
calibre (x32 Version: 0.9.34 - Kovid Goyal)
CCleaner (Version: 3.25 - Piriform)
dLAN Cockpit (x32 Version: 3.2.28 - devolo AG) Hidden
DVD Decrypter (Remove Only) (x32 Version:  - )
DVD Shrink 3.2 deutsch (DeCSS-frei) (x32 Version:  - DVD Shrink)
ESET Smart Security (Version: 7.0.302.26 - ESET, spol s r. o.)
FlashFXP 4 (x32 Version: 4.4.2.2022 - OpenSight Software LLC)
GS.Supporter 1.80 (x32 Version:  - Verified Publisher) <==== ATTENTION
Hard Disk Low Level Format Tool 4.25 (x32 Version:  - HDDGURU)
HP webOS SDK (Version: 3.0.676 - HP)
ICE ECC v2.7 (x32 Version: v2.7 - ICE Graphics)
InfraRecorder (x32 Version:  - Christian Kindahl)
iTunes (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 2 (Version: 2 - AppWork GmbH)
Kindle DRM Removal (x32 Version: 1.4.1 - eBook Converter)
LinuxLive USB Creator (x32 Version: 2.8 - Thibaut Lauziere)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 16.0.1 (x86 de) (x32 Version: 16.0.1 - Mozilla)
MPC-HC 1.6.6.6957 (3975d54) (64-bit) (Version: 1.6.6.6957 - MPC-HC Team)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1 - NAVIGON)
Nitro Pro 8 (Version: 8.5.2.10 - Nitro)
nLite 1.4.9.3 (x32 Version: 1.4.9.3 - Dino Nuhagic (nuhi))
Notepad++ (x32 Version: 6.5.2 - Notepad++ Team)
Novacomd (Version: 1.0.0.76 - Palm, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Samsung Kies (x32 Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.06 (64-bit) (Version: 4.06 - Sandboxie Holdings, LLC)
SatChannelListEditor (x32 Version: 4.4.0 - Elemental)
Secure Eraser (x32 Version: 4.2.0.1 - ASCOMP Software GmbH)
SiSoftware Sandra Lite 2013.SP3a (Version: 19.44.2013.5 - SiSoftware)
SNT (x32 Version: 3.0.0.1448 - SNT) <==== ATTENTION
Splash PRO (x32 Version: 1.13.1 - Mirillis)
Splash PRO EX (x32 Version: 1.13.1 - Mirillis)
Start8 (x32 Version: 1.10 - Stardock Corporation)
SUPERAntiSpyware (Version: 5.7.1016 - SUPERAntiSpyware.com)
TeamViewer 8 (x32 Version: 8.0.22298 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (Version: 8.01 - Ghisler Software GmbH)
UFB Code Setup (x32 Version: V2.6 - Macro Technology Ltd.)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2727009) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2752100) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760624) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2768356) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2738044) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (Version:  - Microsoft)
USB Playback Console (x32 Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.6 (Version: 2.0.6 - VideoLAN)
Web Tools (x32 Version: 7.9.0.0029 - AVer)
Web Tools (x32 Version: 7.9.0.0029 - AVer) Hidden
WinDFT (x32 Version: 1.0.0 - HGST)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Palm (WinUSB) Palm Devices  (10/09/2009 1.0.1) (Version: 10/09/2009 1.0.1 - Palm)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.8.3 (64-bit) (x32 Version: 1.8.3 - The Wireshark developer community, http://www.wireshark.org)
YoutubeAdblocker (x32 Version: 4.3.0.1648 - YoutubeAdblocker) <==== ATTENTION

==================== Restore Points  =========================

27-12-2013 23:54:11 OTL Restore Point - 28.12.2013 00:54:05
29-12-2013 13:50:35 Removed Universal Adb Driver
01-01-2014 17:58:45 Windows Update
02-01-2014 21:19:16 Removed Apple Application Support
06-01-2014 11:37:41 Windows Update
09-01-2014 12:08:36 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-12-23 22:47 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {51617BAF-1D14-435A-BDE8-4D46A8F7E9DB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7DC0AD0C-BDB1-44E1-8286-91C48A5357DA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {A04185F0-F830-4528-B426-5FA3D087CD99} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D515E923-D15A-4156-963B-AE339DBF0231} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

==================== Loaded Modules (whitelisted) =============

2013-11-02 10:25 - 2012-09-07 16:57 - 00559424 _____ () C:\Program Files (x86)\ASCOMP Software\Secure Eraser\SecEraser64.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\SysWOW64\AudioDec.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\AvsAudioCodec.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\AvsCodec51.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\decode.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\G723Codec.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\ijl15.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\IPCDCore.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\IPCHD10.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\IPCJD20.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\IPCMD10.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\IPCXD10.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\NetworkAPI.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\NVDHE50.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\NVDME50.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\postprocess.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\RTClientSDK71.dll:BDU
AlternateDataStreams: C:\Windows\SysWOW64\Xrypassd.dll:BDU
AlternateDataStreams: C:\Users\*******\Downloads\amddriverdownloader.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\bitdefender_is_2013_32b.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\bitdefender_is_2013_64b.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\bitdefender_tsecurity2013.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\bitdefender_ts_2013_32b.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\bitdefender_ts_2013_64b.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\bitdefender_w8se_2013_64b.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\ChromeStandaloneSetup (1).exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\ChromeStandaloneSetup.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\ClassicShellSetup_3_6_2 (1).exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\ClassicShellSetup_3_6_5.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\FRITZ!Box-Fernzugang einrichten (1).exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\FRITZ!Box-Fernzugang einrichten.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\FRITZ!VPN64_German.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\groove2013-kb2760358-fullfile-x64-glb.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\HWVendorDetection.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\install_flash_player.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\jre-7u13-windows-i586.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\jre-7u13-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\Kies_2.3.3.12085_7_5.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\Kies_2.5.0.12094_28_8.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\LiveUpdater.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\mb_bios_ga-890gpa-ud3h_v2.x_fe.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\mb_bios_ga-890gpa-ud3h_v2.x_ff.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\mb_driver_amd_sataraid_ahci_win8.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\mb_utility_3tb_unlock.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\mb_utility_3tb_unlock_f6.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\motherboard_utility_xr2.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\PortableApps.com_Platform_Setup_11.2.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\QuickTimeInstaller.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\SandboxieInstall.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\setup_phc_standard_6_9_0_2841.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\splash_pro_1_13_1_setup (1).exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\splash_pro_1_13_1_setup.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\splash_pro_ex_1_13_1_setup.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\spybotsd162.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\Start8_setup.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\StartButton8_Setup_4_47_freeware (1).exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\StartButton8_Setup_4_47_freeware.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\StartButton8_Setup_4_53_freeware.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\tazusb.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\TeamViewer_Setup_de.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\Thunderbird Setup 16.0.1.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\Ti_60_HE_SIA_EWEB.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\tweaking.com_windows_repair_aio_setup.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\Universal-USB-Installer-1.9.2.4.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\UsenetNLSetup_427156f.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\Win64OpenSSL_Light-1_0_1c.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\Windows_7_IE8.part01.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\Windows_XP_IE6 (1).exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\Windows_XP_IE6.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\Wireshark-win64-1.8.3.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\wmpfirefoxplugin.exe:BDU
AlternateDataStreams: C:\Users\*******\Downloads\ZendServer-CE-php-5.3.14-5.6.0-SP4-Windows_x86.exe:BDU

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: WAN-Miniport (IP)
Description: WAN-Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30)
Description: Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (IPv6)
Description: WAN-Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #6
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN-Miniport (Netzwerkmonitor)
Description: WAN-Miniport (Netzwerkmonitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.


==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 3818.9 MB
Available physical RAM: 2557.64 MB
Total Pagefile: 7658.9 MB
Available Pagefile: 6106.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:595.83 GB) (Free:144.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: BA29BD2B)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by Oh My, 13 January 2014 - 04:04 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 PM

Posted 13 January 2014 - 04:09 PM

Greetings,

Can you tell me if you are experiencing any issues with your Netbook. Also, did you intentionally install these programs?

C:\Program Files (x86)\Optimizer Pro
C:\Program Files (x86)\YoutubeAdblocker
C:\ProgramData\SoftWarehouse
C:\Program Files (x86)\GS_x64.Enabler
C:\ProgramData\gRReatsaverr
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 candelaver

candelaver
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 15 January 2014 - 05:04 AM

No this tool, i was fooled by an Tool, because i wanted to make a USB Stick with WinXP to install for a girlfriend.

This Crap was downloaded by an Loader tool Called data Life sharre or so.

it was happend 1-max-2 days after you contact me.

 

i did run all tools again, and started again by ZERO

after, i did this Big error. I, looking for this Crap name of the Tool,

it was winsetup from USB with any Data Share loader etc.

Ithink i´ve bin fooled with this Crap.

 

 

1.) JRT

2.) Superantispyware

3.) Mbam

3.Adware Removwer

4.) FRST64

5.) now í`m running my Eset 7 again.

6.)TDSSSkiller

an so on,

7 Gmer

 

 

 

 

i do all Scans again , my fault and post it again.

im Sorry, i scan like tuts hier again , and Post the new logs.

 

i can wait of your Response, if you suggest other tools etc.

 

I whould like to give you a great Download of  some great cold Beers, of my hometown Breweries, for you Patience, but i´m very Sorry, that the Internet isn`t Perfect.


Edited by candelaver, 15 January 2014 - 05:10 AM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 PM

Posted 15 January 2014 - 09:36 AM

Please hold off on running anything unless I ask you to do that. If you are doing stuff I am not aware of we get all messed up. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\ProgramData\SoftWarehouse
C:\ProgramData\gRReatsaverr 
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Optimizer Pro
YoutubeAdblocker
GS_x64.Enabler
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Did the program(s) uninstall properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 PM

Posted 19 January 2014 - 09:54 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users