| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internetverbindung über Port 8877 unter WIN 8.1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.01.2014, 13:04
| #1 |
 |  Internetverbindung über Port 8877 unter WIN 8.1 Folgendes Problem: Seit einiger Zeit funktionieren die Apps der Modern UI nicht mehr. Die Kacheln erneuern zwar den Inhalt, rufe ich die App auf (News, Sport, Wetter, Store, Finanzen) kommt die Meldung: keine Internetverbindung. Alle Desktop-Programme (Outlook, IE, Firefox, Chrom, Finanzsoftware usw.) kommen ins Web. Ich stellte fest, dass bei Systemsteuerung-Internetoptionen-Verbindung-LAN ein Proxyserver 127.0.0.1 mit Port 8877 eingetragen ist. Nehme ich den Haken bei Proxy-Server raus und stelle auf Einstellungen automatisch erkennen ist alles wieder gut. Nur bei jedem Neustart, Aufwecken aus dem Ruhezustand oder Energiesparmodus ist der Haken nach ca. 1 Minute wieder bei "Proxyserver verwenden". Ich habe den Rechner mit Malewarebytes, Eset und Adwcleaner gesäubert. Die fanden auch eine Menge Zeug aber das Grundproblem bleibt. Hat jemand einen Tipp? Ich verwende Norton IS 2014. Die ist aber nicht Schuld. Habe sie deinstalliert, brachte keine Änderung. Anschließend wieder installiert. |
|
30.01.2014, 13:08
| #2 |
| /// Malwareteam   | Internetverbindung über Port 8877 unter WIN 8.1 Hi
__________________hast du die Logfiles noch die erstellt wurden? Wenn ja bitte hier in CODE TAGS posten Schritt 2: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
30.01.2014, 14:20
| #3 |
| | Internetverbindung über Port 8877 unter WIN 8.1 So, ich hab die Scans gemacht. Ich habe die *.txt-Dateien von Malwarebytes von gestern und heute auch hochgeladen. Nach allen Durchgängen keine Änderung. Proxy wird immer noch angehakt, von wem auch immer. Ich hoffe, ich habe das mit dem Hochladen richtig gemacht.
__________________ |
|
30.01.2014, 15:11
| #4 |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 so dann legen wir mal los. Bitte in zukunft die Logfiles nicht als Anhang posten sondern in CODE TAGS Erklärung kommt später noch. Fürs erste kann ich so arbeiten Schritt 1: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877
C:\ProgramData\firstlsp.reg.dat
C:\Users\rpmar_000\AppData\Local\Temp\BackupSetup.exe
C:\Users\rpmar_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\rpmar_000\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\rpmar_000\AppData\Local\Temp\Quarantine.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3: Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4: erstelle ein neues FRST Logfile und poste es hier  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
|
|
30.01.2014, 16:30
| #5 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Hier die Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01
Ran by rpmarr at 2014-01-30 15:47:52 Run:1
Running from C:\Users\rpmar_000\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877
C:\ProgramData\firstlsp.reg.dat
C:\Users\rpmar_000\AppData\Local\Temp\BackupSetup.exe
C:\Users\rpmar_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\rpmar_000\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\rpmar_000\AppData\Local\Temp\Quarantine.exe
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
C:\ProgramData\firstlsp.reg.dat => Moved successfully.
C:\Users\rpmar_000\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\rpmar_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\rpmar_000\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe => Moved successfully.
C:\Users\rpmar_000\AppData\Local\Temp\Quarantine.exe => Moved successfully.
==== End of Fixlog ====
Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 30/01/2014 um 15:52:47
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro with Media Center (64 bits)
# Benutzername : rpmarr - MARKIS_DESKTOP
# Gestartet von : C:\Users\rpmar_000\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16384
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\prefs.js ]
[ Datei : C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\prefs.js ]
[ Datei : C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [16711 octets] - [23/01/2014 11:39:41]
AdwCleaner[R1].txt - [3181 octets] - [29/01/2014 16:46:27]
AdwCleaner[R2].txt - [1405 octets] - [30/01/2014 13:13:27]
AdwCleaner[R3].txt - [1445 octets] - [30/01/2014 15:51:40]
AdwCleaner[S0].txt - [12335 octets] - [23/01/2014 11:41:04]
AdwCleaner[S1].txt - [2469 octets] - [29/01/2014 16:48:18]
AdwCleaner[S2].txt - [1466 octets] - [30/01/2014 13:14:29]
AdwCleaner[S3].txt - [1366 octets] - [30/01/2014 15:52:47]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1426 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by rpmarr on 30.01.2014 at 16:00:27,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\rpmar_000\appdata\local\cre"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\rpmar_000\AppData\Roaming\mozilla\firefox\profiles\5ootzjx5.default\minidumps [6 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.01.2014 at 16:05:22,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01
Ran by rpmarr at 2014-01-30 16:28:48 Run:2
Running from C:\Users\rpmar_000\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877
C:\ProgramData\firstlsp.reg.dat
C:\Users\rpmar_000\AppData\Local\Temp\BackupSetup.exe
C:\Users\rpmar_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\rpmar_000\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\rpmar_000\AppData\Local\Temp\Quarantine.exe
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
"C:\ProgramData\firstlsp.reg.dat" => File/Directory not found.
"C:\Users\rpmar_000\AppData\Local\Temp\BackupSetup.exe" => File/Directory not found.
"C:\Users\rpmar_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\rpmar_000\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe" => File/Directory not found.
C:\Users\rpmar_000\AppData\Local\Temp\Quarantine.exe => Moved successfully.
==== End of Fixlog ====
|
|
30.01.2014, 16:37
| #6 |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Hi das FRST Log ist keines sondern das Fixlog von Schritt 1  Bitte poste mir noch das richtige. Besteht das Problem mit dem Port immernoch?
__________________ --> Internetverbindung über Port 8877 unter WIN 8.1 |
|
30.01.2014, 16:46
| #7 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Ja, das Problem besteht immer noch. Ich habe den Rechner neu gestartet. Unmittelbar nach dem Start ist alles sauber und ca. 1 Minute danach steht der Proxy wieder drin, ohne dass ich irgend ein Programm geöffnet habe. Ich weiß jetzt nicht, welche Datei Du meinst? Ich hoffe, dass es jetzt die richtige Datei ist! Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01
Ran by rpmarr at 2014-01-30 16:28:48 Run:2
Running from C:\Users\rpmar_000\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877
C:\ProgramData\firstlsp.reg.dat
C:\Users\rpmar_000\AppData\Local\Temp\BackupSetup.exe
C:\Users\rpmar_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\rpmar_000\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\rpmar_000\AppData\Local\Temp\Quarantine.exe
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
"C:\ProgramData\firstlsp.reg.dat" => File/Directory not found.
"C:\Users\rpmar_000\AppData\Local\Temp\BackupSetup.exe" => File/Directory not found.
"C:\Users\rpmar_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\rpmar_000\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe" => File/Directory not found.
C:\Users\rpmar_000\AppData\Local\Temp\Quarantine.exe => Moved successfully.
==== End of Fixlog ====
|
|
30.01.2014, 16:47
| #8 |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Du hast 2x das "Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01" gepostet. Ich benötige ein neues Logfile. Starte dazu FRST und drücke SCAN. Poste das Logfile hier |
|
30.01.2014, 16:51
| #9 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Jetzt noch mal richtig!! |
|
30.01.2014, 16:54
| #10 |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Drückst du auf "SCAN" oder "Fix" die Datei muss FRST.log heissen. NICHT fixlog.txt |
|
30.01.2014, 17:16
| #11 |
| | Internetverbindung über Port 8877 unter WIN 8.1 FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by rpmarr (administrator) on MARKIS_DESKTOP on 30-01-2014 16:53:06
Running from C:\Users\rpmar_000\Desktop
Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Bdrive Inc.) C:\Program Files\NetDrive\ndsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(abilis GmbH) C:\Program Files\DriveOnWeb Client\DriveOnWeb.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Dropbox, Inc.) C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPL.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [CNAP2 Launcher] - C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [406944 2008-04-08] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91096 2013-04-22] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-12-20] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [AirPort Base Station Agent] - C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [NetDrive] - C:\Program Files\NetDrive\NetDrive.exe [3587072 2013-02-27] (Bdrive Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [sysTPL] - C:\Program Files (x86)\sysTPL\sysTPL.exe [872560 2013-11-28] (Tlapia)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKCU\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKCU\...\Run: [DriveOnWeb Client] - C:\Program Files\DriveOnWeb Client\DriveOnWeb.exe [1196544 2013-12-04] (abilis GmbH)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-14] (Google Inc.)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\rpmar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
FireFox:
========
FF ProfilePath: C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default
FF DefaultSearchEngine: Amazon
FF SearchEngineOrder.1: Amazon
FF SelectedSearchEngine: Amazon
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ff-21&tbrId=v1_abb-channel-7_dd8d8fc999144474a9c45908a1be2ebb_30_46_20140123_DE_ff_ab_IS0&query=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: iCloud Bookmarks - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\firefoxdav@icloud.com [2013-12-23]
FF Extension: YouTube Unblocker - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-16]
FF Extension: {1fa09102-1f38-4f83-ba9c-e08baf230c89} - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\{1fa09102-1f38-4f83-ba9c-e08baf230c89}.xpi [2013-11-07]
FF Extension: Video HTML5 Compiler Pro - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\{368ac25b-6bc0-40e0-9e17-b88cf8cf1363}.xpi [2013-11-07]
FF Extension: Adblock Plus - C:\Users\rpmar_000\AppData\Roaming\Mozilla\Firefox\Profiles\5ootzjx5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (YouTube) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Google Search) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (Norton Identity Protection) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-07]
CHR Extension: (Google Wallet) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Gmail) - C:\Users\rpmar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\rpmar_000\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\rpmar_000\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-02-27] (Bdrive Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [395888 2013-11-28] (Tlapia)
R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [394352 2013-11-28] (Tlapia)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [305200 2012-09-18] ()
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-15] ()
R1 avfwot; C:\Windows\system32\DRIVERS\avfwot.sys [126792 2011-01-10] (Avira GmbH)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R2 DRHARD64; C:\WINDOWS\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\WINDOWS\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\WINDOWS\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\WINDOWS\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 easycvfs; C:\WINDOWS\system32\drivers\easycvfs.sys [107912 2010-02-22] ()
R2 easycvfs; C:\WINDOWS\SysWOW64\drivers\easycvfs.sys [110472 2013-12-04] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-28] (Symantec Corporation)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [31136 2013-10-18] (REALiX(tm))
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140129.001\IDSvia64.sys [521944 2014-01-27] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-15] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140129.035\ENG64.SYS [126040 2014-01-28] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140129.035\EX64.SYS [2099288 2014-01-28] (Symantec Corporation)
S3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-09] (Bdrive Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [47320 2013-07-29] (Realtek Microelectronics)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-08-29] (Acronis International GmbH)
S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-08-29] (Acronis)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [130320 2013-04-25] (CyberLink Corp.)
S3 DfSdkS;
S3 DRHARD; \??\C:\WINDOWS\system32\DRIVERS\DRHARD.SYS [x]
S2 sxuptp; \SystemRoot\System32\drivers\sxuptp.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-30 16:49 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Desktop\FRST64.exe
2014-01-30 16:38 - 2014-01-30 16:38 - 00005342 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
2014-01-30 16:08 - 2014-01-30 16:08 - 01804472 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-30 16:05 - 2014-01-30 16:05 - 00000964 _____ C:\Users\rpmar_000\Desktop\JRT.txt
2014-01-30 16:00 - 2014-01-30 16:00 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-30 16:00 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Desktop\JRT.exe
2014-01-30 15:59 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Downloads\JRT.exe
2014-01-30 15:50 - 2014-01-30 13:13 - 01166132 _____ C:\Users\rpmar_000\Desktop\adwcleaner.exe
2014-01-30 15:42 - 2014-01-30 15:42 - 00009952 _____ C:\Users\rpmar_000\Documents\Einnahme_Ausgabe.xlsx
2014-01-30 14:17 - 2014-01-30 16:15 - 00000000 ____D C:\Users\rpmar_000\Documents\Malware
2014-01-30 14:08 - 2014-01-30 16:53 - 00027344 _____ C:\Users\rpmar_000\Desktop\FRST.txt
2014-01-30 14:06 - 2014-01-30 14:06 - 00068544 _____ C:\Users\rpmar_000\Downloads\FRST.txt
2014-01-30 14:06 - 2014-01-30 14:06 - 00030470 _____ C:\Users\rpmar_000\Downloads\Addition.txt
2014-01-30 14:06 - 2014-01-30 14:06 - 00000119 _____ C:\Users\rpmar_000\Desktop\Addition.txt
2014-01-30 14:05 - 2014-01-30 16:49 - 00000000 ____D C:\FRST
2014-01-30 14:05 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Downloads\FRST64.exe
2014-01-30 13:13 - 2014-01-30 13:13 - 01166132 _____ C:\Users\rpmar_000\Downloads\adwcleaner.exe
2014-01-30 08:59 - 2014-01-30 08:59 - 00281136 _____ C:\WINDOWS\Minidump\013014-7265-01.dmp
2014-01-29 20:53 - 2014-01-29 20:53 - 00009538 _____ C:\Users\rpmar_000\Documents\Malware.txt
2014-01-29 16:55 - 2014-01-29 16:55 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-29 16:49 - 2014-01-29 16:49 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-29 16:45 - 2014-01-29 16:45 - 00675048 _____ C:\Users\rpmar_000\Downloads\AdwCleaner_Setup_Download.exe
2014-01-29 16:44 - 2014-01-29 16:44 - 01166132 _____ C:\Users\rpmar_000\Downloads\adwcleaner-3.018.exe
2014-01-29 16:39 - 2014-01-30 14:02 - 00000000 ____D C:\ProgramData\Updater
2014-01-29 16:39 - 2014-01-30 14:02 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-29 16:10 - 2014-01-29 16:10 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Malwarebytes
2014-01-29 16:09 - 2014-01-30 13:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 16:09 - 2014-01-29 16:09 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 16:09 - 2014-01-29 16:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 16:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-29 15:09 - 2014-01-29 15:09 - 00004096 _____ C:\Users\rpmar_000\Desktop\ipdetails.txt
2014-01-29 15:02 - 2014-01-29 15:02 - 00003475 _____ C:\Users\rpmar_000\Desktop\ipdetails1.txt
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-01-28 18:19 - 2014-01-28 18:19 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-28 18:19 - 2014-01-28 18:19 - 00008222 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-28 18:19 - 2014-01-28 18:19 - 00002597 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-01-28 18:19 - 2014-01-28 18:19 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2014-01-28 18:10 - 2014-01-28 18:15 - 204480336 ____N (Symantec Corporation) C:\Users\rpmar_000\Downloads\NIS-ESD-21.1.0-GE.exe
2014-01-28 17:55 - 2014-01-28 18:47 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\LogMeIn Rescue Applet
2014-01-28 17:55 - 2014-01-28 17:55 - 00002285 _____ C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2014-01-28 15:20 - 2014-01-28 15:28 - 00101386 _____ C:\Users\rpmar_000\Desktop\sfcdetails.txt
2014-01-28 15:08 - 2014-01-28 15:08 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\PackageStaging
2014-01-28 13:00 - 2014-01-28 14:16 - 00051811 _____ C:\Users\rpmar_000\Documents\sfcdetails.txt
2014-01-28 08:55 - 2014-01-28 08:57 - 00216999 _____ C:\Users\rpmar_000\Desktop\ProjStat_GCD_RPMarr.xlsx
2014-01-25 16:49 - 2014-01-25 16:49 - 00000000 ____D C:\WINDOWS\SysWOW64\AIM
2014-01-25 16:49 - 2003-12-04 15:58 - 00000696 _____ C:\WINDOWS\SysWOW64\jetodbc.rsp
2014-01-25 16:49 - 2002-12-11 19:12 - 00760968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSDMOD.DLL
2014-01-25 16:49 - 2002-12-11 19:12 - 00316040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DMOD.DLL
2014-01-25 16:49 - 2002-12-11 19:10 - 00816264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDMOD.DLL
2014-01-25 16:49 - 2002-12-11 17:34 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DMOD.DLL
2014-01-25 16:49 - 2002-12-11 15:16 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDMOD.DLL
2014-01-25 16:49 - 2002-08-29 03:43 - 00278559 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMV8DS32.AX
2014-01-25 16:49 - 2002-08-29 03:43 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDS32.AX
2014-01-25 16:49 - 2002-08-29 03:43 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSADDS32.AX
2014-01-25 16:49 - 2002-04-29 19:47 - 00121160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscal.ocx
2014-01-25 16:49 - 2000-06-13 00:00 - 01046288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJET35.DLL
2014-01-25 16:49 - 2000-06-13 00:00 - 00415504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSREPL35.DLL
2014-01-25 16:49 - 1999-03-05 22:15 - 00074000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrclr40.dll
2014-01-25 16:49 - 1999-03-05 22:15 - 00028944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrecr40.dll
2014-01-25 16:49 - 1998-04-24 00:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBAR332.DLL
2014-01-25 16:49 - 1998-04-24 00:00 - 00148240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJINT35.DLL
2014-01-25 16:49 - 1997-07-01 10:45 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCL35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00330000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCH35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00287504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSXBSE35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRD2X35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPDOX35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00166160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSLTUS35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00165648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSTEXT35.DLL
2014-01-25 16:49 - 1997-06-23 09:06 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJTER35.DLL
2014-01-25 16:48 - 2014-01-25 16:48 - 00002116 _____ C:\Users\Public\Desktop\Olympia Chronik 2014.lnk
2014-01-25 16:46 - 2014-01-25 16:46 - 00000000 ____D C:\Program Files (x86)\USM
2014-01-25 16:45 - 2014-01-03 11:55 - 24097311 _____ C:\Users\rpmar_000\Downloads\vlc-2.1.2-win32.exe
2014-01-25 16:44 - 2014-01-27 11:45 - 00000000 ____D C:\ProgramData\Ashampoo
2014-01-25 16:44 - 2014-01-25 16:44 - 00002268 _____ C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00001246 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00000214 _____ C:\Users\Public\Desktop\Your Software Deals.url
2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2014-01-25 16:44 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2014-01-25 16:37 - 2014-01-28 18:56 - 00000000 ____D C:\Program Files (x86)\Dr. Hardware 2013
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ C:\Users\rpmar_000\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ C:\Users\marki_lokal\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2013-07-21 17:41 - 00013760 _____ C:\WINDOWS\SysWOW64\Drivers\DRHMSR64.sys
2014-01-25 16:37 - 2013-07-21 17:41 - 00013760 _____ C:\WINDOWS\system32\Drivers\DRHMSR64.sys
2014-01-25 16:37 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\WINDOWS\SysWOW64\Drivers\DRHARD64.sys
2014-01-25 16:37 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\WINDOWS\system32\Drivers\DRHARD64.sys
2014-01-25 15:30 - 2014-01-25 15:30 - 00023489 _____ C:\Users\rpmar_000\Documents\Transsib.txt
2014-01-25 13:29 - 2014-01-25 13:41 - 00000000 ____D C:\Users\rpmar_000\Desktop\Neuer Ordner
2014-01-25 12:09 - 2014-01-25 12:09 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1005
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\Logitech
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\ATI
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\ATI
2014-01-25 12:04 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\Packages
2014-01-25 12:04 - 2014-01-25 12:04 - 00001454 _____ C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-25 12:04 - 2014-01-25 12:04 - 00000020 ___SH C:\Users\marki_lokal\ntuser.ini
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Vorlagen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Startmenü
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Netzwerkumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Lokale Einstellungen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Eigene Dateien
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Druckumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Documents\Eigene Musik
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Documents\Eigene Bilder
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Local\Verlauf
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Local\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\Adobe
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\VirtualStore
2014-01-25 12:03 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal
2014-01-25 12:03 - 2013-10-17 14:07 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\Microsoft Help
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-25 12:03 - 2013-08-22 16:36 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 ___HD C:\$SysReset
2014-01-23 13:58 - 2014-01-23 13:58 - 00001058 _____ C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Tracker Software
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D C:\Program Files\Tracker Software
2014-01-23 13:56 - 2014-01-23 13:56 - 00000000 ____D C:\Users\rpmar_000\Documents\PDF-Viewer
2014-01-23 13:54 - 2014-01-23 13:56 - 53393688 _____ C:\Users\rpmar_000\Downloads\PDFXVE3_3.0.307.1.zip
2014-01-23 11:39 - 2014-01-30 15:52 - 00000000 ____D C:\AdwCleaner
2014-01-23 11:27 - 2014-01-23 11:27 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online
2014-01-23 11:27 - 2012-07-25 12:03 - 00016896 _____ C:\WINDOWS\system32\sasnative64.exe
2014-01-23 11:26 - 2014-01-30 16:27 - 00000330 _____ C:\WINDOWS\Tasks\Digital Sites.job
2014-01-23 11:26 - 2014-01-29 16:18 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\DigitalSites
2014-01-23 11:26 - 2014-01-25 11:27 - 00000138 _____ C:\Users\rpmar_000\AppData\Roaming\WB.CFG
2014-01-23 11:26 - 2014-01-23 11:27 - 00002668 _____ C:\WINDOWS\System32\Tasks\Digital Sites
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\ProgramData\ATI
2014-01-23 10:51 - 2014-01-23 13:57 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-23 10:51 - 2014-01-23 10:51 - 00055441 _____ C:\WINDOWS\SysWOW64\CCCInstall_201401231051561539.log
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\AMD
2014-01-23 10:48 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-01-23 10:48 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-01-23 10:48 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-01-23 10:48 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-01-23 10:48 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-01-23 10:48 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-01-23 10:48 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-01-23 10:48 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-01-23 10:48 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-01-23 10:48 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-01-23 10:48 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-01-23 10:48 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-01-23 10:48 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-01-23 10:48 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-01-23 10:48 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-01-23 10:48 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-01-23 10:48 - 2013-11-27 09:20 - 04106240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-23 10:48 - 2013-11-27 05:01 - 00385614 _____ C:\WINDOWS\system32\ApnDatabase.xml
2014-01-23 10:48 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcmde.dll
2014-01-23 10:48 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-01-23 10:48 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-01-23 10:48 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-01-23 10:48 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-01-23 10:48 - 2013-11-26 11:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-23 10:48 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-01-23 10:48 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-01-23 10:48 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-01-23 10:48 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-01-23 10:48 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-01-23 10:48 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-01-23 10:48 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-01-23 10:48 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-01-23 10:48 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-01-23 10:48 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-01-23 10:48 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-01-23 10:48 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-01-23 10:48 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-01-23 10:48 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-23 10:48 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-23 10:48 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-23 10:48 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-23 10:48 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-01-23 10:48 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-01-23 10:48 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-01-23 10:48 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-01-23 10:48 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-01-23 10:48 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-01-23 10:48 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-01-23 10:48 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-01-23 10:48 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-01-23 10:48 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-01-23 10:48 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-01-23 10:48 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-01-23 10:48 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-01-23 10:47 - 2013-12-11 08:55 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-23 10:47 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-23 10:47 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-23 10:47 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-23 10:47 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-23 10:47 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-23 10:47 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-23 10:47 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-23 10:47 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-23 10:47 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-23 10:47 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-23 10:47 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-22 13:28 - 2014-01-22 13:28 - 00003118 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003092 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003090 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003062 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003060 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2014-01-21 15:28 - 2014-01-21 15:29 - 28028590 _____ C:\Users\rpmar_000\Downloads\WIT-Photobox.zip
2014-01-09 11:26 - 2014-01-09 11:27 - 00000000 ____D C:\Users\rpmar_000\Documents\SEPA
2014-01-09 11:24 - 2014-01-09 11:24 - 00001095 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00001075 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\PDF24
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D C:\Program Files (x86)\PDF24
2014-01-09 11:23 - 2014-01-09 11:24 - 16189768 _____ (Geek Software GmbH ) C:\Users\rpmar_000\Downloads\pdf24-creator-6.2.0.exe
2014-01-09 10:10 - 2014-01-09 10:10 - 00003442 _____ C:\Users\rpmar_000\Downloads\Antrag (16).xml
2014-01-07 15:46 - 2013-12-19 16:16 - 01812992 _____ C:\Users\rpmar_000\Downloads\ProjStat_GCD_RPMarr_bis_12.12.12.xls
2014-01-07 10:42 - 2014-01-30 16:36 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-07 09:43 - 2014-01-07 09:43 - 00004857 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-07 09:43 - 2014-01-07 09:43 - 00000000 ____D C:\ProgramData\Oracle
2014-01-07 09:43 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-07 09:43 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-07 09:43 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-07 09:43 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
==================== One Month Modified Files and Folders =======
2014-01-30 16:53 - 2014-01-30 14:08 - 00027344 _____ C:\Users\rpmar_000\Desktop\FRST.txt
2014-01-30 16:53 - 2014-01-30 14:05 - 00000000 ____D C:\FRST
2014-01-30 16:53 - 2012-11-12 17:23 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-30 16:45 - 2013-10-17 14:09 - 01745218 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-30 16:42 - 2013-10-22 08:58 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\E7546975-342B-4B7C-A126-4E5CA701679A.aplzod
2014-01-30 16:42 - 2012-11-12 15:19 - 00000000 ____D C:\Users\rpmar_000\Documents\Outlook-Dateien
2014-01-30 16:40 - 2012-11-12 17:22 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1001
2014-01-30 16:38 - 2014-01-30 16:38 - 00005342 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
2014-01-30 16:38 - 2013-09-30 04:58 - 00782352 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-30 16:38 - 2013-09-30 04:58 - 00164592 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-30 16:36 - 2014-01-07 10:42 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-30 16:34 - 2013-10-17 14:16 - 00000000 __RDO C:\Users\rpmar_000\SkyDrive
2014-01-30 16:34 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-30 16:34 - 2012-12-11 18:25 - 00156069 _____ C:\ndsvc.log
2014-01-30 16:34 - 2012-11-18 10:51 - 00000000 ___RD C:\Users\rpmar_000\Dropbox
2014-01-30 16:34 - 2012-11-18 10:46 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Dropbox
2014-01-30 16:34 - 2012-11-14 11:32 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-30 16:33 - 2013-08-22 14:25 - 04718592 ___SH C:\WINDOWS\system32\config\BBI
2014-01-30 16:27 - 2014-01-23 11:26 - 00000330 _____ C:\WINDOWS\Tasks\Digital Sites.job
2014-01-30 16:17 - 2012-11-14 11:32 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-30 16:15 - 2014-01-30 14:17 - 00000000 ____D C:\Users\rpmar_000\Documents\Malware
2014-01-30 16:08 - 2014-01-30 16:08 - 01804472 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-30 16:05 - 2014-01-30 16:05 - 00000964 _____ C:\Users\rpmar_000\Desktop\JRT.txt
2014-01-30 16:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-30 16:00 - 2014-01-30 16:00 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-30 15:59 - 2014-01-30 16:00 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Desktop\JRT.exe
2014-01-30 15:59 - 2014-01-30 15:59 - 01037068 _____ (Thisisu) C:\Users\rpmar_000\Downloads\JRT.exe
2014-01-30 15:58 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-30 15:52 - 2014-01-23 11:39 - 00000000 ____D C:\AdwCleaner
2014-01-30 15:44 - 2012-11-12 15:30 - 00000000 ____D C:\Users\rpmar_000\Documents\WISO Mein Geld
2014-01-30 15:42 - 2014-01-30 15:42 - 00009952 _____ C:\Users\rpmar_000\Documents\Einnahme_Ausgabe.xlsx
2014-01-30 14:06 - 2014-01-30 14:06 - 00068544 _____ C:\Users\rpmar_000\Downloads\FRST.txt
2014-01-30 14:06 - 2014-01-30 14:06 - 00030470 _____ C:\Users\rpmar_000\Downloads\Addition.txt
2014-01-30 14:06 - 2014-01-30 14:06 - 00000119 _____ C:\Users\rpmar_000\Desktop\Addition.txt
2014-01-30 14:05 - 2014-01-30 16:49 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Desktop\FRST64.exe
2014-01-30 14:05 - 2014-01-30 14:05 - 02079744 _____ (Farbar) C:\Users\rpmar_000\Downloads\FRST64.exe
2014-01-30 14:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2014-01-30 14:02 - 2014-01-29 16:39 - 00000000 ____D C:\ProgramData\Updater
2014-01-30 14:02 - 2014-01-29 16:39 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-30 14:02 - 2013-09-29 20:05 - 00498320 _____ C:\WINDOWS\PFRO.log
2014-01-30 13:38 - 2014-01-29 16:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 13:38 - 2013-12-04 10:22 - 00000000 ____D C:\Program Files\DriveOnWeb Client
2014-01-30 13:38 - 2013-11-12 11:42 - 00000000 ____D C:\Program Files (x86)\sysTPL
2014-01-30 13:13 - 2014-01-30 15:50 - 01166132 _____ C:\Users\rpmar_000\Desktop\adwcleaner.exe
2014-01-30 13:13 - 2014-01-30 13:13 - 01166132 _____ C:\Users\rpmar_000\Downloads\adwcleaner.exe
2014-01-30 12:11 - 2013-10-17 14:05 - 00000000 ____D C:\Users\rpmar_000
2014-01-30 12:11 - 2012-11-12 17:33 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\vlc
2014-01-30 08:59 - 2014-01-30 08:59 - 00281136 _____ C:\WINDOWS\Minidump\013014-7265-01.dmp
2014-01-30 08:59 - 2013-12-02 10:42 - 2056067440 _____ C:\WINDOWS\MEMORY.DMP
2014-01-30 08:59 - 2013-12-02 10:42 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-30 08:59 - 2013-08-22 15:46 - 00299670 _____ C:\WINDOWS\setupact.log
2014-01-29 20:53 - 2014-01-29 20:53 - 00009538 _____ C:\Users\rpmar_000\Documents\Malware.txt
2014-01-29 16:55 - 2014-01-29 16:55 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-29 16:49 - 2014-01-29 16:49 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-29 16:45 - 2014-01-29 16:45 - 00675048 _____ C:\Users\rpmar_000\Downloads\AdwCleaner_Setup_Download.exe
2014-01-29 16:44 - 2014-01-29 16:44 - 01166132 _____ C:\Users\rpmar_000\Downloads\adwcleaner-3.018.exe
2014-01-29 16:18 - 2014-01-23 11:26 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\DigitalSites
2014-01-29 16:10 - 2014-01-29 16:10 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Malwarebytes
2014-01-29 16:09 - 2014-01-29 16:09 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 16:09 - 2014-01-29 16:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 15:43 - 2013-07-08 15:28 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-29 15:09 - 2014-01-29 15:09 - 00004096 _____ C:\Users\rpmar_000\Desktop\ipdetails.txt
2014-01-29 15:02 - 2014-01-29 15:02 - 00003475 _____ C:\Users\rpmar_000\Desktop\ipdetails1.txt
2014-01-29 11:42 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-28 18:56 - 2014-01-25 16:37 - 00000000 ____D C:\Program Files (x86)\Dr. Hardware 2013
2014-01-28 18:47 - 2014-01-28 17:55 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\LogMeIn Rescue Applet
2014-01-28 18:46 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-01-28 18:19 - 2014-01-28 18:19 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-28 18:19 - 2014-01-28 18:19 - 00008222 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-28 18:19 - 2014-01-28 18:19 - 00002597 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-01-28 18:19 - 2014-01-28 18:19 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2014-01-28 18:19 - 2012-12-11 10:33 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-01-28 18:19 - 2012-12-11 10:33 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-01-28 18:19 - 2012-12-11 10:30 - 00000000 ____D C:\ProgramData\Norton
2014-01-28 18:15 - 2014-01-28 18:10 - 204480336 ____N (Symantec Corporation) C:\Users\rpmar_000\Downloads\NIS-ESD-21.1.0-GE.exe
2014-01-28 17:55 - 2014-01-28 17:55 - 00002285 _____ C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2014-01-28 15:28 - 2014-01-28 15:20 - 00101386 _____ C:\Users\rpmar_000\Desktop\sfcdetails.txt
2014-01-28 15:17 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-28 15:12 - 2012-12-11 18:25 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\CrashDumps
2014-01-28 15:08 - 2014-01-28 15:08 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\PackageStaging
2014-01-28 15:08 - 2012-11-12 08:56 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\Packages
2014-01-28 14:16 - 2014-01-28 13:00 - 00051811 _____ C:\Users\rpmar_000\Documents\sfcdetails.txt
2014-01-28 08:57 - 2014-01-28 08:55 - 00216999 _____ C:\Users\rpmar_000\Desktop\ProjStat_GCD_RPMarr.xlsx
2014-01-28 08:54 - 2013-01-10 13:28 - 00217029 _____ C:\Users\rpmar_000\Downloads\ProjStat_GCD_RPMarr.xlsx
2014-01-27 17:17 - 2013-12-02 13:48 - 00000000 __SHD C:\Users\rpmar_000\wc
2014-01-27 11:45 - 2014-01-25 16:44 - 00000000 ____D C:\ProgramData\Ashampoo
2014-01-25 16:49 - 2014-01-25 16:49 - 00000000 ____D C:\WINDOWS\SysWOW64\AIM
2014-01-25 16:49 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2014-01-25 16:49 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-25 16:48 - 2014-01-25 16:48 - 00002116 _____ C:\Users\Public\Desktop\Olympia Chronik 2014.lnk
2014-01-25 16:48 - 2012-11-12 18:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-25 16:46 - 2014-01-25 16:46 - 00000000 ____D C:\Program Files (x86)\USM
2014-01-25 16:44 - 2014-01-25 16:44 - 00002268 _____ C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO10).lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00001246 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 10.lnk
2014-01-25 16:44 - 2014-01-25 16:44 - 00000214 _____ C:\Users\Public\Desktop\Your Software Deals.url
2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ C:\Users\rpmar_000\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:37 - 2014-01-25 16:37 - 00000996 _____ C:\Users\marki_lokal\Desktop\Dr. Hardware 2013.lnk
2014-01-25 16:31 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration
2014-01-25 16:28 - 2012-11-14 12:37 - 00000000 ____D C:\ProgramData\CanonIJPLM
2014-01-25 15:30 - 2014-01-25 15:30 - 00023489 _____ C:\Users\rpmar_000\Documents\Transsib.txt
2014-01-25 13:41 - 2014-01-25 13:29 - 00000000 ____D C:\Users\rpmar_000\Desktop\Neuer Ordner
2014-01-25 12:09 - 2014-01-25 12:09 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1379490362-2251337210-4251339374-1005
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\Logitech
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\ATI
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\ATI
2014-01-25 12:05 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\Packages
2014-01-25 12:04 - 2014-01-25 12:04 - 00001454 _____ C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-25 12:04 - 2014-01-25 12:04 - 00000020 ___SH C:\Users\marki_lokal\ntuser.ini
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Vorlagen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Startmenü
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Netzwerkumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Lokale Einstellungen
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Eigene Dateien
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Druckumgebung
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Documents\Eigene Musik
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Documents\Eigene Bilder
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Local\Verlauf
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\AppData\Local\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 _SHDL C:\Users\marki_lokal\Anwendungsdaten
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ___RD C:\Users\marki_lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal\AppData\Roaming\Adobe
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 ____D C:\Users\marki_lokal\AppData\Local\VirtualStore
2014-01-25 12:04 - 2014-01-25 12:03 - 00000000 ____D C:\Users\marki_lokal
2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 ___HD C:\$SysReset
2014-01-25 11:27 - 2014-01-23 11:26 - 00000138 _____ C:\Users\rpmar_000\AppData\Roaming\WB.CFG
2014-01-23 13:58 - 2014-01-23 13:58 - 00001058 _____ C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Tracker Software
2014-01-23 13:58 - 2014-01-23 13:58 - 00000000 ____D C:\Program Files\Tracker Software
2014-01-23 13:57 - 2014-01-23 10:51 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-23 13:56 - 2014-01-23 13:56 - 00000000 ____D C:\Users\rpmar_000\Documents\PDF-Viewer
2014-01-23 13:56 - 2014-01-23 13:54 - 53393688 _____ C:\Users\rpmar_000\Downloads\PDFXVE3_3.0.307.1.zip
2014-01-23 12:14 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2014-01-23 11:41 - 2012-11-12 17:16 - 00000000 ___RD C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-23 11:27 - 2014-01-23 11:27 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online
2014-01-23 11:27 - 2014-01-23 11:26 - 00002668 _____ C:\WINDOWS\System32\Tasks\Digital Sites
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\ATI
2014-01-23 10:55 - 2014-01-23 10:55 - 00000000 ____D C:\ProgramData\ATI
2014-01-23 10:54 - 2013-08-22 15:44 - 00482800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-23 10:54 - 2012-11-12 17:16 - 00000000 ___RD C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2014-01-23 10:53 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2014-01-23 10:53 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2014-01-23 10:53 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Dism
2014-01-23 10:51 - 2014-01-23 10:51 - 00055441 _____ C:\WINDOWS\SysWOW64\CCCInstall_201401231051561539.log
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-01-23 10:51 - 2014-01-23 10:51 - 00000000 ____D C:\AMD
2014-01-23 10:51 - 2013-10-17 14:03 - 00000000 ____D C:\Program Files\AMD
2014-01-23 10:46 - 2013-08-15 14:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-23 10:45 - 2012-12-12 11:45 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-23 10:40 - 2013-12-02 11:00 - 00000000 ____D C:\Program Files\WhoCrashed
2014-01-22 13:28 - 2014-01-22 13:28 - 00003118 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003092 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003090 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003062 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00003060 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-01-22 13:28 - 2014-01-22 13:28 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2014-01-22 12:07 - 2012-11-13 09:31 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\Adobe
2014-01-22 12:01 - 2013-10-17 14:16 - 00000650 __RSH C:\ProgramData\ntuser.pol
2014-01-22 11:52 - 2012-11-12 17:23 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-01-21 15:29 - 2014-01-21 15:28 - 28028590 _____ C:\Users\rpmar_000\Downloads\WIT-Photobox.zip
2014-01-21 11:17 - 2012-11-18 10:51 - 00001041 _____ C:\Users\rpmar_000\Desktop\Dropbox.lnk
2014-01-21 11:17 - 2012-11-18 10:47 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-21 10:44 - 2012-11-12 17:53 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\Microsoft Help
2014-01-17 12:16 - 2013-09-01 12:25 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\FileZilla
2014-01-17 11:52 - 2013-11-18 10:31 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-15 07:10 - 2012-11-21 17:05 - 00000000 ____D C:\Users\rpmar_000\AppData\Roaming\Nero
2014-01-14 17:15 - 2012-11-22 13:49 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\Nero
2014-01-14 16:31 - 2012-11-14 16:57 - 00000000 ____D C:\ProgramData\CanonIJ
2014-01-10 10:56 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2014-01-09 11:27 - 2014-01-09 11:26 - 00000000 ____D C:\Users\rpmar_000\Documents\SEPA
2014-01-09 11:24 - 2014-01-09 11:24 - 00001095 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00001075 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\PDF24
2014-01-09 11:24 - 2014-01-09 11:24 - 00000000 ____D C:\Program Files (x86)\PDF24
2014-01-09 11:24 - 2014-01-09 11:23 - 16189768 _____ (Geek Software GmbH ) C:\Users\rpmar_000\Downloads\pdf24-creator-6.2.0.exe
2014-01-09 10:10 - 2014-01-09 10:10 - 00003442 _____ C:\Users\rpmar_000\Downloads\Antrag (16).xml
2014-01-07 10:42 - 2012-11-14 11:32 - 00000000 ____D C:\Users\rpmar_000\AppData\Local\Google
2014-01-07 10:42 - 2012-11-14 11:32 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-07 10:41 - 2013-09-05 15:16 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2014-01-07 09:43 - 2014-01-07 09:43 - 00004857 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-07 09:43 - 2014-01-07 09:43 - 00000000 ____D C:\ProgramData\Oracle
2014-01-07 09:43 - 2013-07-11 11:06 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-07 09:39 - 2013-11-27 11:42 - 00002125 _____ C:\Users\Public\Desktop\Nero MediaHome.lnk
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-03 11:55 - 2014-01-25 16:45 - 24097311 _____ C:\Users\rpmar_000\Downloads\vlc-2.1.2-win32.exe
Some content of TEMP:
====================
C:\Users\rpmar_000\AppData\Local\Temp\tmpE9F3.exe
C:\Users\rpmar_000\AppData\Local\Temp\unrar.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-30 14:41
==================== End Of Log ============================
--- --- --- Sobald ich mich über IE oder FF im Internet "bewege" werden die Daten für den Proxy-Server wieder eingetragen. Mache ich das mit dem Internet-Explorer von der Modern UI aus den Apps passiert nichts. |
|
31.01.2014, 09:24
| #12 | |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1Zitat:
|
|
31.01.2014, 09:43
| #13 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Ich meine die Kacheloberfläche. So weit ich weiß arbeiten die beiden IE (Desktop IE und Kachel-IE) unterschiedlich. Nach den ganzen Maßnahmen war übrigens der Registry-Schlüssel, der in den Log-Dateien erwähnt wurde (Proxy...127.0.0.1 usw....) wieder drin. Ich habe den gelöscht. Nach Neustart war er wieder drin. Auch nach dem Aufwecken aus dem Energiesparmodus ist der Schlüssel wieder drin und der Haken bei den Internetoptionen gesetzt. Irgendwas werkelt da im Hintergrund. |
|
31.01.2014, 10:27
| #14 |
| /// Malwareteam | Internetverbindung über Port 8877 unter WIN 8.1 Hi das mit dem Schlüssel habe ich gesehen. Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
|
31.01.2014, 13:49
| #15 |
| | Internetverbindung über Port 8877 unter WIN 8.1 Leider hat die SW nichts gefunden! Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.01.31.04
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
rpmarr :: MARKIS_DESKTOP [administrator]
31.01.2014 13:33:27
mbar-log-2014-01-31 (13-33-27).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 290697
Time elapsed: 5 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
| Themen zu Internetverbindung über Port 8877 unter WIN 8.1 |
| 127.0.0.1, automatisch, einstellungen, erkennen, eset, firefox, folge, folgendes, funktionieren, haken, inhalt, interne, internetverbindung, meldung, minute, neustart, outlook, port, problem, proxy-server, rechner, sport, stelle, verbindung, wetter, win |
Gruß Aneri 
Linear-Darstellung
