| |
| |||||||
Log-Analyse und Auswertung: Ist das ein bösartiges "Souvenir"?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.08.2013, 16:55
| #1 |
| |  Ist das ein bösartiges "Souvenir"? Hallo Forumsgemeinde ich fand vor einigen Minuten in meinem Systemstart diese Datei HKCU:Run qcgce2mrvjq91kk1e7pnbb19m52fx C:\Users\Michael\AppData\Local\Temp\vkuvfyadvxnpnkunx.exe da ich mich vor 14 Tagen mit dem GVU-Trojaner rumärgern musste,bin ich mir nicht sicher was es mit dieser exe auf sich hat. Es war auch ein Krampf den Pc wieder zum laufen zu bringen, da Laptop und Pc betroffen war(fuck Antivir)   Für eure Hilfe möchte ich mich jetzt schon einmal herzlich bedanken Ich möchte euch ein Video von Frank Mehorn empfehlen ,mit dem ich meine beiden Rechner wieder "FREI" bekommen habe , denn eine Systemwiederherstellung wie sie ein gewisser Alex Ken anpreisen tut funktioniert nicht , denn die Systemwiederherstellung lies sich gar nicht erst aufrufen. Der Frank erklärt es auch prima , schaut es euch einfach mal an wenn euch das Thema interessieren tut, ich möchte anmerken das ich den Mann nicht kenne und keine Schleichwerbung machen möchte und auch Alex Ken nicht in abrede stellen möchte hxxp://www.youtube.com/watch?v=KR3UEJhZfDg Geändert von Floherl71 (09.08.2013 um 17:09 Uhr) |
|
09.08.2013, 17:08
| #2 |
| /// Malware-holic   | Ist das ein bösartiges "Souvenir"? Hi,
__________________dass ist leider das Problem, wenn man selbst versucht malware zu entfernen, da man sie als unerfahrener Nutzer nicht immer vollständig aufspüren kann. (nicht bös gemeint) Schaun wir mal. Es wird eine Anweisung zum erstellen eines FRST Logs folgen, bitte beachte die zusatz Aufgabe für die Additions.txt Empfehlungen fürs Deinstallieren Bitte kopiere die Liste der installierten Programme aus der additions.txt hier in deinen Thread. Notiere mir bitte hinter jede Zeile, ob folgendes Kategorie zutrifft: Unbekannt, Nötig, Unnötig Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
09.08.2013, 17:35
| #3 |
| | Ist das ein bösartiges "Souvenir"? FRST.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by Michael (administrator) on 09-08-2013 18:30:06
Running from C:\Users\Michael\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Command Processor: "C:\Users\Michael\AppData\Local\Temp\vkuvfyadvxnpnkunx.exe" <======= ATTENTION
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
URLSearchHook: (No Name) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.v9.com/web/?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.v9.com/web/?q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {E567C682-3E07-4AEB-BFA6-46260BAA335E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: AlxHelper Class - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKCU - No Name - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\eh58d0fj.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Logitech SetPoint) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.51.8_0
CHR Extension: (RealDownloader) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Norton Identity Protection) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2013-03-21] ()
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-18] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-07-18] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130808.001\IDSvia64.sys [513184 2013-07-17] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130808.001\IDSvia64.sys [513184 2013-07-17] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130809.003\ENG64.SYS [126040 2013-07-18] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130809.003\ENG64.SYS [126040 2013-07-18] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130809.003\EX64.SYS [2098776 2013-07-18] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130809.003\EX64.SYS [2098776 2013-07-18] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2010-07-16] (CACE Technologies, Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S1 bpdcudlb; \??\C:\Windows\system32\drivers\bpdcudlb.sys [x]
S1 iahcuysk; \??\C:\Windows\system32\drivers\iahcuysk.sys [x]
S1 onrhdmqa; \??\C:\Windows\system32\drivers\onrhdmqa.sys [x]
S1 rglblrsd; \??\C:\Windows\system32\drivers\rglblrsd.sys [x]
S1 rgzomkyb; \??\C:\Windows\system32\drivers\rgzomkyb.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-09 18:29 - 2013-08-09 18:29 - 01790169 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2013-08-09 18:22 - 2013-08-09 18:23 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-09 18:22 - 2013-08-09 18:22 - 00001051 _____ C:\Users\Michael\Desktop\MyPC Backup.lnk
2013-08-09 18:22 - 2013-08-09 18:22 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-08-09 18:22 - 2013-08-09 18:22 - 00000000 ____D C:\Users\Michael\AppData\Local\Amazon Browser Bar
2013-08-09 18:22 - 2013-08-09 18:22 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-09 18:21 - 2013-08-09 18:21 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.13980.dll
2013-08-09 18:21 - 2013-08-09 18:21 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar
2013-08-09 18:19 - 2013-08-09 18:19 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 18:19 - 2013-08-09 18:19 - 00000000 _____ C:\Windows\setupact.log
2013-08-09 17:35 - 2013-08-09 17:35 - 00000000 ____D C:\Users\Michael\AppData\Local\{2860A68F-7475-40A0-B4EB-D9264442F9A0}
2013-08-09 17:24 - 2013-08-09 17:24 - 00002474 _____ C:\Users\Michael\Desktop\startup.txt
2013-08-09 17:20 - 2013-08-09 17:20 - 00141246 _____ C:\Users\Michael\Documents\cc_20130809_172031.reg
2013-08-09 17:14 - 2013-08-09 17:14 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-09 17:14 - 2013-08-09 17:14 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-09 17:14 - 2013-08-09 17:14 - 00000000 ____D C:\Program Files\CCleaner
2013-08-07 19:17 - 2013-08-07 19:17 - 00000000 ____D C:\Users\Michael\AppData\Local\{EA3A98AD-C968-4AE0-A337-8D5E815D5AC7}
2013-08-07 08:34 - 2013-08-07 08:34 - 00000000 ____D C:\Users\Michael\Downloads\sniffpass_german
2013-08-07 08:34 - 2013-08-07 08:34 - 00000000 ____D C:\Users\Michael\Downloads\g15_ME-146-01_1
2013-08-07 07:42 - 2013-08-07 07:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-07 07:42 - 2013-08-07 07:42 - 00000000 ____D C:\Program Files\WinRAR
2013-08-07 06:42 - 2013-08-07 06:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\iWin
2013-08-07 06:42 - 2013-08-07 06:42 - 00000000 ____D C:\ProgramData\iWin
2013-08-07 02:58 - 2013-08-07 02:58 - 00000000 ____D C:\Users\Michael\AppData\Local\{6F1C4E1F-EC45-465E-9DCF-4D6B6BC42AB2}
2013-08-04 11:15 - 2013-08-04 11:15 - 00000000 ____D C:\Users\Michael\AppData\Local\{0F5FB79F-6A6E-436B-8BAF-C752B364ADC5}
2013-08-02 05:40 - 2013-08-02 05:40 - 00000000 ____D C:\Users\Michael\AppData\Local\{100821B9-D246-48A5-87D2-E6BFE2939DA7}
2013-08-01 14:00 - 2013-08-01 14:01 - 00000000 ____D C:\Users\Michael\AppData\Local\{0D82E13E-39BF-42C3-8E7D-5BF328335376}
2013-07-30 15:44 - 2013-07-30 15:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{30785C98-6876-4C52-9964-5C353C1CE2B9}
2013-07-30 10:09 - 2013-08-09 17:19 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2013-07-29 13:07 - 2013-07-29 13:08 - 00000000 ____D C:\Users\Michael\AppData\Local\{75DBD2F3-0631-4D6E-9641-B7091FBF61E4}
2013-07-26 14:29 - 2013-07-26 15:31 - 00000000 ____D C:\Users\Michael\Desktop\Festplatte
2013-07-26 14:28 - 2013-08-09 17:19 - 00000000 ___DC C:\Users\Michael\AppData\Local\MigWiz
2013-07-26 12:03 - 2013-07-26 12:03 - 00000000 ____D C:\Users\Michael\AppData\Local\{5A2C5164-5BA6-47B9-BD5C-29B2A55F2E26}
2013-07-25 11:52 - 2013-07-25 11:53 - 00000000 ____D C:\Users\Michael\AppData\Local\{F5E8D278-4FAB-415F-AD71-EEBA084A9903}
2013-07-24 10:39 - 2013-07-24 10:39 - 00000000 ____D C:\Users\Michael\AppData\Local\{272CABBF-C03E-41F6-9B46-027996918E3D}
2013-07-23 20:49 - 2013-07-23 20:49 - 00000000 ____D C:\Users\Michael\AppData\Local\{B039ED4A-5BDB-4539-8DC8-BF3C7D80E602}
2013-07-23 14:27 - 2013-07-23 14:27 - 00072017 _____ C:\Windows\SysWOW64\Uninstall ALDI SÜD Mah Jong.exe
2013-07-23 14:27 - 2013-07-23 14:27 - 00000000 __SHD C:\Users\Michael\AppData\Roaming\.#
2013-07-23 12:11 - 2013-07-23 12:12 - 00000000 ____D C:\Users\Michael\AppData\Roaming\SprillRichiGerman
2013-07-23 10:09 - 2013-07-23 10:09 - 00003286 _____ C:\Windows\System32\Tasks\{D3F8F2FD-25C4-40CE-A5E5-0051332EE379}
2013-07-23 05:24 - 2013-07-23 05:24 - 00000000 ____D C:\Users\Michael\AppData\Local\{61FD1364-8F9B-42B8-919A-A1B9EC0BFFDB}
2013-07-21 19:06 - 2013-07-21 19:06 - 00000000 ____D C:\Users\Michael\AppData\Local\{7FE68A0B-9024-4198-9FF6-2BE86A10AB39}
2013-07-21 07:05 - 2013-07-21 07:05 - 00000000 ____D C:\Users\Michael\AppData\Local\{500CFD37-DA6B-4757-B455-948C455DD796}
2013-07-21 00:14 - 2013-07-21 00:14 - 00018117 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:12 - 2013-07-21 00:12 - 00018290 _____ C:\AdwCleaner[R1].txt
2013-07-21 00:11 - 2013-07-21 00:11 - 00666633 _____ C:\Users\Michael\Downloads\adwcleaner.exe
2013-07-20 19:30 - 2013-07-20 19:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Mail PassView
2013-07-20 19:30 - 2013-07-20 19:30 - 00000000 ____D C:\Program Files (x86)\NirSoft
2013-07-20 19:29 - 2013-07-20 19:29 - 00128202 _____ C:\Users\Michael\Downloads\mailpv_setup.exe
2013-07-20 19:19 - 2013-07-20 19:20 - 00000000 ____D C:\Users\Michael\Documents\mailpv
2013-07-20 18:56 - 2013-07-20 18:57 - 00000000 ____D C:\Users\Michael\AppData\Local\{5155B265-862D-42EF-A253-39DFEB272C90}
2013-07-20 18:06 - 2013-07-20 18:06 - 00000000 ____D C:\Users\Michael\AppData\Local\{2EEEF418-2997-4942-9AD8-0A91CE5114D6}
2013-07-20 17:36 - 2013-07-20 17:36 - 00002712 _____ C:\{F1788B8A-4BF2-488F-9E08-7924D2A0DFA3}
2013-07-20 17:33 - 2013-07-20 17:33 - 00002672 _____ C:\{4458E840-62F8-41EC-AFA3-DE5563BCCE80}
2013-07-20 17:27 - 2013-07-20 17:27 - 00002528 _____ C:\{653C933B-B71F-4E2A-9E69-FF006A110A9F}
2013-07-20 17:25 - 2013-07-20 17:25 - 00002304 _____ C:\{58798400-A77F-42EA-9FAF-48D895AAE7B8}
2013-07-20 17:23 - 2013-07-20 17:23 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Gaijin Ent
2013-07-20 17:20 - 2013-07-20 17:20 - 00002944 _____ C:\{41682ECC-E86E-4AA2-8E58-CA721F4D05A7}
2013-07-20 16:13 - 2013-07-20 16:13 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 16:12 - 2013-07-20 16:12 - 00000000 ____D C:\Users\Michael\AppData\Local\{8B9AEF21-125D-4E00-A8FC-DC71343FCB7E}
2013-07-19 07:00 - 2013-07-19 09:48 - 00000000 ____D C:\NBRT
2013-07-19 06:03 - 2013-07-19 06:03 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-07-19 01:42 - 2013-07-19 01:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{38BA6E78-0CC8-42CC-9EA2-579239290BCE}
2013-07-19 01:39 - 2013-07-19 01:39 - 00000000 ____D C:\Users\Michael\Documents\Symantec
2013-07-19 01:38 - 2013-07-19 05:57 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-07-19 01:38 - 2013-07-19 05:57 - 00002465 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-07-19 01:38 - 2013-07-19 01:46 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-07-19 01:38 - 2013-07-19 01:46 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-07-19 01:38 - 2013-07-19 01:38 - 00000000 ____D C:\Program Files\Symantec
2013-07-19 01:38 - 2013-07-19 01:38 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-07-19 01:37 - 2013-07-19 05:58 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-07-19 01:37 - 2013-07-19 01:38 - 00000000 ____D C:\ProgramData\Norton
2013-07-19 01:37 - 2013-07-19 01:37 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-07-18 02:39 - 2013-07-18 02:39 - 00163044 _____ C:\Users\Michael\AppData\Roaming\2433f433
2013-07-18 02:39 - 2013-07-18 02:39 - 00163036 _____ C:\ProgramData\2433f433
2013-07-17 12:25 - 2013-07-17 12:25 - 00000000 ____D C:\Users\Michael\AppData\Local\{548A67AB-4F31-4BBF-B020-663D237CDDF6}
2013-07-16 14:49 - 2013-07-16 14:50 - 00000000 ____D C:\Users\Michael\AppData\Local\{052ACC0F-6184-4761-9465-0F58D33B7A56}
2013-07-16 10:27 - 2013-07-16 10:27 - 00003182 _____ C:\Windows\System32\Tasks\{BEAADA15-B459-48FC-BA82-5A5E947A98F0}
2013-07-16 10:26 - 2013-07-16 10:26 - 00003184 _____ C:\Windows\System32\Tasks\{777CB726-D705-454F-9F04-10C86FFDC7C0}
2013-07-15 01:57 - 2013-07-15 01:57 - 00000000 ____D C:\Users\Michael\AppData\Local\{33CA8887-FBA4-4B8E-A18E-BA42BA156D5D}
2013-07-14 13:57 - 2013-07-14 13:57 - 00000000 ____D C:\Users\Michael\AppData\Local\{51326F05-0DB5-4945-8EB3-3341BF73C163}
2013-07-13 03:59 - 2013-07-13 03:59 - 00000000 ____D C:\Users\Michael\AppData\Local\{11A893D1-435F-4DE0-932E-8716EB9DF983}
2013-07-12 13:41 - 2013-07-12 13:41 - 00000000 ____D C:\Users\Michael\AppData\Local\{A24AB77D-0B45-4651-830C-D84F8EA20286}
2013-07-11 17:54 - 2013-07-11 17:54 - 00000000 ____D C:\Users\Michael\AppData\Local\{3760D527-75EA-43F0-83A9-8D463BE7CA67}
2013-07-11 16:35 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 16:35 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 16:35 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 16:35 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 16:35 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 16:35 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 16:35 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 16:35 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 16:35 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 16:35 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 16:35 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 16:35 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 16:35 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 16:35 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 16:35 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 16:35 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 16:35 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 16:35 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 16:35 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 16:35 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 16:35 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 14:02 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 14:02 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 14:02 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 14:02 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 14:02 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 14:02 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 14:02 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
==================== One Month Modified Files and Folders =======
2013-08-09 18:29 - 2013-08-09 18:29 - 01790169 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2013-08-09 18:24 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 18:24 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 18:23 - 2013-08-09 18:22 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-09 18:23 - 2012-12-21 17:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-09 18:22 - 2013-08-09 18:22 - 00001051 _____ C:\Users\Michael\Desktop\MyPC Backup.lnk
2013-08-09 18:22 - 2013-08-09 18:22 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-08-09 18:22 - 2013-08-09 18:22 - 00000000 ____D C:\Users\Michael\AppData\Local\Amazon Browser Bar
2013-08-09 18:22 - 2013-08-09 18:22 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-09 18:22 - 2012-12-10 18:25 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-09 18:21 - 2013-08-09 18:21 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.13980.dll
2013-08-09 18:21 - 2013-08-09 18:21 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar
2013-08-09 18:19 - 2013-08-09 18:19 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 18:19 - 2013-08-09 18:19 - 00000000 _____ C:\Windows\setupact.log
2013-08-09 17:35 - 2013-08-09 17:35 - 00000000 ____D C:\Users\Michael\AppData\Local\{2860A68F-7475-40A0-B4EB-D9264442F9A0}
2013-08-09 17:28 - 2013-03-27 19:36 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-09 17:28 - 2013-03-27 19:36 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-09 17:28 - 2013-03-27 19:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-09 17:28 - 2013-03-27 19:36 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 17:28 - 2013-02-04 00:56 - 00003594 _____ C:\Windows\System32\Tasks\Maxthon Update
2013-08-09 17:28 - 2011-07-11 06:08 - 00002734 _____ C:\Windows\System32\Tasks\Adobe ARM
2013-08-09 17:28 - 2011-07-11 06:08 - 00002732 _____ C:\Windows\System32\Tasks\Adobe Reader Speed Launcher
2013-08-09 17:25 - 2012-12-12 21:09 - 00000000 ____D C:\Windows\pss
2013-08-09 17:24 - 2013-08-09 17:24 - 00002474 _____ C:\Users\Michael\Desktop\startup.txt
2013-08-09 17:20 - 2013-08-09 17:20 - 00141246 _____ C:\Users\Michael\Documents\cc_20130809_172031.reg
2013-08-09 17:19 - 2013-07-30 10:09 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2013-08-09 17:19 - 2013-07-26 14:28 - 00000000 ___DC C:\Users\Michael\AppData\Local\MigWiz
2013-08-09 17:19 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-08-09 17:14 - 2013-08-09 17:14 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-09 17:14 - 2013-08-09 17:14 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-09 17:14 - 2013-08-09 17:14 - 00000000 ____D C:\Program Files\CCleaner
2013-08-09 17:02 - 2013-06-19 16:45 - 00000374 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Michael.job
2013-08-09 16:47 - 2012-12-11 01:43 - 00653928 _____ C:\Windows\system32\perfh007.dat
2013-08-09 16:47 - 2012-12-11 01:43 - 00129800 _____ C:\Windows\system32\perfc007.dat
2013-08-09 16:47 - 2012-12-10 16:53 - 01729121 ____N C:\Windows\WindowsUpdate.log
2013-08-09 16:47 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-09 16:43 - 2012-12-10 18:28 - 00000000 ____D C:\ProgramData\clear.fi
2013-08-09 16:43 - 2012-12-10 17:10 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-09 16:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-07 19:17 - 2013-08-07 19:17 - 00000000 ____D C:\Users\Michael\AppData\Local\{EA3A98AD-C968-4AE0-A337-8D5E815D5AC7}
2013-08-07 16:28 - 2012-12-11 00:38 - 00000000 ____D C:\Users\Michael\Desktop\Vom PC
2013-08-07 16:27 - 2012-12-12 18:02 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc
2013-08-07 16:23 - 2012-12-11 00:38 - 00000000 ____D C:\Users\Michael\Desktop\Musik
2013-08-07 13:26 - 2013-05-30 14:08 - 00000000 ____D C:\Users\Michael\Desktop\Friedhof
2013-08-07 11:46 - 2013-06-19 16:45 - 00000378 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Michael.job
2013-08-07 08:52 - 2012-12-10 20:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Nero
2013-08-07 08:34 - 2013-08-07 08:34 - 00000000 ____D C:\Users\Michael\Downloads\sniffpass_german
2013-08-07 08:34 - 2013-08-07 08:34 - 00000000 ____D C:\Users\Michael\Downloads\g15_ME-146-01_1
2013-08-07 07:54 - 2013-02-09 22:43 - 00000000 ____D C:\Users\Michael\Desktop\Neuer Ordner (2)
2013-08-07 07:42 - 2013-08-07 07:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-07 07:42 - 2013-08-07 07:42 - 00000000 ____D C:\Program Files\WinRAR
2013-08-07 07:42 - 2013-01-17 16:23 - 00000000 ____D C:\Users\Michael\AppData\Roaming\WinRAR
2013-08-07 06:42 - 2013-08-07 06:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\iWin
2013-08-07 06:42 - 2013-08-07 06:42 - 00000000 ____D C:\ProgramData\iWin
2013-08-07 06:26 - 2013-01-24 01:01 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Deep Shadows
2013-08-07 06:03 - 2013-03-21 20:53 - 00000000 ____D C:\Users\Michael\Desktop\Wimmel
2013-08-07 02:58 - 2013-08-07 02:58 - 00000000 ____D C:\Users\Michael\AppData\Local\{6F1C4E1F-EC45-465E-9DCF-4D6B6BC42AB2}
2013-08-07 02:39 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-04 11:15 - 2013-08-04 11:15 - 00000000 ____D C:\Users\Michael\AppData\Local\{0F5FB79F-6A6E-436B-8BAF-C752B364ADC5}
2013-08-02 05:40 - 2013-08-02 05:40 - 00000000 ____D C:\Users\Michael\AppData\Local\{100821B9-D246-48A5-87D2-E6BFE2939DA7}
2013-08-01 14:01 - 2013-08-01 14:00 - 00000000 ____D C:\Users\Michael\AppData\Local\{0D82E13E-39BF-42C3-8E7D-5BF328335376}
2013-07-30 15:44 - 2013-07-30 15:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{30785C98-6876-4C52-9964-5C353C1CE2B9}
2013-07-30 04:58 - 2013-01-17 21:46 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Fenomen Games
2013-07-30 02:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-29 13:08 - 2013-07-29 13:07 - 00000000 ____D C:\Users\Michael\AppData\Local\{75DBD2F3-0631-4D6E-9641-B7091FBF61E4}
2013-07-26 15:31 - 2013-07-26 14:29 - 00000000 ____D C:\Users\Michael\Desktop\Festplatte
2013-07-26 12:03 - 2013-07-26 12:03 - 00000000 ____D C:\Users\Michael\AppData\Local\{5A2C5164-5BA6-47B9-BD5C-29B2A55F2E26}
2013-07-25 11:53 - 2013-07-25 11:52 - 00000000 ____D C:\Users\Michael\AppData\Local\{F5E8D278-4FAB-415F-AD71-EEBA084A9903}
2013-07-24 10:39 - 2013-07-24 10:39 - 00000000 ____D C:\Users\Michael\AppData\Local\{272CABBF-C03E-41F6-9B46-027996918E3D}
2013-07-23 20:49 - 2013-07-23 20:49 - 00000000 ____D C:\Users\Michael\AppData\Local\{B039ED4A-5BDB-4539-8DC8-BF3C7D80E602}
2013-07-23 14:27 - 2013-07-23 14:27 - 00072017 _____ C:\Windows\SysWOW64\Uninstall ALDI SÜD Mah Jong.exe
2013-07-23 14:27 - 2013-07-23 14:27 - 00000000 __SHD C:\Users\Michael\AppData\Roaming\.#
2013-07-23 12:12 - 2013-07-23 12:11 - 00000000 ____D C:\Users\Michael\AppData\Roaming\SprillRichiGerman
2013-07-23 10:31 - 2013-01-08 17:24 - 00000000 ____D C:\Program Files (x86)\DEUTSCHLAND SPIELT
2013-07-23 10:09 - 2013-07-23 10:09 - 00003286 _____ C:\Windows\System32\Tasks\{D3F8F2FD-25C4-40CE-A5E5-0051332EE379}
2013-07-23 05:24 - 2013-07-23 05:24 - 00000000 ____D C:\Users\Michael\AppData\Local\{61FD1364-8F9B-42B8-919A-A1B9EC0BFFDB}
2013-07-21 19:06 - 2013-07-21 19:06 - 00000000 ____D C:\Users\Michael\AppData\Local\{7FE68A0B-9024-4198-9FF6-2BE86A10AB39}
2013-07-21 07:05 - 2013-07-21 07:05 - 00000000 ____D C:\Users\Michael\AppData\Local\{500CFD37-DA6B-4757-B455-948C455DD796}
2013-07-21 00:14 - 2013-07-21 00:14 - 00018117 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:12 - 2013-07-21 00:12 - 00018290 _____ C:\AdwCleaner[R1].txt
2013-07-21 00:11 - 2013-07-21 00:11 - 00666633 _____ C:\Users\Michael\Downloads\adwcleaner.exe
2013-07-20 20:56 - 2012-12-10 18:20 - 00000000 ____D C:\Users\Michael
2013-07-20 19:30 - 2013-07-20 19:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Mail PassView
2013-07-20 19:30 - 2013-07-20 19:30 - 00000000 ____D C:\Program Files (x86)\NirSoft
2013-07-20 19:29 - 2013-07-20 19:29 - 00128202 _____ C:\Users\Michael\Downloads\mailpv_setup.exe
2013-07-20 19:20 - 2013-07-20 19:19 - 00000000 ____D C:\Users\Michael\Documents\mailpv
2013-07-20 18:57 - 2013-07-20 18:56 - 00000000 ____D C:\Users\Michael\AppData\Local\{5155B265-862D-42EF-A253-39DFEB272C90}
2013-07-20 18:06 - 2013-07-20 18:06 - 00000000 ____D C:\Users\Michael\AppData\Local\{2EEEF418-2997-4942-9AD8-0A91CE5114D6}
2013-07-20 17:39 - 2013-01-12 05:02 - 00000000 ____D C:\Users\Michael\AppData\Roaming\cerasus.media
2013-07-20 17:36 - 2013-07-20 17:36 - 00002712 _____ C:\{F1788B8A-4BF2-488F-9E08-7924D2A0DFA3}
2013-07-20 17:33 - 2013-07-20 17:33 - 00002672 _____ C:\{4458E840-62F8-41EC-AFA3-DE5563BCCE80}
2013-07-20 17:27 - 2013-07-20 17:27 - 00002528 _____ C:\{653C933B-B71F-4E2A-9E69-FF006A110A9F}
2013-07-20 17:25 - 2013-07-20 17:25 - 00002304 _____ C:\{58798400-A77F-42EA-9FAF-48D895AAE7B8}
2013-07-20 17:23 - 2013-07-20 17:23 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Gaijin Ent
2013-07-20 17:20 - 2013-07-20 17:20 - 00002944 _____ C:\{41682ECC-E86E-4AA2-8E58-CA721F4D05A7}
2013-07-20 16:15 - 2013-07-20 16:13 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 16:12 - 2013-07-20 16:12 - 00000000 ____D C:\Users\Michael\AppData\Local\{8B9AEF21-125D-4E00-A8FC-DC71343FCB7E}
2013-07-19 09:48 - 2013-07-19 07:00 - 00000000 ____D C:\NBRT
2013-07-19 06:03 - 2013-07-19 06:03 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-07-19 05:58 - 2013-07-19 01:37 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-07-19 05:57 - 2013-07-19 01:38 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-07-19 05:57 - 2013-07-19 01:38 - 00002465 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-07-19 01:46 - 2013-07-19 01:38 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-07-19 01:46 - 2013-07-19 01:38 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-07-19 01:42 - 2013-07-19 01:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{38BA6E78-0CC8-42CC-9EA2-579239290BCE}
2013-07-19 01:39 - 2013-07-19 01:39 - 00000000 ____D C:\Users\Michael\Documents\Symantec
2013-07-19 01:38 - 2013-07-19 01:38 - 00000000 ____D C:\Program Files\Symantec
2013-07-19 01:38 - 2013-07-19 01:38 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-07-19 01:38 - 2013-07-19 01:37 - 00000000 ____D C:\ProgramData\Norton
2013-07-19 01:37 - 2013-07-19 01:37 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-07-19 01:35 - 2012-12-13 11:42 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-18 12:39 - 2012-12-10 18:20 - 00000000 __SHD C:\Recovery
2013-07-18 12:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Recovery
2013-07-18 02:39 - 2013-07-18 02:39 - 00163044 _____ C:\Users\Michael\AppData\Roaming\2433f433
2013-07-18 02:39 - 2013-07-18 02:39 - 00163036 _____ C:\ProgramData\2433f433
2013-07-17 17:06 - 2013-06-19 16:45 - 00002972 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Michael
2013-07-17 12:25 - 2013-07-17 12:25 - 00000000 ____D C:\Users\Michael\AppData\Local\{548A67AB-4F31-4BBF-B020-663D237CDDF6}
2013-07-16 14:50 - 2013-07-16 14:49 - 00000000 ____D C:\Users\Michael\AppData\Local\{052ACC0F-6184-4761-9465-0F58D33B7A56}
2013-07-16 10:27 - 2013-07-16 10:27 - 00003182 _____ C:\Windows\System32\Tasks\{BEAADA15-B459-48FC-BA82-5A5E947A98F0}
2013-07-16 10:26 - 2013-07-16 10:26 - 00003184 _____ C:\Windows\System32\Tasks\{777CB726-D705-454F-9F04-10C86FFDC7C0}
2013-07-15 13:33 - 2013-02-09 19:11 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Alawar
2013-07-15 06:55 - 2013-06-19 16:45 - 00002976 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Michael
2013-07-15 01:57 - 2013-07-15 01:57 - 00000000 ____D C:\Users\Michael\AppData\Local\{33CA8887-FBA4-4B8E-A18E-BA42BA156D5D}
2013-07-14 13:57 - 2013-07-14 13:57 - 00000000 ____D C:\Users\Michael\AppData\Local\{51326F05-0DB5-4945-8EB3-3341BF73C163}
2013-07-13 03:59 - 2013-07-13 03:59 - 00000000 ____D C:\Users\Michael\AppData\Local\{11A893D1-435F-4DE0-932E-8716EB9DF983}
2013-07-12 14:10 - 2013-03-18 13:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Anarchy
2013-07-12 13:41 - 2013-07-12 13:41 - 00000000 ____D C:\Users\Michael\AppData\Local\{A24AB77D-0B45-4651-830C-D84F8EA20286}
2013-07-11 17:54 - 2013-07-11 17:54 - 00000000 ____D C:\Users\Michael\AppData\Local\{3760D527-75EA-43F0-83A9-8D463BE7CA67}
2013-07-11 16:56 - 2009-07-14 06:45 - 00276576 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 16:55 - 2013-03-15 10:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 16:55 - 2013-03-15 10:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 16:54 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 16:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 16:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
Files to move or delete:
====================
C:\ProgramData\2871095.bat
C:\ProgramData\2871095.pad
C:\ProgramData\2871095.reg
C:\ProgramData\4879598.bat
C:\ProgramData\4879598.pad
C:\ProgramData\4879598.reg
C:\ProgramData\6048183.bat
C:\ProgramData\6048183.pad
C:\ProgramData\6048183.reg
C:\ProgramData\7403038.bat
C:\ProgramData\7403038.pad
C:\ProgramData\7403038.reg
C:\ProgramData\arbh.bat
C:\ProgramData\arbh.pad
C:\ProgramData\arbh.reg
C:\Users\Michael\ImgResize.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-02 07:13
==================== End Of Log ============================
Addition.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by Michael (administrator) on 09-08-2013 18:30:06
Running from C:\Users\Michael\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Command Processor: "C:\Users\Michael\AppData\Local\Temp\vkuvfyadvxnpnkunx.exe" <======= ATTENTION
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
URLSearchHook: (No Name) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.v9.com/web/?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.v9.com/web/?q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {E567C682-3E07-4AEB-BFA6-46260BAA335E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: AlxHelper Class - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKCU - No Name - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\eh58d0fj.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Logitech SetPoint) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.51.8_0
CHR Extension: (RealDownloader) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Norton Identity Protection) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2013-03-21] ()
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-18] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-07-18] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130808.001\IDSvia64.sys [513184 2013-07-17] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130808.001\IDSvia64.sys [513184 2013-07-17] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130809.003\ENG64.SYS [126040 2013-07-18] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130809.003\ENG64.SYS [126040 2013-07-18] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130809.003\EX64.SYS [2098776 2013-07-18] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130809.003\EX64.SYS [2098776 2013-07-18] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2010-07-16] (CACE Technologies, Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S1 bpdcudlb; \??\C:\Windows\system32\drivers\bpdcudlb.sys [x]
S1 iahcuysk; \??\C:\Windows\system32\drivers\iahcuysk.sys [x]
S1 onrhdmqa; \??\C:\Windows\system32\drivers\onrhdmqa.sys [x]
S1 rglblrsd; \??\C:\Windows\system32\drivers\rglblrsd.sys [x]
S1 rgzomkyb; \??\C:\Windows\system32\drivers\rgzomkyb.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-09 18:29 - 2013-08-09 18:29 - 01790169 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2013-08-09 18:22 - 2013-08-09 18:23 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-09 18:22 - 2013-08-09 18:22 - 00001051 _____ C:\Users\Michael\Desktop\MyPC Backup.lnk
2013-08-09 18:22 - 2013-08-09 18:22 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-08-09 18:22 - 2013-08-09 18:22 - 00000000 ____D C:\Users\Michael\AppData\Local\Amazon Browser Bar
2013-08-09 18:22 - 2013-08-09 18:22 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-09 18:21 - 2013-08-09 18:21 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.13980.dll
2013-08-09 18:21 - 2013-08-09 18:21 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar
2013-08-09 18:19 - 2013-08-09 18:19 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 18:19 - 2013-08-09 18:19 - 00000000 _____ C:\Windows\setupact.log
2013-08-09 17:35 - 2013-08-09 17:35 - 00000000 ____D C:\Users\Michael\AppData\Local\{2860A68F-7475-40A0-B4EB-D9264442F9A0}
2013-08-09 17:24 - 2013-08-09 17:24 - 00002474 _____ C:\Users\Michael\Desktop\startup.txt
2013-08-09 17:20 - 2013-08-09 17:20 - 00141246 _____ C:\Users\Michael\Documents\cc_20130809_172031.reg
2013-08-09 17:14 - 2013-08-09 17:14 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-09 17:14 - 2013-08-09 17:14 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-09 17:14 - 2013-08-09 17:14 - 00000000 ____D C:\Program Files\CCleaner
2013-08-07 19:17 - 2013-08-07 19:17 - 00000000 ____D C:\Users\Michael\AppData\Local\{EA3A98AD-C968-4AE0-A337-8D5E815D5AC7}
2013-08-07 08:34 - 2013-08-07 08:34 - 00000000 ____D C:\Users\Michael\Downloads\sniffpass_german
2013-08-07 08:34 - 2013-08-07 08:34 - 00000000 ____D C:\Users\Michael\Downloads\g15_ME-146-01_1
2013-08-07 07:42 - 2013-08-07 07:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-07 07:42 - 2013-08-07 07:42 - 00000000 ____D C:\Program Files\WinRAR
2013-08-07 06:42 - 2013-08-07 06:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\iWin
2013-08-07 06:42 - 2013-08-07 06:42 - 00000000 ____D C:\ProgramData\iWin
2013-08-07 02:58 - 2013-08-07 02:58 - 00000000 ____D C:\Users\Michael\AppData\Local\{6F1C4E1F-EC45-465E-9DCF-4D6B6BC42AB2}
2013-08-04 11:15 - 2013-08-04 11:15 - 00000000 ____D C:\Users\Michael\AppData\Local\{0F5FB79F-6A6E-436B-8BAF-C752B364ADC5}
2013-08-02 05:40 - 2013-08-02 05:40 - 00000000 ____D C:\Users\Michael\AppData\Local\{100821B9-D246-48A5-87D2-E6BFE2939DA7}
2013-08-01 14:00 - 2013-08-01 14:01 - 00000000 ____D C:\Users\Michael\AppData\Local\{0D82E13E-39BF-42C3-8E7D-5BF328335376}
2013-07-30 15:44 - 2013-07-30 15:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{30785C98-6876-4C52-9964-5C353C1CE2B9}
2013-07-30 10:09 - 2013-08-09 17:19 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2013-07-29 13:07 - 2013-07-29 13:08 - 00000000 ____D C:\Users\Michael\AppData\Local\{75DBD2F3-0631-4D6E-9641-B7091FBF61E4}
2013-07-26 14:29 - 2013-07-26 15:31 - 00000000 ____D C:\Users\Michael\Desktop\Festplatte
2013-07-26 14:28 - 2013-08-09 17:19 - 00000000 ___DC C:\Users\Michael\AppData\Local\MigWiz
2013-07-26 12:03 - 2013-07-26 12:03 - 00000000 ____D C:\Users\Michael\AppData\Local\{5A2C5164-5BA6-47B9-BD5C-29B2A55F2E26}
2013-07-25 11:52 - 2013-07-25 11:53 - 00000000 ____D C:\Users\Michael\AppData\Local\{F5E8D278-4FAB-415F-AD71-EEBA084A9903}
2013-07-24 10:39 - 2013-07-24 10:39 - 00000000 ____D C:\Users\Michael\AppData\Local\{272CABBF-C03E-41F6-9B46-027996918E3D}
2013-07-23 20:49 - 2013-07-23 20:49 - 00000000 ____D C:\Users\Michael\AppData\Local\{B039ED4A-5BDB-4539-8DC8-BF3C7D80E602}
2013-07-23 14:27 - 2013-07-23 14:27 - 00072017 _____ C:\Windows\SysWOW64\Uninstall ALDI SÜD Mah Jong.exe
2013-07-23 14:27 - 2013-07-23 14:27 - 00000000 __SHD C:\Users\Michael\AppData\Roaming\.#
2013-07-23 12:11 - 2013-07-23 12:12 - 00000000 ____D C:\Users\Michael\AppData\Roaming\SprillRichiGerman
2013-07-23 10:09 - 2013-07-23 10:09 - 00003286 _____ C:\Windows\System32\Tasks\{D3F8F2FD-25C4-40CE-A5E5-0051332EE379}
2013-07-23 05:24 - 2013-07-23 05:24 - 00000000 ____D C:\Users\Michael\AppData\Local\{61FD1364-8F9B-42B8-919A-A1B9EC0BFFDB}
2013-07-21 19:06 - 2013-07-21 19:06 - 00000000 ____D C:\Users\Michael\AppData\Local\{7FE68A0B-9024-4198-9FF6-2BE86A10AB39}
2013-07-21 07:05 - 2013-07-21 07:05 - 00000000 ____D C:\Users\Michael\AppData\Local\{500CFD37-DA6B-4757-B455-948C455DD796}
2013-07-21 00:14 - 2013-07-21 00:14 - 00018117 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:12 - 2013-07-21 00:12 - 00018290 _____ C:\AdwCleaner[R1].txt
2013-07-21 00:11 - 2013-07-21 00:11 - 00666633 _____ C:\Users\Michael\Downloads\adwcleaner.exe
2013-07-20 19:30 - 2013-07-20 19:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Mail PassView
2013-07-20 19:30 - 2013-07-20 19:30 - 00000000 ____D C:\Program Files (x86)\NirSoft
2013-07-20 19:29 - 2013-07-20 19:29 - 00128202 _____ C:\Users\Michael\Downloads\mailpv_setup.exe
2013-07-20 19:19 - 2013-07-20 19:20 - 00000000 ____D C:\Users\Michael\Documents\mailpv
2013-07-20 18:56 - 2013-07-20 18:57 - 00000000 ____D C:\Users\Michael\AppData\Local\{5155B265-862D-42EF-A253-39DFEB272C90}
2013-07-20 18:06 - 2013-07-20 18:06 - 00000000 ____D C:\Users\Michael\AppData\Local\{2EEEF418-2997-4942-9AD8-0A91CE5114D6}
2013-07-20 17:36 - 2013-07-20 17:36 - 00002712 _____ C:\{F1788B8A-4BF2-488F-9E08-7924D2A0DFA3}
2013-07-20 17:33 - 2013-07-20 17:33 - 00002672 _____ C:\{4458E840-62F8-41EC-AFA3-DE5563BCCE80}
2013-07-20 17:27 - 2013-07-20 17:27 - 00002528 _____ C:\{653C933B-B71F-4E2A-9E69-FF006A110A9F}
2013-07-20 17:25 - 2013-07-20 17:25 - 00002304 _____ C:\{58798400-A77F-42EA-9FAF-48D895AAE7B8}
2013-07-20 17:23 - 2013-07-20 17:23 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Gaijin Ent
2013-07-20 17:20 - 2013-07-20 17:20 - 00002944 _____ C:\{41682ECC-E86E-4AA2-8E58-CA721F4D05A7}
2013-07-20 16:13 - 2013-07-20 16:13 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 16:12 - 2013-07-20 16:12 - 00000000 ____D C:\Users\Michael\AppData\Local\{8B9AEF21-125D-4E00-A8FC-DC71343FCB7E}
2013-07-19 07:00 - 2013-07-19 09:48 - 00000000 ____D C:\NBRT
2013-07-19 06:03 - 2013-07-19 06:03 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-07-19 01:42 - 2013-07-19 01:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{38BA6E78-0CC8-42CC-9EA2-579239290BCE}
2013-07-19 01:39 - 2013-07-19 01:39 - 00000000 ____D C:\Users\Michael\Documents\Symantec
2013-07-19 01:38 - 2013-07-19 05:57 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-07-19 01:38 - 2013-07-19 05:57 - 00002465 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-07-19 01:38 - 2013-07-19 01:46 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-07-19 01:38 - 2013-07-19 01:46 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-07-19 01:38 - 2013-07-19 01:38 - 00000000 ____D C:\Program Files\Symantec
2013-07-19 01:38 - 2013-07-19 01:38 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-07-19 01:37 - 2013-07-19 05:58 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-07-19 01:37 - 2013-07-19 01:38 - 00000000 ____D C:\ProgramData\Norton
2013-07-19 01:37 - 2013-07-19 01:37 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-07-18 02:39 - 2013-07-18 02:39 - 00163044 _____ C:\Users\Michael\AppData\Roaming\2433f433
2013-07-18 02:39 - 2013-07-18 02:39 - 00163036 _____ C:\ProgramData\2433f433
2013-07-17 12:25 - 2013-07-17 12:25 - 00000000 ____D C:\Users\Michael\AppData\Local\{548A67AB-4F31-4BBF-B020-663D237CDDF6}
2013-07-16 14:49 - 2013-07-16 14:50 - 00000000 ____D C:\Users\Michael\AppData\Local\{052ACC0F-6184-4761-9465-0F58D33B7A56}
2013-07-16 10:27 - 2013-07-16 10:27 - 00003182 _____ C:\Windows\System32\Tasks\{BEAADA15-B459-48FC-BA82-5A5E947A98F0}
2013-07-16 10:26 - 2013-07-16 10:26 - 00003184 _____ C:\Windows\System32\Tasks\{777CB726-D705-454F-9F04-10C86FFDC7C0}
2013-07-15 01:57 - 2013-07-15 01:57 - 00000000 ____D C:\Users\Michael\AppData\Local\{33CA8887-FBA4-4B8E-A18E-BA42BA156D5D}
2013-07-14 13:57 - 2013-07-14 13:57 - 00000000 ____D C:\Users\Michael\AppData\Local\{51326F05-0DB5-4945-8EB3-3341BF73C163}
2013-07-13 03:59 - 2013-07-13 03:59 - 00000000 ____D C:\Users\Michael\AppData\Local\{11A893D1-435F-4DE0-932E-8716EB9DF983}
2013-07-12 13:41 - 2013-07-12 13:41 - 00000000 ____D C:\Users\Michael\AppData\Local\{A24AB77D-0B45-4651-830C-D84F8EA20286}
2013-07-11 17:54 - 2013-07-11 17:54 - 00000000 ____D C:\Users\Michael\AppData\Local\{3760D527-75EA-43F0-83A9-8D463BE7CA67}
2013-07-11 16:35 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 16:35 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 16:35 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 16:35 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 16:35 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 16:35 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 16:35 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 16:35 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 16:35 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 16:35 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 16:35 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 16:35 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 16:35 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 16:35 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 16:35 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 16:35 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 16:35 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 16:35 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 16:35 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 16:35 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 16:35 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 16:35 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 14:02 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 14:02 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 14:02 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 14:02 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 14:02 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 14:02 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 14:02 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
==================== One Month Modified Files and Folders =======
2013-08-09 18:29 - 2013-08-09 18:29 - 01790169 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2013-08-09 18:24 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 18:24 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 18:23 - 2013-08-09 18:22 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-09 18:23 - 2012-12-21 17:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-09 18:22 - 2013-08-09 18:22 - 00001051 _____ C:\Users\Michael\Desktop\MyPC Backup.lnk
2013-08-09 18:22 - 2013-08-09 18:22 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-08-09 18:22 - 2013-08-09 18:22 - 00000000 ____D C:\Users\Michael\AppData\Local\Amazon Browser Bar
2013-08-09 18:22 - 2013-08-09 18:22 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-09 18:22 - 2012-12-10 18:25 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-09 18:21 - 2013-08-09 18:21 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.13980.dll
2013-08-09 18:21 - 2013-08-09 18:21 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar
2013-08-09 18:19 - 2013-08-09 18:19 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 18:19 - 2013-08-09 18:19 - 00000000 _____ C:\Windows\setupact.log
2013-08-09 17:35 - 2013-08-09 17:35 - 00000000 ____D C:\Users\Michael\AppData\Local\{2860A68F-7475-40A0-B4EB-D9264442F9A0}
2013-08-09 17:28 - 2013-03-27 19:36 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-09 17:28 - 2013-03-27 19:36 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-09 17:28 - 2013-03-27 19:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-09 17:28 - 2013-03-27 19:36 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 17:28 - 2013-02-04 00:56 - 00003594 _____ C:\Windows\System32\Tasks\Maxthon Update
2013-08-09 17:28 - 2011-07-11 06:08 - 00002734 _____ C:\Windows\System32\Tasks\Adobe ARM
2013-08-09 17:28 - 2011-07-11 06:08 - 00002732 _____ C:\Windows\System32\Tasks\Adobe Reader Speed Launcher
2013-08-09 17:25 - 2012-12-12 21:09 - 00000000 ____D C:\Windows\pss
2013-08-09 17:24 - 2013-08-09 17:24 - 00002474 _____ C:\Users\Michael\Desktop\startup.txt
2013-08-09 17:20 - 2013-08-09 17:20 - 00141246 _____ C:\Users\Michael\Documents\cc_20130809_172031.reg
2013-08-09 17:19 - 2013-07-30 10:09 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2013-08-09 17:19 - 2013-07-26 14:28 - 00000000 ___DC C:\Users\Michael\AppData\Local\MigWiz
2013-08-09 17:19 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-08-09 17:14 - 2013-08-09 17:14 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-09 17:14 - 2013-08-09 17:14 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-09 17:14 - 2013-08-09 17:14 - 00000000 ____D C:\Program Files\CCleaner
2013-08-09 17:02 - 2013-06-19 16:45 - 00000374 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Michael.job
2013-08-09 16:47 - 2012-12-11 01:43 - 00653928 _____ C:\Windows\system32\perfh007.dat
2013-08-09 16:47 - 2012-12-11 01:43 - 00129800 _____ C:\Windows\system32\perfc007.dat
2013-08-09 16:47 - 2012-12-10 16:53 - 01729121 ____N C:\Windows\WindowsUpdate.log
2013-08-09 16:47 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-09 16:43 - 2012-12-10 18:28 - 00000000 ____D C:\ProgramData\clear.fi
2013-08-09 16:43 - 2012-12-10 17:10 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-09 16:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-07 19:17 - 2013-08-07 19:17 - 00000000 ____D C:\Users\Michael\AppData\Local\{EA3A98AD-C968-4AE0-A337-8D5E815D5AC7}
2013-08-07 16:28 - 2012-12-11 00:38 - 00000000 ____D C:\Users\Michael\Desktop\Vom PC
2013-08-07 16:27 - 2012-12-12 18:02 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc
2013-08-07 16:23 - 2012-12-11 00:38 - 00000000 ____D C:\Users\Michael\Desktop\Musik
2013-08-07 13:26 - 2013-05-30 14:08 - 00000000 ____D C:\Users\Michael\Desktop\Friedhof
2013-08-07 11:46 - 2013-06-19 16:45 - 00000378 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Michael.job
2013-08-07 08:52 - 2012-12-10 20:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Nero
2013-08-07 08:34 - 2013-08-07 08:34 - 00000000 ____D C:\Users\Michael\Downloads\sniffpass_german
2013-08-07 08:34 - 2013-08-07 08:34 - 00000000 ____D C:\Users\Michael\Downloads\g15_ME-146-01_1
2013-08-07 07:54 - 2013-02-09 22:43 - 00000000 ____D C:\Users\Michael\Desktop\Neuer Ordner (2)
2013-08-07 07:42 - 2013-08-07 07:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-07 07:42 - 2013-08-07 07:42 - 00000000 ____D C:\Program Files\WinRAR
2013-08-07 07:42 - 2013-01-17 16:23 - 00000000 ____D C:\Users\Michael\AppData\Roaming\WinRAR
2013-08-07 06:42 - 2013-08-07 06:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\iWin
2013-08-07 06:42 - 2013-08-07 06:42 - 00000000 ____D C:\ProgramData\iWin
2013-08-07 06:26 - 2013-01-24 01:01 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Deep Shadows
2013-08-07 06:03 - 2013-03-21 20:53 - 00000000 ____D C:\Users\Michael\Desktop\Wimmel
2013-08-07 02:58 - 2013-08-07 02:58 - 00000000 ____D C:\Users\Michael\AppData\Local\{6F1C4E1F-EC45-465E-9DCF-4D6B6BC42AB2}
2013-08-07 02:39 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-04 11:15 - 2013-08-04 11:15 - 00000000 ____D C:\Users\Michael\AppData\Local\{0F5FB79F-6A6E-436B-8BAF-C752B364ADC5}
2013-08-02 05:40 - 2013-08-02 05:40 - 00000000 ____D C:\Users\Michael\AppData\Local\{100821B9-D246-48A5-87D2-E6BFE2939DA7}
2013-08-01 14:01 - 2013-08-01 14:00 - 00000000 ____D C:\Users\Michael\AppData\Local\{0D82E13E-39BF-42C3-8E7D-5BF328335376}
2013-07-30 15:44 - 2013-07-30 15:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{30785C98-6876-4C52-9964-5C353C1CE2B9}
2013-07-30 04:58 - 2013-01-17 21:46 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Fenomen Games
2013-07-30 02:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-29 13:08 - 2013-07-29 13:07 - 00000000 ____D C:\Users\Michael\AppData\Local\{75DBD2F3-0631-4D6E-9641-B7091FBF61E4}
2013-07-26 15:31 - 2013-07-26 14:29 - 00000000 ____D C:\Users\Michael\Desktop\Festplatte
2013-07-26 12:03 - 2013-07-26 12:03 - 00000000 ____D C:\Users\Michael\AppData\Local\{5A2C5164-5BA6-47B9-BD5C-29B2A55F2E26}
2013-07-25 11:53 - 2013-07-25 11:52 - 00000000 ____D C:\Users\Michael\AppData\Local\{F5E8D278-4FAB-415F-AD71-EEBA084A9903}
2013-07-24 10:39 - 2013-07-24 10:39 - 00000000 ____D C:\Users\Michael\AppData\Local\{272CABBF-C03E-41F6-9B46-027996918E3D}
2013-07-23 20:49 - 2013-07-23 20:49 - 00000000 ____D C:\Users\Michael\AppData\Local\{B039ED4A-5BDB-4539-8DC8-BF3C7D80E602}
2013-07-23 14:27 - 2013-07-23 14:27 - 00072017 _____ C:\Windows\SysWOW64\Uninstall ALDI SÜD Mah Jong.exe
2013-07-23 14:27 - 2013-07-23 14:27 - 00000000 __SHD C:\Users\Michael\AppData\Roaming\.#
2013-07-23 12:12 - 2013-07-23 12:11 - 00000000 ____D C:\Users\Michael\AppData\Roaming\SprillRichiGerman
2013-07-23 10:31 - 2013-01-08 17:24 - 00000000 ____D C:\Program Files (x86)\DEUTSCHLAND SPIELT
2013-07-23 10:09 - 2013-07-23 10:09 - 00003286 _____ C:\Windows\System32\Tasks\{D3F8F2FD-25C4-40CE-A5E5-0051332EE379}
2013-07-23 05:24 - 2013-07-23 05:24 - 00000000 ____D C:\Users\Michael\AppData\Local\{61FD1364-8F9B-42B8-919A-A1B9EC0BFFDB}
2013-07-21 19:06 - 2013-07-21 19:06 - 00000000 ____D C:\Users\Michael\AppData\Local\{7FE68A0B-9024-4198-9FF6-2BE86A10AB39}
2013-07-21 07:05 - 2013-07-21 07:05 - 00000000 ____D C:\Users\Michael\AppData\Local\{500CFD37-DA6B-4757-B455-948C455DD796}
2013-07-21 00:14 - 2013-07-21 00:14 - 00018117 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:12 - 2013-07-21 00:12 - 00018290 _____ C:\AdwCleaner[R1].txt
2013-07-21 00:11 - 2013-07-21 00:11 - 00666633 _____ C:\Users\Michael\Downloads\adwcleaner.exe
2013-07-20 20:56 - 2012-12-10 18:20 - 00000000 ____D C:\Users\Michael
2013-07-20 19:30 - 2013-07-20 19:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Mail PassView
2013-07-20 19:30 - 2013-07-20 19:30 - 00000000 ____D C:\Program Files (x86)\NirSoft
2013-07-20 19:29 - 2013-07-20 19:29 - 00128202 _____ C:\Users\Michael\Downloads\mailpv_setup.exe
2013-07-20 19:20 - 2013-07-20 19:19 - 00000000 ____D C:\Users\Michael\Documents\mailpv
2013-07-20 18:57 - 2013-07-20 18:56 - 00000000 ____D C:\Users\Michael\AppData\Local\{5155B265-862D-42EF-A253-39DFEB272C90}
2013-07-20 18:06 - 2013-07-20 18:06 - 00000000 ____D C:\Users\Michael\AppData\Local\{2EEEF418-2997-4942-9AD8-0A91CE5114D6}
2013-07-20 17:39 - 2013-01-12 05:02 - 00000000 ____D C:\Users\Michael\AppData\Roaming\cerasus.media
2013-07-20 17:36 - 2013-07-20 17:36 - 00002712 _____ C:\{F1788B8A-4BF2-488F-9E08-7924D2A0DFA3}
2013-07-20 17:33 - 2013-07-20 17:33 - 00002672 _____ C:\{4458E840-62F8-41EC-AFA3-DE5563BCCE80}
2013-07-20 17:27 - 2013-07-20 17:27 - 00002528 _____ C:\{653C933B-B71F-4E2A-9E69-FF006A110A9F}
2013-07-20 17:25 - 2013-07-20 17:25 - 00002304 _____ C:\{58798400-A77F-42EA-9FAF-48D895AAE7B8}
2013-07-20 17:23 - 2013-07-20 17:23 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Gaijin Ent
2013-07-20 17:20 - 2013-07-20 17:20 - 00002944 _____ C:\{41682ECC-E86E-4AA2-8E58-CA721F4D05A7}
2013-07-20 16:15 - 2013-07-20 16:13 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 16:12 - 2013-07-20 16:12 - 00000000 ____D C:\Users\Michael\AppData\Local\{8B9AEF21-125D-4E00-A8FC-DC71343FCB7E}
2013-07-19 09:48 - 2013-07-19 07:00 - 00000000 ____D C:\NBRT
2013-07-19 06:03 - 2013-07-19 06:03 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-07-19 05:58 - 2013-07-19 01:37 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-07-19 05:57 - 2013-07-19 01:38 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-07-19 05:57 - 2013-07-19 01:38 - 00002465 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-07-19 01:46 - 2013-07-19 01:38 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-07-19 01:46 - 2013-07-19 01:38 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-07-19 01:42 - 2013-07-19 01:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{38BA6E78-0CC8-42CC-9EA2-579239290BCE}
2013-07-19 01:39 - 2013-07-19 01:39 - 00000000 ____D C:\Users\Michael\Documents\Symantec
2013-07-19 01:38 - 2013-07-19 01:38 - 00000000 ____D C:\Program Files\Symantec
2013-07-19 01:38 - 2013-07-19 01:38 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-07-19 01:38 - 2013-07-19 01:37 - 00000000 ____D C:\ProgramData\Norton
2013-07-19 01:37 - 2013-07-19 01:37 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-07-19 01:35 - 2012-12-13 11:42 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-18 12:39 - 2012-12-10 18:20 - 00000000 __SHD C:\Recovery
2013-07-18 12:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Recovery
2013-07-18 02:39 - 2013-07-18 02:39 - 00163044 _____ C:\Users\Michael\AppData\Roaming\2433f433
2013-07-18 02:39 - 2013-07-18 02:39 - 00163036 _____ C:\ProgramData\2433f433
2013-07-17 17:06 - 2013-06-19 16:45 - 00002972 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Michael
2013-07-17 12:25 - 2013-07-17 12:25 - 00000000 ____D C:\Users\Michael\AppData\Local\{548A67AB-4F31-4BBF-B020-663D237CDDF6}
2013-07-16 14:50 - 2013-07-16 14:49 - 00000000 ____D C:\Users\Michael\AppData\Local\{052ACC0F-6184-4761-9465-0F58D33B7A56}
2013-07-16 10:27 - 2013-07-16 10:27 - 00003182 _____ C:\Windows\System32\Tasks\{BEAADA15-B459-48FC-BA82-5A5E947A98F0}
2013-07-16 10:26 - 2013-07-16 10:26 - 00003184 _____ C:\Windows\System32\Tasks\{777CB726-D705-454F-9F04-10C86FFDC7C0}
2013-07-15 13:33 - 2013-02-09 19:11 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Alawar
2013-07-15 06:55 - 2013-06-19 16:45 - 00002976 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Michael
2013-07-15 01:57 - 2013-07-15 01:57 - 00000000 ____D C:\Users\Michael\AppData\Local\{33CA8887-FBA4-4B8E-A18E-BA42BA156D5D}
2013-07-14 13:57 - 2013-07-14 13:57 - 00000000 ____D C:\Users\Michael\AppData\Local\{51326F05-0DB5-4945-8EB3-3341BF73C163}
2013-07-13 03:59 - 2013-07-13 03:59 - 00000000 ____D C:\Users\Michael\AppData\Local\{11A893D1-435F-4DE0-932E-8716EB9DF983}
2013-07-12 14:10 - 2013-03-18 13:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Anarchy
2013-07-12 13:41 - 2013-07-12 13:41 - 00000000 ____D C:\Users\Michael\AppData\Local\{A24AB77D-0B45-4651-830C-D84F8EA20286}
2013-07-11 17:54 - 2013-07-11 17:54 - 00000000 ____D C:\Users\Michael\AppData\Local\{3760D527-75EA-43F0-83A9-8D463BE7CA67}
2013-07-11 16:56 - 2009-07-14 06:45 - 00276576 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 16:55 - 2013-03-15 10:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 16:55 - 2013-03-15 10:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 16:54 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 16:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 16:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
Files to move or delete:
====================
C:\ProgramData\2871095.bat
C:\ProgramData\2871095.pad
C:\ProgramData\2871095.reg
C:\ProgramData\4879598.bat
C:\ProgramData\4879598.pad
C:\ProgramData\4879598.reg
C:\ProgramData\6048183.bat
C:\ProgramData\6048183.pad
C:\ProgramData\6048183.reg
C:\ProgramData\7403038.bat
C:\ProgramData\7403038.pad
C:\ProgramData\7403038.reg
C:\ProgramData\arbh.bat
C:\ProgramData\arbh.pad
C:\ProgramData\arbh.reg
C:\Users\Michael\ImgResize.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-02 07:13
==================== End Of Log ============================
|
|
09.08.2013, 17:53
| #4 |
| /// Malware-holic | Ist das ein bösartiges "Souvenir"? Hi, die Additions.txt fehlt, bitte noch nachreichen. Bitte poste in Zukunft alle Logs bzw Ergebnisse meiner Anweisungen auf einmal, denn neue Posts werden an diesen angehangen und ich muss dann immer hier reingucken. 1. Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Command Processor: "C:\Users\Michael\AppData\Local\Temp\vkuvfyadvxnpnkunx.exe" <======= ATTENTION
C:\Users\Michael\AppData\Local\Temp\vkuvfyadvxnpnkunx.exe
Navigiere bitte zu: C:\FRST\Quarantine Rechtsklick, mit Winrar oder einem anderen Archvierer packen und im Uploadchannel hochladen. Trojaner-Board Upload Channel und wie gesagt 3. die überarbeitete Additions.txt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.08.2013, 19:20
| #5 |
| | Ist das ein bösartiges "Souvenir"? No fixlist.txt found The fixlist.txt should be made and saved in the sam Directory the tool is located erscheint wenn ich fixlist anklicke |
|
12.08.2013, 15:27
| #6 |
| /// Malware-holic | Ist das ein bösartiges "Souvenir"? genau nach anleitung erstellt? ist fixlist da, wo sich frst gefindet?
__________________ --> Ist das ein bösartiges "Souvenir"? |
|
| Themen zu Ist das ein bösartiges "Souvenir"? |
| antivir, appdata, bedanken, bringe, bösartiges, datei, gvu-trojaner, hilfe, laptop, laufe, laufen, local, minute, minuten, nicht sicher, prima, systems, systemstart, tagen, temp, users |
Linear-Darstellung
