|
Plagegeister aller Art und deren Bekämpfung: Internetverbindung über Port 8877 unter WIN 8.1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.01.2014, 13:04 | #1 |
| Internetverbindung über Port 8877 unter WIN 8.1 Folgendes Problem: Seit einiger Zeit funktionieren die Apps der Modern UI nicht mehr. Die Kacheln erneuern zwar den Inhalt, rufe ich die App auf (News, Sport, Wetter, Store, Finanzen) kommt die Meldung: keine Internetverbindung. Alle Desktop-Programme (Outlook, IE, Firefox, Chrom, Finanzsoftware usw.) kommen ins Web. Ich stellte fest, dass bei Systemsteuerung-Internetoptionen-Verbindung-LAN ein Proxyserver 127.0.0.1 mit Port 8877 eingetragen ist. Nehme ich den Haken bei Proxy-Server raus und stelle auf Einstellungen automatisch erkennen ist alles wieder gut. Nur bei jedem Neustart, Aufwecken aus dem Ruhezustand oder Energiesparmodus ist der Haken nach ca. 1 Minute wieder bei "Proxyserver verwenden". Ich habe den Rechner mit Malewarebytes, Eset und Adwcleaner gesäubert. Die fanden auch eine Menge Zeug aber das Grundproblem bleibt. Hat jemand einen Tipp? Ich verwende Norton IS 2014. Die ist aber nicht Schuld. Habe sie deinstalliert, brachte keine Änderung. Anschließend wieder installiert. |
30.01.2014, 13:08 | #2 |
/// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Hi
__________________hast du die Logfiles noch die erstellt wurden? Wenn ja bitte hier in CODE TAGS posten Schritt 2: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
30.01.2014, 14:20 | #3 |
| Internetverbindung über Port 8877 unter WIN 8.1 So, ich hab die Scans gemacht. Ich habe die *.txt-Dateien von Malwarebytes von gestern und heute auch hochgeladen. Nach allen Durchgängen keine Änderung. Proxy wird immer noch angehakt, von wem auch immer. Ich hoffe, ich habe das mit dem Hochladen richtig gemacht.
__________________ |
30.01.2014, 15:11 | #4 |
/// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 so dann legen wir mal los. Bitte in zukunft die Logfiles nicht als Anhang posten sondern in CODE TAGS Erklärung kommt später noch. Fürs erste kann ich so arbeiten Schritt 1: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877 C:\ProgramData\firstlsp.reg.dat C:\Users\rpmar_000\AppData\Local\Temp\BackupSetup.exe C:\Users\rpmar_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\rpmar_000\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe C:\Users\rpmar_000\AppData\Local\Temp\Quarantine.exe Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2: Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3: Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4: erstelle ein neues FRST Logfile und poste es hier Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
|
30.01.2014, 16:30 | #5 |
| Internetverbindung über Port 8877 unter WIN 8.1 Hier die Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01 Ran by rpmarr at 2014-01-30 15:47:52 Run:1 Running from C:\Users\rpmar_000\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877 C:\ProgramData\firstlsp.reg.dat C:\Users\rpmar_000\AppData\Local\Temp\BackupSetup.exe C:\Users\rpmar_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\rpmar_000\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe C:\Users\rpmar_000\AppData\Local\Temp\Quarantine.exe ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found. C:\ProgramData\firstlsp.reg.dat => Moved successfully. C:\Users\rpmar_000\AppData\Local\Temp\BackupSetup.exe => Moved successfully. C:\Users\rpmar_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully. C:\Users\rpmar_000\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe => Moved successfully. C:\Users\rpmar_000\AppData\Local\Temp\Quarantine.exe => Moved successfully. ==== End of Fixlog ==== Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 30/01/2014 um 15:52:47 # Updated 28/01/2014 von Xplode # Betriebssystem : Windows 8.1 Pro with Media Center (64 bits) # Benutzername : rpmarr - MARKIS_DESKTOP # Gestartet von : C:\Users\rpmar_000\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16384 -\\ Mozilla Firefox v26.0 (de) [ Datei : C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\prefs.js ] [ Datei : C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\prefs.js ] [ Datei : C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\prefs.js ] ************************* AdwCleaner[R0].txt - [16711 octets] - [23/01/2014 11:39:41] AdwCleaner[R1].txt - [3181 octets] - [29/01/2014 16:46:27] AdwCleaner[R2].txt - [1405 octets] - [30/01/2014 13:13:27] AdwCleaner[R3].txt - [1445 octets] - [30/01/2014 15:51:40] AdwCleaner[S0].txt - [12335 octets] - [23/01/2014 11:41:04] AdwCleaner[S1].txt - [2469 octets] - [29/01/2014 16:48:18] AdwCleaner[S2].txt - [1466 octets] - [30/01/2014 13:14:29] AdwCleaner[S3].txt - [1366 octets] - [30/01/2014 15:52:47] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1426 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows 8.1 Pro with Media Center x64 Ran by rpmarr on 30.01.2014 at 16:00:27,45 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\rpmar_000\appdata\local\cre" Successfully deleted: [Folder] "C:\ai_recyclebin" Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\rpmar_000\AppData\Roaming\mozilla\firefox\profiles\5ootzjx5.default\minidumps [6 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 30.01.2014 at 16:05:22,22 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01 Ran by rpmarr at 2014-01-30 16:28:48 Run:2 Running from C:\Users\rpmar_000\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877 C:\ProgramData\firstlsp.reg.dat C:\Users\rpmar_000\AppData\Local\Temp\BackupSetup.exe C:\Users\rpmar_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\rpmar_000\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe C:\Users\rpmar_000\AppData\Local\Temp\Quarantine.exe ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully. "C:\ProgramData\firstlsp.reg.dat" => File/Directory not found. "C:\Users\rpmar_000\AppData\Local\Temp\BackupSetup.exe" => File/Directory not found. "C:\Users\rpmar_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe" => File/Directory not found. "C:\Users\rpmar_000\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe" => File/Directory not found. C:\Users\rpmar_000\AppData\Local\Temp\Quarantine.exe => Moved successfully. ==== End of Fixlog ==== |
30.01.2014, 16:37 | #6 |
/// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Hi das FRST Log ist keines sondern das Fixlog von Schritt 1 Bitte poste mir noch das richtige. Besteht das Problem mit dem Port immernoch?
__________________ --> Internetverbindung über Port 8877 unter WIN 8.1 |
30.01.2014, 16:46 | #7 |
| Internetverbindung über Port 8877 unter WIN 8.1 Ja, das Problem besteht immer noch. Ich habe den Rechner neu gestartet. Unmittelbar nach dem Start ist alles sauber und ca. 1 Minute danach steht der Proxy wieder drin, ohne dass ich irgend ein Programm geöffnet habe. Ich weiß jetzt nicht, welche Datei Du meinst? Ich hoffe, dass es jetzt die richtige Datei ist! Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01 Ran by rpmarr at 2014-01-30 16:28:48 Run:2 Running from C:\Users\rpmar_000\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877 C:\ProgramData\firstlsp.reg.dat C:\Users\rpmar_000\AppData\Local\Temp\BackupSetup.exe C:\Users\rpmar_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\rpmar_000\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe C:\Users\rpmar_000\AppData\Local\Temp\Quarantine.exe ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully. "C:\ProgramData\firstlsp.reg.dat" => File/Directory not found. "C:\Users\rpmar_000\AppData\Local\Temp\BackupSetup.exe" => File/Directory not found. "C:\Users\rpmar_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe" => File/Directory not found. "C:\Users\rpmar_000\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe" => File/Directory not found. C:\Users\rpmar_000\AppData\Local\Temp\Quarantine.exe => Moved successfully. ==== End of Fixlog ==== |
30.01.2014, 16:47 | #8 |
/// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Du hast 2x das "Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01" gepostet. Ich benötige ein neues Logfile. Starte dazu FRST und drücke SCAN. Poste das Logfile hier |
30.01.2014, 16:51 | #9 |
| Internetverbindung über Port 8877 unter WIN 8.1 Jetzt noch mal richtig!! |
30.01.2014, 16:54 | #10 |
/// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Drückst du auf "SCAN" oder "Fix" die Datei muss FRST.log heissen. NICHT fixlog.txt |
30.01.2014, 17:16 | #11 |
| Internetverbindung über Port 8877 unter WIN 8.1 FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01 Ran by rpmarr (administrator) on MARKIS_DESKTOP on 30-01-2014 16:53:06 Running from C:\Users\rpmar_000\Desktop Windows 8.1 Pro with Media Center (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Bdrive Inc.) C:\Program Files\NetDrive\ndsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (abilis GmbH) C:\Program Files\DriveOnWeb Client\DriveOnWeb.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe (Dropbox, Inc.) C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPL.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [CNAP2 Launcher] - C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [406944 2008-04-08] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis) HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91096 2013-04-22] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-12-20] (cyberlink) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.) HKLM-x32\...\Run: [AirPort Base Station Agent] - C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.) HKLM-x32\...\Run: [NetDrive] - C:\Program Files\NetDrive\NetDrive.exe [3587072 2013-02-27] (Bdrive Inc.) HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-27] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [sysTPL] - C:\Program Files (x86)\sysTPL\sysTPL.exe [872560 2013-11-28] (Tlapia) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation) HKCU\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.) HKCU\...\Run: [DriveOnWeb Client] - C:\Program Files\DriveOnWeb Client\DriveOnWeb.exe [1196544 2013-12-04] (abilis GmbH) HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-14] (Google Inc.) Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 FireFox: ======== FF ProfilePath: C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default FF DefaultSearchEngine: Amazon FF SearchEngineOrder.1: Amazon FF SelectedSearchEngine: Amazon FF Homepage: hxxp://www.google.de/ FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ff-21&tbrId=v1_abb-channel-7_dd8d8fc999144474a9c45908a1be2ebb_30_46_20140123_DE_ff_ab_IS0&query= FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\searchplugins\amazon.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: iCloud Bookmarks - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\firefoxdav@icloud.com [2013-12-23] FF Extension: YouTube Unblocker - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-16] FF Extension: {1fa09102-1f38-4f83-ba9c-e08baf230c89} - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\{1fa09102-1f38-4f83-ba9c-e08baf230c89}.xpi [2013-11-07] FF Extension: Video HTML5 Compiler Pro - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\{368ac25b-6bc0-40e0-9e17-b88cf8cf1363}.xpi [2013-11-07] FF Extension: Adblock Plus - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-11] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-17] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-28] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Google Docs) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07] CHR Extension: (Google Drive) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07] CHR Extension: (YouTube) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07] CHR Extension: (Google Search) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07] CHR Extension: (Norton Identity Protection) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-07] CHR Extension: (Google Wallet) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07] CHR Extension: (Gmail) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07] CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\rpmar_000\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2014-01-07] CHR HKLM-x32\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\rpmar_000\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2014-01-07] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-29] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-02-27] (Bdrive Inc.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation) R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation) R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [395888 2013-11-28] (Tlapia) R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [394352 2013-11-28] (Tlapia) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [305200 2012-09-18] () ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-15] () R1 avfwot; C:\Windows\system32\DRIVERS\avfwot.sys [126792 2011-01-10] (Avira GmbH) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R2 DRHARD64; C:\WINDOWS\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHARD64; C:\WINDOWS\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHMSR64; C:\WINDOWS\system32\drivers\DRHMSR64.sys [13760 2013-07-21] () R2 DRHMSR64; C:\WINDOWS\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] () R2 easycvfs; C:\WINDOWS\system32\drivers\easycvfs.sys [107912 2010-02-22] () R2 easycvfs; C:\WINDOWS\SysWOW64\drivers\easycvfs.sys [110472 2013-12-04] () R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-28] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-28] (Symantec Corporation) R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [31136 2013-10-18] (REALiX(tm)) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140129.001\IDSvia64.sys [521944 2014-01-27] (Symantec Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-15] () S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140129.035\ENG64.SYS [126040 2014-01-28] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140129.035\EX64.SYS [2099288 2014-01-28] (Symantec Corporation) S3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-09] (Bdrive Inc.) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [47320 2013-07-29] (Realtek Microelectronics) R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) R3 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-28] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-08-29] (Acronis International GmbH) S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-08-29] (Acronis) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [130320 2013-04-25] (CyberLink Corp.) S3 DfSdkS; S3 DRHARD; \??\C:\WINDOWS\system32\DRIVERS\DRHARD.SYS [x] S2 sxuptp; \SystemRoot\System32\drivers\sxuptp.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-30 16:49 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Desktop\FRST64.exe 2014-01-30 16:38 - 2014-01-30 16:38 - 00005342 _____ C:\WINDOWS\system32\PerfStringBackup.TMP 2014-01-30 16:08 - 2014-01-30 16:08 - 01804472 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2014-01-30 16:05 - 2014-01-30 16:05 - 00000964 _____ C:\Users\rpmar_000\Desktop\JRT.txt 2014-01-30 16:00 - 2014-01-30 16:00 - 00000000 ____D C:\WINDOWS\ERUNT 2014-01-30 16:00 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Desktop\JRT.exe 2014-01-30 15:59 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Downloads\JRT.exe 2014-01-30 15:50 - 2014-01-30 13:13 - 01166132 _____ C:\Users\rpmar_000\Desktop\adwcleaner.exe 2014-01-30 15:42 - 2014-01-30 15:42 - 00009952 _____ C:\Users\rpmar_000\Documents\Einnahme_Ausgabe.xlsx 2014-01-30 14:17 - 2014-01-30 16:15 - 00000000 ____D C:\Users\rpmar_000\Documents\Malware 2014-01-30 14:08 - 2014-01-30 16:53 - 00027344 _____ C:\Users\rpmar_000\Desktop\FRST.txt 2014-01-30 14:06 - 2014-01-30 14:06 - 00068544 _____ C:\Users\rpmar_000\Downloads\FRST.txt 2014-01-30 14:06 - 2014-01-30 14:06 - 00030470 _____ C:\Users\rpmar_000\Downloads\Addition.txt 2014-01-30 14:06 - 2014-01-30 14:06 - 00000119 _____ C:\Users\rpmar_000\Desktop\Addition.txt 2014-01-30 14:05 - 2014-01-30 16:49 - 00000000 ____D C:\FRST 2014-01-30 14:05 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Downloads\FRST64.exe 2014-01-30 13:13 - 2014-01-30 13:13 - 01166132 _____ C:\Users\rpmar_000\Downloads\adwcleaner.exe 2014-01-30 08:59 - 2014-01-30 08:59 - 00281136 _____ C:\WINDOWS\Minidump\013014-7265-01.dmp 2014-01-29 20:53 - 2014-01-29 20:53 - 00009538 _____ C:\Users\rpmar_000\Documents\Malware.txt 2014-01-29 16:55 - 2014-01-29 16:55 - 00000000 ____D C:\Program Files (x86)\ESET 2014-01-29 16:49 - 2014-01-29 16:49 - 00000000 ____D C:\ProgramData\Websteroids 2014-01-29 16:45 - 2014-01-29 16:45 - 00675048 _____ C:\Users\rpmar_000\Downloads\AdwCleaner_Setup_Download.exe 2014-01-29 16:44 - 2014-01-29 16:44 - 01166132 _____ C:\Users\rpmar_000\Downloads\adwcleaner-3.018.exe 2014-01-29 16:39 - 2014-01-30 14:02 - 00000000 ____D C:\ProgramData\Updater 2014-01-29 16:39 - 2014-01-30 14:02 - 00000000 ____D C:\ProgramData\RHelpers 2014-01-29 16:10 - 2014-01-29 16:10 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Malwarebytes 2014-01-29 16:09 - 2014-01-30 13:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-29 16:09 - 2014-01-29 16:09 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-01-29 16:09 - 2014-01-29 16:09 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-29 16:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-01-29 15:09 - 2014-01-29 15:09 - 00004096 _____ C:\Users\rpmar_000\Desktop\ipdetails.txt 2014-01-29 15:02 - 2014-01-29 15:02 - 00003475 _____ C:\Users\rpmar_000\Desktop\ipdetails1.txt 2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security 2014-01-28 18:19 - 2014-01-28 18:19 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS 2014-01-28 18:19 - 2014-01-28 18:19 - 00008222 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT 2014-01-28 18:19 - 2014-01-28 18:19 - 00002597 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-01-28 18:19 - 2014-01-28 18:19 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security 2014-01-28 18:10 - 2014-01-28 18:15 - 204480336 ____N (Symantec Corporation) C:\Users\rpmar_000\Downloads\NIS-ESD-21.1.0-GE.exe 2014-01-28 17:55 - 2014-01-28 18:47 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\LogMeIn Rescue Applet 2014-01-28 17:55 - 2014-01-28 17:55 - 00002285 _____ C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk 2014-01-28 15:20 - 2014-01-28 15:28 - 00101386 _____ C:\Users\rpmar_000\Desktop\sfcdetails.txt 2014-01-28 15:08 - 2014-01-28 15:08 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\PackageStaging 2014-01-28 13:00 - 2014-01-28 14:16 - 00051811 _____ C:\Users\rpmar_000\Documents\sfcdetails.txt 2014-01-28 08:55 - 2014-01-28 08:57 - 00216999 _____ C:\Users\rpmar_000\Desktop\ProjStat_GCD_RPMarr.xlsx 2014-01-25 16:49 - 2014-01-25 16:49 - 00000000 ____D C:\WINDOWS\SysWOW64\AIM 2014-01-25 16:49 - 2003-12-04 15:58 - 00000696 _____ C:\WINDOWS\SysWOW64\jetodbc.rsp 2014-01-25 16:49 - 2002-12-11 19:12 - 00760968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSDMOD.DLL 2014-01-25 16:49 - 2002-12-11 19:12 - 00316040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DMOD.DLL 2014-01-25 16:49 - 2002-12-11 19:10 - 00816264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDMOD.DLL 2014-01-25 16:49 - 2002-12-11 17:34 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DMOD.DLL 2014-01-25 16:49 - 2002-12-11 15:16 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDMOD.DLL 2014-01-25 16:49 - 2002-08-29 03:43 - 00278559 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMV8DS32.AX 2014-01-25 16:49 - 2002-08-29 03:43 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDS32.AX 2014-01-25 16:49 - 2002-08-29 03:43 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSADDS32.AX 2014-01-25 16:49 - 2002-04-29 19:47 - 00121160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscal.ocx 2014-01-25 16:49 - 2000-06-13 00:00 - 01046288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJET35.DLL 2014-01-25 16:49 - 2000-06-13 00:00 - 00415504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSREPL35.DLL 2014-01-25 16:49 - 1999-03-05 22:15 - 00074000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrclr40.dll 2014-01-25 16:49 - 1999-03-05 22:15 - 00028944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrecr40.dll 2014-01-25 16:49 - 1998-04-24 00:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBAR332.DLL 2014-01-25 16:49 - 1998-04-24 00:00 - 00148240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJINT35.DLL 2014-01-25 16:49 - 1997-07-01 10:45 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCL35.DLL 2014-01-25 16:49 - 1997-06-23 09:06 - 00330000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCH35.DLL 2014-01-25 16:49 - 1997-06-23 09:06 - 00287504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSXBSE35.DLL 2014-01-25 16:49 - 1997-06-23 09:06 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRD2X35.DLL 2014-01-25 16:49 - 1997-06-23 09:06 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPDOX35.DLL 2014-01-25 16:49 - 1997-06-23 09:06 - 00166160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSLTUS35.DLL 2014-01-25 16:49 - 1997-06-23 09:06 - 00165648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSTEXT35.DLL 2014-01-25 16:49 - 1997-06-23 09:06 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJTER35.DLL 2014-01-25 16:48 - 2014-01-25 16:48 - 00002116 _____ C:\Users\Public\Desktop\Olympia Chronik 2014.lnk 2014-01-25 16:46 - 2014-01-25 16:46 - 00000000 ____D C:\Program Files (x86)\USM 2014-01-25 16:45 - 2014-01-03 11:55 - 24097311 _____ C:\Users\rpmar_000\Downloads\vlc-2.1.2-win32.exe 2014-01-25 16:44 - 2014-01-27 11:45 - 00000000 ____D C:\ProgramData\Ashampoo 2014-01-25 16:44 - 2014-01-25 16:44 - 00002268 _____ C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk 2014-01-25 16:44 - 2014-01-25 16:44 - 00001246 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk 2014-01-25 16:44 - 2014-01-25 16:44 - 00000214 _____ C:\Users\Public\Desktop\Your Software Deals.url 2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D C:\Program Files (x86)\Ashampoo 2014-01-25 16:44 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe 2014-01-25 16:37 - 2014-01-28 18:56 - 00000000 ____D C:\Program Files (x86)\Dr. Hardware 2013 2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ C:\Users\rpmar_000\Desktop\Dr. Hardware 2013.lnk 2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ C:\Users\marki_lokal\Desktop\Dr. Hardware 2013.lnk 2014-01-25 16:37 - 2013-07-21 17:41 - 00013760 _____ C:\WINDOWS\SysWOW64\Drivers\DRHMSR64.sys 2014-01-25 16:37 - 2013-07-21 17:41 - 00013760 _____ C:\WINDOWS\system32\Drivers\DRHMSR64.sys 2014-01-25 16:37 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\WINDOWS\SysWOW64\Drivers\DRHARD64.sys 2014-01-25 16:37 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\WINDOWS\system32\Drivers\DRHARD64.sys 2014-01-25 15:30 - 2014-01-25 15:30 - 00023489 _____ C:\Users\rpmar_000\Documents\Transsib.txt 2014-01-25 13:29 - 2014-01-25 13:41 - 00000000 ____D C:\Users\rpmar_000\Desktop\Neuer Ordner 2014-01-25 12:09 - 2014-01-25 12:09 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1005 2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\Logitech 2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\ATI 2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\ATI 2014-01-25 12:04 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\Packages 2014-01-25 12:04 - 2014-01-25 12:04 - 00001454 _____ C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-25 12:04 - 2014-01-25 12:04 - 00000020 ___SH C:\Users\marki_lokal\ntuser.ini 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Vorlagen 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Startmenü 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Netzwerkumgebung 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Lokale Einstellungen 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Eigene Dateien 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Druckumgebung 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Documents\Eigene Musik 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Documents\Eigene Bilder 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Local\Verlauf 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Local\Anwendungsdaten 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Anwendungsdaten 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\Adobe 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\VirtualStore 2014-01-25 12:03 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal 2014-01-25 12:03 - 2013-10-17 14:07 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\Microsoft Help 2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 ___HD C:\$SysReset 2014-01-23 13:58 - 2014-01-23 13:58 - 00001058 _____ C:\Users\Public\Desktop\PDF-XChange Editor.lnk 2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Tracker Software 2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D C:\Program Files\Tracker Software 2014-01-23 13:56 - 2014-01-23 13:56 - 00000000 ____D C:\Users\rpmar_000\Documents\PDF-Viewer 2014-01-23 13:54 - 2014-01-23 13:56 - 53393688 _____ C:\Users\rpmar_000\Downloads\PDFXVE3_3.0.307.1.zip 2014-01-23 11:39 - 2014-01-30 15:52 - 00000000 ____D C:\AdwCleaner 2014-01-23 11:27 - 2014-01-23 11:27 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online 2014-01-23 11:27 - 2012-07-25 12:03 - 00016896 _____ C:\WINDOWS\system32\sasnative64.exe 2014-01-23 11:26 - 2014-01-30 16:27 - 00000330 _____ C:\WINDOWS\Tasks\Digital Sites.job 2014-01-23 11:26 - 2014-01-29 16:18 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\DigitalSites 2014-01-23 11:26 - 2014-01-25 11:27 - 00000138 _____ C:\Users\rpmar_000\AppData\Roaming\WB.CFG 2014-01-23 11:26 - 2014-01-23 11:27 - 00002668 _____ C:\WINDOWS\System32\Tasks\Digital Sites 2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\ATI 2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\ATI 2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\ProgramData\ATI 2014-01-23 10:51 - 2014-01-23 13:57 - 00000000 ____D C:\ProgramData\Package Cache 2014-01-23 10:51 - 2014-01-23 10:51 - 00055441 _____ C:\WINDOWS\SysWOW64\CCCInstall_201401231051561539.log 2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\Program Files (x86)\Advanced Micro Devices, Inc 2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\AMD 2014-01-23 10:48 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2014-01-23 10:48 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2014-01-23 10:48 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2014-01-23 10:48 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2014-01-23 10:48 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2014-01-23 10:48 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2014-01-23 10:48 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys 2014-01-23 10:48 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll 2014-01-23 10:48 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll 2014-01-23 10:48 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2014-01-23 10:48 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll 2014-01-23 10:48 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2014-01-23 10:48 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2014-01-23 10:48 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll 2014-01-23 10:48 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2014-01-23 10:48 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll 2014-01-23 10:48 - 2013-11-27 09:20 - 04106240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-01-23 10:48 - 2013-11-27 05:01 - 00385614 _____ C:\WINDOWS\system32\ApnDatabase.xml 2014-01-23 10:48 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2014-01-23 10:48 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2014-01-23 10:48 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2014-01-23 10:48 - 2013-11-26 14:20 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcmde.dll 2014-01-23 10:48 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2014-01-23 10:48 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2014-01-23 10:48 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2014-01-23 10:48 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2014-01-23 10:48 - 2013-11-26 11:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-01-23 10:48 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-01-23 10:48 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-01-23 10:48 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2014-01-23 10:48 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2014-01-23 10:48 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2014-01-23 10:48 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2014-01-23 10:48 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll 2014-01-23 10:48 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-01-23 10:48 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-01-23 10:48 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll 2014-01-23 10:48 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys 2014-01-23 10:48 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2014-01-23 10:48 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2014-01-23 10:48 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2014-01-23 10:48 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2014-01-23 10:48 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2014-01-23 10:48 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2014-01-23 10:48 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-01-23 10:48 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-01-23 10:48 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll 2014-01-23 10:48 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-01-23 10:48 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2014-01-23 10:48 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2014-01-23 10:48 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2014-01-23 10:48 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2014-01-23 10:48 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2014-01-23 10:48 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2014-01-23 10:48 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-01-23 10:48 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2014-01-23 10:48 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2014-01-23 10:47 - 2013-12-11 08:55 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll 2014-01-23 10:47 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2014-01-23 10:47 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll 2014-01-23 10:47 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe 2014-01-23 10:47 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll 2014-01-23 10:47 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll 2014-01-23 10:47 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-01-23 10:47 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll 2014-01-23 10:47 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-01-23 10:47 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll 2014-01-23 10:47 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-01-23 10:47 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-01-22 13:28 - 2014-01-22 13:28 - 00003118 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe 2014-01-22 13:28 - 2014-01-22 13:28 - 00003092 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe 2014-01-22 13:28 - 2014-01-22 13:28 - 00003090 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe 2014-01-22 13:28 - 2014-01-22 13:28 - 00003062 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe 2014-01-22 13:28 - 2014-01-22 13:28 - 00003060 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe 2014-01-22 13:28 - 2014-01-22 13:28 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center 2014-01-21 15:28 - 2014-01-21 15:29 - 28028590 _____ C:\Users\rpmar_000\Downloads\WIT-Photobox.zip 2014-01-09 11:26 - 2014-01-09 11:27 - 00000000 ____D C:\Users\rpmar_000\Documents\SEPA 2014-01-09 11:24 - 2014-01-09 11:24 - 00001095 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk 2014-01-09 11:24 - 2014-01-09 11:24 - 00001075 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk 2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\PDF24 2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D C:\Program Files (x86)\PDF24 2014-01-09 11:23 - 2014-01-09 11:24 - 16189768 _____ (Geek Software GmbH ) C:\Users\rpmar_000\Downloads\pdf24-creator-6.2.0.exe 2014-01-09 10:10 - 2014-01-09 10:10 - 00003442 _____ C:\Users\rpmar_000\Downloads\Antrag (16).xml 2014-01-07 15:46 - 2013-12-19 16:16 - 01812992 _____ C:\Users\rpmar_000\Downloads\ProjStat_GCD_RPMarr_bis_12.12.12.xls 2014-01-07 10:42 - 2014-01-30 16:36 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-07 09:43 - 2014-01-07 09:43 - 00004857 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_45-b18.log 2014-01-07 09:43 - 2014-01-07 09:43 - 00000000 ____D C:\ProgramData\Oracle 2014-01-07 09:43 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-01-07 09:43 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-01-07 09:43 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-01-07 09:43 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe ==================== One Month Modified Files and Folders ======= 2014-01-30 16:53 - 2014-01-30 14:08 - 00027344 _____ C:\Users\rpmar_000\Desktop\FRST.txt 2014-01-30 16:53 - 2014-01-30 14:05 - 00000000 ____D C:\FRST 2014-01-30 16:53 - 2012-11-12 17:23 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-01-30 16:45 - 2013-10-17 14:09 - 01745218 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-30 16:42 - 2013-10-22 08:58 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\E7546975-342B-4B7C-A126-4E5CA701679A.aplzod 2014-01-30 16:42 - 2012-11-12 15:19 - 00000000 ____D C:\Users\rpmar_000\Documents\Outlook-Dateien 2014-01-30 16:40 - 2012-11-12 17:22 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1001 2014-01-30 16:38 - 2014-01-30 16:38 - 00005342 _____ C:\WINDOWS\system32\PerfStringBackup.TMP 2014-01-30 16:38 - 2013-09-30 04:58 - 00782352 _____ C:\WINDOWS\system32\perfh007.dat 2014-01-30 16:38 - 2013-09-30 04:58 - 00164592 _____ C:\WINDOWS\system32\perfc007.dat 2014-01-30 16:36 - 2014-01-07 10:42 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-30 16:34 - 2013-10-17 14:16 - 00000000 __RDO C:\Users\rpmar_000\SkyDrive 2014-01-30 16:34 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-30 16:34 - 2012-12-11 18:25 - 00156069 _____ C:\ndsvc.log 2014-01-30 16:34 - 2012-11-18 10:51 - 00000000 ___RD C:\Users\rpmar_000\Dropbox 2014-01-30 16:34 - 2012-11-18 10:46 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Dropbox 2014-01-30 16:34 - 2012-11-14 11:32 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-30 16:33 - 2013-08-22 14:25 - 04718592 ___SH C:\WINDOWS\system32\config\BBI 2014-01-30 16:27 - 2014-01-23 11:26 - 00000330 _____ C:\WINDOWS\Tasks\Digital Sites.job 2014-01-30 16:17 - 2012-11-14 11:32 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-30 16:15 - 2014-01-30 14:17 - 00000000 ____D C:\Users\rpmar_000\Documents\Malware 2014-01-30 16:08 - 2014-01-30 16:08 - 01804472 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2014-01-30 16:05 - 2014-01-30 16:05 - 00000964 _____ C:\Users\rpmar_000\Desktop\JRT.txt 2014-01-30 16:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru 2014-01-30 16:00 - 2014-01-30 16:00 - 00000000 ____D C:\WINDOWS\ERUNT 2014-01-30 15:59 - 2014-01-30 16:00 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Desktop\JRT.exe 2014-01-30 15:59 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Downloads\JRT.exe 2014-01-30 15:58 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2014-01-30 15:52 - 2014-01-23 11:39 - 00000000 ____D C:\AdwCleaner 2014-01-30 15:44 - 2012-11-12 15:30 - 00000000 ____D C:\Users\rpmar_000\Documents\WISO Mein Geld 2014-01-30 15:42 - 2014-01-30 15:42 - 00009952 _____ C:\Users\rpmar_000\Documents\Einnahme_Ausgabe.xlsx 2014-01-30 14:06 - 2014-01-30 14:06 - 00068544 _____ C:\Users\rpmar_000\Downloads\FRST.txt 2014-01-30 14:06 - 2014-01-30 14:06 - 00030470 _____ C:\Users\rpmar_000\Downloads\Addition.txt 2014-01-30 14:06 - 2014-01-30 14:06 - 00000119 _____ C:\Users\rpmar_000\Desktop\Addition.txt 2014-01-30 14:05 - 2014-01-30 16:49 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Desktop\FRST64.exe 2014-01-30 14:05 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Downloads\FRST64.exe 2014-01-30 14:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2014-01-30 14:02 - 2014-01-29 16:39 - 00000000 ____D C:\ProgramData\Updater 2014-01-30 14:02 - 2014-01-29 16:39 - 00000000 ____D C:\ProgramData\RHelpers 2014-01-30 14:02 - 2013-09-29 20:05 - 00498320 _____ C:\WINDOWS\PFRO.log 2014-01-30 13:38 - 2014-01-29 16:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-30 13:38 - 2013-12-04 10:22 - 00000000 ____D C:\Program Files\DriveOnWeb Client 2014-01-30 13:38 - 2013-11-12 11:42 - 00000000 ____D C:\Program Files (x86)\sysTPL 2014-01-30 13:13 - 2014-01-30 15:50 - 01166132 _____ C:\Users\rpmar_000\Desktop\adwcleaner.exe 2014-01-30 13:13 - 2014-01-30 13:13 - 01166132 _____ C:\Users\rpmar_000\Downloads\adwcleaner.exe 2014-01-30 12:11 - 2013-10-17 14:05 - 00000000 ____D C:\Users\rpmar_000 2014-01-30 12:11 - 2012-11-12 17:33 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\vlc 2014-01-30 08:59 - 2014-01-30 08:59 - 00281136 _____ C:\WINDOWS\Minidump\013014-7265-01.dmp 2014-01-30 08:59 - 2013-12-02 10:42 - 2056067440 _____ C:\WINDOWS\MEMORY.DMP 2014-01-30 08:59 - 2013-12-02 10:42 - 00000000 ____D C:\WINDOWS\Minidump 2014-01-30 08:59 - 2013-08-22 15:46 - 00299670 _____ C:\WINDOWS\setupact.log 2014-01-29 20:53 - 2014-01-29 20:53 - 00009538 _____ C:\Users\rpmar_000\Documents\Malware.txt 2014-01-29 16:55 - 2014-01-29 16:55 - 00000000 ____D C:\Program Files (x86)\ESET 2014-01-29 16:49 - 2014-01-29 16:49 - 00000000 ____D C:\ProgramData\Websteroids 2014-01-29 16:45 - 2014-01-29 16:45 - 00675048 _____ C:\Users\rpmar_000\Downloads\AdwCleaner_Setup_Download.exe 2014-01-29 16:44 - 2014-01-29 16:44 - 01166132 _____ C:\Users\rpmar_000\Downloads\adwcleaner-3.018.exe 2014-01-29 16:18 - 2014-01-23 11:26 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\DigitalSites 2014-01-29 16:10 - 2014-01-29 16:10 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Malwarebytes 2014-01-29 16:09 - 2014-01-29 16:09 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-01-29 16:09 - 2014-01-29 16:09 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-29 15:43 - 2013-07-08 15:28 - 00000000 ____D C:\Program Files (x86)\Steam 2014-01-29 15:09 - 2014-01-29 15:09 - 00004096 _____ C:\Users\rpmar_000\Desktop\ipdetails.txt 2014-01-29 15:02 - 2014-01-29 15:02 - 00003475 _____ C:\Users\rpmar_000\Desktop\ipdetails1.txt 2014-01-29 11:42 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM 2014-01-28 18:56 - 2014-01-25 16:37 - 00000000 ____D C:\Program Files (x86)\Dr. Hardware 2013 2014-01-28 18:47 - 2014-01-28 17:55 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\LogMeIn Rescue Applet 2014-01-28 18:46 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security 2014-01-28 18:19 - 2014-01-28 18:19 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS 2014-01-28 18:19 - 2014-01-28 18:19 - 00008222 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT 2014-01-28 18:19 - 2014-01-28 18:19 - 00002597 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-01-28 18:19 - 2014-01-28 18:19 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security 2014-01-28 18:19 - 2012-12-11 10:33 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration 2014-01-28 18:19 - 2012-12-11 10:33 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2014-01-28 18:19 - 2012-12-11 10:30 - 00000000 ____D C:\ProgramData\Norton 2014-01-28 18:15 - 2014-01-28 18:10 - 204480336 ____N (Symantec Corporation) C:\Users\rpmar_000\Downloads\NIS-ESD-21.1.0-GE.exe 2014-01-28 17:55 - 2014-01-28 17:55 - 00002285 _____ C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk 2014-01-28 15:28 - 2014-01-28 15:20 - 00101386 _____ C:\Users\rpmar_000\Desktop\sfcdetails.txt 2014-01-28 15:17 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2014-01-28 15:12 - 2012-12-11 18:25 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\CrashDumps 2014-01-28 15:08 - 2014-01-28 15:08 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\PackageStaging 2014-01-28 15:08 - 2012-11-12 08:56 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\Packages 2014-01-28 14:16 - 2014-01-28 13:00 - 00051811 _____ C:\Users\rpmar_000\Documents\sfcdetails.txt 2014-01-28 08:57 - 2014-01-28 08:55 - 00216999 _____ C:\Users\rpmar_000\Desktop\ProjStat_GCD_RPMarr.xlsx 2014-01-28 08:54 - 2013-01-10 13:28 - 00217029 _____ C:\Users\rpmar_000\Downloads\ProjStat_GCD_RPMarr.xlsx 2014-01-27 17:17 - 2013-12-02 13:48 - 00000000 __SHD C:\Users\rpmar_000\wc 2014-01-27 11:45 - 2014-01-25 16:44 - 00000000 ____D C:\ProgramData\Ashampoo 2014-01-25 16:49 - 2014-01-25 16:49 - 00000000 ____D C:\WINDOWS\SysWOW64\AIM 2014-01-25 16:49 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2014-01-25 16:49 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2014-01-25 16:48 - 2014-01-25 16:48 - 00002116 _____ C:\Users\Public\Desktop\Olympia Chronik 2014.lnk 2014-01-25 16:48 - 2012-11-12 18:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2014-01-25 16:46 - 2014-01-25 16:46 - 00000000 ____D C:\Program Files (x86)\USM 2014-01-25 16:44 - 2014-01-25 16:44 - 00002268 _____ C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk 2014-01-25 16:44 - 2014-01-25 16:44 - 00001246 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk 2014-01-25 16:44 - 2014-01-25 16:44 - 00000214 _____ C:\Users\Public\Desktop\Your Software Deals.url 2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D C:\Program Files (x86)\Ashampoo 2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ C:\Users\rpmar_000\Desktop\Dr. Hardware 2013.lnk 2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ C:\Users\marki_lokal\Desktop\Dr. Hardware 2013.lnk 2014-01-25 16:31 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration 2014-01-25 16:28 - 2012-11-14 12:37 - 00000000 ____D C:\ProgramData\CanonIJPLM 2014-01-25 15:30 - 2014-01-25 15:30 - 00023489 _____ C:\Users\rpmar_000\Documents\Transsib.txt 2014-01-25 13:41 - 2014-01-25 13:29 - 00000000 ____D C:\Users\rpmar_000\Desktop\Neuer Ordner 2014-01-25 12:09 - 2014-01-25 12:09 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1005 2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\Logitech 2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\ATI 2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\ATI 2014-01-25 12:05 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\Packages 2014-01-25 12:04 - 2014-01-25 12:04 - 00001454 _____ C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-25 12:04 - 2014-01-25 12:04 - 00000020 ___SH C:\Users\marki_lokal\ntuser.ini 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Vorlagen 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Startmenü 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Netzwerkumgebung 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Lokale Einstellungen 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Eigene Dateien 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Druckumgebung 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Documents\Eigene Musik 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Documents\Eigene Bilder 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Local\Verlauf 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Local\Anwendungsdaten 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Anwendungsdaten 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\Adobe 2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\VirtualStore 2014-01-25 12:04 - 2014-01-25 12:03 - 00000000 ____D C:\Users\marki_lokal 2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 ___HD C:\$SysReset 2014-01-25 11:27 - 2014-01-23 11:26 - 00000138 _____ C:\Users\rpmar_000\AppData\Roaming\WB.CFG 2014-01-23 13:58 - 2014-01-23 13:58 - 00001058 _____ C:\Users\Public\Desktop\PDF-XChange Editor.lnk 2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Tracker Software 2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D C:\Program Files\Tracker Software 2014-01-23 13:57 - 2014-01-23 10:51 - 00000000 ____D C:\ProgramData\Package Cache 2014-01-23 13:56 - 2014-01-23 13:56 - 00000000 ____D C:\Users\rpmar_000\Documents\PDF-Viewer 2014-01-23 13:56 - 2014-01-23 13:54 - 53393688 _____ C:\Users\rpmar_000\Downloads\PDFXVE3_3.0.307.1.zip 2014-01-23 12:14 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache 2014-01-23 11:41 - 2012-11-12 17:16 - 00000000 ___RD C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-23 11:27 - 2014-01-23 11:27 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online 2014-01-23 11:27 - 2014-01-23 11:26 - 00002668 _____ C:\WINDOWS\System32\Tasks\Digital Sites 2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\ATI 2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\ATI 2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\ProgramData\ATI 2014-01-23 10:54 - 2013-08-22 15:44 - 00482800 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2014-01-23 10:54 - 2012-11-12 17:16 - 00000000 ___RD C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData 2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore 2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer 2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager 2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera 2014-01-23 10:53 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2014-01-23 10:53 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Dism 2014-01-23 10:51 - 2014-01-23 10:51 - 00055441 _____ C:\WINDOWS\SysWOW64\CCCInstall_201401231051561539.log 2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\Program Files (x86)\Advanced Micro Devices, Inc 2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\AMD 2014-01-23 10:51 - 2013-10-17 14:03 - 00000000 ____D C:\Program Files\AMD 2014-01-23 10:46 - 2013-08-15 14:21 - 00000000 ____D C:\WINDOWS\system32\MRT 2014-01-23 10:45 - 2012-12-12 11:45 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-01-23 10:40 - 2013-12-02 11:00 - 00000000 ____D C:\Program Files\WhoCrashed 2014-01-22 13:28 - 2014-01-22 13:28 - 00003118 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe 2014-01-22 13:28 - 2014-01-22 13:28 - 00003092 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe 2014-01-22 13:28 - 2014-01-22 13:28 - 00003090 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe 2014-01-22 13:28 - 2014-01-22 13:28 - 00003062 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe 2014-01-22 13:28 - 2014-01-22 13:28 - 00003060 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe 2014-01-22 13:28 - 2014-01-22 13:28 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center 2014-01-22 12:07 - 2012-11-13 09:31 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\Adobe 2014-01-22 12:01 - 2013-10-17 14:16 - 00000650 __RSH C:\ProgramData\ntuser.pol 2014-01-22 11:52 - 2012-11-12 17:23 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-01-21 15:29 - 2014-01-21 15:28 - 28028590 _____ C:\Users\rpmar_000\Downloads\WIT-Photobox.zip 2014-01-21 11:17 - 2012-11-18 10:51 - 00001041 _____ C:\Users\rpmar_000\Desktop\Dropbox.lnk 2014-01-21 11:17 - 2012-11-18 10:47 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-21 10:44 - 2012-11-12 17:53 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\Microsoft Help 2014-01-17 12:16 - 2013-09-01 12:25 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\FileZilla 2014-01-17 11:52 - 2013-11-18 10:31 - 00000000 ____D C:\Program Files\Microsoft Office 15 2014-01-15 07:10 - 2012-11-21 17:05 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Nero 2014-01-14 17:15 - 2012-11-22 13:49 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\Nero 2014-01-14 16:31 - 2012-11-14 16:57 - 00000000 ____D C:\ProgramData\CanonIJ 2014-01-10 10:56 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2014-01-09 11:27 - 2014-01-09 11:26 - 00000000 ____D C:\Users\rpmar_000\Documents\SEPA 2014-01-09 11:24 - 2014-01-09 11:24 - 00001095 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk 2014-01-09 11:24 - 2014-01-09 11:24 - 00001075 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk 2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\PDF24 2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D C:\Program Files (x86)\PDF24 2014-01-09 11:24 - 2014-01-09 11:23 - 16189768 _____ (Geek Software GmbH ) C:\Users\rpmar_000\Downloads\pdf24-creator-6.2.0.exe 2014-01-09 10:10 - 2014-01-09 10:10 - 00003442 _____ C:\Users\rpmar_000\Downloads\Antrag (16).xml 2014-01-07 10:42 - 2012-11-14 11:32 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\Google 2014-01-07 10:42 - 2012-11-14 11:32 - 00000000 ____D C:\Program Files (x86)\Google 2014-01-07 10:41 - 2013-09-05 15:16 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014 2014-01-07 09:43 - 2014-01-07 09:43 - 00004857 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_45-b18.log 2014-01-07 09:43 - 2014-01-07 09:43 - 00000000 ____D C:\ProgramData\Oracle 2014-01-07 09:43 - 2013-07-11 11:06 - 00000000 ____D C:\Program Files (x86)\Java 2014-01-07 09:39 - 2013-11-27 11:42 - 00002125 _____ C:\Users\Public\Desktop\Nero MediaHome.lnk 2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-03 11:55 - 2014-01-25 16:45 - 24097311 _____ C:\Users\rpmar_000\Downloads\vlc-2.1.2-win32.exe Some content of TEMP: ==================== C:\Users\rpmar_000\AppData\Local\Temp\tmpE9F3.exe C:\Users\rpmar_000\AppData\Local\Temp\unrar.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-30 14:41 ==================== End Of Log ============================ --- --- --- Sobald ich mich über IE oder FF im Internet "bewege" werden die Daten für den Proxy-Server wieder eingetragen. Mache ich das mit dem Internet-Explorer von der Modern UI aus den Apps passiert nichts. |
31.01.2014, 09:24 | #12 |
/// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Ich versteh den Satz nicht. Was meinst du mit "Modern UI" |
31.01.2014, 09:43 | #13 |
| Internetverbindung über Port 8877 unter WIN 8.1 Ich meine die Kacheloberfläche. So weit ich weiß arbeiten die beiden IE (Desktop IE und Kachel-IE) unterschiedlich. Nach den ganzen Maßnahmen war übrigens der Registry-Schlüssel, der in den Log-Dateien erwähnt wurde (Proxy...127.0.0.1 usw....) wieder drin. Ich habe den gelöscht. Nach Neustart war er wieder drin. Auch nach dem Aufwecken aus dem Energiesparmodus ist der Schlüssel wieder drin und der Haken bei den Internetoptionen gesetzt. Irgendwas werkelt da im Hintergrund. |
31.01.2014, 10:27 | #14 |
/// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Hi das mit dem Schlüssel habe ich gesehen. Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
31.01.2014, 13:49 | #15 |
| Internetverbindung über Port 8877 unter WIN 8.1 Leider hat die SW nichts gefunden! Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009 www.malwarebytes.org Database version: v2014.01.31.04 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 rpmarr :: MARKIS_DESKTOP [administrator] 31.01.2014 13:33:27 mbar-log-2014-01-31 (13-33-27).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 290697 Time elapsed: 5 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
Themen zu Internetverbindung über Port 8877 unter WIN 8.1 |
127.0.0.1, automatisch, einstellungen, erkennen, eset, firefox, folge, folgendes, funktionieren, haken, inhalt, interne, internetverbindung, meldung, minute, neustart, outlook, port, problem, proxy-server, rechner, sport, stelle, verbindung, wetter, win |