|
Plagegeister aller Art und deren Bekämpfung: Rechner tut seltsame DingeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.03.2014, 22:19 | #1 |
| Rechner tut seltsame Dinge Hallo Leute, seit einigen Tagen fällt mir auf, dass mein Rechner seltsame Dinge tut. Er will z.B. plötzlich immer wieder den Registrierschlüssel meines Vokabelprogramms und das Drucken an den Netzwerkdrucker im Haus klappt auch nicht mehr. Jetzt ist mir aufgefallen, dass der WindowsUpdateDienst auch nciht mehr gestartet werden kann. Kann mir von Euch bitte jemand helfen? Gruß, Patrik Ach ja, ich habe Win7 64bit laufen Systemscan mit FRST64 FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Administrator (administrator) on PATRIKS-LAPTOP on 28-03-2014 22:03:42 Running from C:\Users\Administrator\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Validity Sensors, Inc.) C:\Windows\system32\vfsFPService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Tobias Süllhöfer Software) C:\Windows\system32\wtmcore.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (Neuber Software) \\DISKSTATION\TimeAnalyzer\tbaction.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe (AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [TBAction] - \\DISKSTATION\TimeAnalyzer\tbaction.exe [131504 2013-01-30] (Neuber Software) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [809480 2008-06-16] (Dritek System Inc.) HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-06] (CyberLink Corp.) HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-05] (Acer Corp.) HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [815888 2014-02-18] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [TBAction] - \\DISKSTATION\TimeAnalyzer\tbaction.exe [131504 2013-01-30] (Neuber Software) HKLM-x32\...\RunOnce: [*TampMon] - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\tampmon.exe [61792 2014-02-10] (Symantec Corporation) HKLM\...\Winlogon: [Shell] explorer.exe,wtmcore.exe HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-08] (Microsoft Corporation) HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [DisableClock] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoNetworkConnections] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoCommonGroups] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\MountPoints2: {1b8816fc-1552-11e3-93d7-806e6f6e6963} - E:\.\Autorun.exe HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\MountPoints2: {e9420234-155a-11e3-8921-806e6f6e6963} - E:\Start.exe GroupPolicyUsers\S-1-5-21-1352531634-2534244058-2222343639-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9A2A4B2768A9CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=8817001E331D8665&affID=120522&tsp=4995 SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869 BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.1.7\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\coIEPlg.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.1.7\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\coIEPlg.dll (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9-x64 01 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 02 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 03 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 04 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 05 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 06 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 07 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 08 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 09 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 10 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 21 %windir%\system32\wlsppc.dll [442880] () Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default\searchplugins\safesearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\ FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\ [] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-02-26] ==================== Services (Whitelisted) ================= R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-30] (AVerMedia) R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] () R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-02-18] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-02-18] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [766736 2014-02-18] (BlueStack Systems, Inc.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe [276376 2014-02-12] (Symantec Corporation) R2 NSM; C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe [570944 2014-02-10] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2009-06-03] (Validity Sensors, Inc.) R2 vfsFPService; C:\Windows\SysWOW64\vfsFPService.exe [599344 2009-06-03] (Validity Sensors, Inc.) ==================== Drivers (Whitelisted) ==================== R3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [311424 2009-05-22] (AVerMedia TECHNOLOGIES, Inc.) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122128 2014-02-18] (BlueStack Systems) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501010.007\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0209050.01D\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation) R1 DritekPortIO; C:\Program Files (x86)\Launch Manager\DPortIO.sys [21264 2006-11-02] (Dritek System Inc.) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-26] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140327.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140328.002\ENG64.SYS [126040 2014-02-26] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140328.002\EX64.SYS [2099288 2014-02-26] (Symantec Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1501010.007\SRTSP64.SYS [875736 2014-02-11] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501010.007\SRTSPX64.SYS [36952 2014-02-11] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1501010.007\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501010.007\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-26] (Symantec Corporation) R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501010.007\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501010.007\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation) S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0209050.01D\SymRdrS.SYS [246488 2013-12-18] (Symantec Corporation) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2009-10-05] (CyberLink Corp.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-28 22:03 - 2014-03-28 22:04 - 00017313 _____ () C:\Users\Administrator\Downloads\FRST.txt 2014-03-28 22:03 - 2014-03-28 22:03 - 02157056 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2014-03-28 22:03 - 2014-03-28 22:03 - 00000000 ____D () C:\FRST 2014-03-28 21:48 - 2014-03-28 21:48 - 00102495 _____ (Medion) C:\Users\Administrator\Downloads\Fix_Wup.exe 2014-03-28 20:46 - 2013-09-10 03:47 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys 2014-03-28 20:36 - 2014-03-28 20:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-28 20:36 - 2014-03-28 20:36 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-28 20:36 - 2014-03-28 20:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-28 20:36 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-28 20:36 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-28 20:36 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-28 20:35 - 2014-03-28 20:35 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 20:25 - 2014-03-28 20:25 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard 2014-03-28 20:25 - 2014-03-28 20:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-03-28 20:24 - 2014-03-28 20:24 - 00000000 _____ () C:\Windows\HPMProp.INI 2014-03-28 20:24 - 2013-12-04 00:14 - 00601376 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll 2014-03-28 20:24 - 2013-12-04 00:14 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll 2014-03-28 20:24 - 2013-12-04 00:13 - 00217376 _____ (Hewlett-Packard) C:\Windows\system32\hpmml160.dll 2014-03-28 20:24 - 2013-12-04 00:13 - 00189728 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll 2014-03-28 20:24 - 2013-12-04 00:13 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp160.dll 2014-03-28 20:24 - 2013-12-04 00:13 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll 2014-03-28 20:24 - 2013-12-04 00:12 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja160.dll 2014-03-28 20:24 - 2013-12-04 00:11 - 00447264 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn160.dll 2014-03-28 20:24 - 2013-12-04 00:11 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll 2014-03-28 20:24 - 2013-12-04 00:07 - 00446240 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3160.dll 2014-03-28 20:24 - 2011-02-11 14:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll 2014-03-28 20:24 - 2011-02-11 14:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll 2014-03-28 20:24 - 2009-02-25 16:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll 2014-03-28 20:22 - 2014-03-28 20:23 - 18409760 _____ () C:\Users\Administrator\Downloads\upd-pcl6-x64-5.8.0.17508.exe 2014-03-28 20:00 - 2014-03-28 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-28 15:52 - 2014-03-28 15:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Minesweeper - Verknüpfung.lnk 2014-03-28 15:52 - 2014-03-28 15:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Hearts - Verknüpfung.lnk 2014-03-28 15:51 - 2014-03-28 15:51 - 00000622 _____ () C:\Users\Patrik\Desktop\Solitär - Verknüpfung.lnk 2014-03-28 15:51 - 2014-03-28 15:51 - 00000574 _____ () C:\Users\Patrik\Desktop\Chess Titans - Verknüpfung.lnk 2014-03-14 16:25 - 2014-03-14 16:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft 2014-03-11 16:07 - 2014-03-11 16:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (5) 2014-03-11 16:07 - 2014-03-11 16:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (4) 2014-03-11 16:06 - 2014-03-22 10:04 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner 2014-03-11 16:06 - 2014-03-11 16:08 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (3) 2014-03-11 16:06 - 2014-03-11 16:08 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (2) 2014-03-11 16:05 - 2014-03-22 10:03 - 00000000 ___RD () C:\Users\Patrik\Desktop\Neuer Aktenkoffer 2014-03-07 15:37 - 2014-03-07 15:37 - 00000000 ____D () C:\Users\Patrik\Desktop\Alte Firefox-Daten 2014-03-02 20:55 - 2014-03-02 20:56 - 00002679 _____ () C:\Users\Administrator\Desktop\1.pel 2014-03-02 20:50 - 2014-03-02 20:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\OpenOffice 2014-03-02 20:36 - 2014-03-02 20:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Cornelsen 2014-03-02 20:31 - 2014-03-02 20:31 - 00000000 _____ () C:\wlspinst.log 2014-03-02 20:29 - 2014-03-08 15:15 - 00000000 ____D () C:\Program Files\WinTimer 2014-03-02 20:29 - 2011-11-29 08:48 - 00442880 _____ () C:\Windows\system32\wlsppc.dll 2014-03-02 20:29 - 2011-11-29 08:27 - 02024960 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmconfig.exe 2014-03-02 20:29 - 2011-11-29 08:27 - 00073437 _____ () C:\Windows\system32\wtmconfig.chm 2014-03-02 20:29 - 2011-11-29 08:25 - 00087552 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmtray.exe 2014-03-02 20:29 - 2011-11-29 08:24 - 00092672 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmdeinstall.exe 2014-03-02 20:29 - 2011-11-29 08:23 - 00257536 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmcore.exe 2014-03-02 11:51 - 2014-03-02 11:51 - 00001230 _____ () C:\Users\Patrik\Desktop\Calculator.lnk 2014-03-02 11:38 - 2014-03-02 11:38 - 00000000 ____D () C:\Users\Patrik\AppData\Local\Skype 2014-03-01 12:27 - 2014-03-01 12:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Corporation 2014-03-01 12:27 - 2014-03-01 12:27 - 00000000 ____D () C:\ProgramData\Microsoft Corporation 2014-03-01 12:21 - 2014-03-01 12:21 - 00000740 _____ () C:\Users\Administrator\CompAdmin_Datenbank.sdb 2014-03-01 12:14 - 2014-03-01 12:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Compatibility Toolkit 2014-03-01 12:13 - 2014-03-01 12:13 - 12812600 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\ApplicationCompatibilityToolkitSetup.exe 2014-03-01 12:01 - 2014-03-01 12:01 - 00001242 _____ () C:\Users\Patrik\Desktop\Paint.lnk 2014-03-01 11:14 - 2014-03-01 11:46 - 00000000 ____D () C:\ProgramData\Analyzer 2014-03-01 11:07 - 2014-03-01 11:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Skype 2014-03-01 11:06 - 2014-03-01 11:06 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-01 11:06 - 2014-03-01 11:06 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-02-26 20:17 - 2014-02-26 20:24 - 00000000 ____D () C:\Users\Administrator\Documents\Network Monitor 3 2014-02-26 20:14 - 2014-02-26 20:14 - 00000000 ____D () C:\Users\Patrik\Documents\Network Monitor 3 2014-02-26 20:13 - 2014-02-26 20:13 - 00000000 ____D () C:\Program Files\Microsoft Network Monitor 3 2014-02-26 20:05 - 2014-02-26 20:05 - 06837560 _____ (Microsoft Corporation) C:\Users\Patrik\Downloads\NM34_x64.exe 2014-02-26 19:23 - 2014-02-26 19:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-02-26 19:15 - 2014-03-02 20:31 - 00003410 _____ () C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 2014-02-26 18:59 - 2014-02-26 20:03 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton 2014-02-26 18:59 - 2014-02-26 20:02 - 00001307 _____ () C:\Users\Patrik\Desktop\Norton-Installationsdateien.lnk 2014-02-26 18:58 - 2014-02-26 18:58 - 01021936 _____ (Symantec Corporation) C:\Users\Patrik\Downloads\NISDownloader.exe 2014-02-26 18:19 - 2014-02-26 18:19 - 00675988 _____ () C:\Users\Patrik\Desktop\Minecraft.exe 2014-02-26 18:10 - 2014-02-26 18:00 - 02346186 _____ () C:\Users\Patrik\Desktop\TechnicLauncher.exe 2014-02-26 18:01 - 2014-02-26 18:07 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\.technic 2014-02-26 18:00 - 2014-02-26 18:00 - 02346186 _____ () C:\Users\Administrator\Downloads\TechnicLauncher.exe 2014-02-26 17:55 - 2014-02-26 17:55 - 00001824 _____ () C:\Users\Public\Desktop\Apps.lnk 2014-02-26 17:55 - 2014-02-26 17:55 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk 2014-02-26 17:54 - 2014-02-26 17:54 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-02-26 17:54 - 2014-02-26 17:54 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2014-02-26 17:53 - 2014-02-26 17:53 - 10071168 _____ (BlueStack Systems Inc.) C:\Users\Administrator\Downloads\BlueStacks-SplitInstaller_native.exe 2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\NVIDIA 2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Bluestacks ==================== One Month Modified Files and Folders ======= 2014-03-28 22:04 - 2014-03-28 22:03 - 00017313 _____ () C:\Users\Administrator\Downloads\FRST.txt 2014-03-28 22:03 - 2014-03-28 22:03 - 02157056 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2014-03-28 22:03 - 2014-03-28 22:03 - 00000000 ____D () C:\FRST 2014-03-28 22:01 - 2013-09-04 12:10 - 01320704 _____ () C:\Windows\WindowsUpdate.log 2014-03-28 21:52 - 2013-10-15 13:35 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype 2014-03-28 21:49 - 2014-01-14 17:27 - 00000680 __RSH () C:\Users\Administrator\ntuser.pol 2014-03-28 21:49 - 2013-09-04 12:39 - 00000000 ____D () C:\Users\Administrator 2014-03-28 21:48 - 2014-03-28 21:48 - 00102495 _____ (Medion) C:\Users\Administrator\Downloads\Fix_Wup.exe 2014-03-28 21:31 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-28 21:31 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-28 21:23 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-28 21:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-28 21:23 - 2009-07-14 05:51 - 00049465 _____ () C:\Windows\setupact.log 2014-03-28 21:05 - 2013-09-04 13:10 - 00172194 _____ () C:\Windows\PFRO.log 2014-03-28 20:54 - 2013-09-04 13:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-28 20:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding 2014-03-28 20:36 - 2014-03-28 20:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-28 20:36 - 2014-03-28 20:36 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-28 20:36 - 2014-03-28 20:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-28 20:35 - 2014-03-28 20:35 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 20:25 - 2014-03-28 20:25 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard 2014-03-28 20:25 - 2014-03-28 20:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-03-28 20:24 - 2014-03-28 20:24 - 00000000 _____ () C:\Windows\HPMProp.INI 2014-03-28 20:23 - 2014-03-28 20:22 - 18409760 _____ () C:\Users\Administrator\Downloads\upd-pcl6-x64-5.8.0.17508.exe 2014-03-28 20:00 - 2014-03-28 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-28 15:52 - 2014-03-28 15:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Minesweeper - Verknüpfung.lnk 2014-03-28 15:52 - 2014-03-28 15:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Hearts - Verknüpfung.lnk 2014-03-28 15:51 - 2014-03-28 15:51 - 00000622 _____ () C:\Users\Patrik\Desktop\Solitär - Verknüpfung.lnk 2014-03-28 15:51 - 2014-03-28 15:51 - 00000574 _____ () C:\Users\Patrik\Desktop\Chess Titans - Verknüpfung.lnk 2014-03-28 15:51 - 2013-10-15 13:53 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Skype 2014-03-27 16:05 - 2013-09-04 14:40 - 00000000 ____D () C:\Users\Patrik\AppData\Local\LogMeIn Hamachi 2014-03-26 14:51 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-03-25 16:16 - 2013-09-04 14:11 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-03-24 16:41 - 2013-09-04 15:21 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\.minecraft 2014-03-22 10:04 - 2014-03-11 16:06 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner 2014-03-22 10:03 - 2014-03-11 16:05 - 00000000 ___RD () C:\Users\Patrik\Desktop\Neuer Aktenkoffer 2014-03-20 18:06 - 2013-10-15 13:05 - 00000000 ____D () C:\Users\Patrik\AppData\Local\CrashDumps 2014-03-19 17:42 - 2013-10-18 11:43 - 00000000 ____D () C:\Users\Patrik\Desktop\Skins 2014-03-14 16:30 - 2014-03-14 16:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft 2014-03-14 15:25 - 2013-09-04 16:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-13 16:29 - 2013-09-04 16:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-13 16:29 - 2013-09-04 16:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-11 16:08 - 2014-03-11 16:06 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (3) 2014-03-11 16:08 - 2014-03-11 16:06 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (2) 2014-03-11 16:07 - 2014-03-11 16:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (5) 2014-03-11 16:07 - 2014-03-11 16:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (4) 2014-03-08 15:15 - 2014-03-02 20:29 - 00000000 ____D () C:\Program Files\WinTimer 2014-03-07 15:37 - 2014-03-07 15:37 - 00000000 ____D () C:\Users\Patrik\Desktop\Alte Firefox-Daten 2014-03-05 09:26 - 2014-03-28 20:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-28 20:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2014-03-28 20:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-03 12:16 - 2014-02-25 15:33 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\TeamViewer 2014-03-02 20:56 - 2014-03-02 20:55 - 00002679 _____ () C:\Users\Administrator\Desktop\1.pel 2014-03-02 20:50 - 2014-03-02 20:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\OpenOffice 2014-03-02 20:36 - 2014-03-02 20:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Cornelsen 2014-03-02 20:31 - 2014-03-02 20:31 - 00000000 _____ () C:\wlspinst.log 2014-03-02 20:31 - 2014-02-26 19:15 - 00003410 _____ () C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 2014-03-02 11:54 - 2014-02-09 14:31 - 00000000 ____D () C:\Users\Patrik\Desktop\Skreenshots 2014-03-02 11:51 - 2014-03-02 11:51 - 00001230 _____ () C:\Users\Patrik\Desktop\Calculator.lnk 2014-03-02 11:38 - 2014-03-02 11:38 - 00000000 ____D () C:\Users\Patrik\AppData\Local\Skype 2014-03-01 12:27 - 2014-03-01 12:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Corporation 2014-03-01 12:27 - 2014-03-01 12:27 - 00000000 ____D () C:\ProgramData\Microsoft Corporation 2014-03-01 12:21 - 2014-03-01 12:21 - 00000740 _____ () C:\Users\Administrator\CompAdmin_Datenbank.sdb 2014-03-01 12:14 - 2014-03-01 12:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Compatibility Toolkit 2014-03-01 12:13 - 2014-03-01 12:13 - 12812600 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\ApplicationCompatibilityToolkitSetup.exe 2014-03-01 12:01 - 2014-03-01 12:01 - 00001242 _____ () C:\Users\Patrik\Desktop\Paint.lnk 2014-03-01 11:46 - 2014-03-01 11:14 - 00000000 ____D () C:\ProgramData\Analyzer 2014-03-01 11:07 - 2014-03-01 11:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Skype 2014-03-01 11:07 - 2013-10-15 13:34 - 00000000 ____D () C:\ProgramData\Skype 2014-03-01 11:06 - 2014-03-01 11:06 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-01 11:06 - 2014-03-01 11:06 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-02-27 16:15 - 2013-12-14 14:21 - 00000000 ____D () C:\Users\Patrik\Desktop\Server-- 2014-02-27 16:07 - 2014-01-14 17:27 - 00001330 __RSH () C:\Users\Patrik\ntuser.pol 2014-02-27 16:07 - 2013-09-04 12:35 - 00000000 ____D () C:\Users\Patrik 2014-02-26 20:24 - 2014-02-26 20:17 - 00000000 ____D () C:\Users\Administrator\Documents\Network Monitor 3 2014-02-26 20:14 - 2014-02-26 20:14 - 00000000 ____D () C:\Users\Patrik\Documents\Network Monitor 3 2014-02-26 20:13 - 2014-02-26 20:13 - 00000000 ____D () C:\Program Files\Microsoft Network Monitor 3 2014-02-26 20:05 - 2014-02-26 20:05 - 06837560 _____ (Microsoft Corporation) C:\Users\Patrik\Downloads\NM34_x64.exe 2014-02-26 20:03 - 2014-02-26 18:59 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton 2014-02-26 20:03 - 2013-09-04 14:03 - 00000000 ____D () C:\ProgramData\Norton 2014-02-26 20:02 - 2014-02-26 18:59 - 00001307 _____ () C:\Users\Patrik\Desktop\Norton-Installationsdateien.lnk 2014-02-26 19:23 - 2014-02-26 19:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-02-26 19:13 - 2013-09-04 14:12 - 00003232 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-02-26 19:08 - 2013-09-04 14:12 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2014-02-26 19:08 - 2013-09-04 14:12 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2014-02-26 19:08 - 2013-09-04 14:11 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2014-02-26 18:58 - 2014-02-26 18:58 - 01021936 _____ (Symantec Corporation) C:\Users\Patrik\Downloads\NISDownloader.exe 2014-02-26 18:58 - 2013-09-04 14:31 - 00000000 ____D () C:\Users\Public\Downloads\Norton 2014-02-26 18:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-02-26 18:19 - 2014-02-26 18:19 - 00675988 _____ () C:\Users\Patrik\Desktop\Minecraft.exe 2014-02-26 18:17 - 2014-01-14 17:15 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-02-26 18:07 - 2014-02-26 18:01 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\.technic 2014-02-26 18:00 - 2014-02-26 18:10 - 02346186 _____ () C:\Users\Patrik\Desktop\TechnicLauncher.exe 2014-02-26 18:00 - 2014-02-26 18:00 - 02346186 _____ () C:\Users\Administrator\Downloads\TechnicLauncher.exe 2014-02-26 17:55 - 2014-02-26 17:55 - 00001824 _____ () C:\Users\Public\Desktop\Apps.lnk 2014-02-26 17:55 - 2014-02-26 17:55 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk 2014-02-26 17:55 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-02-26 17:54 - 2014-02-26 17:54 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-02-26 17:54 - 2014-02-26 17:54 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2014-02-26 17:53 - 2014-02-26 17:53 - 10071168 _____ (BlueStack Systems Inc.) C:\Users\Administrator\Downloads\BlueStacks-SplitInstaller_native.exe 2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\NVIDIA 2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Bluestacks 2014-02-26 17:53 - 2013-09-04 12:43 - 00065184 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-26 17:49 - 2014-01-14 18:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TeamViewer Some content of TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Administrator\AppData\Local\Temp\hamachi[1].exe C:\Users\Administrator\AppData\Local\Temp\uninst1.exe C:\Users\Administrator\AppData\Local\Temp\_is38BB.exe C:\Users\Administrator\AppData\Local\Temp\_is5051.exe C:\Users\Patrik\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-b2879jnks.dll C:\Users\Patrik\AppData\Local\Temp\jna114883685745129520.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna1171981781797598678.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna1209255075411401630.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna1406460608305017024.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna1754964713553170129.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna1786369830316775443.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna1799450561922908339.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna1858966496871480007.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna224273009972411466.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna2244571356553203550.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna233369873421628547.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna2410639943530203191.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna2470036853226153286.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna2580976900361334399.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna2679975733977796924.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna2751789591295715763.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna3092896893470508079.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna3148515868751628192.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna3621691421065832835.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna3652667280830667712.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna3816286913880648034.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna4544823264106586215.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna4663761231667001156.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna4816268342654006562.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna4916862768548123213.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna4985909099265085395.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna5379041077397511301.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna5429880454353204383.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna5447190931593573632.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna5477068355618401835.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna5806010439583663518.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna5905348858530535132.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna5927110002941320916.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna6173670650123214419.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna6274670532390610494.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna6554462728952546946.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna6875680510268834722.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna7687073715495911056.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna768789706692340728.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna8026998817664720112.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna8377958837177055182.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna8557452717958544260.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna8588495855117834481.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna8631584836972744411.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna8699216473563722175.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna8823025396137691071.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna8921268283624943607.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna894739210834010363.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna9026893948041788916.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna9141171519816712679.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna9202816540881808333.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna994989799751676367.hunspell-win-x86-32.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-26 18:44 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Administrator at 2014-03-28 22:04:31 Running from C:\Users\Administrator\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7006 - CyberLink Corp.) Acer Arcade Deluxe (x32 Version: 3.0.7006 - CyberLink Corp.) Hidden Acer Crystal Eye Webcam 3.0.6.3 (HKLM-x32\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 3.0.6.3 - SuYin) Adobe Flash Player 12 Plugin (HKLM-x32\...\{9D32CD07-EA5C-4A79-B976-C0C7F975EDE4}) (Version: 12.0.0.77 - Adobe Systems Incorporated) AVerMedia A850 USB DMB-TH 1.0.64.28 (HKLM-x32\...\AVerMedia A850 USB DMB-TH) (Version: 1.0.64.28 - AVerMedia TECHNOLOGIES, Inc.) AVerTV (HKLM-x32\...\InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.18 - AVerMedia Technologies, Inc.) AVerTV (x32 Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden BlueStacks Notification Center (HKLM-x32\...\{62763BAD-53A8-4C9F-B4CF-7CCABFEFD725}) (Version: 0.8.6.3059 - BlueStack Systems, Inc.) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) ITECIR (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Launch Manager (HKLM-x32\...\LManager) (Version: - ) Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation) Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation) Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Norton Family (HKLM-x32\...\NSM) (Version: 2.9.5.29 - Symantec Corporation) Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.1.1.7 - Symantec Corporation) NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6) Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.15.1 - Synaptics Incorporated) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer) Upgrade Kit (HKLM-x32\...\{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}) (Version: 1.00.3002 - Acer Inc.) Validity Sensors software (HKLM\...\{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}) (Version: 2.8.120 - Validity Sensors, Inc.) WinTimer 3.0 (HKLM\...\WinTimer 3) (Version: - ) ==================== Restore Points ========================= 26-02-2014 16:46:41 Removed BlueStacks Notification Center 26-02-2014 19:13:16 Installed Microsoft Network Monitor 3.4 26-02-2014 19:14:14 Installed Microsoft Network Monitor: NetworkMonitor Parsers 3.4 01-03-2014 11:14:25 Installed Microsoft Application Compatibility Toolkit 5.6 28-03-2014 19:46:06 Removed LogMeIn Hamachi ==================== Hosts content: ========================== 2009-07-14 03:34 - 2014-02-24 20:36 - 00000824 ____R C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {2B426802-DDC2-41F4-807D-ACAF9732743F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\SymErr.exe [2013-08-01] (Symantec Corporation) Task: {420C4F35-F72F-4652-A449-E9F6E00D103A} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\SymErr.exe [2013-08-01] (Symantec Corporation) Task: {4477716C-3277-41DC-B8BE-3243EA19443D} - System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 => C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\tampmon.exe [2014-02-10] (Symantec Corporation) Task: {46E5C194-7375-48A5-9B5D-CDAADF7B0FF7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\WSCStub.exe [2014-02-12] (Symantec Corporation) Task: {84FB94CE-3E60-4ECD-896E-A3D186F7C67E} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe <==== ATTENTION Task: {982D5B48-75F4-42AB-BECB-1185D8E186CE} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\SymErr.exe [2013-08-01] (Symantec Corporation) Task: {A47BCF2E-A922-468E-BDC4-90DFCF0C50AC} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION Task: {B297DA38-E866-4D28-8E56-BD7FBCFDEDDA} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\SymErr.exe [2013-08-01] (Symantec Corporation) Task: {DC75545A-8362-45DB-95D5-2F243F5FB878} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-02 20:29 - 2011-11-29 08:48 - 00442880 _____ () C:\Windows\system32\wlsppc.dll 2014-02-23 11:56 - 2014-02-08 18:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-09-04 16:39 - 2009-12-07 06:13 - 00397312 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe 2013-09-04 16:39 - 2009-08-01 02:06 - 00155648 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe 2013-09-04 16:39 - 2009-12-30 11:47 - 00053248 _____ () C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL 2014-02-12 14:49 - 2012-05-29 19:21 - 00699280 ____R () C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\wincfi39.dll 2003-06-07 06:30 - 2003-06-07 06:30 - 00057344 _____ () C:\Program Files (x86)\Launch Manager\PowerUtl.dll 2014-03-28 20:00 - 2014-03-28 20:00 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: SDScannerService => 2 MSCONFIG\Services: SDUpdateService => 2 MSCONFIG\Services: SDWSCService => 2 MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/28/2014 09:44:44 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ae7f Name des fehlerhaften Moduls: upnp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9e5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001a249 ID des fehlerhaften Prozesses: 0x1310 Startzeit der fehlerhaften Anwendung: 0xwmpnetwk.exe0 Pfad der fehlerhaften Anwendung: wmpnetwk.exe1 Pfad des fehlerhaften Moduls: wmpnetwk.exe2 Berichtskennung: wmpnetwk.exe3 Error: (03/28/2014 09:23:25 PM) (Source: Schedule) (User: ) Description: Schedule error: 87Initialize call failed, bailing out Error: (03/28/2014 09:05:39 PM) (Source: Schedule) (User: ) Description: Schedule error: 87Initialize call failed, bailing out Error: (03/28/2014 08:55:22 PM) (Source: BstHdAndroidSvc) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/28/2014 08:55:05 PM) (Source: Schedule) (User: ) Description: Schedule error: 87Initialize call failed, bailing out Error: (03/28/2014 07:58:16 PM) (Source: BstHdAndroidSvc) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/28/2014 07:57:51 PM) (Source: Schedule) (User: ) Description: Schedule error: 87Initialize call failed, bailing out Error: (03/28/2014 02:02:36 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: NF.exe, Version: 12.11.0.16, Zeitstempel: 0x524cbb5e Name des fehlerhaften Moduls: WDJobs.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52f8ffb7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x73b0902b ID des fehlerhaften Prozesses: 0x860 Startzeit der fehlerhaften Anwendung: 0xNF.exe0 Pfad der fehlerhaften Anwendung: NF.exe1 Pfad des fehlerhaften Moduls: NF.exe2 Berichtskennung: NF.exe3 Error: (03/27/2014 04:03:54 PM) (Source: BstHdAndroidSvc) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/27/2014 04:03:32 PM) (Source: Schedule) (User: ) Description: Schedule error: 87Initialize call failed, bailing out System errors: ============= Error: (03/28/2014 10:00:56 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147024809 Error: (03/28/2014 10:00:25 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147024809 Error: (03/28/2014 09:59:39 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147024809 Error: (03/28/2014 09:59:09 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147024809 Error: (03/28/2014 09:59:03 PM) (Source: DCOM) (User: ) Description: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (03/28/2014 09:58:33 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147024809. Error: (03/28/2014 09:58:33 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT-AUTORITÄT) Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147942487. Error: (03/28/2014 09:58:26 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147024809 Error: (03/28/2014 09:58:26 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147024809. Error: (03/28/2014 09:58:26 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT-AUTORITÄT) Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147942487. Microsoft Office Sessions: ========================= Error: (03/28/2014 09:44:44 PM) (Source: Application Error)(User: ) Description: wmpnetwk.exe12.0.7601.175144ce7ae7fupnp.dll6.1.7601.175144ce7c9e5c0000005000000000001a249131001cf4ac3a95b6141C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\upnp.dllcaa55902-b6b9-11e3-ab7e-0022fa1f9226 Error: (03/28/2014 09:23:25 PM) (Source: Schedule)(User: ) Description: Schedule error: 87Initialize call failed, bailing out Error: (03/28/2014 09:05:39 PM) (Source: Schedule)(User: ) Description: Schedule error: 87Initialize call failed, bailing out Error: (03/28/2014 08:55:22 PM) (Source: BstHdAndroidSvc)(User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/28/2014 08:55:05 PM) (Source: Schedule)(User: ) Description: Schedule error: 87Initialize call failed, bailing out Error: (03/28/2014 07:58:16 PM) (Source: BstHdAndroidSvc)(User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/28/2014 07:57:51 PM) (Source: Schedule)(User: ) Description: Schedule error: 87Initialize call failed, bailing out Error: (03/28/2014 02:02:36 PM) (Source: Application Error)(User: ) Description: NF.exe12.11.0.16524cbb5eWDJobs.dll_unloaded0.0.0.052f8ffb7c000000573b0902b86001cf49cdbb06cf35C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exeWDJobs.dll3b7a069b-b679-11e3-a764-0022fa1f9226 Error: (03/27/2014 04:03:54 PM) (Source: BstHdAndroidSvc)(User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/27/2014 04:03:32 PM) (Source: Schedule)(User: ) Description: Schedule error: 87Initialize call failed, bailing out ==================== Memory info =========================== Percentage of memory in use: 53% Total physical RAM: 4092.96 MB Available physical RAM: 1887.68 MB Total Pagefile: 8184.1 MB Available Pagefile: 5817.87 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:144.04 GB) (Free:93.49 GB) NTFS Drive d: (DATA) (Fixed) (Total:141.04 GB) (Free:110.11 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (eworkbook_2_a) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4EBF5754) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Not Active) - (Size=144 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=141 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-03-28 22:19:40 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB4O 298,09GB Running: 5izoz6n9.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\axtiakoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002dff000 45 bytes [00, 00, 16, 00, 4E, 74, 66, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002dff02f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000072da11a8 2 bytes [DA, 72] .text C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000072da13a8 2 bytes [DA, 72] .text C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000072da1422 2 bytes [DA, 72] .text C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000072da1498 2 bytes [DA, 72] .text C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000072cc1b41 2 bytes [CC, 72] .text C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000072cc1be8 2 bytes [CC, 72] .text C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000072cc1c20 2 bytes [CC, 72] .text C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000072cc1cd2 2 bytes [CC, 72] .text C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000072cc1cf2 2 bytes [CC, 72] .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076431465 2 bytes [43, 76] .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764314bb 2 bytes [43, 76] .text ... * 2 .text C:\Program Files (x86)\BlueStacks\HD-Service.exe[972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076431465 2 bytes [43, 76] .text C:\Program Files (x86)\BlueStacks\HD-Service.exe[972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000764314bb 2 bytes [43, 76] .text ... * 2 .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076431465 2 bytes [43, 76] .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764314bb 2 bytes [43, 76] .text ... * 2 .text C:\Program Files (x86)\Secunia\PSI\sua.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076431465 2 bytes [43, 76] .text C:\Program Files (x86)\Secunia\PSI\sua.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764314bb 2 bytes [43, 76] .text ... * 2 .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a3fcb0 5 bytes JMP 00000001001f091c .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a3fe14 5 bytes JMP 00000001001f0048 .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a3fea8 5 bytes JMP 00000001001f02ee .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a40004 5 bytes JMP 00000001001f04b2 .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a40038 5 bytes JMP 00000001001f09fe .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a40068 5 bytes JMP 00000001001f0ae0 .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a40084 5 bytes JMP 0000000100020050 .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a4079c 5 bytes JMP 00000001001f012a .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a4088c 5 bytes JMP 00000001001f0758 .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a408a4 5 bytes JMP 00000001001f0676 .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a40df4 5 bytes JMP 00000001001f03d0 .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a41920 5 bytes JMP 00000001001f0594 .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a41be4 5 bytes JMP 00000001001f083a .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a41d70 5 bytes JMP 00000001001f020c .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007648524f 7 bytes JMP 00000001001f0f52 .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000764853d0 7 bytes JMP 0000000100280210 .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076485677 1 byte JMP 0000000100280048 .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076485679 5 bytes {JMP 0xffffffff89dfa9d1} .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007648589a 7 bytes JMP 00000001001f0ca6 .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076485a1d 7 bytes JMP 00000001002803d8 .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076485c9b 7 bytes JMP 000000010028012c .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076485d87 7 bytes JMP 00000001002802f4 .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076487240 7 bytes JMP 00000001001f0e6e .text C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b41492 7 bytes JMP 00000001002804bc ---- Processes - GMER 2.1 ---- Library \\DISKSTATION\TimeAnalyzer\tbaction.exe (*** suspicious ***) @ \\DISKSTATION\TimeAnalyzer\tbaction.exe [3500] 0000000000400000 ---- EOF - GMER 2.1 ---- Geändert von Paprika1509 (28.03.2014 um 22:32 Uhr) |
29.03.2014, 07:26 | #2 |
/// the machine /// TB-Ausbilder | Rechner tut seltsame Dinge hi,
__________________Scan mit Combofix
__________________ |
29.03.2014, 14:10 | #3 |
| Rechner tut seltsame DingeCode:
ATTFilter ComboFix 14-03-24.01 - Administrator 29.03.2014 14:02:17.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4093.2184 [GMT 1:00] ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . - REDUZIERTER FUNKTIONALITÄTSMODUS - . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Administrator\AppData\Local\lollipop c:\windows\wininit.ini . . ((((((((((((((((((((((( Dateien erstellt von 2014-02-28 bis 2014-03-29 )))))))))))))))))))))))))))))) . . 2014-03-29 13:04 . 2014-03-29 13:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-29 13:04 . 2014-03-29 13:04 -------- d-----w- c:\users\Patrik\AppData\Local\temp 2014-03-28 21:03 . 2014-03-28 21:05 -------- d-----w- C:\FRST 2014-03-28 20:50 . 2014-03-28 20:56 -------- d-----w- c:\windows\system32\catroot2 2014-03-28 19:46 . 2013-09-10 02:47 78936 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2014-03-28 19:36 . 2014-03-28 19:36 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-03-28 19:36 . 2014-03-28 19:36 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware 2014-03-28 19:36 . 2014-03-28 19:36 -------- d-----w- c:\programdata\Malwarebytes 2014-03-28 19:36 . 2014-03-05 08:26 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-03-28 19:36 . 2014-03-05 08:26 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-03-28 19:36 . 2014-03-05 08:26 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-28 19:25 . 2014-03-28 19:25 -------- d-----w- c:\programdata\Hewlett-Packard 2014-03-25 15:16 . 2014-03-25 15:16 -------- d-----w- c:\windows\system32\drivers\NISx64\1502000.026 2014-03-14 15:25 . 2014-03-14 15:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\.minecraft 2014-03-02 19:50 . 2014-03-02 19:50 -------- d-----w- c:\users\Administrator\AppData\Roaming\OpenOffice 2014-03-02 19:36 . 2014-03-02 19:36 -------- d-----w- c:\users\Administrator\AppData\Roaming\Cornelsen 2014-03-02 19:29 . 2014-03-08 14:15 -------- d-----w- c:\program files\WinTimer 2014-03-02 19:29 . 2011-11-29 07:48 442880 ----a-w- c:\windows\system32\wlsppc.dll 2014-03-02 19:29 . 2011-11-29 07:27 2024960 ----a-w- c:\windows\system32\wtmconfig.exe 2014-03-02 19:29 . 2011-11-29 07:25 87552 ----a-w- c:\windows\system32\wtmtray.exe 2014-03-02 19:29 . 2011-11-29 07:24 92672 ----a-w- c:\windows\system32\wtmdeinstall.exe 2014-03-02 19:29 . 2011-11-29 07:23 257536 ----a-w- c:\windows\system32\wtmcore.exe 2014-03-02 10:38 . 2014-03-02 10:38 -------- d-----w- c:\users\Patrik\AppData\Local\Skype 2014-03-01 11:27 . 2014-03-01 11:27 -------- d-----w- c:\users\Administrator\AppData\Local\Microsoft Corporation 2014-03-01 11:27 . 2014-03-01 11:27 -------- d-----w- c:\programdata\Microsoft Corporation 2014-03-01 11:14 . 2014-03-01 11:14 -------- d-----w- c:\program files (x86)\Microsoft Application Compatibility Toolkit 2014-03-01 10:14 . 2014-03-28 21:10 -------- d-----w- c:\programdata\Analyzer 2014-03-01 10:07 . 2014-03-01 10:07 -------- d-----w- c:\users\Administrator\AppData\Local\Skype 2014-03-01 10:06 . 2014-03-01 10:06 -------- d-----w- c:\program files (x86)\Common Files\Skype 2014-03-01 10:06 . 2014-03-01 10:06 -------- d-----r- c:\program files (x86)\Skype . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-13 15:29 . 2013-09-04 15:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-13 15:29 . 2013-09-04 15:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-02-26 18:08 . 2013-09-04 13:12 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2014-02-16 17:52 . 2013-10-15 11:44 88567024 ----a-w- c:\windows\system32\MRT.exe 2014-02-11 18:33 . 2014-02-26 18:08 875736 ----a-r- c:\windows\system32\drivers\NISx64\1501010.007\srtsp64.sys 2014-02-11 18:33 . 2014-02-26 18:08 36952 ----a-r- c:\windows\system32\drivers\NISx64\1501010.007\srtspx64.sys 2014-02-08 18:34 . 2014-02-23 10:56 61216 ----a-w- c:\windows\system32\OpenCL.dll 2014-02-08 18:34 . 2014-02-23 10:56 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2014-02-08 18:34 . 2014-02-23 10:51 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll 2014-02-08 18:34 . 2014-02-23 10:51 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll 2014-02-08 18:34 . 2014-02-23 10:51 15740232 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2014-02-08 18:34 . 2014-02-23 10:51 11589272 ----a-w- c:\windows\system32\nvopencl.dll 2014-02-08 18:34 . 2014-02-23 10:51 892192 ----a-w- c:\windows\system32\NvIFR64.dll 2014-02-08 18:34 . 2014-02-23 10:51 863520 ----a-w- c:\windows\SysWow64\NvIFR.dll 2014-02-08 18:34 . 2014-02-23 10:51 31432480 ----a-w- c:\windows\system32\nvoglv64.dll 2014-02-08 18:34 . 2014-02-23 10:51 23683360 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2014-02-08 18:34 . 2014-02-23 10:51 12324640 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2014-02-08 18:34 . 2014-02-23 10:51 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll 2014-02-08 18:34 . 2014-02-23 10:51 875296 ----a-w- c:\windows\system32\NvFBC64.dll 2014-02-08 18:34 . 2014-02-23 10:51 844576 ----a-w- c:\windows\SysWow64\NvFBC.dll 2014-02-08 18:34 . 2014-02-23 10:51 3142432 ----a-w- c:\windows\system32\nvcuvid.dll 2014-02-08 18:34 . 2014-02-23 10:51 2956576 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2014-02-08 18:34 . 2014-02-23 10:51 2782496 ----a-w- c:\windows\system32\nvcuvenc.dll 2014-02-08 18:34 . 2014-02-23 10:51 2410784 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2014-02-08 18:34 . 2014-02-23 10:51 1885472 ----a-w- c:\windows\system32\nvdispco6433489.dll 2014-02-08 18:34 . 2014-02-23 10:51 17715784 ----a-w- c:\windows\system32\nvd3dumx.dll 2014-02-08 18:34 . 2014-02-23 10:51 1515296 ----a-w- c:\windows\system32\nvdispgenco6433489.dll 2014-02-08 18:34 . 2014-02-23 10:51 14669032 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2014-02-08 18:34 . 2014-02-23 10:51 11636176 ----a-w- c:\windows\system32\nvcuda.dll 2014-02-08 18:34 . 2014-02-23 10:51 3090184 ----a-w- c:\windows\system32\nvapi64.dll 2014-02-08 18:34 . 2014-02-23 10:51 2713728 ----a-w- c:\windows\SysWow64\nvapi.dll 2014-02-08 18:34 . 2014-02-23 10:51 25256224 ----a-w- c:\windows\system32\nvcompiler.dll 2014-02-08 18:34 . 2014-02-23 10:51 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2014-02-08 17:42 . 2014-02-23 10:56 3498272 ----a-w- c:\windows\system32\nvsvc64.dll 2014-02-08 17:42 . 2014-02-23 10:56 6712608 ----a-w- c:\windows\system32\nvcpl.dll 2014-02-08 17:42 . 2014-02-23 10:56 923936 ----a-w- c:\windows\system32\nvvsvc.exe 2014-02-08 17:42 . 2014-02-23 10:56 63776 ----a-w- c:\windows\system32\nvshext.dll 2014-02-08 17:42 . 2014-02-23 10:56 2559776 ----a-w- c:\windows\system32\nvsvcr.dll 2014-02-08 17:42 . 2014-02-23 10:56 386336 ----a-w- c:\windows\system32\nvmctray.dll 2014-02-06 12:16 . 2014-02-13 16:54 23170048 ----a-w- c:\windows\system32\mshtml.dll 2014-02-06 11:30 . 2014-02-13 16:54 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-02-06 11:30 . 2014-02-13 16:54 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-02-06 11:12 . 2014-02-13 16:54 2765824 ----a-w- c:\windows\system32\iertutil.dll 2014-02-06 11:07 . 2014-02-13 16:54 66048 ----a-w- c:\windows\system32\iesetup.dll 2014-02-06 11:06 . 2014-02-13 16:54 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-02-06 10:57 . 2014-02-13 16:54 53760 ----a-w- c:\windows\system32\jsproxy.dll 2014-02-06 10:56 . 2014-02-13 16:54 33792 ----a-w- c:\windows\system32\iernonce.dll 2014-02-06 10:52 . 2014-02-13 16:54 574976 ----a-w- c:\windows\system32\ieui.dll 2014-02-06 10:49 . 2014-02-13 16:54 139264 ----a-w- c:\windows\system32\ieUnatt.exe 2014-02-06 10:48 . 2014-02-13 16:54 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-02-06 10:48 . 2014-02-13 16:54 708608 ----a-w- c:\windows\system32\jscript9diag.dll 2014-02-06 10:32 . 2014-02-13 16:54 218624 ----a-w- c:\windows\system32\ie4uinit.exe 2014-02-06 10:20 . 2014-02-13 16:54 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-02-06 10:17 . 2014-02-13 16:54 195584 ----a-w- c:\windows\system32\msrating.dll 2014-02-06 10:11 . 2014-02-13 16:54 5768704 ----a-w- c:\windows\system32\jscript9.dll 2014-02-06 10:01 . 2014-02-13 16:54 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-02-06 10:00 . 2014-02-13 16:54 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-02-06 09:57 . 2014-02-13 16:54 627200 ----a-w- c:\windows\system32\msfeeds.dll 2014-02-06 09:50 . 2014-02-13 16:54 2041856 ----a-w- c:\windows\system32\inetcpl.cpl 2014-02-06 09:47 . 2014-02-13 16:54 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-02-06 09:46 . 2014-02-13 16:54 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-02-06 09:25 . 2014-02-13 16:54 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-02-06 09:24 . 2014-02-13 16:54 2334208 ----a-w- c:\windows\system32\wininet.dll 2014-02-06 09:22 . 2014-02-13 16:54 13051392 ----a-w- c:\windows\system32\ieframe.dll 2014-02-06 09:09 . 2014-02-13 16:54 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-02-06 08:55 . 2014-02-13 16:54 1393664 ----a-w- c:\windows\system32\urlmon.dll 2014-02-06 08:41 . 2014-02-13 16:54 1820160 ----a-w- c:\windows\SysWow64\wininet.dll 2014-02-06 08:40 . 2014-02-13 16:54 817664 ----a-w- c:\windows\system32\ieapfltr.dll 2014-01-16 16:12 . 2014-01-16 16:12 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20924576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2008-06-16 809480] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-05 181480] "BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-02-18 815888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "*TampMon"="c:\program files (x86)\Norton Family\Engine\2.9.5.29\tampmon.exe" [2014-02-10 61792] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2013-9-4 155648] AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2013-9-4 651264] phase-6 Reminder.lnk - c:\program files (x86)\phase-6\phase-6\reminder\reminder.exe [2014-1-7 724992] Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableClock"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoCommonGroups"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Family;c:\windows\System32\Drivers\NSMx64\0209050.01D\SymRdrS.SYS;c:\windows\SYSNATIVE\Drivers\NSMx64\0209050.01D\SymRdrS.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501010.007\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501010.007\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501010.007\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501010.007\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140319.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [x] S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501010.007\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501010.007\ccSetx64.sys [x] S1 ccSet_NSM;Norton Family Settings Manager;c:\windows\system32\drivers\NSMx64\0209050.01D\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSMx64\0209050.01D\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140328.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140328.001\IDSvia64.sys [x] S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501010.007\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501010.007\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501010.007\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501010.007\SYMNETS.SYS [x] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2013/09/04 14:45];c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl;c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [x] S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [x] S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [x] S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x] S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x] S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x] S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe [x] S2 NSM;Norton Family;c:\program files (x86)\Norton Family\Engine\2.9.5.29\NF.exe;c:\program files (x86)\Norton Family\Engine\2.9.5.29\NF.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe;c:\windows\SYSNATIVE\vfsFPService.exe [x] S3 AVerAF15;AVerMedia A815;c:\windows\system32\Drivers\AVerAF15.sys;c:\windows\SYSNATIVE\Drivers\AVerAF15.sys [x] S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x] . . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b8816fc-1552-11e3-93d7-806e6f6e6963}] \shell\AutoRun\command - e:\.\Autorun.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9420234-155a-11e3-8921-806e6f6e6963}] \shell\AutoRun\command - E:\Start.exe . Inhalt des "geplante Tasks" Ordners . 2014-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-04 15:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default\ FF - prefs.js: browser.startup.homepage - about:home . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKLM-Run-TBAction - \\DISKSTATION\TimeAnalyzer\tbaction.exe Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-TBAction - \\DISKSTATION\TimeAnalyzer\tbaction.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.1.7\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSM] "ImagePath"="\"c:\program files (x86)\Norton Family\Engine\2.9.5.29\NF.exe\" /s \"NSM\" /m \"c:\program files (x86)\Norton Family\Engine\2.9.5.29\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501010.007\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.1.7;c:\program files (x86)\Norton Internet Security\Engine64\21.1.1.7" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f3,f0,fa, 63,2c,3d,25,0f,82,da,b9,f0,9f,0d,0f,d2 "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,3b,1b,1e,c4,3b, 7c,ca,1c,7b,0e,90,a9,d3,9a,c6,99,e2,10 "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,3b,1b,94,f3,42, 71,9b,3c,eb,0b,b4,e6,b2,22,8d,47,47,14 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,05, 6a,c5,80,40,0a,ac,e3,92,9a,f3,9f,6b,5b "{B8E07826-0971-4F16-B133-047B88034E89}"=hex:51,66,7a,6c,4c,1d,3b,1b,36,67,f1, a4,44,5f,7a,03,ab,3b,42,3b,8a,45,08,91 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d9, c7,70,f2,37,0f,a6,7c,da,65,c3,83,ce,b1 . [HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "{11111111-1111-1111-1111-110311121157}"="" "Timestamp"=hex:da,1c,77,6d,78,ac,ce,01 . [HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,20,15,9d,fc,1d,d0,42,b9,a7,94,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,20,15,9d,fc,1d,d0,42,b9,a7,94,\ . [HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings] @Denied: (2) (Administrator) . [HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item1] @Denied: (2) (Administrator) "Flag"=dword:00000000 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item2] @Denied: (2) (Administrator) "Flag"=dword:00000000 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item3] @Denied: (2) (Administrator) "Flag"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-03-29 14:07:02 ComboFix-quarantined-files.txt 2014-03-29 13:07 . Vor Suchlauf: 13 Verzeichnis(se), 99.984.900.096 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 99.981.402.112 Bytes frei . - - End Of File - - FBB2B63AD2A33FCD030724759BE0D9DA A36C5E4F47E84449FF07ED3517B43A31 |
30.03.2014, 07:32 | #4 |
/// the machine /// TB-Ausbilder | Rechner tut seltsame Dinge Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.03.2014, 12:04 | #5 |
| Rechner tut seltsame DingeCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 30.03.2014 Suchlauf-Zeit: 13:02:49 Logdatei: mbam.txt Administrator: Ja Version: 2.00.0.1000 Malware Datenbank: v2014.03.28.07 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Administrator Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 276081 Verstrichene Zeit: 33 Min, 12 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.CrossRider.A, HKU\S-1-5-21-1352531634-2534244058-2222343639-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [17e9619f9b65a25e66e2127efe05a55b], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 30/03/2014 um 13:51:54 # Aktualisiert 13/03/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Administrator - PATRIKS-LAPTOP # Gestartet von : C:\Users\Administrator\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller Ordner Gelöscht : C:\Program Files (x86)\Common Files\337 Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default\invalidprefs.js Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default\searchplugins\safesearch.xml Datei Gelöscht : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser Datei Gelöscht : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\omigaplussvc Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc Schlüssel Gelöscht : HKLM\SOFTWARE\53edfdeb73eea14 Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\Delta Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions Schlüssel Gelöscht : HKCU\Software\lollipop Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\Software\Delta Schlüssel Gelöscht : HKLM\Software\Desksvc Schlüssel Gelöscht : HKLM\Software\eSafeSecControl Schlüssel Gelöscht : HKLM\Software\hdcode Schlüssel Gelöscht : HKLM\Software\omigaplusSvc Schlüssel Gelöscht : HKLM\Software\V9 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v28.0 (de) [ Datei : C:\Users\Patrik\AppData\Roaming\Mozilla\Firefox\Profiles\yiwdr1nt.default-1394203077012\prefs.js ] [ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default\prefs.js ] ************************* AdwCleaner[R0].txt - [3821 octets] - [30/03/2014 13:08:51] AdwCleaner[S0].txt - [3241 octets] - [30/03/2014 13:51:54] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3301 octets] ########## Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Administrator (administrator) on PATRIKS-LAPTOP on 30-03-2014 13:57:49 Running from C:\Users\Administrator\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Validity Sensors, Inc.) C:\Windows\system32\vfsFPService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (Tobias Süllhöfer Software) C:\Windows\system32\wtmcore.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe (Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Neuber Software) \\DISKSTATION\TimeAnalyzer\tbaction.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [TBAction] - \\DISKSTATION\TimeAnalyzer\tbaction.exe [131504 2013-01-30] (Neuber Software) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [809480 2008-06-16] (Dritek System Inc.) HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-06] (CyberLink Corp.) HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-05] (Acer Corp.) HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [815888 2014-02-18] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [TBAction] - \\DISKSTATION\TimeAnalyzer\tbaction.exe [131504 2013-01-30] (Neuber Software) HKLM-x32\...\RunOnce: [*TampMon] - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\tampmon.exe [61792 2014-02-10] (Symantec Corporation) HKLM\...\Winlogon: [Shell] explorer.exe,wtmcore.exe HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [DisableClock] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoNetworkConnections] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoCommonGroups] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\MountPoints2: {1b8816fc-1552-11e3-93d7-806e6f6e6963} - E:\.\Autorun.exe HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\MountPoints2: {e9420234-155a-11e3-8921-806e6f6e6963} - E:\Start.exe GroupPolicyUsers\S-1-5-21-1352531634-2534244058-2222343639-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9A2A4B2768A9CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.1.7\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\coIEPlg.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.1.7\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\coIEPlg.dll (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9-x64 01 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 02 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 03 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 04 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 05 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 06 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 07 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 08 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 09 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 10 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 21 %windir%\system32\wlsppc.dll [442880] () Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\ FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\ [] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-02-26] ==================== Services (Whitelisted) ================= R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-31] (AVerMedia) R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] () R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-02-18] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-02-18] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [766736 2014-02-18] (BlueStack Systems, Inc.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe [276376 2014-02-12] (Symantec Corporation) R2 NSM; C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe [570944 2014-02-10] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2009-06-03] (Validity Sensors, Inc.) R2 vfsFPService; C:\Windows\SysWOW64\vfsFPService.exe [599344 2009-06-03] (Validity Sensors, Inc.) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [311424 2009-05-22] (AVerMedia TECHNOLOGIES, Inc.) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122128 2014-02-18] (BlueStack Systems) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501010.007\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0209050.01D\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation) R1 DritekPortIO; C:\Program Files (x86)\Launch Manager\DPortIO.sys [21264 2006-11-02] (Dritek System Inc.) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-26] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140328.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-03-30] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140329.002\ENG64.SYS [126040 2014-02-26] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140329.002\EX64.SYS [2099288 2014-02-26] (Symantec Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1501010.007\SRTSP64.SYS [875736 2014-02-11] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501010.007\SRTSPX64.SYS [36952 2014-02-11] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1501010.007\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501010.007\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-26] (Symantec Corporation) R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501010.007\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501010.007\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation) S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0209050.01D\SymRdrS.SYS [246488 2013-12-18] (Symantec Corporation) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2009-10-05] (CyberLink Corp.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-30 13:57 - 2014-03-30 13:57 - 00016567 _____ () C:\Users\Administrator\Desktop\FRST.txt 2014-03-30 13:08 - 2014-03-30 13:51 - 00000000 ____D () C:\AdwCleaner 2014-03-30 13:04 - 2014-03-30 13:05 - 00017859 _____ () C:\Users\Administrator\Desktop\mbam.txt 2014-03-30 12:23 - 2014-03-30 13:57 - 00000000 ____D () C:\Users\Administrator\Desktop\trojaner-board.de 2014-03-29 15:07 - 2014-03-29 15:07 - 00024658 _____ () C:\ComboFix.txt 2014-03-29 14:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-03-29 14:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-03-29 14:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-03-29 14:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-03-29 14:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-03-29 14:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-03-29 14:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-03-29 14:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-03-29 14:58 - 2014-03-29 15:07 - 00000000 ____D () C:\Qoobox 2014-03-29 14:57 - 2014-03-29 15:04 - 00000000 ____D () C:\Windows\erdnt 2014-03-28 23:08 - 2014-03-28 23:08 - 00380416 _____ () C:\Users\Administrator\Downloads\5izoz6n9.exe 2014-03-28 23:04 - 2014-03-28 23:05 - 00019533 _____ () C:\Users\Administrator\Downloads\Addition.txt 2014-03-28 23:03 - 2014-03-30 13:57 - 00000000 ____D () C:\FRST 2014-03-28 23:03 - 2014-03-28 23:05 - 00042500 _____ () C:\Users\Administrator\Downloads\FRST.txt 2014-03-28 23:03 - 2014-03-28 23:03 - 02157056 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe 2014-03-28 22:48 - 2014-03-28 22:48 - 00102495 _____ (Medion) C:\Users\Administrator\Downloads\Fix_Wup.exe 2014-03-28 21:46 - 2013-09-10 04:47 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys 2014-03-28 21:36 - 2014-03-30 12:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-28 21:36 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-28 21:36 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-28 21:36 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-28 21:35 - 2014-03-28 21:35 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 21:25 - 2014-03-28 21:25 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard 2014-03-28 21:25 - 2014-03-28 21:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-03-28 21:24 - 2014-03-28 21:24 - 00000000 _____ () C:\Windows\HPMProp.INI 2014-03-28 21:24 - 2013-12-04 01:14 - 00601376 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll 2014-03-28 21:24 - 2013-12-04 01:14 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll 2014-03-28 21:24 - 2013-12-04 01:13 - 00217376 _____ (Hewlett-Packard) C:\Windows\system32\hpmml160.dll 2014-03-28 21:24 - 2013-12-04 01:13 - 00189728 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll 2014-03-28 21:24 - 2013-12-04 01:13 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp160.dll 2014-03-28 21:24 - 2013-12-04 01:13 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll 2014-03-28 21:24 - 2013-12-04 01:12 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja160.dll 2014-03-28 21:24 - 2013-12-04 01:11 - 00447264 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn160.dll 2014-03-28 21:24 - 2013-12-04 01:11 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll 2014-03-28 21:24 - 2013-12-04 01:07 - 00446240 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3160.dll 2014-03-28 21:24 - 2011-02-11 15:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll 2014-03-28 21:24 - 2011-02-11 15:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll 2014-03-28 21:24 - 2009-02-25 17:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll 2014-03-28 21:22 - 2014-03-28 21:23 - 18409760 _____ () C:\Users\Administrator\Downloads\upd-pcl6-x64-5.8.0.17508.exe 2014-03-28 21:00 - 2014-03-28 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Minesweeper - Verknüpfung.lnk 2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Hearts - Verknüpfung.lnk 2014-03-28 16:51 - 2014-03-28 16:51 - 00000622 _____ () C:\Users\Patrik\Desktop\Solitär - Verknüpfung.lnk 2014-03-28 16:51 - 2014-03-28 16:51 - 00000574 _____ () C:\Users\Patrik\Desktop\Chess Titans - Verknüpfung.lnk 2014-03-14 17:25 - 2014-03-14 17:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft 2014-03-11 17:07 - 2014-03-11 17:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (5) 2014-03-11 17:07 - 2014-03-11 17:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (4) 2014-03-11 17:06 - 2014-03-22 11:04 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner 2014-03-11 17:06 - 2014-03-11 17:08 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (3) 2014-03-11 17:06 - 2014-03-11 17:08 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (2) 2014-03-11 17:05 - 2014-03-22 11:03 - 00000000 ___RD () C:\Users\Patrik\Desktop\Neuer Aktenkoffer 2014-03-07 16:37 - 2014-03-07 16:37 - 00000000 ____D () C:\Users\Patrik\Desktop\Alte Firefox-Daten 2014-03-02 21:55 - 2014-03-02 21:56 - 00002679 _____ () C:\Users\Administrator\Desktop\1.pel 2014-03-02 21:50 - 2014-03-02 21:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\OpenOffice 2014-03-02 21:36 - 2014-03-02 21:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Cornelsen 2014-03-02 21:31 - 2014-03-02 21:31 - 00000000 _____ () C:\wlspinst.log 2014-03-02 21:29 - 2014-03-08 16:15 - 00000000 ____D () C:\Program Files\WinTimer 2014-03-02 21:29 - 2011-11-29 09:48 - 00442880 _____ () C:\Windows\system32\wlsppc.dll 2014-03-02 21:29 - 2011-11-29 09:27 - 02024960 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmconfig.exe 2014-03-02 21:29 - 2011-11-29 09:27 - 00073437 _____ () C:\Windows\system32\wtmconfig.chm 2014-03-02 21:29 - 2011-11-29 09:25 - 00087552 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmtray.exe 2014-03-02 21:29 - 2011-11-29 09:24 - 00092672 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmdeinstall.exe 2014-03-02 21:29 - 2011-11-29 09:23 - 00257536 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmcore.exe 2014-03-02 12:51 - 2014-03-02 12:51 - 00001230 _____ () C:\Users\Patrik\Desktop\Calculator.lnk 2014-03-02 12:38 - 2014-03-02 12:38 - 00000000 ____D () C:\Users\Patrik\AppData\Local\Skype 2014-03-01 13:27 - 2014-03-01 13:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Corporation 2014-03-01 13:27 - 2014-03-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft Corporation 2014-03-01 13:21 - 2014-03-01 13:21 - 00000740 _____ () C:\Users\Administrator\CompAdmin_Datenbank.sdb 2014-03-01 13:14 - 2014-03-01 13:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Compatibility Toolkit 2014-03-01 13:13 - 2014-03-01 13:13 - 12812600 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\ApplicationCompatibilityToolkitSetup.exe 2014-03-01 13:01 - 2014-03-01 13:01 - 00001242 _____ () C:\Users\Patrik\Desktop\Paint.lnk 2014-03-01 12:14 - 2014-03-28 23:10 - 00000000 ____D () C:\ProgramData\Analyzer 2014-03-01 12:07 - 2014-03-01 12:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Skype 2014-03-01 12:06 - 2014-03-01 12:06 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-01 12:06 - 2014-03-01 12:06 - 00000000 ___RD () C:\Program Files (x86)\Skype ==================== One Month Modified Files and Folders ======= 2014-03-30 13:58 - 2014-03-30 13:57 - 00016567 _____ () C:\Users\Administrator\Desktop\FRST.txt 2014-03-30 13:57 - 2014-03-30 12:23 - 00000000 ____D () C:\Users\Administrator\Desktop\trojaner-board.de 2014-03-30 13:57 - 2014-03-28 23:03 - 00000000 ____D () C:\FRST 2014-03-30 13:57 - 2013-10-15 14:35 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype 2014-03-30 13:56 - 2013-09-04 17:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-30 13:54 - 2014-02-26 20:15 - 00003410 _____ () C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 2014-03-30 13:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-30 13:53 - 2009-07-14 06:51 - 00050305 _____ () C:\Windows\setupact.log 2014-03-30 13:52 - 2013-09-04 13:10 - 01557610 _____ () C:\Windows\WindowsUpdate.log 2014-03-30 13:51 - 2014-03-30 13:08 - 00000000 ____D () C:\AdwCleaner 2014-03-30 13:05 - 2014-03-30 13:04 - 00017859 _____ () C:\Users\Administrator\Desktop\mbam.txt 2014-03-30 12:58 - 2013-09-04 17:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-30 12:32 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-30 12:32 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-30 12:29 - 2014-03-28 21:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-30 12:29 - 2009-07-14 19:58 - 00698956 _____ () C:\Windows\system32\perfh007.dat 2014-03-30 12:29 - 2009-07-14 19:58 - 00149064 _____ () C:\Windows\system32\perfc007.dat 2014-03-30 12:29 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-30 10:55 - 2013-10-15 14:53 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Skype 2014-03-30 10:40 - 2013-09-04 14:10 - 00172746 _____ () C:\Windows\PFRO.log 2014-03-29 15:07 - 2014-03-29 15:07 - 00024658 _____ () C:\ComboFix.txt 2014-03-29 15:07 - 2014-03-29 14:58 - 00000000 ____D () C:\Qoobox 2014-03-29 15:07 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-29 15:04 - 2014-03-29 14:57 - 00000000 ____D () C:\Windows\erdnt 2014-03-29 15:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-03-28 23:10 - 2014-03-01 12:14 - 00000000 ____D () C:\ProgramData\Analyzer 2014-03-28 23:08 - 2014-03-28 23:08 - 00380416 _____ () C:\Users\Administrator\Downloads\5izoz6n9.exe 2014-03-28 23:05 - 2014-03-28 23:04 - 00019533 _____ () C:\Users\Administrator\Downloads\Addition.txt 2014-03-28 23:05 - 2014-03-28 23:03 - 00042500 _____ () C:\Users\Administrator\Downloads\FRST.txt 2014-03-28 23:03 - 2014-03-28 23:03 - 02157056 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe 2014-03-28 22:49 - 2014-01-14 18:27 - 00000680 __RSH () C:\Users\Administrator\ntuser.pol 2014-03-28 22:49 - 2013-09-04 13:39 - 00000000 ____D () C:\Users\Administrator 2014-03-28 22:48 - 2014-03-28 22:48 - 00102495 _____ (Medion) C:\Users\Administrator\Downloads\Fix_Wup.exe 2014-03-28 21:54 - 2013-09-04 14:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-28 21:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding 2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-28 21:35 - 2014-03-28 21:35 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 21:25 - 2014-03-28 21:25 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard 2014-03-28 21:25 - 2014-03-28 21:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-03-28 21:24 - 2014-03-28 21:24 - 00000000 _____ () C:\Windows\HPMProp.INI 2014-03-28 21:23 - 2014-03-28 21:22 - 18409760 _____ () C:\Users\Administrator\Downloads\upd-pcl6-x64-5.8.0.17508.exe 2014-03-28 21:00 - 2014-03-28 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Minesweeper - Verknüpfung.lnk 2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Hearts - Verknüpfung.lnk 2014-03-28 16:51 - 2014-03-28 16:51 - 00000622 _____ () C:\Users\Patrik\Desktop\Solitär - Verknüpfung.lnk 2014-03-28 16:51 - 2014-03-28 16:51 - 00000574 _____ () C:\Users\Patrik\Desktop\Chess Titans - Verknüpfung.lnk 2014-03-27 17:05 - 2013-09-04 15:40 - 00000000 ____D () C:\Users\Patrik\AppData\Local\LogMeIn Hamachi 2014-03-26 15:51 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-03-25 17:16 - 2013-09-04 15:11 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-03-24 17:41 - 2013-09-04 16:21 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\.minecraft 2014-03-22 11:04 - 2014-03-11 17:06 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner 2014-03-22 11:03 - 2014-03-11 17:05 - 00000000 ___RD () C:\Users\Patrik\Desktop\Neuer Aktenkoffer 2014-03-20 19:06 - 2013-10-15 14:05 - 00000000 ____D () C:\Users\Patrik\AppData\Local\CrashDumps 2014-03-19 18:42 - 2013-10-18 12:43 - 00000000 ____D () C:\Users\Patrik\Desktop\Skins 2014-03-14 17:30 - 2014-03-14 17:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft 2014-03-13 17:29 - 2013-09-04 17:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-13 17:29 - 2013-09-04 17:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-11 17:08 - 2014-03-11 17:06 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (3) 2014-03-11 17:08 - 2014-03-11 17:06 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (2) 2014-03-11 17:07 - 2014-03-11 17:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (5) 2014-03-11 17:07 - 2014-03-11 17:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (4) 2014-03-08 16:15 - 2014-03-02 21:29 - 00000000 ____D () C:\Program Files\WinTimer 2014-03-07 16:37 - 2014-03-07 16:37 - 00000000 ____D () C:\Users\Patrik\Desktop\Alte Firefox-Daten 2014-03-05 10:26 - 2014-03-28 21:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 10:26 - 2014-03-28 21:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 10:26 - 2014-03-28 21:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-03 13:16 - 2014-02-25 16:33 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\TeamViewer 2014-03-02 21:56 - 2014-03-02 21:55 - 00002679 _____ () C:\Users\Administrator\Desktop\1.pel 2014-03-02 21:50 - 2014-03-02 21:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\OpenOffice 2014-03-02 21:36 - 2014-03-02 21:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Cornelsen 2014-03-02 21:31 - 2014-03-02 21:31 - 00000000 _____ () C:\wlspinst.log 2014-03-02 12:54 - 2014-02-09 15:31 - 00000000 ____D () C:\Users\Patrik\Desktop\Skreenshots 2014-03-02 12:51 - 2014-03-02 12:51 - 00001230 _____ () C:\Users\Patrik\Desktop\Calculator.lnk 2014-03-02 12:38 - 2014-03-02 12:38 - 00000000 ____D () C:\Users\Patrik\AppData\Local\Skype 2014-03-01 13:27 - 2014-03-01 13:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Corporation 2014-03-01 13:27 - 2014-03-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft Corporation 2014-03-01 13:21 - 2014-03-01 13:21 - 00000740 _____ () C:\Users\Administrator\CompAdmin_Datenbank.sdb 2014-03-01 13:14 - 2014-03-01 13:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Compatibility Toolkit 2014-03-01 13:13 - 2014-03-01 13:13 - 12812600 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\ApplicationCompatibilityToolkitSetup.exe 2014-03-01 13:01 - 2014-03-01 13:01 - 00001242 _____ () C:\Users\Patrik\Desktop\Paint.lnk 2014-03-01 12:07 - 2014-03-01 12:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Skype 2014-03-01 12:07 - 2013-10-15 14:34 - 00000000 ____D () C:\ProgramData\Skype 2014-03-01 12:06 - 2014-03-01 12:06 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-01 12:06 - 2014-03-01 12:06 - 00000000 ___RD () C:\Program Files (x86)\Skype Some content of TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe C:\Users\Patrik\AppData\Local\Temp\jna6179475853113028583.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna8659652830429220834.hunspell-win-x86-32.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-26 19:44 ==================== End Of Log ============================ Geändert von Paprika1509 (30.03.2014 um 13:01 Uhr) |
31.03.2014, 09:39 | #6 |
/// the machine /// TB-Ausbilder | Rechner tut seltsame DingeESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Rechner tut seltsame Dinge |
02.04.2014, 11:49 | #7 |
| Rechner tut seltsame DingeCode:
ATTFilter ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetesets_scanner_update returned -1 esets_gle=1 # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=31ad342324da0a41b362c8dbab77650c # engine=17718 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-02 09:54:51 # local_time=2014-04-02 11:54:51 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3591 16777213 100 88 65270 159029076 0 0 # compatibility_mode=5893 16776574 100 94 17775040 148062341 0 0 # scanned=176529 # found=0 # cleaned=0 # scan_time=14791 Code:
ATTFilter Results of screen317's Security Check version 0.99.80 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.9016) Java 7 Update 51 Adobe Flash Player 12.0.0.77 Mozilla Firefox (28.0) ````````Process Check: objlist.exe by Laurent```````` ESET ESET Online Scanner OnlineScannerApp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Administrator (administrator) on PATRIKS-LAPTOP on 02-04-2014 12:45:47 Running from C:\Users\Administrator\Desktop\trojaner-board.de Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Validity Sensors, Inc.) C:\Windows\system32\vfsFPService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Tobias Süllhöfer Software) C:\Windows\system32\wtmcore.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe (AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [TBAction] - \\DISKSTATION\TimeAnalyzer\tbaction.exe [131504 2013-01-30] (Neuber Software) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [809480 2008-06-16] (Dritek System Inc.) HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-06] (CyberLink Corp.) HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-05] (Acer Corp.) HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [815888 2014-02-18] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [TBAction] - \\DISKSTATION\TimeAnalyzer\tbaction.exe [131504 2013-01-30] (Neuber Software) HKLM-x32\...\RunOnce: [*TampMon] - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\tampmon.exe [61792 2014-02-10] (Symantec Corporation) HKLM\...\Winlogon: [Shell] explorer.exe,wtmcore.exe HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [DisableClock] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoNetworkConnections] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoCommonGroups] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\MountPoints2: {1b8816fc-1552-11e3-93d7-806e6f6e6963} - E:\.\Autorun.exe HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\MountPoints2: {e9420234-155a-11e3-8921-806e6f6e6963} - E:\Start.exe GroupPolicyUsers\S-1-5-21-1352531634-2534244058-2222343639-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9A2A4B2768A9CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\coIEPlg.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9-x64 01 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 02 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 03 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 04 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 05 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 06 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 07 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 08 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 09 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 10 %windir%\system32\wlsppc.dll [442880] () Winsock: Catalog9-x64 21 %windir%\system32\wlsppc.dll [442880] () Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default FF DefaultSearchEngine: Norton Safe Search FF SelectedSearchEngine: Norton Safe Search FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\ FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\ [] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-02-26] ==================== Services (Whitelisted) ================= R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-31] (AVerMedia) R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] () R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-02-18] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-02-18] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [766736 2014-02-18] (BlueStack Systems, Inc.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation) R2 NSM; C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe [570944 2014-02-10] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2009-06-03] (Validity Sensors, Inc.) R2 vfsFPService; C:\Windows\SysWOW64\vfsFPService.exe [599344 2009-06-03] (Validity Sensors, Inc.) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [311424 2009-05-22] (AVerMedia TECHNOLOGIES, Inc.) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122128 2014-02-18] (BlueStack Systems) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0209050.01D\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation) R1 DritekPortIO; C:\Program Files (x86)\Launch Manager\DPortIO.sys [21264 2006-11-02] (Dritek System Inc.) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-26] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140401.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-03-30] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140401.023\ENG64.SYS [126040 2014-02-26] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140401.023\EX64.SYS [2099288 2014-02-26] (Symantec Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-11] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2014-02-11] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-26] (Symantec Corporation) R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0209050.01D\SymRdrS.SYS [246488 2013-12-18] (Symantec Corporation) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2009-10-05] (CyberLink Corp.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-02 07:45 - 2014-04-02 07:45 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-01 17:56 - 2014-04-01 17:56 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-04-01 17:40 - 2014-03-02 12:51 - 00001230 _____ () C:\Users\Patrik\Desktop\Calculator - Kopie.lnk 2014-04-01 16:21 - 2014-04-02 07:43 - 00003410 _____ () C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 2014-03-31 17:32 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-03-31 17:32 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-03-30 14:47 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-03-30 14:47 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-03-30 14:47 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-03-30 14:47 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-03-30 14:47 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-03-30 14:47 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-03-30 14:47 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-03-30 14:47 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-03-30 14:47 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-03-30 14:47 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-03-30 14:47 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-03-30 14:47 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-03-30 14:47 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-03-30 14:47 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-03-30 14:47 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-03-30 14:47 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-03-30 14:44 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-03-30 14:44 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-03-30 13:08 - 2014-03-30 13:51 - 00000000 ____D () C:\AdwCleaner 2014-03-30 12:44 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-30 12:44 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-30 12:44 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-30 12:44 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-30 12:44 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-30 12:44 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-30 12:44 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-30 12:44 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-30 12:44 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-30 12:44 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-30 12:44 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-30 12:44 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-30 12:44 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-30 12:44 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-30 12:44 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-30 12:44 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-30 12:44 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-30 12:44 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-30 12:44 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-30 12:44 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-30 12:44 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-30 12:44 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-30 12:44 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-30 12:44 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-30 12:44 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-30 12:44 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-30 12:44 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-30 12:44 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-30 12:44 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-30 12:44 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-30 12:44 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-30 12:44 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-30 12:44 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-30 12:44 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-30 12:44 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-30 12:44 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-30 12:44 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-30 12:44 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-30 12:44 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-30 12:44 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-30 12:43 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-30 12:43 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-30 12:43 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-30 12:43 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-30 12:43 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-30 12:43 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-30 12:43 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-30 12:43 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-30 12:23 - 2014-04-02 12:45 - 00000000 ____D () C:\Users\Administrator\Desktop\trojaner-board.de 2014-03-29 15:07 - 2014-03-29 15:07 - 00024658 _____ () C:\ComboFix.txt 2014-03-29 14:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-03-29 14:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-03-29 14:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-03-29 14:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-03-29 14:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-03-29 14:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-03-29 14:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-03-29 14:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-03-29 14:58 - 2014-03-29 15:07 - 00000000 ____D () C:\Qoobox 2014-03-29 14:57 - 2014-03-29 15:04 - 00000000 ____D () C:\Windows\erdnt 2014-03-28 23:08 - 2014-03-28 23:08 - 00380416 _____ () C:\Users\Administrator\Downloads\5izoz6n9.exe 2014-03-28 23:04 - 2014-03-28 23:05 - 00019533 _____ () C:\Users\Administrator\Downloads\Addition.txt 2014-03-28 23:03 - 2014-04-02 12:45 - 00000000 ____D () C:\FRST 2014-03-28 23:03 - 2014-03-28 23:05 - 00042500 _____ () C:\Users\Administrator\Downloads\FRST.txt 2014-03-28 22:48 - 2014-03-28 22:48 - 00102495 _____ (Medion) C:\Users\Administrator\Downloads\Fix_Wup.exe 2014-03-28 21:46 - 2013-09-10 04:47 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys 2014-03-28 21:36 - 2014-03-30 12:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-28 21:36 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-28 21:36 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-28 21:36 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-28 21:35 - 2014-03-28 21:35 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 21:25 - 2014-03-28 21:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-03-28 21:24 - 2014-03-28 21:24 - 00000000 _____ () C:\Windows\HPMProp.INI 2014-03-28 21:24 - 2013-12-04 01:14 - 00601376 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll 2014-03-28 21:24 - 2013-12-04 01:14 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll 2014-03-28 21:24 - 2013-12-04 01:13 - 00217376 _____ (Hewlett-Packard) C:\Windows\system32\hpmml160.dll 2014-03-28 21:24 - 2013-12-04 01:13 - 00189728 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll 2014-03-28 21:24 - 2013-12-04 01:13 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp160.dll 2014-03-28 21:24 - 2013-12-04 01:13 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll 2014-03-28 21:24 - 2013-12-04 01:12 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja160.dll 2014-03-28 21:24 - 2013-12-04 01:11 - 00447264 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn160.dll 2014-03-28 21:24 - 2013-12-04 01:11 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll 2014-03-28 21:24 - 2013-12-04 01:07 - 00446240 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3160.dll 2014-03-28 21:24 - 2011-02-11 15:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll 2014-03-28 21:24 - 2011-02-11 15:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll 2014-03-28 21:24 - 2009-02-25 17:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll 2014-03-28 21:22 - 2014-03-28 21:23 - 18409760 _____ () C:\Users\Administrator\Downloads\upd-pcl6-x64-5.8.0.17508.exe 2014-03-28 21:00 - 2014-03-28 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Minesweeper - Verknüpfung.lnk 2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Hearts - Verknüpfung.lnk 2014-03-28 16:51 - 2014-03-28 16:51 - 00000622 _____ () C:\Users\Patrik\Desktop\Solitär - Verknüpfung.lnk 2014-03-28 16:51 - 2014-03-28 16:51 - 00000574 _____ () C:\Users\Patrik\Desktop\Chess Titans - Verknüpfung.lnk 2014-03-14 17:25 - 2014-03-14 17:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft 2014-03-11 17:05 - 2014-03-22 11:03 - 00000000 ___RD () C:\Users\Patrik\Desktop\Neuer Aktenkoffer ==================== One Month Modified Files and Folders ======= 2014-04-02 12:45 - 2014-03-30 12:23 - 00000000 ____D () C:\Users\Administrator\Desktop\trojaner-board.de 2014-04-02 12:45 - 2014-03-28 23:03 - 00000000 ____D () C:\FRST 2014-04-02 12:34 - 2013-09-04 13:10 - 01811983 _____ () C:\Windows\WindowsUpdate.log 2014-04-02 11:56 - 2013-09-04 17:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-02 07:49 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-02 07:49 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-02 07:45 - 2014-04-02 07:45 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-02 07:43 - 2014-04-01 16:21 - 00003410 _____ () C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 2014-04-02 07:42 - 2013-10-15 14:35 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype 2014-04-02 07:42 - 2009-07-14 06:51 - 00051649 _____ () C:\Windows\setupact.log 2014-04-02 07:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-01 19:17 - 2013-09-04 16:21 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\.minecraft 2014-04-01 17:56 - 2014-04-01 17:56 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-04-01 17:46 - 2013-09-04 15:12 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-04-01 17:46 - 2013-09-04 15:11 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-04-01 17:44 - 2013-09-04 14:10 - 00173416 _____ () C:\Windows\PFRO.log 2014-04-01 16:46 - 2013-10-15 14:53 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Skype 2014-03-31 17:31 - 2009-07-14 19:58 - 00698956 _____ () C:\Windows\system32\perfh007.dat 2014-03-31 17:31 - 2009-07-14 19:58 - 00149064 _____ () C:\Windows\system32\perfc007.dat 2014-03-31 17:31 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-30 14:45 - 2013-10-15 13:44 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-30 14:45 - 2013-10-15 13:44 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-30 14:36 - 2009-07-14 06:45 - 00296864 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-30 14:35 - 2013-12-24 12:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-30 14:35 - 2013-12-24 12:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-30 13:51 - 2014-03-30 13:08 - 00000000 ____D () C:\AdwCleaner 2014-03-30 12:58 - 2013-09-04 17:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-30 12:29 - 2014-03-28 21:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-29 15:07 - 2014-03-29 15:07 - 00024658 _____ () C:\ComboFix.txt 2014-03-29 15:07 - 2014-03-29 14:58 - 00000000 ____D () C:\Qoobox 2014-03-29 15:07 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-29 15:04 - 2014-03-29 14:57 - 00000000 ____D () C:\Windows\erdnt 2014-03-29 15:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-03-28 23:10 - 2014-03-01 12:14 - 00000000 ____D () C:\ProgramData\Analyzer 2014-03-28 23:08 - 2014-03-28 23:08 - 00380416 _____ () C:\Users\Administrator\Downloads\5izoz6n9.exe 2014-03-28 23:05 - 2014-03-28 23:04 - 00019533 _____ () C:\Users\Administrator\Downloads\Addition.txt 2014-03-28 23:05 - 2014-03-28 23:03 - 00042500 _____ () C:\Users\Administrator\Downloads\FRST.txt 2014-03-28 22:49 - 2014-01-14 18:27 - 00000680 __RSH () C:\Users\Administrator\ntuser.pol 2014-03-28 22:49 - 2013-09-04 13:39 - 00000000 ____D () C:\Users\Administrator 2014-03-28 22:48 - 2014-03-28 22:48 - 00102495 _____ (Medion) C:\Users\Administrator\Downloads\Fix_Wup.exe 2014-03-28 21:54 - 2013-09-04 14:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-28 21:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding 2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-28 21:35 - 2014-03-28 21:35 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-28 21:25 - 2014-03-28 21:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-03-28 21:24 - 2014-03-28 21:24 - 00000000 _____ () C:\Windows\HPMProp.INI 2014-03-28 21:23 - 2014-03-28 21:22 - 18409760 _____ () C:\Users\Administrator\Downloads\upd-pcl6-x64-5.8.0.17508.exe 2014-03-28 21:00 - 2014-03-28 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Minesweeper - Verknüpfung.lnk 2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Hearts - Verknüpfung.lnk 2014-03-28 16:51 - 2014-03-28 16:51 - 00000622 _____ () C:\Users\Patrik\Desktop\Solitär - Verknüpfung.lnk 2014-03-28 16:51 - 2014-03-28 16:51 - 00000574 _____ () C:\Users\Patrik\Desktop\Chess Titans - Verknüpfung.lnk 2014-03-27 17:05 - 2013-09-04 15:40 - 00000000 ____D () C:\Users\Patrik\AppData\Local\LogMeIn Hamachi 2014-03-26 15:51 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-03-22 11:03 - 2014-03-11 17:05 - 00000000 ___RD () C:\Users\Patrik\Desktop\Neuer Aktenkoffer 2014-03-20 19:06 - 2013-10-15 14:05 - 00000000 ____D () C:\Users\Patrik\AppData\Local\CrashDumps 2014-03-19 18:42 - 2013-10-18 12:43 - 00000000 ____D () C:\Users\Patrik\Desktop\Skins 2014-03-14 17:30 - 2014-03-14 17:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft 2014-03-13 17:29 - 2013-09-04 17:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-13 17:29 - 2013-09-04 17:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-08 16:15 - 2014-03-02 21:29 - 00000000 ____D () C:\Program Files\WinTimer 2014-03-05 10:26 - 2014-03-28 21:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 10:26 - 2014-03-28 21:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 10:26 - 2014-03-28 21:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-03 13:16 - 2014-02-25 16:33 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\TeamViewer Some content of TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe C:\Users\Patrik\AppData\Local\Temp\jna2099022344859018854.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna6179475853113028583.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna8659652830429220834.hunspell-win-x86-32.dll C:\Users\Patrik\AppData\Local\Temp\jna8850834196067963942.hunspell-win-x86-32.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-26 19:44 ==================== End Of Log ============================ --- --- --- --- --- --- Ja, auf BlueStacks laufen immernoch keine Spiele. |
03.04.2014, 08:27 | #8 | |
/// the machine /// TB-Ausbilder | Rechner tut seltsame DingeZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Rechner tut seltsame Dinge |
bluestacks, device driver, dinge, diskstation, drucken, firefox 28.0, gestartet, immer wieder, launch, leute, nciht, ntdll.dll, omiga plus, plötzlich, rechner, seltsame, tagen |