Werbeblöcke; Popups von http://rvzr-a.akamaihd.net/; Wörter grün unterstrichen; ... Nerviges im Browser

ftzguiouzt · 23.12.2013, 11:37

Guten Tag

gestern habe ich mir auf einem Blog zum Thema DRM von eBooks entfernen ein Paket mit verschiedenen Softwarelösungen diesbezüglich heruntergeladen. Dabei habe ich eine .exe geladen welche dann eine .zip mit ~2MB geladen hat. Währenddessen lief der Downloadbalken aber bestimmt 10 mal auf 100%. Und in regelmäßigen abständen meldete sich Norton, dass eine Schadware entfernt wurde. Nachdem das Programm fertig war hatte ich ein Programm namens Live Support und irgendein PC Optimizer installiert. Nachdem die beiden deinstalliert waren bemerke ich noch ein paar erhebliche Performance Einbußen und alle paar Minuten öffnet sich ein Popup von hxxp://rvzr-a.akamaihd.net/. Den Inhalt sehe ich nicht da Adblock. Des weiteren ist auf jeder Seite die ich besuche ein großer Werbeblock mit der Überschrift ads not by this site. Schlußendlich wird jedes zweite Wort im Web dick grün unterstrichen und es wird entweder zum Besuchen von mediaplayertotal.com oder YourSoftSite.com aufgerufen. Mein Norton hat mir bei zwei Systemscans nicht weiterhelfen können.

Ich hoffe auf Ihren Rat, vielen Dank im Vorraus,

ftzguiouzt

cosinus · 23.12.2013, 12:42

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

ftzguiouzt · 23.12.2013, 13:16

Vielen Dank.

Seit dem letzten Post habe ich das Norton Power Eraser Tool und den Combofix durchlaufen lassen. Letzteren auf Hinraten eines Forenmitglieds hier als Antwort auf einen ähnlichen Fall. Ich hoffe das war kein Fehler, dabei stand man solle dies nur ausführen wenn man dazu aufgefordert wird... Aber der Fall war doch sehr ähnlich. Logs habe ich keine. Außer natürlich das des Combofix, ansonsten wurde ja nichts gefunden. Auch den log des Norton Tools kann ich mal anhängen, es gab nämlich eine Datei die nicht entfernt werden konnte. Übrigens konnte mir keines der beiden Tools zum Erfolg verhelfen. Lediglich die Popups sind zumindest bis jetzt nicht mehr aufgetreten.

Edit: Das ist es, unter last month created files: 2013-12-21 01:00 - 2013-12-21 01:00 - 00320504 _____ (QuickSet) C:\Users\User\Downloads\tools v6.0.8.exe

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2013 01
Ran by User (administrator) on YANNICK-TOWER on 23-12-2013 12:47:40
Running from C:\Users\User\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Users\User\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKCU\...\Run: [F.lux] - C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKCU\...\Run: [uTorrent] - C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-17] (BitTorrent Inc.)
HKCU\...\Run: [LiveSupport] - REM "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /lo
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPA2AC5504-9841-4CF6-A9D2-3D94AF58752C&q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=DE&ver=2014&locale=de_DE&gct=sb&qsrc=2869
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO: surf and keeep - {616AE0DC-159D-47BD-2A1C-4FB67FE1466A} - C:\Program Files (x86)\surf and keeep\I.x64.dll No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: YoutubeAdblocker - {B5C95FED-FAD0-01B6-1E84-1AA619929528} - C:\Program Files (x86)\YoutubeAdblocker\MP.x64.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4d8kphr.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4d8kphr.default\Extensions\staged
FF Extension: iMacros for Firefox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4d8kphr.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4d8kphr.default\Extensions\jsterm@paulrouget.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://mystart.incredibar.com/mb178?a=6OyOhqbjvk&i=26", "hxxp://mystart.incredibar.com/mb201?a=6Oz0mgCAiO&i=26", "hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPA2AC5504-9841-4CF6-A9D2-3D94AF58752C"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Extension: (Magic Actions for YouTube\u2122) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.2.8.1_0
CHR Extension: (reddit companion) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe\1.1.2_0
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (BookmarkTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebjaniaiamlkcdjnbcacmlfapcimcnpj\0.9
CHR Extension: (Photo Zoom for Facebook) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0
CHR Extension: (Mini Radio Player) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffeaebedjghkdbccfenjbiilalegknlj\4.1.1_0
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.13_0
CHR Extension: (YoutubeAdblocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jibeddcpjkocngnflclohkaibhigeipa\1.0
CHR Extension: (Reddit Enhancement Suite) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0
CHR Extension: (Cargo Bridge) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0
CHR Extension: (eBay Extension for Google Chrome\u2122) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\3.0.1.7_0
CHR Extension: (Video Downloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.4.5_0
CHR Extension: (Google Mail Checker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0
CHR Extension: (Norton Identity Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0
CHR Extension: (Plants vs Zombies) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0
CHR Extension: (EXIF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafpfdcmppffipmhcpkbplhkoiekndck\2.4.0_0
CHR Extension: (Hangouts) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1023.433.1_0
CHR Extension: (surfa andu ikkeep) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlofkkjgpaeobhnjbefhjapgiaelpako\2.3
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Better Pop Up Blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0
CHR Extension: (YouTube Unblocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.5_0
CHR Extension: (My Chrome Theme) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0
CHR Extension: (Click&Clean App) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Canvas Rider) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.71_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-29] (DT Soft Ltd)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131220.001\IDSvia64.sys [521944 2013-12-20] (Symantec Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-04-30] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-04-30] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131222.020\ENG64.SYS [126040 2013-12-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131222.020\EX64.SYS [2099288 2013-12-23] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RTL2832UBDA; C:\Windows\SysWow64\drivers\RTL2832UBDA.sys [224488 2010-07-01] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWow64\Drivers\RTL2832UUSB.sys [39016 2010-07-01] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWow64\DRIVERS\RTL2832U_IRHID.sys [44320 2009-10-05] (Realtek)
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117080 2012-05-22] (Oracle Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 vcdrom; \??\C:\Windows\SysWOW64\drivers\VCdRom.sysa [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U2 wuaserv; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-23 12:47 - 2013-12-23 12:47 - 00021700 _____ C:\Users\User\Downloads\FRST.txt
2013-12-23 12:47 - 2013-12-23 12:47 - 00000000 ____D C:\FRST
2013-12-23 12:46 - 2013-12-23 12:46 - 01928280 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2013-12-23 12:44 - 2013-12-23 12:44 - 00034053 _____ C:\ComboFix.txt
2013-12-23 12:30 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-23 12:30 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-23 12:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-23 12:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-23 12:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-23 12:30 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-23 12:30 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-23 12:30 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-23 12:29 - 2013-12-23 12:44 - 00000000 ____D C:\Qoobox
2013-12-23 12:29 - 2013-12-23 12:43 - 00000000 ____D C:\Windows\erdnt
2013-12-23 12:17 - 2013-12-23 12:18 - 59989773 _____ C:\Users\User\Desktop\Calibre2.rar
2013-12-23 11:59 - 2013-12-23 12:27 - 00000000 ____D C:\Users\User\AppData\Local\NPE
2013-12-23 11:49 - 2013-12-23 11:49 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-12-23 11:44 - 2013-12-23 11:44 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-12-23 11:44 - 2013-12-23 11:44 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-12-23 11:44 - 2013-12-23 11:44 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-12-23 11:44 - 2013-12-23 11:44 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-23 11:43 - 2013-12-23 11:43 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-12-23 11:43 - 2013-12-23 11:43 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-12-23 11:39 - 2013-12-23 11:39 - 00000000 ____D C:\ProgramData\PCSettings
2013-12-23 11:12 - 2013-12-23 11:24 - 223165336 ____N (Symantec Corporation) C:\Users\User\Downloads\NIS_21.1.0.18_SYMTB_TMD_MRFTT_820_10131.exe
2013-12-23 10:32 - 2013-12-23 10:33 - 01021888 _____ (Symantec Corporation) C:\Users\User\Downloads\NAVDownloader.exe
2013-12-21 01:17 - 2013-12-21 01:17 - 00000000 ____D C:\Users\User\AppData\Local\calibre-cache
2013-12-21 01:16 - 2013-12-21 01:26 - 00000000 ____D C:\Users\User\Documents\Calibre-Bibliothek
2013-12-21 01:16 - 2013-12-21 01:18 - 00000000 ____D C:\Users\User\AppData\Roaming\calibre
2013-12-21 01:15 - 2013-12-23 12:23 - 00000000 ____D C:\Program Files\Calibre2
2013-12-21 01:12 - 2013-12-21 01:14 - 59772928 _____ C:\Users\User\Downloads\calibre-64bit-1.16.0.msi
2013-12-21 01:04 - 2013-12-21 01:04 - 00000000 ____D C:\ProgramData\QuickSet
2013-12-21 01:03 - 2013-12-21 01:03 - 00000000 ____D C:\Users\User\Documents\Optimizer Pro
2013-12-21 01:02 - 2013-12-21 01:02 - 00000000 ____D C:\ProgramData\YoutubeAdblocker
2013-12-21 01:01 - 2013-12-21 01:02 - 00000000 ____D C:\ProgramData\c43a5a85d06e3f73
2013-12-21 01:01 - 2013-12-21 01:01 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2013-12-21 01:01 - 2013-12-21 01:01 - 00000000 ____D C:\ProgramData\surf and keeep
2013-12-21 01:00 - 2013-12-21 01:04 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-21 01:00 - 2013-12-21 01:00 - 00320504 _____ (QuickSet) C:\Users\User\Downloads\tools v6.0.8.exe
2013-12-20 17:00 - 2013-12-20 17:01 - 00000000 ____D C:\Users\User\AppData\Local\Kobo
2013-12-20 17:00 - 2013-12-20 17:00 - 00000000 ____D C:\Users\User\Documents\My Digital Editions
2013-12-20 16:59 - 2013-12-20 16:59 - 00000000 ____D C:\Program Files (x86)\Kobo
2013-12-19 23:30 - 2013-12-19 23:31 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-19 23:30 - 2013-12-19 23:31 - 00000000 ____D C:\Program Files\iTunes
2013-12-19 23:30 - 2013-12-19 23:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-19 23:30 - 2013-12-19 23:30 - 00000000 ____D C:\Program Files\iPod
2013-12-18 19:06 - 2013-12-18 19:06 - 00000000 ____D C:\Users\User\Documents\iMacros
2013-12-15 21:40 - 2013-12-15 21:40 - 00000000 ____D C:\.Trash-1000
2013-12-05 23:15 - 2013-12-11 17:07 - 00000000 ____D C:\Users\User\AppData\Roaming\Winamp
2013-12-05 23:15 - 2013-12-05 23:15 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-12-05 22:21 - 2013-12-05 22:21 - 00000000 ____D C:\Users\User\AppData\Local\Macromedia
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-05 21:26 - 2013-12-05 21:26 - 00037807 _____ C:\Users\User\Downloads\dolce_vita.zip
2013-11-29 13:28 - 2013-12-18 21:41 - 00001295 _____ C:\Users\User\Desktop\AutoIt v3 Script (neu).au3
2013-11-28 20:27 - 2013-12-23 12:43 - 00005136 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for YANNICK-TOWER-User YANNICK-TOWER
2013-11-27 23:12 - 2013-11-28 07:33 - 00000000 ____D C:\Users\User\Downloads\guiminer
2013-11-27 14:46 - 2013-11-27 14:46 - 00000000 ____D C:\Users\User\AppData\Roaming\Toribash
2013-11-27 11:59 - 2013-11-27 11:59 - 00001457 _____ C:\Users\User\Desktop\Bitcoin.lnk
2013-11-27 11:52 - 2013-11-27 23:14 - 00000000 ____D C:\Users\User\AppData\Roaming\Bitcoin
2013-11-25 20:14 - 2013-11-25 20:15 - 00003367 _____ C:\location1.txt

==================== One Month Modified Files and Folders =======

2013-12-23 12:47 - 2013-12-23 12:47 - 00021700 _____ C:\Users\User\Downloads\FRST.txt
2013-12-23 12:47 - 2013-12-23 12:47 - 00000000 ____D C:\FRST
2013-12-23 12:46 - 2013-12-23 12:46 - 01928280 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2013-12-23 12:44 - 2013-12-23 12:44 - 00034053 _____ C:\ComboFix.txt
2013-12-23 12:44 - 2013-12-23 12:29 - 00000000 ____D C:\Qoobox
2013-12-23 12:44 - 2013-06-26 22:33 - 01472638 _____ C:\Windows\WindowsUpdate.log
2013-12-23 12:44 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-23 12:43 - 2013-12-23 12:29 - 00000000 ____D C:\Windows\erdnt
2013-12-23 12:43 - 2013-11-28 20:27 - 00005136 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for YANNICK-TOWER-User YANNICK-TOWER
2013-12-23 12:40 - 2013-07-20 17:47 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2013-12-23 12:40 - 2013-06-29 00:09 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-23 12:40 - 2010-11-21 04:47 - 01417580 _____ C:\Windows\PFRO.log
2013-12-23 12:40 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-23 12:40 - 2009-07-14 05:51 - 00059003 _____ C:\Windows\setupact.log
2013-12-23 12:40 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-23 12:39 - 2009-07-14 03:34 - 90701824 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-12-23 12:39 - 2009-07-14 03:34 - 19398656 _____ C:\Windows\system32\config\SYSTEM.bak
2013-12-23 12:39 - 2009-07-14 03:34 - 04456448 _____ C:\Windows\system32\config\DEFAULT.bak
2013-12-23 12:39 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-12-23 12:39 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-12-23 12:37 - 2013-06-26 23:00 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1041097599-1003990005-2380108246-1001UA.job
2013-12-23 12:35 - 2013-06-29 00:09 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-23 12:28 - 2013-06-28 16:22 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2013-12-23 12:27 - 2013-12-23 11:59 - 00000000 ____D C:\Users\User\AppData\Local\NPE
2013-12-23 12:26 - 2013-07-05 17:10 - 00000000 ____D C:\Program Files\KMSpico
2013-12-23 12:24 - 2013-08-04 11:52 - 00000402 __RSH C:\ProgramData\ntuser.pol
2013-12-23 12:24 - 2013-06-29 01:48 - 00000000 ___RD C:\Users\User\Google Drive
2013-12-23 12:23 - 2013-12-21 01:15 - 00000000 ____D C:\Program Files\Calibre2
2013-12-23 12:23 - 2013-09-26 14:58 - 02872320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-12-23 12:23 - 2013-09-09 13:05 - 00000000 ____D C:\Users\User\AppData\Roaming\My Scripts
2013-12-23 12:23 - 2013-06-26 22:50 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-23 12:18 - 2013-12-23 12:17 - 59989773 _____ C:\Users\User\Desktop\Calibre2.rar
2013-12-23 12:00 - 2013-08-15 16:29 - 00000000 ____D C:\ProgramData\Norton
2013-12-23 11:50 - 2013-08-31 09:47 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-12-23 11:49 - 2013-12-23 11:49 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-12-23 11:44 - 2013-12-23 11:44 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-12-23 11:44 - 2013-12-23 11:44 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-12-23 11:44 - 2013-12-23 11:44 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-12-23 11:44 - 2013-12-23 11:44 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-23 11:43 - 2013-12-23 11:43 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-12-23 11:43 - 2013-12-23 11:43 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-12-23 11:39 - 2013-12-23 11:39 - 00000000 ____D C:\ProgramData\PCSettings
2013-12-23 11:24 - 2013-12-23 11:12 - 223165336 ____N (Symantec Corporation) C:\Users\User\Downloads\NIS_21.1.0.18_SYMTB_TMD_MRFTT_820_10131.exe
2013-12-23 11:02 - 2013-07-28 14:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-23 10:44 - 2013-06-29 00:55 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2013-12-23 10:38 - 2013-11-07 23:24 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8079F89F-D133-463E-9478-71AE1F93D6E9}
2013-12-23 10:33 - 2013-12-23 10:32 - 01021888 _____ (Symantec Corporation) C:\Users\User\Downloads\NAVDownloader.exe
2013-12-21 11:56 - 2009-07-14 05:45 - 04989560 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-21 01:26 - 2013-12-21 01:16 - 00000000 ____D C:\Users\User\Documents\Calibre-Bibliothek
2013-12-21 01:18 - 2013-12-21 01:16 - 00000000 ____D C:\Users\User\AppData\Roaming\calibre
2013-12-21 01:17 - 2013-12-21 01:17 - 00000000 ____D C:\Users\User\AppData\Local\calibre-cache
2013-12-21 01:14 - 2013-12-21 01:12 - 59772928 _____ C:\Users\User\Downloads\calibre-64bit-1.16.0.msi
2013-12-21 01:14 - 2013-06-26 23:22 - 00090128 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-21 01:04 - 2013-12-21 01:04 - 00000000 ____D C:\ProgramData\QuickSet
2013-12-21 01:04 - 2013-12-21 01:00 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-21 01:03 - 2013-12-21 01:03 - 00000000 ____D C:\Users\User\Documents\Optimizer Pro
2013-12-21 01:02 - 2013-12-21 01:02 - 00000000 ____D C:\ProgramData\YoutubeAdblocker
2013-12-21 01:02 - 2013-12-21 01:01 - 00000000 ____D C:\ProgramData\c43a5a85d06e3f73
2013-12-21 01:01 - 2013-12-21 01:01 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2013-12-21 01:01 - 2013-12-21 01:01 - 00000000 ____D C:\ProgramData\surf and keeep
2013-12-21 01:00 - 2013-12-21 01:00 - 00320504 _____ (QuickSet) C:\Users\User\Downloads\tools v6.0.8.exe
2013-12-21 00:48 - 2013-07-26 20:10 - 00000600 _____ C:\Users\User\PUTTY.RND
2013-12-20 23:33 - 2013-07-29 16:03 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-20 22:44 - 2013-06-29 00:47 - 00000727 _____ C:\Users\User\SciTE.session
2013-12-20 22:37 - 2013-06-26 23:00 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1041097599-1003990005-2380108246-1001Core.job
2013-12-20 17:18 - 2013-06-26 23:17 - 00766498 _____ C:\Windows\system32\perfh007.dat
2013-12-20 17:18 - 2013-06-26 23:17 - 00175000 _____ C:\Windows\system32\perfc007.dat
2013-12-20 17:18 - 2009-07-14 06:13 - 01813934 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-20 17:01 - 2013-12-20 17:00 - 00000000 ____D C:\Users\User\AppData\Local\Kobo
2013-12-20 17:00 - 2013-12-20 17:00 - 00000000 ____D C:\Users\User\Documents\My Digital Editions
2013-12-20 16:59 - 2013-12-20 16:59 - 00000000 ____D C:\Program Files (x86)\Kobo
2013-12-20 01:35 - 2013-07-28 14:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-20 01:35 - 2013-07-28 14:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-20 01:35 - 2013-07-28 14:19 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-19 23:31 - 2013-12-19 23:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-19 23:31 - 2013-12-19 23:30 - 00000000 ____D C:\Program Files\iTunes
2013-12-19 23:31 - 2013-12-19 23:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-19 23:30 - 2013-12-19 23:30 - 00000000 ____D C:\Program Files\iPod
2013-12-19 17:02 - 2013-06-30 21:00 - 00000132 _____ C:\Users\User\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-12-19 13:06 - 2013-09-01 17:09 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-12-18 21:41 - 2013-11-29 13:28 - 00001295 _____ C:\Users\User\Desktop\AutoIt v3 Script (neu).au3
2013-12-18 21:16 - 2013-06-26 23:50 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2013-12-18 21:02 - 2013-07-07 16:00 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
2013-12-18 19:06 - 2013-12-18 19:06 - 00000000 ____D C:\Users\User\Documents\iMacros
2013-12-15 21:40 - 2013-12-15 21:40 - 00000000 ____D C:\.Trash-1000
2013-12-15 21:18 - 2013-06-27 13:14 - 00000000 ____D C:\Users\User\.VirtualBox
2013-12-15 21:01 - 2013-06-29 18:36 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2013-12-11 20:26 - 2013-09-14 15:17 - 00000000 ____D C:\Users\User\Documents\Adobe
2013-12-11 20:26 - 2013-09-14 15:17 - 00000000 ____D C:\Users\User\AppData\Roaming\PACE Anti-Piracy
2013-12-11 20:26 - 2013-09-14 15:17 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-12-11 20:26 - 2013-06-29 00:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2013-12-11 18:18 - 2013-09-03 19:53 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2013-12-11 17:07 - 2013-12-05 23:15 - 00000000 ____D C:\Users\User\AppData\Roaming\Winamp
2013-12-09 22:32 - 2013-06-26 23:00 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1041097599-1003990005-2380108246-1001UA
2013-12-09 22:32 - 2013-06-26 23:00 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1041097599-1003990005-2380108246-1001Core
2013-12-07 19:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-05 23:15 - 2013-12-05 23:15 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-12-05 22:21 - 2013-12-05 22:21 - 00000000 ____D C:\Users\User\AppData\Local\Macromedia
2013-12-05 22:18 - 2013-08-29 21:51 - 00000000 ____D C:\Users\User\AppData\Local\Mozilla
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-05 21:37 - 2013-06-28 16:23 - 00000000 ____D C:\Users\User\AppData\Local\Paint.NET
2013-12-05 21:26 - 2013-12-05 21:26 - 00037807 _____ C:\Users\User\Downloads\dolce_vita.zip
2013-11-28 16:59 - 2013-09-23 20:31 - 00006667 _____ C:\Users\User\Desktop\IP Config.au3
2013-11-28 13:30 - 2013-06-29 00:09 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-28 13:30 - 2013-06-29 00:09 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-28 07:33 - 2013-11-27 23:12 - 00000000 ____D C:\Users\User\Downloads\guiminer
2013-11-27 23:14 - 2013-11-27 11:52 - 00000000 ____D C:\Users\User\AppData\Roaming\Bitcoin
2013-11-27 21:22 - 2013-09-23 20:26 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-11-27 14:46 - 2013-11-27 14:46 - 00000000 ____D C:\Users\User\AppData\Roaming\Toribash
2013-11-27 11:59 - 2013-11-27 11:59 - 00001457 _____ C:\Users\User\Desktop\Bitcoin.lnk
2013-11-27 11:52 - 2013-09-01 17:21 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-11-26 22:35 - 2013-08-31 09:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-26 22:35 - 2013-08-31 09:47 - 00000000 ____D C:\ProgramData\Skype
2013-11-25 20:15 - 2013-11-25 20:14 - 00003367 _____ C:\location1.txt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2013-12-20 19:08

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2013 01
Ran by User at 2013-12-23 12:48:04
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30303)
A Virus Named TOM (x32 Version: 1.0.49)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80328.2204)
Antichamber (x32)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0.4 (x32 Version: 2.0.4)
AutoIt v3.3.8.1 (x32)
Autostart-Manager (x32 Version: 6.02.0000)
Bonjour (Version: 3.0.0.10)
calibre 64bit (Version: 1.16.0)
Canon MP620 series MP Drivers
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225)
Cheat Engine 6.3 (x32)
Command and Conquer: Red Alert 3 - Uprising (x32)
Counter-Strike: Source (x32)
Crysis 2 Maximum Edition (x32)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240)
Cube World version 0.0.1 (x32 Version: 0.0.1)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Dead Space (x32)
DIRIS A40 (HKCU Version: 1.0.0.3)
DLC Quest (x32)
Dotfuscator Software Services - Community Edition - DEU (x32 Version: 5.0.2300.0)
Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2300.0)
EasyBCD 2.2 (x32 Version: 2.2)
f.lux (HKCU)
Fallout: New Vegas (x32)
FEZ Version 1.10 (x32 Version: 1.10)
Fliqlo Screen Saver (x32)
Fraps (remove only) (x32)
FTL: Faster Than Light (x32)
Garry's Mod (x32)
Google Chrome (HKCU Version: 31.0.1650.63)
Google Drive (x32 Version: 1.13.5782.599)
Google Talk Plugin (x32 Version: 4.9.1.16010)
Google Update Helper (x32 Version: 1.3.22.3)
iTunes (Version: 11.1.3.8)
Java 7 Update 25 (x32 Version: 7.0.250)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.5)
KMSpico 4.1 (Version: 4)
Kobo (x32 Version: 3.5.0)
Left 4 Dead 2 (x32)
LIMBO (HKCU)
Logitech Gaming Software (Version: 8.45.88)
Logitech Gaming Software 8.46 (Version: 8.46.27)
Logitech Webcam Software (Version: 12.00.1280)
Logitech Webcam Software-Treiberpaket (Version: 12.0.1278)
Magicka (x32)
Metro 2033 (x32)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709)
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - DEU (x32 Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (x32 Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0)
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017)
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Silverlight 3 SDK - Deutsch (x32 Version: 3.0.40818.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 de (x32 Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.30319)
Microsoft Team Foundation Server 2010-Objektmodell - DEU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime (x32 Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime Language Pack - DEU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Professional - DEU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.30319)
Microsoft Visual Studio Macro Tools - DEU Language Pack (x32 Version: 9.0.30729)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mirror's Edge (x32)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
My Game Long Name
Natural Selection 2 (x32)
NetCut 2.1.4 (x32)
Norton Internet Security (x32 Version: 21.1.0.18)
Notepad++ (x32 Version: 6.5)
NVIDIA PhysX (x32 Version: 9.10.0224)
OpenAL (x32)
Oracle VM VirtualBox 4.1.16 (Version: 4.1.16)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017)
Paint.NET v3.5.11 (Version: 3.61.0)
PDF Settings CS6 (x32 Version: 11.0)
PolarClock3 Screen Saver (x32)
Portal 2 (x32)
Prison Architect - Alpha 14 (x32 Version: 1)
Razer Lachesis 5600 (x32 Version: 3.00.08)
REALTEK DTV USB DEVICE (x32 Version: 1.00.0000)
Risen (x32)
Sacred 2 Gold (x32)
Sacred Citadel (x32)
Saints Row: The Third (x32)
SciTE4AutoIt3 12/29/2011 (x32 Version: 12/29/2011)
Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (Version: 10.1.2531.0)
Sid Meier's Civilization V (x32)
Skype™ 6.11 (x32 Version: 6.11.102)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
surf and keeep (x32 Version: 3.3.0.1259) <==== ATTENTION
TeamSpeak 3 Client
TeamViewer 9 (x32 Version: 9.0.24951)
Terraria (x32)
TeXstudio 2.5.2 (x32 Version: 2.5.2)
The Maxifier (x32 Version: 1.4)
The Maxifier (x32)
The Showdown Effect (x32)
Thomas Was Alone (x32)
Ubuntu (x32 Version: 12.04.1-rev273)
Unity Web Player (HKCU Version: )
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (Version: 10.1.2731.0)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (x32 Version: 4.0.8080.0)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Web Deployment Tool (Version: 1.1.0618)
Winamp (x32 Version: 5.666 )
WinPcap 4.1.3 (x32 Version: 4.1.0.2980)
WinRAR 4.10 (64-Bit) (Version: 4.10.0)
Wireshark 1.10.2 (64-bit) (x32 Version: 1.10.2)
YoutubeAdblocker (x32 Version: 1.2.0.1226) <==== ATTENTION

==================== Restore Points  =========================

21-12-2013 00:14:47 Installed calibre 64bit
23-12-2013 11:18:57 Norton_Power_Eraser_20131223121855634

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-12-23 12:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0CC4622E-4270-486C-82BE-BDF04E7728DC} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {113680BE-510F-4948-80B1-A2FA5F3612E6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {12A00391-F262-4CAC-81DA-D7BE2A7BE901} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {24DEA2D2-C4A1-4047-A3E6-D7CC3184F319} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1041097599-1003990005-2380108246-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)
Task: {3B3B3338-1F9B-4C23-A046-1DE926010CEE} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {3E25F60B-3100-4258-9F15-DF34BC572790} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1041097599-1003990005-2380108246-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)
Task: {4E576A6E-B0B4-4506-B77B-F7F7387CBB45} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {5AA1DC4B-86F0-41E5-A710-73A2F9BD6C99} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {61AD4B92-12DF-4873-9664-F5AF8CCC371A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for YANNICK-TOWER-User YANNICK-TOWER => C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE [2012-10-01] (Microsoft Corporation)
Task: {852AAEB0-F348-4CD6-A4A2-145BEA5C3E7F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {94CBD3A4-2A8B-4A1A-997B-D787786A5ACA} - System32\Tasks\AdobeAAMUpdater-1.0-YANNICK-TOWER-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {A327821A-2488-48D5-9E8F-3D5E9AECD43E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-29] (Google Inc.)
Task: {C22827F7-0612-40CF-ADA6-069E6B660A04} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {C69772F7-F426-463F-BC44-C5C88B9A4CAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-20] (Adobe Systems Incorporated)
Task: {DFA9EE34-23C5-4F44-A337-6F430A67A549} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-29] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1041097599-1003990005-2380108246-1001Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1041097599-1003990005-2380108246-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-07 20:35 - 2013-12-04 03:47 - 00702416 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-07 20:35 - 2013-12-04 03:47 - 00099792 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-07 20:35 - 2013-12-04 03:48 - 04055504 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-07 20:35 - 2013-12-04 03:48 - 00399312 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-07 20:35 - 2013-12-04 03:47 - 01619408 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-18 18:32 - 2013-12-18 18:32 - 00181760 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1211.433.2_0\plugin\ace.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\User\Cookies:5jcC7MjEyMAbZFWqAi
AlternateDataStreams: C:\Users\User\Cookies:wJxJtsgbdoDtE5K5Lp
AlternateDataStreams: C:\Users\User\Local Settings:CjXgp6smO7smZKZEoPQa
AlternateDataStreams: C:\Users\User\AppData\Local:CjXgp6smO7smZKZEoPQa
AlternateDataStreams: C:\Users\User\AppData\Local\Application Data:CjXgp6smO7smZKZEoPQa

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Canon MP620 ser Network
Description: Canon MP620 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2013 00:41:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2013 00:40:20 PM) (Source: Winlogon) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error: (12/23/2013 00:25:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2013 00:24:06 PM) (Source: Winlogon) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error: (12/23/2013 00:04:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2013 00:02:26 PM) (Source: Winlogon) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error: (12/23/2013 11:43:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2013 11:41:39 AM) (Source: Winlogon) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error: (12/23/2013 11:13:18 AM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (12/23/2013 11:13:18 AM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23


System errors:
=============
Error: (12/23/2013 00:39:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (12/23/2013 00:39:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (12/23/2013 00:38:17 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (12/23/2013 00:36:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (12/20/2013 04:27:28 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (12/20/2013 01:43:00 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Norton AntiVirus" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (12/20/2013 01:41:32 AM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Norton AntiVirus" Korrekturmaßnahmen (Restart the service) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (12/20/2013 01:40:34 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Norton AntiVirus" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (12/20/2013 01:39:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Norton AntiVirus" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Restart the service.

Error: (12/20/2013 01:37:35 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Norton AntiVirus" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Restart the service.


Microsoft Office Sessions:
=========================
Error: (12/23/2013 00:41:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2013 00:40:20 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (12/23/2013 00:25:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2013 00:24:06 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (12/23/2013 00:04:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2013 00:02:26 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (12/23/2013 11:43:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2013 11:41:39 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (12/23/2013 11:13:18 AM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (12/23/2013 11:13:18 AM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23


CodeIntegrity Errors:
===================================
  Date: 2013-12-23 12:38:17.086
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-23 12:38:17.077
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-29 01:29:40.463
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\SysWOW64\drivers\VCdRom.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-29 01:29:40.463
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\SysWOW64\drivers\VCdRom.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-29 01:28:06.220
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\User\Downloads\VCdRom.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-29 01:28:06.220
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\User\Downloads\VCdRom.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-29 01:27:48.105
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\VCdRom.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-29 01:27:48.105
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\VCdRom.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-29 01:17:30.021
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\VCdRom.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-29 01:17:30.019
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\VCdRom.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 8190.05 MB
Available physical RAM: 5554.9 MB
Total Pagefile: 16378.29 MB
Available Pagefile: 13325.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Programme) (Fixed) (Total:195.31 GB) (Free:30.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Media) (Fixed) (Total:465.76 GB) (Free:87.96 GB) NTFS
Drive e: (Ubuntu / VirtualBox) (Fixed) (Total:367.19 GB) (Free:124.29 GB) NTFS
Drive f: (Daten) (Fixed) (Total:369.01 GB) (Free:57.43 GB) NTFS
Drive h: () (Removable) (Total:14.63 GB) (Free:13.94 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 1F2ABF35)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E01AFA68)
Partition 1: (Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=367 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=369 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 0009FD90)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================

Combofix:

Code:

ATTFilter

ComboFix 13-12-21.01 - User 23.12.2013  12:31:56.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.8190.6346 [GMT 1:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\MPK
c:\programdata\MPK\1\D0000
c:\programdata\MPK\1\S0000
c:\programdata\MPK\2\D0000
c:\programdata\MPK\2\S0000
c:\programdata\MPK\CPDM\cpfm.bin
c:\programdata\MPK\M0000
c:\programdata\MPK\REFOG Keylogger\Jetzt bestellen!.lnk
c:\programdata\MPK\REFOG Keylogger\REFOG Keylogger im Internet.lnk
c:\programdata\MPK\REFOG Keylogger\REFOG Keylogger.lnk
c:\programdata\MPK\S0000
c:\users\User\AppData\Local\Temp\_MEI38842\_ctypes.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\_elementtree.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\_hashlib.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\_multiprocessing.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\_socket.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\_ssl.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\pyexpat.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\pysqlite2._sqlite.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\python27.dll
c:\users\User\AppData\Local\Temp\_MEI38842\pythoncom27.dll
c:\users\User\AppData\Local\Temp\_MEI38842\PyWinTypes27.dll
c:\users\User\AppData\Local\Temp\_MEI38842\select.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\unicodedata.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\win32api.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\win32com.shell.shell.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\win32crypt.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\win32event.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\win32file.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\win32inet.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\win32pdh.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\win32pipe.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\win32process.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\win32profile.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\win32security.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\win32ts.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\windows._lib_cacheinvalidation.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\wx._controls_.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\wx._core_.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\wx._gdi_.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\wx._html2.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\wx._misc_.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\wx._windows_.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\wx._wizard.pyd
c:\users\User\AppData\Local\Temp\_MEI38842\wxbase294u_net_vc90.dll
c:\users\User\AppData\Local\Temp\_MEI38842\wxbase294u_vc90.dll
c:\users\User\AppData\Local\Temp\_MEI38842\wxmsw294u_adv_vc90.dll
c:\users\User\AppData\Local\Temp\_MEI38842\wxmsw294u_core_vc90.dll
c:\users\User\AppData\Local\Temp\_MEI38842\wxmsw294u_html_vc90.dll
c:\users\User\AppData\Local\Temp\_MEI38842\wxmsw294u_webview_vc90.dll
c:\users\User\AppData\Roaming\poclbm
c:\users\User\AppData\Roaming\poclbm\poclbm.ini
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\MPK
c:\windows\SysWow64\MPK\cinfo.bin
c:\windows\SysWow64\MPK\Help\English\alarms.htm
c:\windows\SysWow64\MPK\Help\English\clipboard.htm
c:\windows\SysWow64\MPK\Help\English\computer.htm
c:\windows\SysWow64\MPK\Help\English\delivery.htm
c:\windows\SysWow64\MPK\Help\English\file.htm
c:\windows\SysWow64\MPK\Help\English\filters.htm
c:\windows\SysWow64\MPK\Help\English\imhelp.htm
c:\windows\SysWow64\MPK\Help\English\internet.htm
c:\windows\SysWow64\MPK\Help\English\invisible.htm
c:\windows\SysWow64\MPK\Help\English\keyboard.htm
c:\windows\SysWow64\MPK\Help\English\log_size.htm
c:\windows\SysWow64\MPK\Help\English\logging.htm
c:\windows\SysWow64\MPK\Help\English\need_update_net.htm
c:\windows\SysWow64\MPK\Help\English\password.htm
c:\windows\SysWow64\MPK\Help\English\programs.htm
c:\windows\SysWow64\MPK\Help\English\screenshot.htm
c:\windows\SysWow64\MPK\Help\English\settings_node.htm
c:\windows\SysWow64\MPK\Help\English\update.htm
c:\windows\SysWow64\MPK\Help\English\users_node.htm
c:\windows\SysWow64\MPK\Help\German\alarms.htm
c:\windows\SysWow64\MPK\Help\German\clipboard.htm
c:\windows\SysWow64\MPK\Help\German\computer.htm
c:\windows\SysWow64\MPK\Help\German\delivery.htm
c:\windows\SysWow64\MPK\Help\German\file.htm
c:\windows\SysWow64\MPK\Help\German\filters.htm
c:\windows\SysWow64\MPK\Help\German\imhelp.htm
c:\windows\SysWow64\MPK\Help\German\internet.htm
c:\windows\SysWow64\MPK\Help\German\invisible.htm
c:\windows\SysWow64\MPK\Help\German\keyboard.htm
c:\windows\SysWow64\MPK\Help\German\log_size.htm
c:\windows\SysWow64\MPK\Help\German\logging.htm
c:\windows\SysWow64\MPK\Help\German\need_update_net.htm
c:\windows\SysWow64\MPK\Help\German\password.htm
c:\windows\SysWow64\MPK\Help\German\programs.htm
c:\windows\SysWow64\MPK\Help\German\screenshot.htm
c:\windows\SysWow64\MPK\Help\German\settings_node.htm
c:\windows\SysWow64\MPK\Help\German\users_node.htm
c:\windows\SysWow64\MPK\Help\Spanish\alarms.htm
c:\windows\SysWow64\MPK\Help\Spanish\clipboard.htm
c:\windows\SysWow64\MPK\Help\Spanish\computer.htm
c:\windows\SysWow64\MPK\Help\Spanish\delivery.htm
c:\windows\SysWow64\MPK\Help\Spanish\filters.htm
c:\windows\SysWow64\MPK\Help\Spanish\internet.htm
c:\windows\SysWow64\MPK\Help\Spanish\invisible.htm
c:\windows\SysWow64\MPK\Help\Spanish\keyboard.htm
c:\windows\SysWow64\MPK\Help\Spanish\log_size.htm
c:\windows\SysWow64\MPK\Help\Spanish\logging.htm
c:\windows\SysWow64\MPK\Help\Spanish\password.htm
c:\windows\SysWow64\MPK\Help\Spanish\programs.htm
c:\windows\SysWow64\MPK\Help\Spanish\screenshot.htm
c:\windows\SysWow64\MPK\Help\Spanish\settings_node.htm
c:\windows\SysWow64\MPK\Help\Spanish\users_node.htm
c:\windows\SysWow64\MPK\icon_1.ico
c:\windows\SysWow64\MPK\Images\banner_em_english.gif
c:\windows\SysWow64\MPK\Images\banner_em_english.swf
c:\windows\SysWow64\MPK\Images\banner_em_german.gif
c:\windows\SysWow64\MPK\Images\banner_em_german.swf
c:\windows\SysWow64\MPK\Images\banner_em_spanish.gif
c:\windows\SysWow64\MPK\Images\banner_em_spanish.swf
c:\windows\SysWow64\MPK\Images\banner_english.gif
c:\windows\SysWow64\MPK\Images\banner_english.swf
c:\windows\SysWow64\MPK\Images\banner_german.gif
c:\windows\SysWow64\MPK\Images\banner_german.swf
c:\windows\SysWow64\MPK\Images\banner_pm_english.gif
c:\windows\SysWow64\MPK\Images\banner_pm_english.swf
c:\windows\SysWow64\MPK\Images\banner_pm_german.gif
c:\windows\SysWow64\MPK\Images\banner_pm_german.swf
c:\windows\SysWow64\MPK\Images\banner_pm_spanish.gif
c:\windows\SysWow64\MPK\Images\banner_pm_spanish.swf
c:\windows\SysWow64\MPK\Images\banner_russian.gif
c:\windows\SysWow64\MPK\Images\banner_spanish.gif
c:\windows\SysWow64\MPK\Images\banner_spanish.swf
c:\windows\SysWow64\MPK\Images\english.gif
c:\windows\SysWow64\MPK\Images\german.gif
c:\windows\SysWow64\MPK\Images\upgrade_aeu.png
c:\windows\SysWow64\MPK\Images\upgrade_aus.png
c:\windows\SysWow64\MPK\Images\upgrade_eu.png
c:\windows\SysWow64\MPK\Images\upgrade_faeu.png
c:\windows\SysWow64\MPK\Images\upgrade_faus.png
c:\windows\SysWow64\MPK\Images\upgrade_feu.png
c:\windows\SysWow64\MPK\Images\upgrade_fus.png
c:\windows\SysWow64\MPK\Images\upgrade_us.png
c:\windows\SysWow64\MPK\Images\vista_hide.bmp
c:\windows\SysWow64\MPK\Images\xp_hide.bmp
c:\windows\SysWow64\MPK\key.bin
c:\windows\SysWow64\MPK\Lang\Brazilian.frc
c:\windows\SysWow64\MPK\Lang\Brazilian.lng
c:\windows\SysWow64\MPK\Lang\English.frc
c:\windows\SysWow64\MPK\Lang\French.frc
c:\windows\SysWow64\MPK\Lang\French.lng
c:\windows\SysWow64\MPK\Lang\German.frc
c:\windows\SysWow64\MPK\Lang\German.lng
c:\windows\SysWow64\MPK\Lang\Italian.frc
c:\windows\SysWow64\MPK\Lang\Italian.lng
c:\windows\SysWow64\MPK\Lang\Japanese.frc
c:\windows\SysWow64\MPK\Lang\Japanese.lng
c:\windows\SysWow64\MPK\Lang\Polish.frc
c:\windows\SysWow64\MPK\Lang\Polish.lng
c:\windows\SysWow64\MPK\Lang\Portuguese.frc
c:\windows\SysWow64\MPK\Lang\Portuguese.lng
c:\windows\SysWow64\MPK\Lang\Romanian.frc
c:\windows\SysWow64\MPK\Lang\Romanian.lng
c:\windows\SysWow64\MPK\Lang\Russian.frc
c:\windows\SysWow64\MPK\Lang\Spanish.frc
c:\windows\SysWow64\MPK\Lang\Spanish.lng
c:\windows\SysWow64\MPK\Lang\Turkish.frc
c:\windows\SysWow64\MPK\Lang\Turkish.lng
c:\windows\SysWow64\MPK\libeay32.dll
c:\windows\SysWow64\MPK\lnkmst.exe
c:\windows\SysWow64\MPK\logstart.vbs
c:\windows\SysWow64\MPK\loguninstall.vbs
c:\windows\SysWow64\MPK\Mpk.dll
c:\windows\SysWow64\MPK\Mpk64.dll
c:\windows\SysWow64\MPK\MPK64.exe
c:\windows\SysWow64\MPK\sqlite3.dll
c:\windows\SysWow64\MPK\ssleay32.dll
c:\windows\SysWow64\MPK\trial_standart.ini
c:\windows\SysWow64\MPK\unins000.dat
c:\windows\SysWow64\MPK\unins000.exe
c:\windows\SysWow64\MPK\unins000.msg
c:\windows\SysWow64\MPK\update_info.bin
c:\windows\SysWow64\MPK\zlib1.dll
c:\windows\SysWow64\test
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI3051.txt
c:\windows\tmp\dd_vcredistUI3051.txt
c:\windows\tmp\fonts\fontdb
c:\windows\tmp\qtsingleapp-koboex-7d5-1-lockfile
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Nicht in der Lage zu löschen
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Service KMSELDI
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-23 bis 2013-12-23  ))))))))))))))))))))))))))))))
.
.
2013-12-23 11:38 . 2013-12-23 11:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-12-23 10:59 . 2013-12-23 11:27	--------	d-----w-	c:\users\User\AppData\Local\NPE
2013-12-23 10:44 . 2013-12-23 10:44	177752	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-12-23 10:44 . 2013-12-23 10:44	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2013-12-23 10:43 . 2013-12-23 10:43	--------	d-----w-	c:\windows\system32\drivers\NISx64
2013-12-23 10:43 . 2013-12-23 10:43	--------	d-----w-	c:\program files (x86)\Norton Internet Security
2013-12-23 10:42 . 2013-12-23 10:42	--------	d-----w-	c:\program files (x86)\NortonInstaller
2013-12-19 22:30 . 2013-12-19 22:30	--------	d-----w-	c:\program files\iPod
2013-12-19 22:30 . 2013-12-19 22:31	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-19 22:30 . 2013-12-19 22:31	--------	d-----w-	c:\program files\iTunes
2013-12-19 22:30 . 2013-12-19 22:31	--------	d-----w-	c:\program files (x86)\iTunes
2013-12-15 20:40 . 2013-12-15 20:40	--------	d---a-w-	C:\.Trash-1000
2013-12-05 22:15 . 2013-12-05 22:15	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2013-12-05 22:15 . 2013-12-11 16:07	--------	d-----w-	c:\users\User\AppData\Roaming\Winamp
2013-12-05 22:15 . 2013-12-05 22:15	--------	d-----w-	c:\program files (x86)\Winamp
2013-12-05 21:21 . 2013-12-05 21:21	--------	d-----w-	c:\users\User\AppData\Local\Macromedia
2013-11-27 13:46 . 2013-11-27 13:46	--------	d-----w-	c:\users\User\AppData\Roaming\Toribash
2013-11-27 10:52 . 2013-11-27 22:14	--------	d-----w-	c:\users\User\AppData\Roaming\Bitcoin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-23 11:23 . 2013-09-26 13:58	2872320	----a-w-	c:\windows\explorer.exe
2013-12-20 00:35 . 2013-07-28 13:19	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-20 00:35 . 2013-07-28 13:19	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-14 11:43 . 2013-08-22 17:55	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-12-14 11:33 . 2013-08-22 17:47	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-12-11 15:49 . 2013-08-26 15:23	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-12-11 15:49 . 2013-08-26 15:20	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-12-07 19:26 . 2013-08-22 17:47	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-12-05 19:08 . 2013-08-26 15:20	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-11-27 20:22 . 2013-09-23 19:26	181064	----a-w-	c:\windows\PSEXESVC.EXE
2013-11-20 19:09 . 2013-11-20 19:09	312744	----a-w-	c:\windows\system32\javaws.exe
2013-11-20 19:09 . 2013-11-20 19:09	189352	----a-w-	c:\windows\system32\javaw.exe
2013-11-20 19:09 . 2013-11-20 19:09	189352	----a-w-	c:\windows\system32\java.exe
2013-11-20 19:09 . 2013-11-20 19:09	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-10-17 15:50 . 2013-10-17 15:50	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2013-10-17 15:50 . 2013-10-17 15:50	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2013-10-17 15:50 . 2013-10-17 15:50	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2013-10-17 15:50 . 2013-10-17 15:50	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2013-06-26 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-06-26 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 18:38	1720976	----a-w-	c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 18:38	1720976	----a-w-	c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 18:38	1720976	----a-w-	c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LiveSupport"="REM" [X]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-12-06 20203904]
"F.lux"="c:\users\User\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"uTorrent"="c:\users\User\AppData\Roaming\uTorrent\uTorrent.exe" [2013-11-17 900440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="REM" [X]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys;c:\windows\SYSNATIVE\DRIVERS\RTL85n64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131220.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131220.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMNETS.SYS [x]
S2 AIPS;Arp Intelligent Protection Service;c:\program files (x86)\netcut\services\AIPS.exe;c:\program files (x86)\netcut\services\AIPS.exe [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-28 00:35]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28 23:08]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28 23:08]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1041097599-1003990005-2380108246-1001Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-26 22:00]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1041097599-1003990005-2380108246-1001UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-26 22:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-04-24 7477016]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{623A81EE-7C97-4011-ABEB-3C40C068ACE1}\14E64627F69646140553530343: NameServer = 8.8.8.8
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4d8kphr.default\
FF - ExtSQL: 2013-12-05 19:04; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
FF - ExtSQL: 2013-12-18 19:04; jsterm@paulrouget.com; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4d8kphr.default\extensions\jsterm@paulrouget.com.xpi
FF - ExtSQL: 2013-12-18 19:06; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4d8kphr.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{616AE0DC-159D-47BD-2A1C-4FB67FE1466A} - c:\program files (x86)\surf and keeep\I.x64.dll
BHO-{B5C95FED-FAD0-01B6-1E84-1AA619929528} - c:\program files (x86)\YoutubeAdblocker\MP.x64.dll
AddRemove-PolarClock3 - c:\windows\system32\PolarClock3.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\system32\drivers\NISx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vcdrom]
"ImagePath"="\??\c:\windows\SysWOW64\drivers\VCdRom.sysa"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-12-23  12:44:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-12-23 11:44
.
Vor Suchlauf: 15 Verzeichnis(se), 30.862.344.192 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 32.782.573.568 Bytes frei
.
- - End Of File - - 41CB06555FE129024FB0D9A293E054DF
8F558EB6672622401DA993E1E865C861

Der Norton log würde wohl jeglichen Rahmen sprengen, falls doch gewünscht bitte nachfragen.

edit: Ich habe nun aus Versehen einmal auf das Fragezeichen einer dieser Infoboxen geclickt und bin auf Nav-Links - Help gelandet. Dort steht

This advertisement was served by Nav-Links. NL helps useful browser extensions and toolbars remain free in exchange for displaying relevant advertisements and messages from time to time.
If you no longer wish to receive Intext Nav-Links advertisements on your computer then click here to opt-out.

Wenn man auf opt-out clickt sind die unterstrichenen Texte tatsächlich weg. Es verbleiben der enorme Performance-Verlust und die Werbeblöcke.

edit: Ich habe noch einmal einen genaueren Blick in chrome://extensions geworfen und siehe da: 4 Erweiterungen mit dubiosen Namen, die ich nicht installiert habe. Alle entfernt und vordergründig ist alles beim alten.

edit: Für Abenteuerlustige hier mal die Quelle: ACHTUNG VIRUS: hxxp://apprenticealf.wordpress.com/ 2013/10/21/ tools-v6-0-8-posted-2/

cosinus · 23.12.2013, 14:15

Zitat:

KMSpico 4.1 (Version: 4)

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

ftzguiouzt · 23.12.2013, 14:38

Ich kann den Beitrag nicht bearbeiten..

cosinus · 23.12.2013, 14:47

Es geht auch nicht um das Bearbeiten oder gar Fälschen der Logs sondern darum, dass wir hier keine Rechner mit gecrackter Software bereinigen. Die illegalen Sachen werden gelöscht/deinstalliert, dann gehts weiter.

ftzguiouzt · 23.12.2013, 14:54

Achso, ich dachte es ginge um die Nennung der Software. Das Programm werde ich sogleich deinstallieren

edit: Das Programm ist deinstalliert.

cosinus · 23.12.2013, 15:02

Du hast selbstverständlich jedes gecrackte Programm deinstalliert? Also nicht nur KMSpico sondern auch Office, dass mit dem KMS-Hack erst überhaupt "gangbar" gemacht wurde?
Und ich möchte auch drauf hinweisen, dass evtl andere gecrackte Programme und evtl noch vorhandene Cracks/Keygens runterfliegen müssen.

ftzguiouzt · 23.12.2013, 15:06

Office und KMSpico sind deinstalliert. Andere Cracks sind meines Wissens nach nicht vorhanden.

cosinus · 23.12.2013, 15:18

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

ftzguiouzt · 23.12.2013, 15:43

Der MBAR ist fertig und hat nichts gefunden. Lediglich den refog keylogger und den habe ich selbst installiert. Hier der log:

MBAR:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.23.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
User :: YANNICK-TOWER [administrator]

23.12.2013 15:28:11
mbar-log-2013-12-23 (15-28-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 252286
Time elapsed: 8 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Refog Software (Refog.Keylogger) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 23.12.2013, 15:53

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

ftzguiouzt · 23.12.2013, 16:50

Alle Schritte durchgeführt:

edit: Wie kann es eigentlich sein, dass Norton die Malware nicht einmal finden kann? Ich bezahle teures Geld für einen Schutz der mich das erste Mal dass ich ihn wirklich hätte brauchen können im Stich lässt... Kann mir vielleicht jemand zu einer sichereren Alternative raten?

1. adwCleaner

Code:

ATTFilter

# AdwCleaner v3.016 - Report created 23/12/2013 at 15:57:39
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : User - YANNICK-TOWER
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\ProgramData\surf and keeep
Folder Deleted : C:\Program Files (x86)\surf and keeep
Folder Deleted : C:\Users\User\Documents\optimizer pro
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4d8kphr.default\Extensions\staged
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4d8kphr.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\surf
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v25.0.1 (de)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4d8kphr.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [3653 octets] - [23/12/2013 15:56:13]
AdwCleaner[S0].txt - [3268 octets] - [23/12/2013 15:57:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3328 octets] ##########

2. JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by User on 23.12.2013 at 16:10:18,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup1_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\c4d8kphr.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.12.2013 at 16:11:57,38
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

3.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2013 01
Ran by User (administrator) on YANNICK-TOWER on 23-12-2013 16:46:10
Running from F:\___Backup fuer Neuinstallation!\Schadware Bekämpfung
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Flux Software LLC) C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Users\User\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKCU\...\Run: [F.lux] - C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKCU\...\Run: [uTorrent] - C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-17] (BitTorrent Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll No File
BHO: YoutubeAdblocker - {B5C95FED-FAD0-01B6-1E84-1AA619929528} - C:\Program Files (x86)\YoutubeAdblocker\MP.x64.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4d8kphr.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4d8kphr.default\Extensions\jsterm@paulrouget.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://mystart.incredibar.com/mb178?a=6OyOhqbjvk&i=26", "hxxp://mystart.incredibar.com/mb201?a=6Oz0mgCAiO&i=26", "hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPA2AC5504-9841-4CF6-A9D2-3D94AF58752C", "hxxp://www.google.com"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Extension: (Magic Actions for YouTube\u2122) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.2.8.1_0
CHR Extension: (reddit companion) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe\1.1.2_0
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (BookmarkTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebjaniaiamlkcdjnbcacmlfapcimcnpj\0.9
CHR Extension: (Photo Zoom for Facebook) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0
CHR Extension: (Mini Radio Player) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffeaebedjghkdbccfenjbiilalegknlj\4.1.1_0
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.13_0
CHR Extension: (Reddit Enhancement Suite) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0
CHR Extension: (Cargo Bridge) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0
CHR Extension: (eBay Extension for Google Chrome\u2122) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\3.0.1.7_0
CHR Extension: (Video Downloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.4.5_0
CHR Extension: (Google Mail Checker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0
CHR Extension: (Norton Identity Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0
CHR Extension: (Plants vs Zombies) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0
CHR Extension: (EXIF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafpfdcmppffipmhcpkbplhkoiekndck\2.4.0_0
CHR Extension: (Hangouts) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1023.433.1_0
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Better Pop Up Blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0
CHR Extension: (YouTube Unblocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.5_0
CHR Extension: (My Chrome Theme) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0
CHR Extension: (Click&Clean App) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Canvas Rider) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.71_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-29] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-23] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-23] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131220.001\IDSvia64.sys [521944 2013-12-20] (Symantec Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-04-30] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-04-30] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131222.020\ENG64.SYS [126040 2013-12-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131222.020\EX64.SYS [2099288 2013-12-23] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RTL2832UBDA; C:\Windows\SysWow64\drivers\RTL2832UBDA.sys [224488 2010-07-01] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWow64\Drivers\RTL2832UUSB.sys [39016 2010-07-01] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWow64\DRIVERS\RTL2832U_IRHID.sys [44320 2009-10-05] (Realtek)
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117080 2012-05-22] (Oracle Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 vcdrom; \??\C:\Windows\SysWOW64\drivers\VCdRom.sysa [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U2 wuaserv; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-23 16:11 - 2013-12-23 16:11 - 00001007 _____ C:\Users\User\Desktop\JRT.txt
2013-12-23 16:06 - 2013-12-23 16:06 - 00000000 ____D C:\Windows\ERUNT
2013-12-23 15:56 - 2013-12-23 16:04 - 00000000 ____D C:\AdwCleaner
2013-12-23 15:28 - 2013-12-23 15:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-23 15:28 - 2013-12-23 15:28 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-23 15:28 - 2013-12-23 15:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 15:19 - 2013-12-23 15:19 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-23 12:47 - 2013-12-23 12:47 - 00000000 ____D C:\FRST
2013-12-23 12:44 - 2013-12-23 12:44 - 00034053 _____ C:\ComboFix.txt
2013-12-23 12:30 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-23 12:30 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-23 12:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-23 12:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-23 12:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-23 12:30 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-23 12:30 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-23 12:30 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-23 12:29 - 2013-12-23 12:44 - 00000000 ____D C:\Qoobox
2013-12-23 12:29 - 2013-12-23 12:43 - 00000000 ____D C:\Windows\erdnt
2013-12-23 11:59 - 2013-12-23 12:27 - 00000000 ____D C:\Users\User\AppData\Local\NPE
2013-12-23 11:49 - 2013-12-23 11:49 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-12-23 11:44 - 2013-12-23 11:44 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-12-23 11:44 - 2013-12-23 11:44 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-12-23 11:44 - 2013-12-23 11:44 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-12-23 11:44 - 2013-12-23 11:44 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-23 11:43 - 2013-12-23 11:43 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-12-23 11:43 - 2013-12-23 11:43 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-12-23 11:39 - 2013-12-23 11:39 - 00000000 ____D C:\ProgramData\PCSettings
2013-12-23 11:12 - 2013-12-23 11:24 - 223165336 ____N (Symantec Corporation) C:\Users\User\Downloads\NIS_21.1.0.18_SYMTB_TMD_MRFTT_820_10131.exe
2013-12-23 10:32 - 2013-12-23 10:33 - 01021888 _____ (Symantec Corporation) C:\Users\User\Downloads\NAVDownloader.exe
2013-12-21 01:17 - 2013-12-21 01:17 - 00000000 ____D C:\Users\User\AppData\Local\calibre-cache
2013-12-21 01:16 - 2013-12-23 13:28 - 00000000 ____D C:\Users\User\Documents\Calibre-Bibliothek
2013-12-21 01:16 - 2013-12-21 01:18 - 00000000 ____D C:\Users\User\AppData\Roaming\calibre
2013-12-21 01:15 - 2013-12-23 13:27 - 00000000 ____D C:\Program Files\Calibre2
2013-12-21 01:12 - 2013-12-21 01:14 - 59772928 _____ C:\Users\User\Downloads\calibre-64bit-1.16.0.msi
2013-12-21 01:01 - 2013-12-23 15:56 - 00000000 ____D C:\ProgramData\c43a5a85d06e3f73
2013-12-21 01:01 - 2013-12-21 01:01 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2013-12-21 01:00 - 2013-12-21 01:04 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-21 01:00 - 2013-12-21 01:00 - 00320504 _____ (QuickSet) C:\Users\User\Downloads\tools v6.0.8.exe
2013-12-20 17:00 - 2013-12-20 17:01 - 00000000 ____D C:\Users\User\AppData\Local\Kobo
2013-12-20 17:00 - 2013-12-20 17:00 - 00000000 ____D C:\Users\User\Documents\My Digital Editions
2013-12-20 16:59 - 2013-12-20 16:59 - 00000000 ____D C:\Program Files (x86)\Kobo
2013-12-19 23:30 - 2013-12-19 23:31 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-19 23:30 - 2013-12-19 23:31 - 00000000 ____D C:\Program Files\iTunes
2013-12-19 23:30 - 2013-12-19 23:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-19 23:30 - 2013-12-19 23:30 - 00000000 ____D C:\Program Files\iPod
2013-12-18 19:06 - 2013-12-18 19:06 - 00000000 ____D C:\Users\User\Documents\iMacros
2013-12-15 21:40 - 2013-12-15 21:40 - 00000000 ____D C:\.Trash-1000
2013-12-05 23:15 - 2013-12-11 17:07 - 00000000 ____D C:\Users\User\AppData\Roaming\Winamp
2013-12-05 23:15 - 2013-12-05 23:15 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-12-05 22:21 - 2013-12-05 22:21 - 00000000 ____D C:\Users\User\AppData\Local\Macromedia
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-05 21:26 - 2013-12-05 21:26 - 00037807 _____ C:\Users\User\Downloads\dolce_vita.zip
2013-11-29 13:28 - 2013-12-18 21:41 - 00001295 _____ C:\Users\User\Desktop\AutoIt v3 Script (neu).au3
2013-11-28 20:27 - 2013-12-23 16:20 - 00005136 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for YANNICK-TOWER-User YANNICK-TOWER
2013-11-27 23:12 - 2013-11-28 07:33 - 00000000 ____D C:\Users\User\Downloads\guiminer
2013-11-27 14:46 - 2013-11-27 14:46 - 00000000 ____D C:\Users\User\AppData\Roaming\Toribash
2013-11-27 11:59 - 2013-11-27 11:59 - 00001457 _____ C:\Users\User\Desktop\Bitcoin.lnk
2013-11-27 11:52 - 2013-11-27 23:14 - 00000000 ____D C:\Users\User\AppData\Roaming\Bitcoin
2013-11-25 20:14 - 2013-11-25 20:15 - 00003367 _____ C:\location1.txt

==================== One Month Modified Files and Folders =======

2013-12-23 16:45 - 2013-06-28 16:22 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2013-12-23 16:37 - 2013-06-26 23:00 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1041097599-1003990005-2380108246-1001UA.job
2013-12-23 16:35 - 2013-06-29 00:09 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-23 16:20 - 2013-11-28 20:27 - 00005136 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for YANNICK-TOWER-User YANNICK-TOWER
2013-12-23 16:12 - 2013-06-26 22:33 - 01488277 _____ C:\Windows\WindowsUpdate.log
2013-12-23 16:11 - 2013-12-23 16:11 - 00001007 _____ C:\Users\User\Desktop\JRT.txt
2013-12-23 16:09 - 2013-08-04 11:52 - 00000402 __RSH C:\ProgramData\ntuser.pol
2013-12-23 16:09 - 2013-06-29 01:48 - 00000000 ___RD C:\Users\User\Google Drive
2013-12-23 16:09 - 2013-06-29 00:09 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-23 16:08 - 2013-07-20 17:47 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2013-12-23 16:08 - 2010-11-21 04:47 - 01420792 _____ C:\Windows\PFRO.log
2013-12-23 16:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-23 16:08 - 2009-07-14 05:51 - 00059115 _____ C:\Windows\setupact.log
2013-12-23 16:06 - 2013-12-23 16:06 - 00000000 ____D C:\Windows\ERUNT
2013-12-23 16:04 - 2013-12-23 15:56 - 00000000 ____D C:\AdwCleaner
2013-12-23 16:02 - 2013-07-28 14:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-23 15:58 - 2009-07-14 05:45 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-23 15:58 - 2009-07-14 05:45 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 15:56 - 2013-12-21 01:01 - 00000000 ____D C:\ProgramData\c43a5a85d06e3f73
2013-12-23 15:55 - 2013-08-31 09:47 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-12-23 15:42 - 2013-12-23 15:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-23 15:28 - 2013-12-23 15:28 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-23 15:28 - 2013-12-23 15:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 15:19 - 2013-12-23 15:19 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-23 13:28 - 2013-12-21 01:16 - 00000000 ____D C:\Users\User\Documents\Calibre-Bibliothek
2013-12-23 13:27 - 2013-12-21 01:15 - 00000000 ____D C:\Program Files\Calibre2
2013-12-23 12:47 - 2013-12-23 12:47 - 00000000 ____D C:\FRST
2013-12-23 12:44 - 2013-12-23 12:44 - 00034053 _____ C:\ComboFix.txt
2013-12-23 12:44 - 2013-12-23 12:29 - 00000000 ____D C:\Qoobox
2013-12-23 12:44 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-23 12:43 - 2013-12-23 12:29 - 00000000 ____D C:\Windows\erdnt
2013-12-23 12:40 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-23 12:39 - 2009-07-14 03:34 - 90701824 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-12-23 12:39 - 2009-07-14 03:34 - 19398656 _____ C:\Windows\system32\config\SYSTEM.bak
2013-12-23 12:39 - 2009-07-14 03:34 - 04456448 _____ C:\Windows\system32\config\DEFAULT.bak
2013-12-23 12:39 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-12-23 12:39 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-12-23 12:27 - 2013-12-23 11:59 - 00000000 ____D C:\Users\User\AppData\Local\NPE
2013-12-23 12:23 - 2013-09-26 14:58 - 02872320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-12-23 12:23 - 2013-09-09 13:05 - 00000000 ____D C:\Users\User\AppData\Roaming\My Scripts
2013-12-23 12:23 - 2013-06-26 22:50 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-23 12:00 - 2013-08-15 16:29 - 00000000 ____D C:\ProgramData\Norton
2013-12-23 11:49 - 2013-12-23 11:49 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-12-23 11:44 - 2013-12-23 11:44 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-12-23 11:44 - 2013-12-23 11:44 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-12-23 11:44 - 2013-12-23 11:44 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-12-23 11:44 - 2013-12-23 11:44 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-23 11:43 - 2013-12-23 11:43 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-12-23 11:43 - 2013-12-23 11:43 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-12-23 11:39 - 2013-12-23 11:39 - 00000000 ____D C:\ProgramData\PCSettings
2013-12-23 11:24 - 2013-12-23 11:12 - 223165336 ____N (Symantec Corporation) C:\Users\User\Downloads\NIS_21.1.0.18_SYMTB_TMD_MRFTT_820_10131.exe
2013-12-23 10:44 - 2013-06-29 00:55 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2013-12-23 10:38 - 2013-11-07 23:24 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8079F89F-D133-463E-9478-71AE1F93D6E9}
2013-12-23 10:33 - 2013-12-23 10:32 - 01021888 _____ (Symantec Corporation) C:\Users\User\Downloads\NAVDownloader.exe
2013-12-21 11:56 - 2009-07-14 05:45 - 04989560 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-21 01:18 - 2013-12-21 01:16 - 00000000 ____D C:\Users\User\AppData\Roaming\calibre
2013-12-21 01:17 - 2013-12-21 01:17 - 00000000 ____D C:\Users\User\AppData\Local\calibre-cache
2013-12-21 01:14 - 2013-12-21 01:12 - 59772928 _____ C:\Users\User\Downloads\calibre-64bit-1.16.0.msi
2013-12-21 01:14 - 2013-06-26 23:22 - 00090128 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-21 01:04 - 2013-12-21 01:00 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-21 01:01 - 2013-12-21 01:01 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2013-12-21 01:00 - 2013-12-21 01:00 - 00320504 _____ (QuickSet) C:\Users\User\Downloads\tools v6.0.8.exe
2013-12-21 00:48 - 2013-07-26 20:10 - 00000600 _____ C:\Users\User\PUTTY.RND
2013-12-20 23:33 - 2013-07-29 16:03 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-20 22:44 - 2013-06-29 00:47 - 00000727 _____ C:\Users\User\SciTE.session
2013-12-20 22:37 - 2013-06-26 23:00 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1041097599-1003990005-2380108246-1001Core.job
2013-12-20 17:18 - 2013-06-26 23:17 - 00766498 _____ C:\Windows\system32\perfh007.dat
2013-12-20 17:18 - 2013-06-26 23:17 - 00175000 _____ C:\Windows\system32\perfc007.dat
2013-12-20 17:18 - 2009-07-14 06:13 - 01813934 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-20 17:01 - 2013-12-20 17:00 - 00000000 ____D C:\Users\User\AppData\Local\Kobo
2013-12-20 17:00 - 2013-12-20 17:00 - 00000000 ____D C:\Users\User\Documents\My Digital Editions
2013-12-20 16:59 - 2013-12-20 16:59 - 00000000 ____D C:\Program Files (x86)\Kobo
2013-12-20 01:35 - 2013-07-28 14:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-20 01:35 - 2013-07-28 14:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-20 01:35 - 2013-07-28 14:19 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-19 23:31 - 2013-12-19 23:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-19 23:31 - 2013-12-19 23:30 - 00000000 ____D C:\Program Files\iTunes
2013-12-19 23:31 - 2013-12-19 23:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-19 23:30 - 2013-12-19 23:30 - 00000000 ____D C:\Program Files\iPod
2013-12-19 17:02 - 2013-06-30 21:00 - 00000132 _____ C:\Users\User\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-12-19 13:06 - 2013-09-01 17:09 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-12-18 21:41 - 2013-11-29 13:28 - 00001295 _____ C:\Users\User\Desktop\AutoIt v3 Script (neu).au3
2013-12-18 21:16 - 2013-06-26 23:50 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2013-12-18 21:02 - 2013-07-07 16:00 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
2013-12-18 19:06 - 2013-12-18 19:06 - 00000000 ____D C:\Users\User\Documents\iMacros
2013-12-15 21:40 - 2013-12-15 21:40 - 00000000 ____D C:\.Trash-1000
2013-12-15 21:18 - 2013-06-27 13:14 - 00000000 ____D C:\Users\User\.VirtualBox
2013-12-15 21:01 - 2013-06-29 18:36 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2013-12-11 20:26 - 2013-09-14 15:17 - 00000000 ____D C:\Users\User\Documents\Adobe
2013-12-11 20:26 - 2013-09-14 15:17 - 00000000 ____D C:\Users\User\AppData\Roaming\PACE Anti-Piracy
2013-12-11 20:26 - 2013-09-14 15:17 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-12-11 20:26 - 2013-06-29 00:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2013-12-11 18:18 - 2013-09-03 19:53 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2013-12-11 17:07 - 2013-12-05 23:15 - 00000000 ____D C:\Users\User\AppData\Roaming\Winamp
2013-12-09 22:32 - 2013-06-26 23:00 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1041097599-1003990005-2380108246-1001UA
2013-12-09 22:32 - 2013-06-26 23:00 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1041097599-1003990005-2380108246-1001Core
2013-12-07 19:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-05 23:15 - 2013-12-05 23:15 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-12-05 22:21 - 2013-12-05 22:21 - 00000000 ____D C:\Users\User\AppData\Local\Macromedia
2013-12-05 22:18 - 2013-08-29 21:51 - 00000000 ____D C:\Users\User\AppData\Local\Mozilla
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-05 21:37 - 2013-06-28 16:23 - 00000000 ____D C:\Users\User\AppData\Local\Paint.NET
2013-12-05 21:26 - 2013-12-05 21:26 - 00037807 _____ C:\Users\User\Downloads\dolce_vita.zip
2013-11-28 16:59 - 2013-09-23 20:31 - 00006667 _____ C:\Users\User\Desktop\IP Config.au3
2013-11-28 13:30 - 2013-06-29 00:09 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-28 13:30 - 2013-06-29 00:09 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-28 07:33 - 2013-11-27 23:12 - 00000000 ____D C:\Users\User\Downloads\guiminer
2013-11-27 23:14 - 2013-11-27 11:52 - 00000000 ____D C:\Users\User\AppData\Roaming\Bitcoin
2013-11-27 21:22 - 2013-09-23 20:26 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-11-27 14:46 - 2013-11-27 14:46 - 00000000 ____D C:\Users\User\AppData\Roaming\Toribash
2013-11-27 11:59 - 2013-11-27 11:59 - 00001457 _____ C:\Users\User\Desktop\Bitcoin.lnk
2013-11-26 22:35 - 2013-08-31 09:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-26 22:35 - 2013-08-31 09:47 - 00000000 ____D C:\ProgramData\Skype
2013-11-25 20:15 - 2013-11-25 20:14 - 00003367 _____ C:\location1.txt

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2013-12-20 19:08

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

cosinus · 23.12.2013, 16:51

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

ftzguiouzt · 23.12.2013, 17:09

Vielen Dank schon mal!

Malwarebytes hatte einen Fund, die tools vXX.exe die das Problem verursacht hat, und ESET läuft gerade durch, bisher ohne Fund. Nach dieser Aktion werde ich meinen Virenschutz erstmal austauschen, irgendwelche Empfehlungen? Ansonsten nochmals vielen Dank und ich werde dem Forum anlässlich der Jahreszeit und für die gute Unterstützung sicherlich eine Spende zukommen lassen

Mit freundlichen Grüßen,
ftzguiouzt

Werbeblöcke; Popups von http://rvzr-a.akamaihd.net/; Wörter grün unterstrichen; ... Nerviges im Browser

Plagegeister aller Art und deren Bekämpfung: Werbeblöcke; Popups von http://rvzr-a.akamaihd.net/; Wörter grün unterstrichen; ... Nerviges im Browser