| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Paysafe-Trojaner eingefangen - was kann ich tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.12.2013, 18:38
| #1 |
 |  Paysafe-Trojaner eingefangen - was kann ich tun? Vor einer knappen Stunde bekam ich beim Surfen die Meldung, dass mein Browser aus "den unten aufgelisteten Gründen" gesperrt wird. Rechts ist ein Fenster, in dem die Zeit von 48h an rückwärts läuft. Gegen eine Zahlung von 100,- € über paysafe wird der Browser wieder freigeschaltet. Nochkann ich ins Internet gehen und meinen Laptop nutzen. Habe hier schon so einiges gelesen dazu und mir auch das Prog OTL heruntergeladen, es aber noch nicht ausgeführt. Was kann ich machen wegen des Trojaners?. ...oder was auch immer das ist... Kann mir bitte jemand helfen? Danke im Voraus. |
|
13.12.2013, 18:42
| #2 |
| /// the machine /// TB-Ausbilder    | Paysafe-Trojaner eingefangen - was kann ich tun? Hi,
__________________welches Betriebssystem?
__________________ |
|
13.12.2013, 19:48
| #3 |
| | Paysafe-Trojaner eingefangen - was kann ich tun? Win7 ultimate, 64 Bit.
__________________- Browser: Mozilla Firefox - Norton Internet Security Ach ja, falls es wichtig ist: Ich nutze mobiles Internet und habe die Verbindung sofort getrennt, nachdem die Meldung kam. Hatte vorher noch einen screenshot gemacht von dieserMeldung. Norton hat keinen Virus gefunden. Geändert von Meinersein (13.12.2013 um 20:36 Uhr) |
|
14.12.2013, 07:40
| #4 |
| /// the machine /// TB-Ausbilder | Paysafe-Trojaner eingefangen - was kann ich tun? hi, Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.12.2013, 17:35
| #5 |
| | Paysafe-Trojaner eingefangen - was kann ich tun? Hier die Datei (leider hatte ich nicht die Möglichkeit, das Programm von einem "sauberen" System aus auf meinen Stick zu laden, hab also meinen evtl. infizierten Lapi benutzt): FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 Ran by SYSTEM on MININT-DCSHUVO on 14-12-2013 14:53:14 Running from L:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-07] (Realtek Semiconductor) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [661400 2012-11-09] (Alps Electric Co., Ltd.) HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations) HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-01-20] () HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-02-22] (Dritek System Inc.) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-03] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Komsa_Germany Silverstone ModemListener] - C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe [109120 2012-03-14] () HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.) HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () HKU\MeinerSein\...\Run: [Steam] - D:\Spiele\JA Back in Action\Steam.exe [1823656 2013-12-03] (Valve Corporation) HKU\MeinerSein\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\MeinerSein\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () HKU\UpdatusUser.MeinerSein-PC\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation) Startup: C:\Users\MeinerSein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) ==================== Services (Whitelisted) ================= S2 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2007-03-09] () S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) S2 CLKMSVC10_80CF330A; C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\NavFilter\kmsvc.exe [240112 2011-11-23] (CyberLink) S3 DCDhcpService; C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe [111776 2012-02-09] (Atheros Communication Inc.) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation) S2 Komsa_Germany Silverstone Modem Device Helper; C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] () S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-11-02] () ==================== Drivers (Whitelisted) ==================== S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd) S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation) S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) S0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [190024 2010-10-23] () S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation) S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation) S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd) S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-03] (Qualcomm Atheros Co., Ltd.) S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131213.018\ENG64.SYS [126040 2013-11-15] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131213.018\EX64.SYS [2099288 2013-11-15] (Symantec Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation) S0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation) S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation) S1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [30456 2012-05-04] (XOSLAB.COM) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\system32\drivers\acedrv11.sys A3769020F7E8A70FD3E824C050F33306 C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys 808820DEF092FA0A6D93BAE3E5D069CD C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\System32\DRIVERS\Apfiltr.sys 968A4A0FD5BF07717F4E869875A4B149 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\btath_flt.sys BCC09E0B0362741D0C084828A1B950F3 C:\Windows\System32\DRIVERS\athrx.sys 6B2B5E3C47C7B576A05384FA738FCB06 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys 613883A3BAC6920149C83ED751589433 C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\System32\drivers\btath_a2dp.sys C05ED3246C06EC56F10D85B0304CD09E C:\Windows\System32\drivers\btath_avdt.sys 2D27F7A831657D63AFC78E5E78DCA83F C:\Windows\System32\DRIVERS\btath_bus.sys E6B734A37ADE36FE1A77035F4E484C8C C:\Windows\System32\DRIVERS\btath_hcrp.sys FB3833E63FF602B69C2FF085846DCF43 C:\Windows\System32\DRIVERS\btath_lwflt.sys 371A11C1333BA526263A987A93ACDE3D C:\Windows\System32\DRIVERS\btath_rcp.sys ABCD3C16CA850A7594CEB9AD5D966810 C:\Windows\System32\DRIVERS\btfilter.sys 13BDB661991ACF40ADCB09BD64A8CBEF C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4 C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37 C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys 0510396A957E9FD7205BA62D3CAE4528 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\drivers\dcrypt.sys 8C93092E61AABECA655590A239DDA392 C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52 C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 1B7AA375F711F66D5FF2B855F9EC987F C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 7230C8B80DDE1F0524C353240B78CC0E C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ew_jubusenum.sys BAFE6B0B92BE69144D59907550A07678 C:\Windows\System32\DRIVERS\ewusbmdm.sys D969D0E26C5B1E813B17066A8318D5D4 C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\drivers\iaStor.sys C224331A54571C8C9162F7714400BBBD C:\Windows\System32\DRIVERS\iaStorA.sys FA4C48E36F0B24E7E33D3E7E1844B9C9 C:\Windows\System32\DRIVERS\iaStorF.sys 05E24E2CA39C0D2FAADE8FC603345A7D C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys D7CB14B41DA52DF2EC143768E02F0E97 C:\Windows\System32\DRIVERS\igdkmd64.sys 54FB3B4847B6CD8CE1B448471ADFE02A C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHD64.sys E83BB47C3446F0497019DE7FD6C6A86F C:\Windows\System32\DRIVERS\IntcDAud.sys 0E0B99617ED3FDB6C5F0E2D62709B5DF C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iusb3hcs.sys 7A4D015FF432645C55C162DADAEA143E C:\Windows\System32\DRIVERS\iusb3hub.sys 5D6164479F6F900ACD287FDC6935532E C:\Windows\System32\DRIVERS\iusb3xhc.sys 9F5687C7EFA906E4F33586D393F7C257 C:\Windows\System32\DRIVERS\jrdusbser.sys 5678EC677028221EC5C815BCD07AB697 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64 C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\L1C62x64.sys C669E616F41060C37F868B2BBAD92632 C:\Windows\System32\DRIVERS\LHidFilt.Sys 77D5786C6A7765503884E38706C9FD5E C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\LMouFilt.Sys F84023FB2E3DEA06103501974A2EDB44 C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys 2BB3EAE2EA641515D4B205CAB29E1624 C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mwlPSDFilter.sys C009123B206C56854F4E88596035231D C:\Windows\System32\DRIVERS\mwlPSDNServ.sys BF3739EEB9F008B1DEBAC115089A53F8 C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys 38DD143D95E7A01B86F219DDA9C28779 C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131213.018\ENG64.SYS 702E07EC32F96ACDB873E9A5465D4401 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131213.018\EX64.SYS 302EA314A1AF0D7CEF0A3D0195F79561 C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0 C:\Windows\system32\drivers\NTIDrvr.sys EE3BA1024594D5D09E314F206B94069E C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nvlddmkm.sys F554291C0A11F5B713B54C5886D4AA31 C:\Windows\System32\DRIVERS\nvpciflt.sys 3F403A74349FCE04DF8D7BE24E6A02BD C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\System32\drivers\nvvad64v.sys 31B16657118E439B77B0A527F7EA66CB C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\System32\DRIVERS\RtsPStor.sys 6E5C3D18C3BCC72AA527DBC5FA61AB8F C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\snapman.sys B84440E7554FC85E900EEF0A7AABA228 C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS 8BFD1752AAA15BF47D668E9AC5AF96FB C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS B18CE01B9C09C59422BA7C7064248B35 C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS 5C9EE2303CA7F267665D75237862B39C C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS 08AF51153E441687130B759A8F6892ED C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 97E11C50CE52277B377396EA8838E539 C:\Windows\System32\DRIVERS\SymIMv.sys 6DE89F4CDF0B31A5BAF2855F9D80F8BA C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS 48C2934683CBD06F662B088EEF49EF6A C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS 78A2F073AD9EA5EBC04A70931EA36C9A C:\Windows\System32\DRIVERS\tap0901.sys F9BE29D5E097F03F81D3CD12B794CB66 C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\TurboB.sys 20155CF5FB9F7902178D7D5CDC7C0F90 C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\system32\drivers\UBHelper.sys A17D5E1A6DF4EAB0A480F2C490DE4C9D C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240 C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\system32\drivers\usbehci.sys 311C1DD1088E55BEAE15954D17F50646 C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471 C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\System32\DRIVERS\xlkfs.sys 2AAAEC16CCEAD338EC101723C9EED8F8 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST 2013-12-13 14:07 - 2013-12-13 14:07 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs 2013-12-13 14:07 - 2013-04-04 05:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-12-13 10:56 - 2013-12-13 10:56 - 00000009 _____ C:\END 2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL 2013-12-13 08:40 - 2013-12-13 08:40 - 00000000 ___SD C:\ComboFix 2013-12-13 08:36 - 2013-12-13 15:18 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit 2013-12-13 08:33 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe 2013-12-13 08:33 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe 2013-12-13 08:33 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe 2013-12-13 08:31 - 2013-12-13 08:40 - 00000000 ____D C:\Qoobox 2013-12-13 08:31 - 2013-12-13 08:37 - 00000000 ____D C:\Windows\erdnt 2013-12-13 08:25 - 2013-12-13 08:26 - 05154339 ____R (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe 2013-12-11 10:21 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll 2013-12-11 10:21 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL 2013-12-11 10:21 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-11 10:21 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-11 10:20 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-12-11 10:20 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-12-11 10:20 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2013-12-11 10:20 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-11 10:20 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-12-11 10:20 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2013-12-11 10:20 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-12-11 10:20 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-12-11 10:20 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-12-11 10:20 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-11 10:20 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-12-11 10:20 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-12-11 10:20 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2013-12-11 10:20 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2013-12-11 10:20 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-12-11 10:20 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-11 10:20 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-11 10:20 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-12-11 10:20 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-11 10:20 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-11 10:20 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-11 10:20 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-12-11 10:20 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-12-11 10:20 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-11 10:20 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-11 10:20 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-12-11 10:20 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-12-11 10:20 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-12-11 10:20 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-11 10:20 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-11 10:20 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-11 10:14 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-12-11 10:14 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-11 10:13 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-11 10:13 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-12-11 10:13 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll 2013-12-11 10:13 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-11 10:13 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-12-11 10:13 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll 2013-12-11 10:13 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-11 10:13 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx 2013-12-11 10:13 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll 2013-12-11 10:13 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-11 10:13 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-11 10:13 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe 2013-12-11 10:13 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe 2013-12-11 10:13 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-11 10:13 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-11 10:13 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys 2013-12-11 10:13 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys 2013-12-10 07:56 - 2013-12-14 04:57 - 00006690 _____ C:\Windows\PFRO.log 2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA 2013-11-30 01:12 - 2013-12-14 05:42 - 00530578 _____ C:\Windows\WindowsUpdate.log 2013-11-30 01:10 - 2013-12-11 10:34 - 00326280 _____ C:\Windows\System32\FNTCACHE.DAT 2013-11-29 15:00 - 2013-11-29 15:00 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-29 14:11 - 2013-12-14 05:40 - 00007931 _____ C:\Windows\setupact.log 2013-11-29 14:11 - 2013-11-29 14:11 - 00000000 _____ C:\Windows\setuperr.log 2013-11-25 08:54 - 2013-11-25 08:54 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\{03C89020-8369-4757-82C6-FE65595F01D0} 2013-11-23 03:48 - 2013-11-23 03:48 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\{E45465FB-609F-48F6-845B-B09FDFA8307C} 2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV 2013-11-20 12:36 - 2013-11-11 07:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll 2013-11-20 12:36 - 2013-11-11 07:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 03467927 _____ C:\Windows\System32\nvcoproc.bin 2013-11-20 12:36 - 2013-11-11 07:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 01065248 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe 2013-11-20 12:36 - 2013-11-11 07:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 00067072 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 30361888 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 18293608 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 18208624 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 12613408 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2013-11-20 12:32 - 2013-11-14 03:58 - 11600432 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 11514624 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 03132704 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 03125024 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 03069608 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433182.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433182.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01436528 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00707360 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00657184 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00479520 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00357152 _____ C:\Windows\System32\NvIFROpenGL.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00032544 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys 2013-11-20 12:32 - 2013-11-14 03:58 - 00023754 _____ C:\Windows\System32\nvinfo.pb 2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation 2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security 2013-11-16 01:05 - 2013-11-16 01:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-15 08:50 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll 2013-11-15 08:50 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL 2013-11-15 08:50 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL 2013-11-15 08:50 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-15 08:50 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-15 08:50 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-11-15 08:50 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-15 08:50 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll 2013-11-15 08:50 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll 2013-11-15 08:50 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-11-15 08:50 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-15 08:50 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-15 08:50 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-15 08:50 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll 2013-11-15 08:50 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-15 08:50 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys 2013-11-15 08:50 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2013-11-15 08:50 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2013-11-15 08:50 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll 2013-11-15 08:50 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll 2013-11-15 08:50 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll 2013-11-15 08:50 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2013-11-15 08:50 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2013-11-15 08:50 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2013-11-15 08:50 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-15 08:50 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-15 08:50 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-15 08:50 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-15 08:50 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe 2013-11-15 08:50 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys ==================== One Month Modified Files and Folders ======= 2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST 2013-12-14 05:42 - 2013-11-30 01:12 - 00530578 _____ C:\Windows\WindowsUpdate.log 2013-12-14 05:40 - 2013-11-29 14:11 - 00007931 _____ C:\Windows\setupact.log 2013-12-14 05:39 - 2012-10-06 09:36 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\Skype 2013-12-14 05:36 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-14 05:36 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-14 05:33 - 2012-04-06 11:09 - 00700720 _____ C:\Windows\System32\perfh007.dat 2013-12-14 05:33 - 2012-04-06 11:09 - 00150326 _____ C:\Windows\System32\perfc007.dat 2013-12-14 05:33 - 2009-07-13 21:13 - 01624106 _____ C:\Windows\System32\PerfStringBackup.INI 2013-12-14 05:29 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-14 05:05 - 2013-06-29 00:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-14 04:57 - 2013-12-10 07:56 - 00006690 _____ C:\Windows\PFRO.log 2013-12-13 15:18 - 2013-12-13 08:36 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit 2013-12-13 14:07 - 2013-12-13 14:07 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs 2013-12-13 10:56 - 2013-12-13 10:56 - 00000009 _____ C:\END 2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL 2013-12-13 08:40 - 2013-12-13 08:40 - 00000000 ___SD C:\ComboFix 2013-12-13 08:40 - 2013-12-13 08:31 - 00000000 ____D C:\Qoobox 2013-12-13 08:38 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default 2013-12-13 08:37 - 2013-12-13 08:31 - 00000000 ____D C:\Windows\erdnt 2013-12-13 08:37 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini 2013-12-13 08:26 - 2013-12-13 08:25 - 05154339 ____R (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe 2013-12-12 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-12-11 11:07 - 2013-06-29 00:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-11 11:06 - 2013-04-26 02:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 11:06 - 2013-04-26 02:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-11 10:34 - 2013-11-30 01:10 - 00326280 _____ C:\Windows\System32\FNTCACHE.DAT 2013-12-11 10:34 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-12-11 10:21 - 2012-06-24 23:32 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-11 10:20 - 2013-07-11 11:33 - 00000000 ____D C:\Windows\System32\MRT 2013-12-11 10:19 - 2012-06-22 05:14 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA 2013-11-29 15:00 - 2013-11-29 15:00 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-29 14:11 - 2013-11-29 14:11 - 00000000 _____ C:\Windows\setuperr.log 2013-11-28 08:11 - 2012-11-17 05:39 - 01598386 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-11-26 23:31 - 2013-08-28 08:45 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-11-26 23:31 - 2012-02-24 04:59 - 00000000 ____D C:\ProgramData\Skype 2013-11-26 03:54 - 2013-12-11 10:20 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-11-26 02:19 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-11-26 02:18 - 2013-12-11 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2013-11-26 02:11 - 2013-12-11 10:20 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-26 01:48 - 2013-12-11 10:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-11-26 01:46 - 2013-12-11 10:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2013-11-26 01:41 - 2013-12-11 10:20 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-11-26 01:29 - 2013-12-11 10:20 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-11-26 01:27 - 2013-12-11 10:20 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-11-26 01:23 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-26 01:21 - 2013-12-11 10:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-11-26 01:18 - 2013-12-11 10:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-11-26 01:18 - 2013-12-11 10:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2013-11-26 01:16 - 2013-12-11 10:20 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2013-11-26 00:57 - 2013-12-11 10:20 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-11-26 00:38 - 2013-12-11 10:20 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-26 00:38 - 2013-12-11 10:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-26 00:35 - 2013-12-11 10:20 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-11-26 00:32 - 2013-12-11 10:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-26 00:28 - 2013-12-11 10:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-11-26 00:16 - 2013-12-11 10:20 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-26 00:02 - 2013-12-11 10:20 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-11-25 23:48 - 2013-12-11 10:20 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-11-25 23:32 - 2013-12-11 10:20 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-11-25 23:26 - 2013-12-11 10:20 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-25 23:07 - 2013-12-11 10:20 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-11-25 22:40 - 2013-12-11 10:20 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-11-25 22:34 - 2013-12-11 10:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-11-25 22:34 - 2013-12-11 10:20 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-11-25 22:33 - 2013-12-11 10:20 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-25 22:27 - 2013-12-11 10:20 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-25 09:37 - 2012-12-08 01:22 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\vlc 2013-11-25 08:54 - 2013-11-25 08:54 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\{03C89020-8369-4757-82C6-FE65595F01D0} 2013-11-23 10:26 - 2013-12-11 10:13 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-11-23 09:47 - 2013-12-11 10:13 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-11-23 03:48 - 2013-11-23 03:48 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\{E45465FB-609F-48F6-845B-B09FDFA8307C} 2013-11-23 03:48 - 2012-06-25 01:25 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\Windows Live 2013-11-23 03:26 - 2012-08-13 06:38 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\CrashDumps 2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV 2013-11-20 21:43 - 2013-10-13 05:01 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-20 12:36 - 2012-04-06 01:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-11-20 12:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help 2013-11-20 12:35 - 2013-10-13 05:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-11-20 12:35 - 2012-04-06 01:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation 2013-11-17 05:11 - 2012-06-22 04:49 - 00000000 ____D C:\ProgramData\Norton 2013-11-17 05:09 - 2012-12-05 10:22 - 00001310 _____ C:\Users\MeinerSein\Desktop\Norton-Installationsdateien.lnk 2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security 2013-11-17 04:59 - 2012-06-22 05:11 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2013-11-17 04:59 - 2012-06-22 04:59 - 00000000 ____D C:\Windows\System32\Drivers\NISx64 2013-11-17 04:58 - 2012-06-22 05:00 - 00177752 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS 2013-11-17 04:58 - 2012-06-22 05:00 - 00008222 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT 2013-11-17 04:58 - 2012-06-22 04:59 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security 2013-11-17 04:21 - 2012-06-22 05:06 - 00000000 ____D C:\Users\Public\Downloads\Norton 2013-11-16 13:24 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther 2013-11-16 13:02 - 2013-09-02 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-16 01:05 - 2013-11-16 01:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-15 08:58 - 2012-06-25 00:51 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\Adobe 2013-11-14 03:58 - 2013-11-20 12:32 - 30361888 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 18293608 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 18208624 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 12613408 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2013-11-14 03:58 - 2013-11-20 12:32 - 11600432 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 11514624 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 03132704 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 03125024 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 03069608 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433182.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433182.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 01436528 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 00707360 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 00657184 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 00479520 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 00357152 _____ C:\Windows\System32\NvIFROpenGL.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2013-11-14 03:58 - 2013-11-20 12:32 - 00032544 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys 2013-11-14 03:58 - 2013-11-20 12:32 - 00023754 _____ C:\Windows\System32\nvinfo.pb Some content of TEMP: ==================== C:\Users\MeinerSein\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\MeinerSein\AppData\Local\Temp\ResetDevice.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 4 Restore point made on: 2013-12-06 07:21:36 Restore point made on: 2013-12-11 10:19:04 Restore point made on: 2013-12-13 08:33:06 Restore point made on: 2013-12-13 09:44:43 ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=Y: description Windows Boot Manager locale de-DE inherit {globalsettings} default {default} resumeobject {9cc03a13-801b-11e1-90c1-e792024502da} displayorder {default} toolsdisplayorder {memdiag} timeout 10 Windows-Startladeprogramm ------------------------- Bezeichner {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {9cc03a13-801b-11e1-90c1-e792024502da} nx OptIn bootlog No Windows-Startladeprogramm ------------------------- Bezeichner {current} device ramdisk=[C:]\Recovery\9cc03a15-801b-11e1-90c1-e792024502da\Winre.wim,{9cc03a16-801b-11e1-90c1-e792024502da} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\9cc03a15-801b-11e1-90c1-e792024502da\Winre.wim,{9cc03a16-801b-11e1-90c1-e792024502da} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {9cc03a13-801b-11e1-90c1-e792024502da} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=Y: path \boot\memtest.exe description Windows Memory Diagnostic locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {9cc03a16-801b-11e1-90c1-e792024502da} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\9cc03a15-801b-11e1-90c1-e792024502da\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16222.36 MB Available physical RAM: 14928.65 MB Total Pagefile: 16220.55 MB Available Pagefile: 14936.38 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:96.19 GB) (Free:10.73 GB) NTFS Drive d: (DATA) (Fixed) (Total:465.68 GB) (Free:286.21 GB) NTFS Drive f: (Linux) (Fixed) (Total:100.01 GB) (Free:99.91 GB) NTFS Drive g: (home) (Fixed) (Total:365.82 GB) (Free:365.72 GB) NTFS Drive h: (PQSERVICE) (Fixed) (Total:15.5 GB) (Free:0.74 GB) NTFS Drive j: (o_tel_o) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS Drive l: (8GBVODAFONE) (Removable) (Total:7.66 GB) (Free:7.66 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3194C7A0) Partition 1: (Not Active) - (Size=16 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=96 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3194C74E) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=366 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 8 GB) (Disk ID: E06FCDEC) Partition 1: (Not Active) - (Size=8 GB) - (Type=0B) LastRegBack: 2013-12-11 12:10 ==================== End Of Log ============================ --- --- --- Ich muss aber auch dazu sagen, dass ich bereits gestern Abend mit Malwarebytes mein System gescannt hatte. Die gefundenen Dateien bezogen sich auf das Makwarebytes-Programm. Die hatte ich dann gelöscht. Ach ja, OTL hatte ich auch versucht. Die entsprechenden Dateien hab ich mir gespeichert. |
|
15.12.2013, 07:50
| #6 | |
| /// the machine /// TB-Ausbilder | Paysafe-Trojaner eingefangen - was kann ich tun? Der Rechner sollte ganz normal booten. Ist das so? Wenn ja: Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Paysafe-Trojaner eingefangen - was kann ich tun? |
|
15.12.2013, 13:31
| #7 |
| | Paysafe-Trojaner eingefangen - was kann ich tun?Code:
ATTFilter ComboFix 13-12-13.01 - MeinerSein 15.12.2013 12:20:52.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.16222.14005 [GMT 1:00]
ausgeführt von:: c:\users\MeinerSein\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-11-15 bis 2013-12-15 ))))))))))))))))))))))))))))))
.
.
2013-12-15 11:24 . 2013-12-15 11:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-15 11:24 . 2013-12-15 11:24 -------- d-----w- c:\users\UpdatusUser.MeinerSein-PC\AppData\Local\temp
2013-12-15 11:24 . 2013-12-15 11:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-14 22:52 . 2013-12-14 22:52 -------- d-----w- C:\FRST
2013-12-13 22:07 . 2013-12-13 22:07 -------- d-----w- C:\Progs
2013-12-13 22:07 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-11 18:21 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 18:21 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-11 18:21 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 18:21 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 18:21 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 18:14 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 18:14 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-06 14:09 . 2013-12-06 14:09 -------- d-----w- c:\users\MeinerSein\AppData\Roaming\NVIDIA
2013-11-27 16:21 . 2013-11-27 16:21 -------- d-----w- c:\windows\Migration
2013-11-23 10:13 . 2013-11-23 10:13 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-23 10:13 . 2013-11-23 10:13 -------- d-----w- c:\program files\iTunes
2013-11-23 10:13 . 2013-11-23 10:13 -------- d-----w- c:\program files\iPod
2013-11-21 05:43 . 2013-11-21 05:43 -------- d-----w- c:\windows\SysWow64\NV
2013-11-21 05:43 . 2013-11-21 05:43 -------- d-----w- c:\windows\system32\NV
2013-11-20 20:36 . 2013-11-11 15:02 6674208 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-20 20:36 . 2013-11-11 15:02 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-20 20:36 . 2013-11-11 15:01 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-20 20:36 . 2013-11-11 15:01 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-11-20 20:36 . 2013-11-11 15:01 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-11-20 20:36 . 2013-11-11 15:01 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-11-20 20:36 . 2013-11-11 15:01 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-20 20:36 . 2013-11-11 15:01 1065248 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-11-20 20:36 . 2013-11-11 15:01 3467927 ----a-w- c:\windows\system32\nvcoproc.bin
2013-11-19 18:13 . 2013-11-19 18:13 -------- d-----w- c:\users\MeinerSein\AppData\Local\NVIDIA Corporation
2013-11-17 12:58 . 2013-11-27 07:53 -------- d-----w- c:\windows\system32\drivers\NISx64\1501000.012
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 19:06 . 2013-04-26 10:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 19:06 . 2013-04-26 10:34 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 18:19 . 2012-06-22 13:14 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-17 12:58 . 2012-06-22 13:00 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-11-12 14:45 . 2013-11-12 14:45 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-12 14:45 . 2013-11-12 14:45 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-12 14:45 . 2013-11-12 14:45 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-12 14:45 . 2013-11-12 14:45 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-12 14:45 . 2013-11-12 14:45 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-12 14:45 . 2013-11-12 14:45 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-12 14:45 . 2013-11-12 14:45 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-12 14:45 . 2013-11-12 14:45 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-12 14:45 . 2013-11-12 14:45 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-12 14:45 . 2013-11-12 14:45 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-12 14:45 . 2013-11-12 14:45 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-12 14:45 . 2013-11-12 14:45 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-12 14:45 . 2013-11-12 14:45 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-12 14:45 . 2013-11-12 14:45 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-12 14:45 . 2013-11-12 14:45 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-12 14:45 . 2013-11-12 14:45 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-12 14:45 . 2013-11-12 14:45 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-12 14:45 . 2013-11-12 14:45 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-12 14:45 . 2013-11-12 14:45 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-12 14:45 . 2013-11-12 14:45 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-12 14:45 . 2013-11-12 14:45 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-12 14:45 . 2013-11-12 14:45 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-12 14:45 . 2013-11-12 14:45 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-12 14:45 . 2013-11-12 14:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-12 14:45 . 2013-11-12 14:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-12 14:45 . 2013-11-12 14:45 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-12 14:45 . 2013-11-12 14:45 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-12 14:45 . 2013-11-12 14:45 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-12 14:45 . 2013-11-12 14:45 413696 ----a-w- c:\windows\system32\html.iec
2013-11-12 14:45 . 2013-11-12 14:45 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 14:45 . 2013-11-12 14:45 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-12 14:45 . 2013-11-12 14:45 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-12 14:45 . 2013-11-12 14:45 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-12 14:45 . 2013-11-12 14:45 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-12 14:45 . 2013-11-12 14:45 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-12 14:45 . 2013-11-12 14:45 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-12 14:45 . 2013-11-12 14:45 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-12 14:45 . 2013-11-12 14:45 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-12 14:45 . 2013-11-12 14:45 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-12 14:45 . 2013-11-12 14:45 235520 ----a-w- c:\windows\system32\url.dll
2013-11-12 14:45 . 2013-11-12 14:45 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-12 14:45 . 2013-11-12 14:45 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-12 14:45 . 2013-11-12 14:45 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-12 14:45 . 2013-11-12 14:45 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-12 14:45 . 2013-11-12 14:45 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-12 14:45 . 2013-11-12 14:45 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-12 14:45 . 2013-11-12 14:45 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-12 14:45 . 2013-11-12 14:45 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-12 14:45 . 2013-11-12 14:45 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-12 14:45 . 2013-11-12 14:45 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-12 14:45 . 2013-11-12 14:45 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-12 14:45 . 2013-11-12 14:45 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-12 14:45 . 2013-11-12 14:45 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-12 14:45 . 2013-11-12 14:45 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-12 14:45 . 2013-11-12 14:45 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-12 14:45 . 2013-11-12 14:45 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-12 14:45 . 2013-11-12 14:45 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-12 14:45 . 2013-11-12 14:45 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-12 14:45 . 2013-11-12 14:45 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-08 20:47 . 2013-11-01 11:18 1064224 ----a-w- c:\windows\system32\nvspcap64.dll
2013-11-08 20:47 . 2013-11-01 11:18 955168 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-11-07 08:32 . 2013-03-29 23:27 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-11-03 19:06 . 2013-11-03 19:06 53248 ----a-r- c:\users\MeinerSein\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-11-02 12:59 . 2012-12-08 23:18 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-11-02 12:59 . 2012-12-08 23:44 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-11-02 12:59 . 2012-12-08 23:18 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-11-02 12:33 . 2012-12-08 23:18 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-11-02 12:30 . 2013-11-02 12:33 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-10-14 17:00 . 2013-11-12 14:48 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-09-27 23:01 . 2013-11-01 11:18 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-09-27 23:01 . 2013-11-01 11:18 28960 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-09-27 23:01 . 2013-10-13 12:58 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\spiele\JA Back in Action\Steam.exe" [2013-12-04 1823656]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-02-22 1105488]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-12-04 291648]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Komsa_Germany Silverstone ModemListener"="c:\program files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe" [2012-03-14 109120]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\MeinerSein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=DEU /_WFM="." [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TraXEx PC-Putzer.lnk - d:\programme\Schutz\TraXEx\TraXEx.exe [2013-7-1 4586512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_80CF330A;CyberLink Product - 2012/04/06 11:45;c:\program files (x86)\Acer\clear.fi SDK20\Movie\NavFilter\kmsvc.exe;c:\program files (x86)\Acer\clear.fi SDK20\Movie\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AlcatelOTnet;AlcatelOT USB-NDIS miniport;c:\windows\system32\DRIVERS\AlcatelOTUsbnet.sys;c:\windows\SYSNATIVE\DRIVERS\AlcatelOTUsbnet.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
R3 DCDhcpService;DCDhcpService;c:\program files (x86)\Acer\WDAgent\DCDhcpService.exe;c:\program files (x86)\Acer\WDAgent\DCDhcpService.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 dcrypt;dcrypt;c:\windows\system32\drivers\dcrypt.sys;c:\windows\SYSNATIVE\drivers\dcrypt.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501000.012\SYMNETS.SYS [x]
S1 xlkfs;xlkfs;c:\windows\system32\DRIVERS\xlkfs.sys;c:\windows\SYSNATIVE\DRIVERS\xlkfs.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Komsa_Germany Silverstone Modem Device Helper;Komsa_Germany Silverstone Modem Device Helper;c:\program files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe;c:\program files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_80CF330A
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-26 19:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-14 12448872]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2012-11-09 661400]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-13 1020064]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-13 800416]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-07 1829768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-14 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-14 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-14 441840]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-08 1064224]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=15996&gct=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - d:\programme\Schutz\TraXEx\Integration\TraXEx Internet Explorer.lnk
IE: {{8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - d:\programme\Schutz\TraXEx\Integration\TraXEx Löschautomat.lnk
FF - ProfilePath - c:\users\MeinerSein\AppData\Roaming\Mozilla\Firefox\Profiles\drd72qol.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2682599&SearchSource=2&CUI=UN52482017372861189&UM=1&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{6457FB0A-5C02-4393-909C-2139A5D5571F} - (no file)
ShellIconOverlayIdentifiers-{871FE18B-B68D-4437-BC76-6634996CDB97} - (no file)
ShellIconOverlayIdentifiers-{1F03249C-6AB2-4E31-8C10-86F7E31E3B4E} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{311BA51F-64F2-439D-9A4A-772373D77312}"=hex:51,66,7a,6c,4c,1d,38,12,71,a6,08,
35,c0,2a,f3,06,e5,5c,34,63,76,89,37,06
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,38,12,aa,f5,03,
89,33,40,ba,0e,f9,17,52,ec,1a,81,c5,32
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:00,2a,72,0b,cb,a6,cd,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-12-15 12:25:21
ComboFix-quarantined-files.txt 2013-12-15 11:25
ComboFix2.txt 2013-12-15 11:10
ComboFix3.txt 2013-12-13 16:38
.
Vor Suchlauf: 20 Verzeichnis(se), 11.649.429.504 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 11.576.078.336 Bytes frei
.
- - End Of File - - F4A42120719A5D63F5722FCD8B7CADA1
A36C5E4F47E84449FF07ED3517B43A31
....die 48h sind auch noch nicht vorüber, erst heute Abend. |
|
16.12.2013, 09:19
| #8 |
| /// the machine /// TB-Ausbilder | Paysafe-Trojaner eingefangen - was kann ich tun? ist das Fenster denn noch da? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.12.2013, 11:41
| #9 |
| | Paysafe-Trojaner eingefangen - was kann ich tun? Da ich mobiles Internet nutze hatte ich sofort die Verbindung gekappt und das Fenster ließ sich nur über den Taskmanager schließen. Es ist bisher nicht wieder aufgetaucht. Da ich aber Null Ahnung habe weiss ich nicht, ob der rechner nicht doch irgendwann gesperrt wird und das Fenster wieder auftaucht... Ich lade mir jetzt die Progs runter und poste später. Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.16.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 MeinerSein :: MEINERSEIN-PC [Administrator] 16.12.2013 10:14:39 mbam-log-2013-12-16 (10-14-39).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 263469 Laufzeit: 2 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.015 - Bericht erstellt am 16/12/2013 um 10:31:21
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : MeinerSein - MEINERSEIN-PC
# Gestartet von : C:\Users\MeinerSein\Desktop\Sicherheit\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\driver-soft
Ordner Gelöscht : C:\Users\MeinerSein\AppData\LocalLow\AskToolbar
Datei Gelöscht : C:\Users\MeinerSein\AppData\Roaming\Mozilla\Firefox\Profiles\drd72qol.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\MeinerSein\AppData\Roaming\Mozilla\Firefox\Profiles\drd72qol.default\searchplugins\ask-web-search.xml
Datei Gelöscht : C:\Users\MeinerSein\AppData\Roaming\Mozilla\Firefox\Profiles\drd72qol.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\MeinerSein\AppData\Roaming\Mozilla\Firefox\Profiles\drd72qol.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\FLEXnet
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v25.0.1 (de)
[ Datei : C:\Users\MeinerSein\AppData\Roaming\Mozilla\Firefox\Profiles\drd72qol.default\prefs.js ]
Zeile gelöscht : user_pref("CT2682599_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386961132610,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFSB16&ctid=CT2682599&SearchSource=13");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "InnoGames Customized Web Search");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB16&ctid=CT2682599&SearchSource=2&q=");
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB16&ctid=CT2682599&SearchSource=2&q=");
Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
Zeile gelöscht : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2682599&SearchSource=2&CUI=UN52482017372861189&UM=1&q=");
Zeile gelöscht : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Zeile gelöscht : user_pref("smartbar.machineId", "A52HC7C0WUTEAVM3FLQSYEYSPMAPOSGXEWENPIMGAQYWVQQ2IXTK3SEPEO4MN9H45RT0SUF2+6RRG2E36PHYRA");
Zeile gelöscht : user_pref("tfp.abs.CT2682599", true);
*************************
AdwCleaner[R0].txt - [4811 octets] - [16/12/2013 10:28:53]
AdwCleaner[S0].txt - [4468 octets] - [16/12/2013 10:31:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4528 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by MeinerSein on 16.12.2013 at 10:40:14,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smarttweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5B8E9723-7B85-4B5C-8624-B82D6CF0AF69}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\smarttweak"
Successfully deleted: [Folder] "C:\Users\MeinerSein\AppData\Roaming\microsoft\windows\start menu\programs\smarttweak software"
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{0121A14E-A78E-4ECD-A242-EF06EB286192}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{03C89020-8369-4757-82C6-FE65595F01D0}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{0C6C2047-A2D4-441E-984E-BE61E8A8406A}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{2754F9DD-E214-4A5F-9EFE-11904CA65FE4}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{450656B2-C873-40D5-9A21-84D664E83AB6}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{5458DDBC-E225-4CD2-A619-52F9F14F32D8}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{60A20C7F-E757-40A0-A5F5-E59C8474C7BE}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{67AEE722-95A5-4AF3-8290-C82EC84072EC}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{75DFF2F9-D31B-4A77-AB02-FDA21A39F647}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{88B1A8B8-71E0-4FAF-9725-4AAAD7186262}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{97AF30EA-FAFF-4695-9C3E-050E67E82A63}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{9F844249-A337-4BEB-9F4A-E7A26FA29EAD}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{9FF89DA7-15AF-4503-9277-09C0C71FD807}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{A7951F1B-384C-4A7E-939B-EE8362A05070}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{DFEBECC4-61A8-4E39-B30F-7DA0829D1D2C}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{E45465FB-609F-48F6-845B-B09FDFA8307C}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{F1A16BAB-06F0-4B2D-8EF8-7E1C0590AE9B}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.12.2013 at 10:46:28,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 Ran by SYSTEM on MININT-4EQL4FU on 16-12-2013 11:15:47 Running from L:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-07] (Realtek Semiconductor) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [661400 2012-11-09] (Alps Electric Co., Ltd.) HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations) HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-01-20] () HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-02-22] (Dritek System Inc.) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-03] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Komsa_Germany Silverstone ModemListener] - C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe [109120 2012-03-14] () HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.) HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () HKU\MeinerSein\...\Run: [Steam] - D:\Spiele\JA Back in Action\Steam.exe [1823656 2013-12-03] (Valve Corporation) HKU\MeinerSein\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\MeinerSein\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () HKU\UpdatusUser.MeinerSein-PC\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation) Startup: C:\Users\MeinerSein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) ==================== Services (Whitelisted) ================= S2 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2007-03-09] () S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) S2 CLKMSVC10_80CF330A; C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\NavFilter\kmsvc.exe [240112 2011-11-23] (CyberLink) S3 DCDhcpService; C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe [111776 2012-02-09] (Atheros Communication Inc.) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation) S2 Komsa_Germany Silverstone Modem Device Helper; C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] () S2 MBAMScheduler; C:\Progs\Sicherheit\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Progs\Sicherheit\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-11-02] () ==================== Drivers (Whitelisted) ==================== S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd) S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation) S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) S0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [190024 2010-10-23] () S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation) S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation) S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd) S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-03] (Qualcomm Atheros Co., Ltd.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\ENG64.SYS [126040 2013-11-15] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\EX64.SYS [2099288 2013-11-15] (Symantec Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation) S0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation) S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation) S1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [30456 2012-05-04] (XOSLAB.COM) S3 catchme; \??\C:\ComboFix1\catchme.sys [x] S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\system32\drivers\acedrv11.sys A3769020F7E8A70FD3E824C050F33306 C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys 808820DEF092FA0A6D93BAE3E5D069CD C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\System32\DRIVERS\Apfiltr.sys 968A4A0FD5BF07717F4E869875A4B149 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\btath_flt.sys BCC09E0B0362741D0C084828A1B950F3 C:\Windows\System32\DRIVERS\athrx.sys 6B2B5E3C47C7B576A05384FA738FCB06 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys 613883A3BAC6920149C83ED751589433 C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\System32\drivers\btath_a2dp.sys C05ED3246C06EC56F10D85B0304CD09E C:\Windows\System32\drivers\btath_avdt.sys 2D27F7A831657D63AFC78E5E78DCA83F C:\Windows\System32\DRIVERS\btath_bus.sys E6B734A37ADE36FE1A77035F4E484C8C C:\Windows\System32\DRIVERS\btath_hcrp.sys FB3833E63FF602B69C2FF085846DCF43 C:\Windows\System32\DRIVERS\btath_lwflt.sys 371A11C1333BA526263A987A93ACDE3D C:\Windows\System32\DRIVERS\btath_rcp.sys ABCD3C16CA850A7594CEB9AD5D966810 C:\Windows\System32\DRIVERS\btfilter.sys 13BDB661991ACF40ADCB09BD64A8CBEF C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4 C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37 C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys 0510396A957E9FD7205BA62D3CAE4528 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\drivers\dcrypt.sys 8C93092E61AABECA655590A239DDA392 C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52 C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 1B7AA375F711F66D5FF2B855F9EC987F C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 7230C8B80DDE1F0524C353240B78CC0E C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ew_jubusenum.sys BAFE6B0B92BE69144D59907550A07678 C:\Windows\System32\DRIVERS\ewusbmdm.sys D969D0E26C5B1E813B17066A8318D5D4 C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\drivers\iaStor.sys C224331A54571C8C9162F7714400BBBD C:\Windows\System32\DRIVERS\iaStorA.sys FA4C48E36F0B24E7E33D3E7E1844B9C9 C:\Windows\System32\DRIVERS\iaStorF.sys 05E24E2CA39C0D2FAADE8FC603345A7D C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys D7CB14B41DA52DF2EC143768E02F0E97 C:\Windows\System32\DRIVERS\igdkmd64.sys 54FB3B4847B6CD8CE1B448471ADFE02A C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHD64.sys E83BB47C3446F0497019DE7FD6C6A86F C:\Windows\System32\DRIVERS\IntcDAud.sys 0E0B99617ED3FDB6C5F0E2D62709B5DF C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iusb3hcs.sys 7A4D015FF432645C55C162DADAEA143E C:\Windows\System32\DRIVERS\iusb3hub.sys 5D6164479F6F900ACD287FDC6935532E C:\Windows\System32\DRIVERS\iusb3xhc.sys 9F5687C7EFA906E4F33586D393F7C257 C:\Windows\System32\DRIVERS\jrdusbser.sys 5678EC677028221EC5C815BCD07AB697 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64 C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\L1C62x64.sys C669E616F41060C37F868B2BBAD92632 C:\Windows\System32\DRIVERS\LHidFilt.Sys 77D5786C6A7765503884E38706C9FD5E C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\LMouFilt.Sys F84023FB2E3DEA06103501974A2EDB44 C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910 C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys 2BB3EAE2EA641515D4B205CAB29E1624 C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mwlPSDFilter.sys C009123B206C56854F4E88596035231D C:\Windows\System32\DRIVERS\mwlPSDNServ.sys BF3739EEB9F008B1DEBAC115089A53F8 C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys 38DD143D95E7A01B86F219DDA9C28779 C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\ENG64.SYS 702E07EC32F96ACDB873E9A5465D4401 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\EX64.SYS 302EA314A1AF0D7CEF0A3D0195F79561 C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0 C:\Windows\system32\drivers\NTIDrvr.sys EE3BA1024594D5D09E314F206B94069E C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nvlddmkm.sys F554291C0A11F5B713B54C5886D4AA31 C:\Windows\System32\DRIVERS\nvpciflt.sys 3F403A74349FCE04DF8D7BE24E6A02BD C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\System32\drivers\nvvad64v.sys 31B16657118E439B77B0A527F7EA66CB C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\System32\DRIVERS\RtsPStor.sys 6E5C3D18C3BCC72AA527DBC5FA61AB8F C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\snapman.sys B84440E7554FC85E900EEF0A7AABA228 C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS 8BFD1752AAA15BF47D668E9AC5AF96FB C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS B18CE01B9C09C59422BA7C7064248B35 C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS 5C9EE2303CA7F267665D75237862B39C C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS 08AF51153E441687130B759A8F6892ED C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 97E11C50CE52277B377396EA8838E539 C:\Windows\System32\DRIVERS\SymIMv.sys 6DE89F4CDF0B31A5BAF2855F9D80F8BA C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS 48C2934683CBD06F662B088EEF49EF6A C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS 78A2F073AD9EA5EBC04A70931EA36C9A C:\Windows\System32\DRIVERS\tap0901.sys F9BE29D5E097F03F81D3CD12B794CB66 C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\TurboB.sys 20155CF5FB9F7902178D7D5CDC7C0F90 C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\system32\drivers\UBHelper.sys A17D5E1A6DF4EAB0A480F2C490DE4C9D C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240 C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\system32\drivers\usbehci.sys 311C1DD1088E55BEAE15954D17F50646 C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471 C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\System32\DRIVERS\xlkfs.sys 2AAAEC16CCEAD338EC101723C9EED8F8 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-16 01:56 - 2013-12-16 01:56 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-16 01:46 - 2013-12-16 01:46 - 00002934 _____ C:\Users\MeinerSein\Desktop\JRT.txt 2013-12-16 01:40 - 2013-12-16 01:40 - 00000000 ____D C:\Windows\ERUNT 2013-12-16 01:28 - 2013-12-16 01:31 - 00000000 ____D C:\AdwCleaner 2013-12-16 01:11 - 2013-12-16 01:11 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-15 12:07 - 2013-12-15 12:08 - 05154339 _____ (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe 2013-12-15 03:25 - 2013-12-15 03:25 - 00030721 _____ C:\ComboFix.txt 2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST 2013-12-14 09:31 - 2013-12-14 09:31 - 00007605 _____ C:\Users\MeinerSein\AppData\Local\Resmon.ResmonCfg 2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs 2013-12-13 14:07 - 2013-04-04 05:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL 2013-12-13 08:36 - 2013-12-16 01:38 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit 2013-12-13 08:33 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe 2013-12-13 08:33 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe 2013-12-13 08:33 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe 2013-12-13 08:31 - 2013-12-15 03:25 - 00000000 ____D C:\Qoobox 2013-12-13 08:31 - 2013-12-13 08:37 - 00000000 ____D C:\Windows\erdnt 2013-12-11 10:21 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll 2013-12-11 10:21 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL 2013-12-11 10:21 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-11 10:21 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-11 10:20 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-12-11 10:20 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-12-11 10:20 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2013-12-11 10:20 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-11 10:20 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-12-11 10:20 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2013-12-11 10:20 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-12-11 10:20 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-12-11 10:20 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-12-11 10:20 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-11 10:20 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-12-11 10:20 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-12-11 10:20 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2013-12-11 10:20 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2013-12-11 10:20 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-12-11 10:20 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-11 10:20 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-11 10:20 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-12-11 10:20 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-11 10:20 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-11 10:20 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-11 10:20 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-12-11 10:20 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-12-11 10:20 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-11 10:20 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-11 10:20 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-12-11 10:20 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-12-11 10:20 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-12-11 10:20 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-11 10:20 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-11 10:20 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-11 10:14 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-12-11 10:14 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-11 10:13 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-11 10:13 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-12-11 10:13 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll 2013-12-11 10:13 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-11 10:13 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-12-11 10:13 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll 2013-12-11 10:13 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-11 10:13 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx 2013-12-11 10:13 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll 2013-12-11 10:13 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-11 10:13 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-11 10:13 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe 2013-12-11 10:13 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe 2013-12-11 10:13 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-11 10:13 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-11 10:13 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys 2013-12-11 10:13 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys 2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA 2013-11-30 01:12 - 2013-12-16 02:00 - 00607293 _____ C:\Windows\WindowsUpdate.log 2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV 2013-11-20 12:36 - 2013-11-11 07:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll 2013-11-20 12:36 - 2013-11-11 07:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 03467927 _____ C:\Windows\System32\nvcoproc.bin 2013-11-20 12:36 - 2013-11-11 07:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 01065248 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe 2013-11-20 12:36 - 2013-11-11 07:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 00067072 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 30361888 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 18293608 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 18208624 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 12613408 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2013-11-20 12:32 - 2013-11-14 03:58 - 11600432 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 11514624 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 03132704 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 03125024 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 03069608 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433182.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433182.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01436528 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00707360 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00657184 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00479520 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00357152 _____ C:\Windows\System32\NvIFROpenGL.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00032544 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys 2013-11-20 12:32 - 2013-11-14 03:58 - 00023754 _____ C:\Windows\System32\nvinfo.pb 2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation 2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security 2013-11-16 01:05 - 2013-12-15 05:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-12-16 02:00 - 2013-11-30 01:12 - 00607293 _____ C:\Windows\WindowsUpdate.log 2013-12-16 01:56 - 2013-12-16 01:56 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-16 01:46 - 2013-12-16 01:46 - 00002934 _____ C:\Users\MeinerSein\Desktop\JRT.txt 2013-12-16 01:40 - 2013-12-16 01:40 - 00000000 ____D C:\Windows\ERUNT 2013-12-16 01:39 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-16 01:39 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-16 01:38 - 2013-12-13 08:36 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit 2013-12-16 01:38 - 2012-04-06 11:09 - 00700720 _____ C:\Windows\System32\perfh007.dat 2013-12-16 01:38 - 2012-04-06 11:09 - 00150326 _____ C:\Windows\System32\perfc007.dat 2013-12-16 01:38 - 2009-07-13 21:13 - 01624106 _____ C:\Windows\System32\PerfStringBackup.INI 2013-12-16 01:34 - 2012-10-06 09:36 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\Skype 2013-12-16 01:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-16 01:31 - 2013-12-16 01:28 - 00000000 ____D C:\AdwCleaner 2013-12-16 01:11 - 2013-12-16 01:11 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-16 01:05 - 2013-06-29 00:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-15 12:08 - 2013-12-15 12:07 - 05154339 _____ (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe 2013-12-15 05:22 - 2013-11-16 01:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-15 03:25 - 2013-12-15 03:25 - 00030721 _____ C:\ComboFix.txt 2013-12-15 03:25 - 2013-12-13 08:31 - 00000000 ____D C:\Qoobox 2013-12-15 03:24 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini 2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST 2013-12-14 09:31 - 2013-12-14 09:31 - 00007605 _____ C:\Users\MeinerSein\AppData\Local\Resmon.ResmonCfg 2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs 2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL 2013-12-13 08:38 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default 2013-12-13 08:37 - 2013-12-13 08:31 - 00000000 ____D C:\Windows\erdnt 2013-12-12 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-12-11 11:07 - 2013-06-29 00:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-11 11:06 - 2013-04-26 02:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 11:06 - 2013-04-26 02:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-11 10:34 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-12-11 10:21 - 2012-06-24 23:32 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-11 10:20 - 2013-07-11 11:33 - 00000000 ____D C:\Windows\System32\MRT 2013-12-11 10:19 - 2012-06-22 05:14 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA 2013-11-28 08:11 - 2012-11-17 05:39 - 01598386 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-11-26 23:31 - 2013-08-28 08:45 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-11-26 23:31 - 2012-02-24 04:59 - 00000000 ____D C:\ProgramData\Skype 2013-11-26 03:54 - 2013-12-11 10:20 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-11-26 02:19 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-11-26 02:18 - 2013-12-11 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2013-11-26 02:11 - 2013-12-11 10:20 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-26 01:48 - 2013-12-11 10:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-11-26 01:46 - 2013-12-11 10:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2013-11-26 01:41 - 2013-12-11 10:20 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-11-26 01:29 - 2013-12-11 10:20 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-11-26 01:27 - 2013-12-11 10:20 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-11-26 01:23 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-26 01:21 - 2013-12-11 10:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-11-26 01:18 - 2013-12-11 10:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-11-26 01:18 - 2013-12-11 10:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2013-11-26 01:16 - 2013-12-11 10:20 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2013-11-26 00:57 - 2013-12-11 10:20 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-11-26 00:38 - 2013-12-11 10:20 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-26 00:38 - 2013-12-11 10:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-26 00:35 - 2013-12-11 10:20 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-11-26 00:32 - 2013-12-11 10:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-26 00:28 - 2013-12-11 10:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-11-26 00:16 - 2013-12-11 10:20 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-26 00:02 - 2013-12-11 10:20 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-11-25 23:48 - 2013-12-11 10:20 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-11-25 23:32 - 2013-12-11 10:20 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-11-25 23:26 - 2013-12-11 10:20 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-25 23:07 - 2013-12-11 10:20 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-11-25 22:40 - 2013-12-11 10:20 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-11-25 22:34 - 2013-12-11 10:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-11-25 22:34 - 2013-12-11 10:20 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-11-25 22:33 - 2013-12-11 10:20 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-25 22:27 - 2013-12-11 10:20 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-25 09:37 - 2012-12-08 01:22 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\vlc 2013-11-23 10:26 - 2013-12-11 10:13 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-11-23 09:47 - 2013-12-11 10:13 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-11-23 03:48 - 2012-06-25 01:25 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\Windows Live 2013-11-23 03:26 - 2012-08-13 06:38 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\CrashDumps 2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV 2013-11-20 21:43 - 2013-10-13 05:01 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-20 12:36 - 2012-04-06 01:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-11-20 12:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help 2013-11-20 12:35 - 2013-10-13 05:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-11-20 12:35 - 2012-04-06 01:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation 2013-11-17 05:11 - 2012-06-22 04:49 - 00000000 ____D C:\ProgramData\Norton 2013-11-17 05:09 - 2012-12-05 10:22 - 00001310 _____ C:\Users\MeinerSein\Desktop\Norton-Installationsdateien.lnk 2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security 2013-11-17 04:59 - 2012-06-22 05:11 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2013-11-17 04:59 - 2012-06-22 04:59 - 00000000 ____D C:\Windows\System32\Drivers\NISx64 2013-11-17 04:58 - 2012-06-22 05:00 - 00177752 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS 2013-11-17 04:58 - 2012-06-22 05:00 - 00008222 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT 2013-11-17 04:58 - 2012-06-22 04:59 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security 2013-11-17 04:21 - 2012-06-22 05:06 - 00000000 ____D C:\Users\Public\Downloads\Norton 2013-11-16 13:24 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther 2013-11-16 13:02 - 2013-09-02 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\MeinerSein\AppData\Local\Temp\Quarantine.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 3 Restore point made on: 2013-12-13 08:33:06 Restore point made on: 2013-12-13 09:44:43 Restore point made on: 2013-12-15 03:05:10 ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=Y: description Windows Boot Manager locale de-DE inherit {globalsettings} default {default} resumeobject {9cc03a13-801b-11e1-90c1-e792024502da} displayorder {default} toolsdisplayorder {memdiag} timeout 10 Windows-Startladeprogramm ------------------------- Bezeichner {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {9cc03a13-801b-11e1-90c1-e792024502da} nx OptIn bootlog No Windows-Startladeprogramm ------------------------- Bezeichner {current} device ramdisk=[C:]\Recovery\9cc03a15-801b-11e1-90c1-e792024502da\Winre.wim,{9cc03a16-801b-11e1-90c1-e792024502da} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\9cc03a15-801b-11e1-90c1-e792024502da\Winre.wim,{9cc03a16-801b-11e1-90c1-e792024502da} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {9cc03a13-801b-11e1-90c1-e792024502da} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=Y: path \boot\memtest.exe description Windows Memory Diagnostic locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {9cc03a16-801b-11e1-90c1-e792024502da} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\9cc03a15-801b-11e1-90c1-e792024502da\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16222.36 MB Available physical RAM: 14943.6 MB Total Pagefile: 16220.55 MB Available Pagefile: 14946.72 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:96.19 GB) (Free:9.93 GB) NTFS Drive d: (DATA) (Fixed) (Total:465.68 GB) (Free:286.21 GB) NTFS Drive f: (Linux) (Fixed) (Total:100.01 GB) (Free:99.91 GB) NTFS Drive g: (home) (Fixed) (Total:365.82 GB) (Free:365.72 GB) NTFS Drive h: (PQSERVICE) (Fixed) (Total:15.5 GB) (Free:0.74 GB) NTFS Drive i: (DUNGEONS_GOTY) (CDROM) (Total:2.75 GB) (Free:0 GB) UDF Drive j: (o_tel_o) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS Drive l: (8GBVODAFONE) (Removable) (Total:7.66 GB) (Free:7.66 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3194C7A0) Partition 1: (Not Active) - (Size=16 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=96 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3194C74E) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=366 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 8 GB) (Disk ID: E06FCDEC) Partition 1: (Not Active) - (Size=8 GB) - (Type=0B) LastRegBack: 2013-12-11 12:10 ==================== End Of Log ============================ --- --- --- |
|
16.12.2013, 11:48
| #10 |
| | Paysafe-Trojaner eingefangen - was kann ich tun? "frisches" FSRT: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 Ran by SYSTEM on MININT-4EQL4FU on 16-12-2013 11:15:47 Running from L:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-07] (Realtek Semiconductor) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [661400 2012-11-09] (Alps Electric Co., Ltd.) HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations) HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-01-20] () HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-02-22] (Dritek System Inc.) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-03] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Komsa_Germany Silverstone ModemListener] - C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe [109120 2012-03-14] () HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.) HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () HKU\MeinerSein\...\Run: [Steam] - D:\Spiele\JA Back in Action\Steam.exe [1823656 2013-12-03] (Valve Corporation) HKU\MeinerSein\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\MeinerSein\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () HKU\UpdatusUser.MeinerSein-PC\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation) Startup: C:\Users\MeinerSein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) ==================== Services (Whitelisted) ================= S2 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2007-03-09] () S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) S2 CLKMSVC10_80CF330A; C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\NavFilter\kmsvc.exe [240112 2011-11-23] (CyberLink) S3 DCDhcpService; C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe [111776 2012-02-09] (Atheros Communication Inc.) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation) S2 Komsa_Germany Silverstone Modem Device Helper; C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] () S2 MBAMScheduler; C:\Progs\Sicherheit\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Progs\Sicherheit\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-11-02] () ==================== Drivers (Whitelisted) ==================== S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd) S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation) S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) S0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [190024 2010-10-23] () S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation) S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation) S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd) S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-03] (Qualcomm Atheros Co., Ltd.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\ENG64.SYS [126040 2013-11-15] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\EX64.SYS [2099288 2013-11-15] (Symantec Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation) S0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation) S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation) S1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [30456 2012-05-04] (XOSLAB.COM) S3 catchme; \??\C:\ComboFix1\catchme.sys [x] S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\system32\drivers\acedrv11.sys A3769020F7E8A70FD3E824C050F33306 C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys 808820DEF092FA0A6D93BAE3E5D069CD C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\System32\DRIVERS\Apfiltr.sys 968A4A0FD5BF07717F4E869875A4B149 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\btath_flt.sys BCC09E0B0362741D0C084828A1B950F3 C:\Windows\System32\DRIVERS\athrx.sys 6B2B5E3C47C7B576A05384FA738FCB06 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys 613883A3BAC6920149C83ED751589433 C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\System32\drivers\btath_a2dp.sys C05ED3246C06EC56F10D85B0304CD09E C:\Windows\System32\drivers\btath_avdt.sys 2D27F7A831657D63AFC78E5E78DCA83F C:\Windows\System32\DRIVERS\btath_bus.sys E6B734A37ADE36FE1A77035F4E484C8C C:\Windows\System32\DRIVERS\btath_hcrp.sys FB3833E63FF602B69C2FF085846DCF43 C:\Windows\System32\DRIVERS\btath_lwflt.sys 371A11C1333BA526263A987A93ACDE3D C:\Windows\System32\DRIVERS\btath_rcp.sys ABCD3C16CA850A7594CEB9AD5D966810 C:\Windows\System32\DRIVERS\btfilter.sys 13BDB661991ACF40ADCB09BD64A8CBEF C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4 C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37 C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys 0510396A957E9FD7205BA62D3CAE4528 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\drivers\dcrypt.sys 8C93092E61AABECA655590A239DDA392 C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52 C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 1B7AA375F711F66D5FF2B855F9EC987F C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 7230C8B80DDE1F0524C353240B78CC0E C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ew_jubusenum.sys BAFE6B0B92BE69144D59907550A07678 C:\Windows\System32\DRIVERS\ewusbmdm.sys D969D0E26C5B1E813B17066A8318D5D4 C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\drivers\iaStor.sys C224331A54571C8C9162F7714400BBBD C:\Windows\System32\DRIVERS\iaStorA.sys FA4C48E36F0B24E7E33D3E7E1844B9C9 C:\Windows\System32\DRIVERS\iaStorF.sys 05E24E2CA39C0D2FAADE8FC603345A7D C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys D7CB14B41DA52DF2EC143768E02F0E97 C:\Windows\System32\DRIVERS\igdkmd64.sys 54FB3B4847B6CD8CE1B448471ADFE02A C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHD64.sys E83BB47C3446F0497019DE7FD6C6A86F C:\Windows\System32\DRIVERS\IntcDAud.sys 0E0B99617ED3FDB6C5F0E2D62709B5DF C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iusb3hcs.sys 7A4D015FF432645C55C162DADAEA143E C:\Windows\System32\DRIVERS\iusb3hub.sys 5D6164479F6F900ACD287FDC6935532E C:\Windows\System32\DRIVERS\iusb3xhc.sys 9F5687C7EFA906E4F33586D393F7C257 C:\Windows\System32\DRIVERS\jrdusbser.sys 5678EC677028221EC5C815BCD07AB697 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64 C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\L1C62x64.sys C669E616F41060C37F868B2BBAD92632 C:\Windows\System32\DRIVERS\LHidFilt.Sys 77D5786C6A7765503884E38706C9FD5E C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\LMouFilt.Sys F84023FB2E3DEA06103501974A2EDB44 C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910 C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys 2BB3EAE2EA641515D4B205CAB29E1624 C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mwlPSDFilter.sys C009123B206C56854F4E88596035231D C:\Windows\System32\DRIVERS\mwlPSDNServ.sys BF3739EEB9F008B1DEBAC115089A53F8 C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys 38DD143D95E7A01B86F219DDA9C28779 C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\ENG64.SYS 702E07EC32F96ACDB873E9A5465D4401 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\EX64.SYS 302EA314A1AF0D7CEF0A3D0195F79561 C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0 C:\Windows\system32\drivers\NTIDrvr.sys EE3BA1024594D5D09E314F206B94069E C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nvlddmkm.sys F554291C0A11F5B713B54C5886D4AA31 C:\Windows\System32\DRIVERS\nvpciflt.sys 3F403A74349FCE04DF8D7BE24E6A02BD C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\System32\drivers\nvvad64v.sys 31B16657118E439B77B0A527F7EA66CB C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\System32\DRIVERS\RtsPStor.sys 6E5C3D18C3BCC72AA527DBC5FA61AB8F C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\snapman.sys B84440E7554FC85E900EEF0A7AABA228 C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS 8BFD1752AAA15BF47D668E9AC5AF96FB C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS B18CE01B9C09C59422BA7C7064248B35 C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS 5C9EE2303CA7F267665D75237862B39C C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS 08AF51153E441687130B759A8F6892ED C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 97E11C50CE52277B377396EA8838E539 C:\Windows\System32\DRIVERS\SymIMv.sys 6DE89F4CDF0B31A5BAF2855F9D80F8BA C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS 48C2934683CBD06F662B088EEF49EF6A C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS 78A2F073AD9EA5EBC04A70931EA36C9A C:\Windows\System32\DRIVERS\tap0901.sys F9BE29D5E097F03F81D3CD12B794CB66 C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\TurboB.sys 20155CF5FB9F7902178D7D5CDC7C0F90 C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\system32\drivers\UBHelper.sys A17D5E1A6DF4EAB0A480F2C490DE4C9D C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240 C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\system32\drivers\usbehci.sys 311C1DD1088E55BEAE15954D17F50646 C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471 C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\System32\DRIVERS\xlkfs.sys 2AAAEC16CCEAD338EC101723C9EED8F8 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-16 01:56 - 2013-12-16 01:56 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-16 01:46 - 2013-12-16 01:46 - 00002934 _____ C:\Users\MeinerSein\Desktop\JRT.txt 2013-12-16 01:40 - 2013-12-16 01:40 - 00000000 ____D C:\Windows\ERUNT 2013-12-16 01:28 - 2013-12-16 01:31 - 00000000 ____D C:\AdwCleaner 2013-12-16 01:11 - 2013-12-16 01:11 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-15 12:07 - 2013-12-15 12:08 - 05154339 _____ (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe 2013-12-15 03:25 - 2013-12-15 03:25 - 00030721 _____ C:\ComboFix.txt 2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST 2013-12-14 09:31 - 2013-12-14 09:31 - 00007605 _____ C:\Users\MeinerSein\AppData\Local\Resmon.ResmonCfg 2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs 2013-12-13 14:07 - 2013-04-04 05:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL 2013-12-13 08:36 - 2013-12-16 01:38 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit 2013-12-13 08:33 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe 2013-12-13 08:33 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe 2013-12-13 08:33 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe 2013-12-13 08:31 - 2013-12-15 03:25 - 00000000 ____D C:\Qoobox 2013-12-13 08:31 - 2013-12-13 08:37 - 00000000 ____D C:\Windows\erdnt 2013-12-11 10:21 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll 2013-12-11 10:21 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL 2013-12-11 10:21 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-11 10:21 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-11 10:20 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-12-11 10:20 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-12-11 10:20 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2013-12-11 10:20 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-11 10:20 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-12-11 10:20 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2013-12-11 10:20 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-12-11 10:20 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-12-11 10:20 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-12-11 10:20 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-11 10:20 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-12-11 10:20 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-12-11 10:20 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2013-12-11 10:20 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2013-12-11 10:20 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-12-11 10:20 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-11 10:20 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-11 10:20 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-12-11 10:20 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-11 10:20 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-11 10:20 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-11 10:20 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-12-11 10:20 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-12-11 10:20 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-11 10:20 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-11 10:20 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-12-11 10:20 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-12-11 10:20 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-12-11 10:20 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-11 10:20 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-11 10:20 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-11 10:14 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-12-11 10:14 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-11 10:13 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-11 10:13 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-12-11 10:13 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll 2013-12-11 10:13 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-11 10:13 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-12-11 10:13 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll 2013-12-11 10:13 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-11 10:13 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx 2013-12-11 10:13 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll 2013-12-11 10:13 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-11 10:13 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-11 10:13 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe 2013-12-11 10:13 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe 2013-12-11 10:13 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-11 10:13 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-11 10:13 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys 2013-12-11 10:13 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys 2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA 2013-11-30 01:12 - 2013-12-16 02:00 - 00607293 _____ C:\Windows\WindowsUpdate.log 2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV 2013-11-20 12:36 - 2013-11-11 07:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll 2013-11-20 12:36 - 2013-11-11 07:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 03467927 _____ C:\Windows\System32\nvcoproc.bin 2013-11-20 12:36 - 2013-11-11 07:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 01065248 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe 2013-11-20 12:36 - 2013-11-11 07:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 00067072 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 30361888 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 18293608 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 18208624 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 12613408 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2013-11-20 12:32 - 2013-11-14 03:58 - 11600432 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 11514624 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 03132704 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 03125024 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 03069608 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433182.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433182.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01436528 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00707360 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00657184 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00479520 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00357152 _____ C:\Windows\System32\NvIFROpenGL.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00032544 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys 2013-11-20 12:32 - 2013-11-14 03:58 - 00023754 _____ C:\Windows\System32\nvinfo.pb 2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation 2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security 2013-11-16 01:05 - 2013-12-15 05:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-12-16 02:00 - 2013-11-30 01:12 - 00607293 _____ C:\Windows\WindowsUpdate.log 2013-12-16 01:56 - 2013-12-16 01:56 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-16 01:46 - 2013-12-16 01:46 - 00002934 _____ C:\Users\MeinerSein\Desktop\JRT.txt 2013-12-16 01:40 - 2013-12-16 01:40 - 00000000 ____D C:\Windows\ERUNT 2013-12-16 01:39 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-16 01:39 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-16 01:38 - 2013-12-13 08:36 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit 2013-12-16 01:38 - 2012-04-06 11:09 - 00700720 _____ C:\Windows\System32\perfh007.dat 2013-12-16 01:38 - 2012-04-06 11:09 - 00150326 _____ C:\Windows\System32\perfc007.dat 2013-12-16 01:38 - 2009-07-13 21:13 - 01624106 _____ C:\Windows\System32\PerfStringBackup.INI 2013-12-16 01:34 - 2012-10-06 09:36 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\Skype 2013-12-16 01:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-16 01:31 - 2013-12-16 01:28 - 00000000 ____D C:\AdwCleaner 2013-12-16 01:11 - 2013-12-16 01:11 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-16 01:05 - 2013-06-29 00:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-15 12:08 - 2013-12-15 12:07 - 05154339 _____ (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe 2013-12-15 05:22 - 2013-11-16 01:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-15 03:25 - 2013-12-15 03:25 - 00030721 _____ C:\ComboFix.txt 2013-12-15 03:25 - 2013-12-13 08:31 - 00000000 ____D C:\Qoobox 2013-12-15 03:24 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini 2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST 2013-12-14 09:31 - 2013-12-14 09:31 - 00007605 _____ C:\Users\MeinerSein\AppData\Local\Resmon.ResmonCfg 2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs 2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL 2013-12-13 08:38 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default 2013-12-13 08:37 - 2013-12-13 08:31 - 00000000 ____D C:\Windows\erdnt 2013-12-12 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-12-11 11:07 - 2013-06-29 00:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-11 11:06 - 2013-04-26 02:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 11:06 - 2013-04-26 02:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-11 10:34 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-12-11 10:21 - 2012-06-24 23:32 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-11 10:20 - 2013-07-11 11:33 - 00000000 ____D C:\Windows\System32\MRT 2013-12-11 10:19 - 2012-06-22 05:14 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA 2013-11-28 08:11 - 2012-11-17 05:39 - 01598386 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-11-26 23:31 - 2013-08-28 08:45 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-11-26 23:31 - 2012-02-24 04:59 - 00000000 ____D C:\ProgramData\Skype 2013-11-26 03:54 - 2013-12-11 10:20 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-11-26 02:19 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-11-26 02:18 - 2013-12-11 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2013-11-26 02:11 - 2013-12-11 10:20 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-26 01:48 - 2013-12-11 10:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-11-26 01:46 - 2013-12-11 10:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2013-11-26 01:41 - 2013-12-11 10:20 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-11-26 01:29 - 2013-12-11 10:20 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-11-26 01:27 - 2013-12-11 10:20 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-11-26 01:23 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-26 01:21 - 2013-12-11 10:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-11-26 01:18 - 2013-12-11 10:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-11-26 01:18 - 2013-12-11 10:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2013-11-26 01:16 - 2013-12-11 10:20 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2013-11-26 00:57 - 2013-12-11 10:20 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-11-26 00:38 - 2013-12-11 10:20 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-26 00:38 - 2013-12-11 10:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-26 00:35 - 2013-12-11 10:20 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-11-26 00:32 - 2013-12-11 10:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-26 00:28 - 2013-12-11 10:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-11-26 00:16 - 2013-12-11 10:20 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-26 00:02 - 2013-12-11 10:20 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-11-25 23:48 - 2013-12-11 10:20 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-11-25 23:32 - 2013-12-11 10:20 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-11-25 23:26 - 2013-12-11 10:20 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-25 23:07 - 2013-12-11 10:20 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-11-25 22:40 - 2013-12-11 10:20 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-11-25 22:34 - 2013-12-11 10:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-11-25 22:34 - 2013-12-11 10:20 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-11-25 22:33 - 2013-12-11 10:20 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-25 22:27 - 2013-12-11 10:20 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-25 09:37 - 2012-12-08 01:22 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\vlc 2013-11-23 10:26 - 2013-12-11 10:13 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-11-23 09:47 - 2013-12-11 10:13 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-11-23 03:48 - 2012-06-25 01:25 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\Windows Live 2013-11-23 03:26 - 2012-08-13 06:38 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\CrashDumps 2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV 2013-11-20 21:43 - 2013-10-13 05:01 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-20 12:36 - 2012-04-06 01:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-11-20 12:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help 2013-11-20 12:35 - 2013-10-13 05:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-11-20 12:35 - 2012-04-06 01:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation 2013-11-17 05:11 - 2012-06-22 04:49 - 00000000 ____D C:\ProgramData\Norton 2013-11-17 05:09 - 2012-12-05 10:22 - 00001310 _____ C:\Users\MeinerSein\Desktop\Norton-Installationsdateien.lnk 2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security 2013-11-17 04:59 - 2012-06-22 05:11 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2013-11-17 04:59 - 2012-06-22 04:59 - 00000000 ____D C:\Windows\System32\Drivers\NISx64 2013-11-17 04:58 - 2012-06-22 05:00 - 00177752 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS 2013-11-17 04:58 - 2012-06-22 05:00 - 00008222 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT 2013-11-17 04:58 - 2012-06-22 04:59 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security 2013-11-17 04:21 - 2012-06-22 05:06 - 00000000 ____D C:\Users\Public\Downloads\Norton 2013-11-16 13:24 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther 2013-11-16 13:02 - 2013-09-02 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\MeinerSein\AppData\Local\Temp\Quarantine.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 3 Restore point made on: 2013-12-13 08:33:06 Restore point made on: 2013-12-13 09:44:43 Restore point made on: 2013-12-15 03:05:10 ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=Y: description Windows Boot Manager locale de-DE inherit {globalsettings} default {default} resumeobject {9cc03a13-801b-11e1-90c1-e792024502da} displayorder {default} toolsdisplayorder {memdiag} timeout 10 Windows-Startladeprogramm ------------------------- Bezeichner {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {9cc03a13-801b-11e1-90c1-e792024502da} nx OptIn bootlog No Windows-Startladeprogramm ------------------------- Bezeichner {current} device ramdisk=[C:]\Recovery\9cc03a15-801b-11e1-90c1-e792024502da\Winre.wim,{9cc03a16-801b-11e1-90c1-e792024502da} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\9cc03a15-801b-11e1-90c1-e792024502da\Winre.wim,{9cc03a16-801b-11e1-90c1-e792024502da} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {9cc03a13-801b-11e1-90c1-e792024502da} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=Y: path \boot\memtest.exe description Windows Memory Diagnostic locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {9cc03a16-801b-11e1-90c1-e792024502da} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\9cc03a15-801b-11e1-90c1-e792024502da\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16222.36 MB Available physical RAM: 14943.6 MB Total Pagefile: 16220.55 MB Available Pagefile: 14946.72 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:96.19 GB) (Free:9.93 GB) NTFS Drive d: (DATA) (Fixed) (Total:465.68 GB) (Free:286.21 GB) NTFS Drive f: (Linux) (Fixed) (Total:100.01 GB) (Free:99.91 GB) NTFS Drive g: (home) (Fixed) (Total:365.82 GB) (Free:365.72 GB) NTFS Drive h: (PQSERVICE) (Fixed) (Total:15.5 GB) (Free:0.74 GB) NTFS Drive i: (DUNGEONS_GOTY) (CDROM) (Total:2.75 GB) (Free:0 GB) UDF Drive j: (o_tel_o) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS Drive l: (8GBVODAFONE) (Removable) (Total:7.66 GB) (Free:7.66 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3194C7A0) Partition 1: (Not Active) - (Size=16 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=96 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3194C74E) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=366 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 8 GB) (Disk ID: E06FCDEC) Partition 1: (Not Active) - (Size=8 GB) - (Type=0B) LastRegBack: 2013-12-11 12:10 ==================== End Of Log ============================ |
|
17.12.2013, 09:26
| #11 |
| /// the machine /// TB-Ausbilder | Paysafe-Trojaner eingefangen - was kann ich tun?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.12.2013, 21:06
| #12 |
| | Paysafe-Trojaner eingefangen - was kann ich tun?Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9081f811714b164eb674fd7816715d4f
# engine=16301
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-17 07:42:39
# local_time=2013-12-17 08:42:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 88 11220 149905944 0 0
# compatibility_mode=5893 16776574 100 94 13902050 138939209 0 0
# scanned=238588
# found=0
# cleaned=0
# scan_time=7416
Code:
ATTFilter Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.170 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (25.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Sicherheit Malwarebytes' Anti-Malware mbamscheduler.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 Ran by SYSTEM on MININT-8368MPD on 17-12-2013 20:56:57 Running from L:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-07] (Realtek Semiconductor) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [661400 2012-11-09] (Alps Electric Co., Ltd.) HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations) HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-01-20] () HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-02-22] (Dritek System Inc.) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-03] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Komsa_Germany Silverstone ModemListener] - C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe [109120 2012-03-14] () HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.) HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () HKU\MeinerSein\...\Run: [Steam] - D:\Spiele\JA Back in Action\Steam.exe [1823656 2013-12-03] (Valve Corporation) HKU\MeinerSein\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\MeinerSein\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () HKU\UpdatusUser.MeinerSein-PC\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] () AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation) Startup: C:\Users\MeinerSein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) ==================== Services (Whitelisted) ================= S2 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2007-03-09] () S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) S2 CLKMSVC10_80CF330A; C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\NavFilter\kmsvc.exe [240112 2011-11-23] (CyberLink) S3 DCDhcpService; C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe [111776 2012-02-09] (Atheros Communication Inc.) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation) S2 Komsa_Germany Silverstone Modem Device Helper; C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] () S2 MBAMScheduler; C:\Progs\Sicherheit\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Progs\Sicherheit\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-11-02] () ==================== Drivers (Whitelisted) ==================== S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd) S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation) S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) S0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [190024 2010-10-23] () S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation) S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131216.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation) S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd) S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-03] (Qualcomm Atheros Co., Ltd.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131216.038\ENG64.SYS [126040 2013-11-15] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131216.038\EX64.SYS [2099288 2013-11-15] (Symantec Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation) S0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation) S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation) S1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [30456 2012-05-04] (XOSLAB.COM) S3 catchme; \??\C:\ComboFix1\catchme.sys [x] S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-16 02:34 - 2013-12-17 08:32 - 00000672 _____ C:\Windows\setupact.log 2013-12-16 02:34 - 2013-12-16 02:34 - 00326280 _____ C:\Windows\System32\FNTCACHE.DAT 2013-12-16 02:34 - 2013-12-16 02:34 - 00000000 _____ C:\Windows\setuperr.log 2013-12-16 01:56 - 2013-12-16 01:56 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-16 01:46 - 2013-12-16 01:46 - 00002934 _____ C:\Users\MeinerSein\Desktop\JRT.txt 2013-12-16 01:40 - 2013-12-16 01:40 - 00000000 ____D C:\Windows\ERUNT 2013-12-16 01:28 - 2013-12-16 01:31 - 00000000 ____D C:\AdwCleaner 2013-12-16 01:11 - 2013-12-16 01:11 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-15 12:07 - 2013-12-15 12:08 - 05154339 _____ (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe 2013-12-15 03:25 - 2013-12-15 03:25 - 00030721 _____ C:\ComboFix.txt 2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST 2013-12-14 09:31 - 2013-12-14 09:31 - 00007605 _____ C:\Users\MeinerSein\AppData\Local\Resmon.ResmonCfg 2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs 2013-12-13 14:07 - 2013-04-04 05:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL 2013-12-13 08:36 - 2013-12-17 09:16 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit 2013-12-13 08:33 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe 2013-12-13 08:33 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe 2013-12-13 08:33 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe 2013-12-13 08:33 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe 2013-12-13 08:31 - 2013-12-15 03:25 - 00000000 ____D C:\Qoobox 2013-12-13 08:31 - 2013-12-13 08:37 - 00000000 ____D C:\Windows\erdnt 2013-12-11 10:21 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll 2013-12-11 10:21 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL 2013-12-11 10:21 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-11 10:21 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-11 10:20 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-12-11 10:20 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-12-11 10:20 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2013-12-11 10:20 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-11 10:20 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-12-11 10:20 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2013-12-11 10:20 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-12-11 10:20 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-12-11 10:20 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-12-11 10:20 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-11 10:20 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-12-11 10:20 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-12-11 10:20 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2013-12-11 10:20 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2013-12-11 10:20 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-12-11 10:20 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-11 10:20 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-11 10:20 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-12-11 10:20 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-11 10:20 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-11 10:20 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-11 10:20 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-12-11 10:20 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-12-11 10:20 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-11 10:20 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-11 10:20 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-12-11 10:20 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-12-11 10:20 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-12-11 10:20 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-11 10:20 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-11 10:20 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-11 10:14 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-12-11 10:14 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-11 10:13 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-11 10:13 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-12-11 10:13 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll 2013-12-11 10:13 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-11 10:13 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-12-11 10:13 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll 2013-12-11 10:13 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-11 10:13 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx 2013-12-11 10:13 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll 2013-12-11 10:13 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-11 10:13 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-11 10:13 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe 2013-12-11 10:13 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe 2013-12-11 10:13 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-11 10:13 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-11 10:13 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys 2013-12-11 10:13 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys 2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA 2013-11-30 01:12 - 2013-12-17 11:53 - 00648112 _____ C:\Windows\WindowsUpdate.log 2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV 2013-11-20 12:36 - 2013-11-11 07:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll 2013-11-20 12:36 - 2013-11-11 07:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 03467927 _____ C:\Windows\System32\nvcoproc.bin 2013-11-20 12:36 - 2013-11-11 07:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 01065248 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe 2013-11-20 12:36 - 2013-11-11 07:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 00067072 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll 2013-11-20 12:36 - 2013-11-11 07:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 30361888 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 18293608 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 18208624 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 12613408 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2013-11-20 12:32 - 2013-11-14 03:58 - 11600432 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 11514624 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 03132704 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 03125024 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 03069608 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433182.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433182.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01436528 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00707360 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00657184 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00479520 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00357152 _____ C:\Windows\System32\NvIFROpenGL.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2013-11-20 12:32 - 2013-11-14 03:58 - 00032544 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys 2013-11-20 12:32 - 2013-11-14 03:58 - 00023754 _____ C:\Windows\System32\nvinfo.pb 2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation 2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security ==================== One Month Modified Files and Folders ======= 2013-12-17 11:53 - 2013-11-30 01:12 - 00648112 _____ C:\Windows\WindowsUpdate.log 2013-12-17 11:05 - 2013-06-29 00:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-17 09:35 - 2012-04-06 11:09 - 00700720 _____ C:\Windows\System32\perfh007.dat 2013-12-17 09:35 - 2012-04-06 11:09 - 00150326 _____ C:\Windows\System32\perfc007.dat 2013-12-17 09:35 - 2009-07-13 21:13 - 01624106 _____ C:\Windows\System32\PerfStringBackup.INI 2013-12-17 09:16 - 2013-12-13 08:36 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit 2013-12-17 08:39 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-17 08:39 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-17 08:33 - 2012-10-06 09:36 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\Skype 2013-12-17 08:32 - 2013-12-16 02:34 - 00000672 _____ C:\Windows\setupact.log 2013-12-17 08:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-16 02:34 - 2013-12-16 02:34 - 00326280 _____ C:\Windows\System32\FNTCACHE.DAT 2013-12-16 02:34 - 2013-12-16 02:34 - 00000000 _____ C:\Windows\setuperr.log 2013-12-16 01:56 - 2013-12-16 01:56 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-16 01:46 - 2013-12-16 01:46 - 00002934 _____ C:\Users\MeinerSein\Desktop\JRT.txt 2013-12-16 01:40 - 2013-12-16 01:40 - 00000000 ____D C:\Windows\ERUNT 2013-12-16 01:31 - 2013-12-16 01:28 - 00000000 ____D C:\AdwCleaner 2013-12-16 01:11 - 2013-12-16 01:11 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-15 12:08 - 2013-12-15 12:07 - 05154339 _____ (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe 2013-12-15 05:22 - 2013-11-16 01:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-15 03:25 - 2013-12-15 03:25 - 00030721 _____ C:\ComboFix.txt 2013-12-15 03:25 - 2013-12-13 08:31 - 00000000 ____D C:\Qoobox 2013-12-15 03:24 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini 2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST 2013-12-14 09:31 - 2013-12-14 09:31 - 00007605 _____ C:\Users\MeinerSein\AppData\Local\Resmon.ResmonCfg 2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs 2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL 2013-12-13 08:38 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default 2013-12-13 08:37 - 2013-12-13 08:31 - 00000000 ____D C:\Windows\erdnt 2013-12-12 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-12-11 11:07 - 2013-06-29 00:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-11 11:06 - 2013-04-26 02:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 11:06 - 2013-04-26 02:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-11 10:34 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-12-11 10:21 - 2012-06-24 23:32 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-11 10:20 - 2013-07-11 11:33 - 00000000 ____D C:\Windows\System32\MRT 2013-12-11 10:19 - 2012-06-22 05:14 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA 2013-11-28 08:11 - 2012-11-17 05:39 - 01598386 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-11-26 23:31 - 2013-08-28 08:45 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-11-26 23:31 - 2012-02-24 04:59 - 00000000 ____D C:\ProgramData\Skype 2013-11-26 03:54 - 2013-12-11 10:20 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-11-26 02:19 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-11-26 02:18 - 2013-12-11 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2013-11-26 02:11 - 2013-12-11 10:20 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-26 01:48 - 2013-12-11 10:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-11-26 01:46 - 2013-12-11 10:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2013-11-26 01:41 - 2013-12-11 10:20 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-11-26 01:29 - 2013-12-11 10:20 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-11-26 01:27 - 2013-12-11 10:20 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-11-26 01:23 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-26 01:21 - 2013-12-11 10:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-11-26 01:18 - 2013-12-11 10:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-11-26 01:18 - 2013-12-11 10:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2013-11-26 01:16 - 2013-12-11 10:20 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2013-11-26 00:57 - 2013-12-11 10:20 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-11-26 00:38 - 2013-12-11 10:20 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-26 00:38 - 2013-12-11 10:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-26 00:35 - 2013-12-11 10:20 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-11-26 00:32 - 2013-12-11 10:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-26 00:28 - 2013-12-11 10:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-11-26 00:16 - 2013-12-11 10:20 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-26 00:02 - 2013-12-11 10:20 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-11-25 23:48 - 2013-12-11 10:20 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-11-25 23:32 - 2013-12-11 10:20 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-11-25 23:26 - 2013-12-11 10:20 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-25 23:07 - 2013-12-11 10:20 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-11-25 22:40 - 2013-12-11 10:20 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-11-25 22:34 - 2013-12-11 10:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-11-25 22:34 - 2013-12-11 10:20 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-11-25 22:33 - 2013-12-11 10:20 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-25 22:27 - 2013-12-11 10:20 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-25 09:37 - 2012-12-08 01:22 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\vlc 2013-11-23 10:26 - 2013-12-11 10:13 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-11-23 09:47 - 2013-12-11 10:13 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-11-23 03:48 - 2012-06-25 01:25 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\Windows Live 2013-11-23 03:26 - 2012-08-13 06:38 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\CrashDumps 2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes 2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV 2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV 2013-11-20 21:43 - 2013-10-13 05:01 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-20 12:36 - 2012-04-06 01:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-11-20 12:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help 2013-11-20 12:35 - 2013-10-13 05:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-11-20 12:35 - 2012-04-06 01:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation 2013-11-17 05:11 - 2012-06-22 04:49 - 00000000 ____D C:\ProgramData\Norton 2013-11-17 05:09 - 2012-12-05 10:22 - 00001310 _____ C:\Users\MeinerSein\Desktop\Norton-Installationsdateien.lnk 2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security 2013-11-17 04:59 - 2012-06-22 05:11 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2013-11-17 04:59 - 2012-06-22 04:59 - 00000000 ____D C:\Windows\System32\Drivers\NISx64 2013-11-17 04:58 - 2012-06-22 05:00 - 00177752 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS 2013-11-17 04:58 - 2012-06-22 05:00 - 00008222 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT 2013-11-17 04:58 - 2012-06-22 04:59 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security 2013-11-17 04:21 - 2012-06-22 05:06 - 00000000 ____D C:\Users\Public\Downloads\Norton Some content of TEMP: ==================== C:\Users\MeinerSein\AppData\Local\Temp\Quarantine.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 3 Restore point made on: 2013-12-13 08:33:06 Restore point made on: 2013-12-13 09:44:43 Restore point made on: 2013-12-15 03:05:10 ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16222.36 MB Available physical RAM: 14934.34 MB Total Pagefile: 16220.55 MB Available Pagefile: 14929.25 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:96.19 GB) (Free:9.68 GB) NTFS Drive d: (DATA) (Fixed) (Total:465.68 GB) (Free:286.21 GB) NTFS Drive f: (Linux) (Fixed) (Total:100.01 GB) (Free:99.91 GB) NTFS Drive g: (home) (Fixed) (Total:365.82 GB) (Free:365.72 GB) NTFS Drive h: (PQSERVICE) (Fixed) (Total:15.5 GB) (Free:0.74 GB) NTFS Drive i: (DUNGEONS_GOTY) (CDROM) (Total:2.75 GB) (Free:0 GB) UDF Drive j: (o_tel_o) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS Drive l: (8GBVODAFONE) (Removable) (Total:7.66 GB) (Free:7.66 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3194C7A0) Partition 1: (Not Active) - (Size=16 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=96 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3194C74E) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=366 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 8 GB) (Disk ID: E06FCDEC) Partition 1: (Not Active) - (Size=8 GB) - (Type=0B) LastRegBack: 2013-12-11 12:10 ==================== End Of Log ============================ --- --- --- --- --- --- Übrigens ist mein Lapi bisher nicht gesperrt worden, die 48h sind bereits seit 1 Tag vorüber. Ich weiss nur nicht, ob die die Malware (oder was auch immer) eingenistet hat und "schlummert" oder ob es sich durch das Schließen des Fensters per Taskmanagers erst gar nicht auf den Lapi installieren konnte. |
|
18.12.2013, 10:41
| #13 |
| /// the machine /// TB-Ausbilder | Paysafe-Trojaner eingefangen - was kann ich tun? Das ist nur Panikmache, das Teil befindet sich nur um Browser, und ist entfernt. Adobe updaten. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.12.2013, 15:16
| #14 |
| | Paysafe-Trojaner eingefangen - was kann ich tun? Alles klar. Ich werde das jetzt alles mal Schritt für Schritt "abarbeiten" und dann hier posten. Und natürlich bin ich super zufrieden mit deiner "Patenschaft". Werde auch sofort dem Link folgen und mich äußern :-) "Beißt" sich Secunia Personal Software Inspector mit Norton Internet Security? |
|
19.12.2013, 10:46
| #15 |
| /// the machine /// TB-Ausbilder | Paysafe-Trojaner eingefangen - was kann ich tun? Nö, Secunia checkt ja nur nach Updates Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Paysafe-Trojaner eingefangen - was kann ich tun? |
| browser, eingefangen, fenster, gefangen, gen, gesperrt, gründe, gründen, inter, interne, internet, laptop, meldung, nutze, paysafe, rückwärts, stunde, surfe, surfen, troja, trojaners, zahlung |
Linear-Darstellung
