| |
| |||||||
Log-Analyse und Auswertung: Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich aufWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.04.2014, 14:31
| #1 |
 |  Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf Hallo, am 02.04 wurde ich beim Surfen im www auf ein Seite umgeleitet bei der, im Vordergrund die Meldung kam „ die Polizei hat ihre Browserdaten gespeichert“ aus schreck habe ich die Seite nicht vollens gelesen und wollte dies sofort schließe, diese ließ sich jedoch nicht mehr schließe, so habe ich diese über den Task-Manager geschlossen. Den Browser hatte ich allerdings über die Sandbox offen. Ich habe jetzt mehrfach versucht, meine Notebook mit meinem Vieren Scanner ( Norten 360) einen komplett Scan zu unterziehen aber er überspringt immer einige Dateien und beim Scannen der Festplatte D hängt er sich bei einem Ordner ( ich glaube bei World of Warplan) immer wieder auf so dass ich den Vierenscanner über den Task- Manager beenden muss. Seit kurzem kommen beim Schließen des Browser auch ab und zu irgendwelche Fehler Meldung, habe diese bis jetzt aber noch nicht notiert gehabt. Nach dem ich den Scan mit Gamer durchgeführt habe und ich meine Notebook neu starten wollte kam erst folgende Meldung „Die Anweisung in 0x71eb138e verweist auf Speicher 0x00000000.Der Vorgang read konnte nicht im Speicher durchgeführt werden. Zum Abrechen solle ich OK drücken“ Dieses habe ich auch gemacht. Das Notebook führ aber nicht ordnungsgemäß Herunter so dass ich durch längeres drücken der Einschalttaste das Notebook ausbekommen habe. Vor ca. 3 Wochen hatte mein Sohn schon etwas ohne sein Wissen heruntergeladen, durch klicken auf irgendwelche spiele Seiten, aber ich glaube er hatte nichts installiert, bin mir da aber nicht sicher. Danach hatte ich auf jeden Fall Problem WOT zu starten und gewisse mods zu installiere. Ich damals den Vierenscanner nicht laufen lassen, so kann ich nicht genau bestimme wann das Problem auftrat. Ich freue mich auf schnelle Hilfe und bedanke mich schon mal im Voraus für ihr bemühen MFG Odin2013 Bei Defogger kam keine Fehler Meldungdefogger_disable by jpshortstuff (23.02.10.1) Log created at 14:04 on 06/04/2014 (Odin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Addution.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Odin at 2014-04-06 14:07:47 Running from C:\Users\Odin\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton 360 Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.) Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - ) Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version: - ) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.1 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.) CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - ) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.2602 - CyberLink Corp.) Hidden CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.) CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.) CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.0.2626 - CyberLink Corp.) Hidden diclovit's mod pack 1.10.6 (HKLM-x32\...\{28B1238E-1C18-4637-A2B7-95315E94EB29}_is1) (Version: 1.10.6 - diclovit) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.) Medion Home Cinema (x32 Version: 8.0.1505 - CyberLink Corp.) Hidden Microsoft .NET Framework 4.5.1 (DAN) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (dansk) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1030) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (ESN) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (FRA) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (ITA) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (NLD) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (PTG) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Search Enhancement Pack (x32 Version: 3.0.127.0 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM-x32\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Norton 360 (HKLM-x32\...\N360) (Version: 6.4.1.14 - Symantec Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5925 - NVIDIA Corporation) NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.) ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios) Overwolf (HKLM-x32\...\{A7234617-513C-4292-A013-7DD915493BDA}) (Version: 0.49.305 - Overwolf) Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6201 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.) Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC) Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Secure Banking Version 1.5.2 (HKLM-x32\...\{0BEE0AF9-79F3-4C4F-B374-90C0A16BF294}_is1) (Version: 1.5.2 - Hopfgartner Niklas) SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.) Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated) System Control Manager (HKLM-x32\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.210.0719.M007.01 - Micro-Star International Co., Ltd.) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation) Windows Driver Package - Broadcom Bluetooth (05/27/2009 6.1.7100.0) (HKLM\...\B24074592222CFC1B8ABF520F9089E49FB1763D7) (Version: 05/27/2009 6.1.7100.0 - Broadcom) Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) World of Tanks - Common Test (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1) (Version: - Wargaming.net) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) ==================== Restore Points ========================= ==================== Hosts content: ========================== FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Odin (administrator) on ODIN-PC on 06-04-2014 14:07:07 Running from C:\Users\Odin\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Secure Banking) C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files (x86)\Secure Banking\sbservice.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe (Wargaming.net) C:\Games\World_of_Tanks\WorldOfTanks.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe () C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-27] (Microsoft Corporation) HKU\S-1-5-21-2478809043-2154460372-851361966-1001\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-2478809043-2154460372-851361966-1001\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung) HKU\S-1-5-21-2478809043-2154460372-851361966-1001\...\Run: [SecureBanking] - C:\Program Files (x86)\Secure Banking\SecureBanking.exe [507904 2013-06-30] (Secure Banking) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: ======= CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB CHR Extension: (Google Docs) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-27] CHR Extension: (Google Drive) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-27] CHR Extension: (WOT) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-27] CHR Extension: (YouTube) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-27] CHR Extension: (Google-Suche) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-27] CHR Extension: (Heroes & Generals) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-02-26] CHR Extension: (Norton Identity Protection) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-12-27] CHR Extension: (Google Wallet) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-27] CHR Extension: (Google Mail) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-27] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2014-02-03] ==================== Services (Whitelisted) ================= R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-01-30] (Overwolf LTD) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-17] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-27] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140404.001\IDSvia64.sys [525016 2014-03-24] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140405.003\ENG64.SYS [126040 2014-03-27] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140405.003\EX64.SYS [2099288 2014-03-27] (Symantec Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-12-27] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-06 14:07 - 2014-04-06 14:07 - 00012336 _____ () C:\Users\Odin\Downloads\FRST.txt 2014-04-06 14:06 - 2014-04-06 14:07 - 00000000 ____D () C:\FRST 2014-04-06 14:05 - 2014-04-06 14:06 - 02157056 _____ (Farbar) C:\Users\Odin\Downloads\FRST64.exe 2014-04-06 14:03 - 2014-04-06 14:04 - 00000470 _____ () C:\Users\Odin\Downloads\defogger_disable.log 2014-04-06 14:03 - 2014-04-06 14:03 - 00000000 _____ () C:\Users\Odin\defogger_reenable 2014-04-06 14:02 - 2014-04-06 14:02 - 00050477 _____ () C:\Users\Odin\Downloads\Defogger.exe 2014-04-05 17:41 - 2014-04-05 17:41 - 00002296 _____ () C:\{C05329E7-B55A-40D4-B4C3-564269EA5997} 2014-04-03 16:47 - 2014-03-14 11:24 - 08669040 _____ (Wargaming.net) C:\Users\Odin\Desktop\WOWpLauncher.exe 2014-04-02 10:25 - 2014-04-02 10:25 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner.exe 2014-04-01 12:05 - 2014-04-01 12:05 - 00000000 ____D () C:\Windows\Sun 2014-03-29 07:31 - 2014-03-29 07:32 - 14851176 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.6_setup.exe 2014-03-22 01:54 - 2014-03-22 01:55 - 00000000 ____D () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23 2014-03-22 01:54 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Desktop\New Folder 2014-03-22 00:12 - 2014-03-22 00:12 - 06782040 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.rar 2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.ts3_plugin 2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23 (1).ts3_plugin 2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (2).ts3_plugin 2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (1).ts3_plugin 2014-03-21 23:03 - 2014-03-21 23:03 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23.ts3_plugin 2014-03-21 22:15 - 2014-04-06 13:35 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\TS3Client 2014-03-21 22:15 - 2014-03-22 19:29 - 00001221 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2014-03-21 21:58 - 2014-03-21 21:58 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\Odin\Downloads\TeamSpeak3-Client-win64-3.0.14.exe 2014-03-21 21:03 - 2014-03-21 21:03 - 00003326 _____ () C:\Windows\System32\Tasks\{41328DD1-6DED-4075-B6D7-AE9CB59626B1} 2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\ts3overlay 2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\ProgramData\dbg 2014-03-20 21:49 - 2014-03-20 21:50 - 14843439 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.5_setup.exe 2014-03-20 15:55 - 2014-03-20 15:55 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment 2014-03-18 11:23 - 2014-03-04 16:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-03-18 11:23 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-03-18 11:23 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-03-16 22:04 - 2014-03-17 01:33 - 00006945 _____ () C:\Users\Odin\Downloads\Entwurf 2.04.odt 2014-03-13 20:38 - 2014-03-13 21:05 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-03-13 20:37 - 2014-03-13 20:58 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Origin 2014-03-13 20:37 - 2014-03-13 20:38 - 00000000 ____D () C:\Users\Odin\AppData\Local\Origin 2014-03-13 20:35 - 2014-03-13 21:05 - 00000000 ____D () C:\ProgramData\Origin 2014-03-13 20:35 - 2014-03-13 20:58 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-03-13 20:35 - 2014-03-13 20:35 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-03-13 20:35 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-03-13 20:34 - 2014-03-13 20:34 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Odin\Downloads\OriginThinSetup.exe 2014-03-13 10:51 - 2014-03-13 10:51 - 00574416 _____ () C:\Windows\Minidump\031314-19312-01.dmp 2014-03-13 08:27 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 08:27 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 08:27 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 08:27 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 08:27 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 08:27 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 08:27 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 08:27 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 08:27 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 08:27 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 08:27 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 08:27 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 08:27 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 08:27 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 08:27 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 08:27 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 08:27 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 08:27 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 08:27 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 08:27 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 08:27 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 08:27 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 08:27 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 08:27 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 08:27 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 08:27 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 08:27 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 08:27 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 08:27 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 08:27 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 08:27 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 08:27 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 08:27 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 08:27 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 08:27 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 08:27 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 08:27 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 08:27 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 08:27 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 08:27 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 08:27 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 08:27 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 08:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 08:27 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-13 08:26 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 08:26 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 08:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 08:26 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-11 12:37 - 2014-03-26 16:53 - 00000000 ____D () C:\Users\Odin\Documents\Panzer Noah 2014-03-09 19:55 - 2014-03-16 21:48 - 00150647 _____ () C:\Users\Odin\Downloads\Entwurf 2.03.odt 2014-03-09 19:27 - 2014-03-09 19:28 - 00149749 _____ () C:\Users\Odin\Downloads\Entwurf 2.02.odt 2014-03-09 19:26 - 2014-03-09 19:27 - 00149719 _____ () C:\Users\Odin\Downloads\Entwurf 2.01.odt 2014-03-09 14:39 - 2014-03-09 14:39 - 00109493 _____ () C:\Users\Odin\Downloads\CLAN AN SCHRIFFT 3.odt 2014-03-09 02:00 - 2014-03-09 02:00 - 00392718 _____ () C:\Users\Odin\Downloads\logo 2.psd 2014-03-07 14:39 - 2014-01-23 05:21 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2014-03-07 14:39 - 2014-01-23 05:21 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys ==================== One Month Modified Files and Folders ======= 2014-04-06 14:07 - 2014-04-06 14:07 - 00012336 _____ () C:\Users\Odin\Downloads\FRST.txt 2014-04-06 14:07 - 2014-04-06 14:06 - 00000000 ____D () C:\FRST 2014-04-06 14:06 - 2014-04-06 14:05 - 02157056 _____ (Farbar) C:\Users\Odin\Downloads\FRST64.exe 2014-04-06 14:04 - 2014-04-06 14:03 - 00000470 _____ () C:\Users\Odin\Downloads\defogger_disable.log 2014-04-06 14:03 - 2014-04-06 14:03 - 00000000 _____ () C:\Users\Odin\defogger_reenable 2014-04-06 14:03 - 2013-12-27 07:33 - 00000000 ____D () C:\Users\Odin 2014-04-06 14:02 - 2014-04-06 14:02 - 00050477 _____ () C:\Users\Odin\Downloads\Defogger.exe 2014-04-06 13:58 - 2013-12-27 07:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-06 13:35 - 2014-03-21 22:15 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\TS3Client 2014-04-06 13:23 - 2013-12-27 18:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-06 10:02 - 2013-12-27 07:29 - 01789258 _____ () C:\Windows\WindowsUpdate.log 2014-04-06 08:32 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-06 08:32 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-06 08:09 - 2010-05-12 10:18 - 01616898 _____ () C:\Windows\system32\perfh007.dat 2014-04-06 08:09 - 2010-05-12 10:18 - 00443276 _____ () C:\Windows\system32\perfc007.dat 2014-04-06 08:09 - 2009-07-14 07:13 - 00006452 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-06 08:04 - 2013-12-27 07:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-06 08:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-06 08:04 - 2009-07-14 06:51 - 00098206 _____ () C:\Windows\setupact.log 2014-04-05 23:31 - 2010-09-26 16:56 - 00152782 _____ () C:\Windows\PFRO.log 2014-04-05 17:41 - 2014-04-05 17:41 - 00002296 _____ () C:\{C05329E7-B55A-40D4-B4C3-564269EA5997} 2014-04-05 10:25 - 2013-12-27 19:29 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\SoftGrid Client 2014-04-03 19:47 - 2013-12-30 21:00 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige 2014-04-03 18:20 - 2014-01-30 16:59 - 00000000 ____D () C:\Users\Odin\Desktop\USB Stick 2014-04-02 20:25 - 2013-12-27 16:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-04-02 20:13 - 2013-12-27 17:52 - 00000000 ____D () C:\AdwCleaner 2014-04-02 10:25 - 2014-04-02 10:25 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner.exe 2014-04-01 20:54 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-01 12:05 - 2014-04-01 12:05 - 00000000 ____D () C:\Windows\Sun 2014-03-31 10:56 - 2013-12-27 18:47 - 00001632 _____ () C:\Windows\Sandboxie.ini 2014-03-29 15:53 - 2013-12-27 07:33 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-29 15:53 - 2013-12-27 07:33 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-29 07:32 - 2014-03-29 07:31 - 14851176 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.6_setup.exe 2014-03-26 16:53 - 2014-03-11 12:37 - 00000000 ____D () C:\Users\Odin\Documents\Panzer Noah 2014-03-23 19:21 - 2014-02-21 15:34 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-03-22 21:14 - 2014-01-05 19:08 - 00001198 _____ () C:\Windows\wmsetup.log 2014-03-22 19:29 - 2014-03-21 22:15 - 00001221 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2014-03-22 01:55 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23 2014-03-22 01:54 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Desktop\New Folder 2014-03-22 00:12 - 2014-03-22 00:12 - 06782040 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.rar 2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.ts3_plugin 2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23 (1).ts3_plugin 2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (2).ts3_plugin 2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (1).ts3_plugin 2014-03-21 23:03 - 2014-03-21 23:03 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23.ts3_plugin 2014-03-21 22:15 - 2013-12-27 17:38 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-03-21 21:58 - 2014-03-21 21:58 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\Odin\Downloads\TeamSpeak3-Client-win64-3.0.14.exe 2014-03-21 21:03 - 2014-03-21 21:03 - 00003326 _____ () C:\Windows\System32\Tasks\{41328DD1-6DED-4075-B6D7-AE9CB59626B1} 2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\ts3overlay 2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\ProgramData\dbg 2014-03-20 21:50 - 2014-03-20 21:49 - 14843439 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.5_setup.exe 2014-03-20 15:55 - 2014-03-20 15:55 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment 2014-03-19 20:01 - 2013-12-27 16:36 - 00000000 ____D () C:\Users\Odin\Desktop\Mod 2014-03-18 11:26 - 2010-09-26 16:56 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-17 01:33 - 2014-03-16 22:04 - 00006945 _____ () C:\Users\Odin\Downloads\Entwurf 2.04.odt 2014-03-17 00:20 - 2013-12-27 09:16 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-17 00:19 - 2010-09-26 15:42 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-16 21:48 - 2014-03-09 19:55 - 00150647 _____ () C:\Users\Odin\Downloads\Entwurf 2.03.odt 2014-03-14 11:24 - 2014-04-03 16:47 - 08669040 _____ (Wargaming.net) C:\Users\Odin\Desktop\WOWpLauncher.exe 2014-03-13 21:05 - 2014-03-13 20:38 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-03-13 21:05 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Origin 2014-03-13 20:58 - 2014-03-13 20:37 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Origin 2014-03-13 20:58 - 2014-03-13 20:35 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-03-13 20:38 - 2014-03-13 20:37 - 00000000 ____D () C:\Users\Odin\AppData\Local\Origin 2014-03-13 20:35 - 2014-03-13 20:35 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-03-13 20:35 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-03-13 20:34 - 2014-03-13 20:34 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Odin\Downloads\OriginThinSetup.exe 2014-03-13 18:20 - 2013-12-27 09:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-13 18:20 - 2013-12-27 09:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-13 18:20 - 2009-07-14 06:45 - 00276584 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-13 10:51 - 2014-03-13 10:51 - 00574416 _____ () C:\Windows\Minidump\031314-19312-01.dmp 2014-03-13 10:51 - 2014-01-31 23:05 - 00000000 ____D () C:\Windows\Minidump 2014-03-12 19:23 - 2013-12-27 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 19:23 - 2013-12-27 18:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-12 19:23 - 2013-12-27 18:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-11 13:06 - 2014-01-01 02:34 - 00000000 ____D () C:\Users\Odin\AppData\Local\CrashDumps 2014-03-11 12:46 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-03-09 19:28 - 2014-03-09 19:27 - 00149749 _____ () C:\Users\Odin\Downloads\Entwurf 2.02.odt 2014-03-09 19:27 - 2014-03-09 19:26 - 00149719 _____ () C:\Users\Odin\Downloads\Entwurf 2.01.odt 2014-03-09 14:39 - 2014-03-09 14:39 - 00109493 _____ () C:\Users\Odin\Downloads\CLAN AN SCHRIFFT 3.odt 2014-03-09 02:00 - 2014-03-09 02:00 - 00392718 _____ () C:\Users\Odin\Downloads\logo 2.psd 2014-03-08 14:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-03-07 20:12 - 2013-12-27 10:57 - 00058408 _____ () C:\Users\Odin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-07 16:44 - 2014-01-01 22:37 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Skype 2014-03-07 14:40 - 2014-02-07 09:15 - 00002006 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk Files to move or delete: ==================== C:\Users\Odin\dmp_1.10.4_setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-01 14:16 ==================== End Of Log ============================ Gamer.txt: GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-04-06 14:33:54 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 SAMSUNG_ rev.AXM0 119,24GB Running: Gmer-19357.exe; Driver: C:\Users\Odin\AppData\Local\Temp\pwldapog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033fe000 63 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff800033fe040 1 byte [01] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076511465 2 bytes [51, 76] .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765114bb 2 bytes [51, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076511465 2 bytes [51, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765114bb 2 bytes [51, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[6840] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960 000000002d105984 4 bytes [14, 71, E8, D5] .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[6840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076511465 2 bytes [51, 76] .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[6840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765114bb 2 bytes [51, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007740f9e0 5 bytes JMP 0000000161b36f86 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQueryObject 000000007740f9f8 5 bytes JMP 0000000161b3741f .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 000000007740fa28 5 bytes JMP 0000000161b31027 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007740fa40 5 bytes JMP 0000000161b308b2 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 000000007740fa90 5 bytes JMP 0000000161b3072c .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007740faa8 5 bytes JMP 0000000161b3083a .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 000000007740fb40 5 bytes JMP 0000000161b313d1 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007740fc38 5 bytes JMP 0000000161b353c5 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 000000007740fd4c 5 bytes JMP 0000000161b306b4 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007740fd64 5 bytes JMP 0000000161b359b5 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007740fd98 5 bytes JMP 0000000161b34a3a .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007740fe44 5 bytes JMP 0000000161b37001 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007740fe5c 5 bytes JMP 0000000161b35b37 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774100b4 5 bytes JMP 0000000161b357ed .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774101c4 5 bytes JMP 0000000161b3092a .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000774109e4 5 bytes JMP 0000000161b355e0 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000774109fc 5 bytes JMP 0000000161b2d7fa .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077410a44 5 bytes JMP 0000000161b2d8c8 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077410b80 5 bytes JMP 0000000161b2d861 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077410f70 5 bytes JMP 0000000161b309a2 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077410f88 5 bytes JMP 0000000161b30dff .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077411018 5 bytes JMP 0000000161b3112f .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 000000007741133c 5 bytes JMP 0000000161b35bc7 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 000000007741147c 5 bytes JMP 0000000161b30d83 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077411528 5 bytes JMP 0000000161b37397 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077411718 5 bytes JMP 0000000161b2dd06 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077411a58 5 bytes JMP 0000000161b307b4 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077411b9c 5 bytes JMP 0000000161b3712e .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007631103d 5 bytes JMP 0000000161b09bba .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 0000000161b09cf8 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!ReplaceFile 0000000076330dac 5 bytes JMP 0000000161b07e04 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007633c965 5 bytes JMP 0000000161b09f2e .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!ReplaceFileA 000000007638eab9 5 bytes JMP 0000000161b07d24 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryW 0000000076390083 5 bytes JMP 0000000161b0a851 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryA 000000007639012b 5 bytes JMP 0000000161b0ab84 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076392c51 5 bytes JMP 0000000161b0a3f3 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!AllocConsole 00000000763b6afe 5 bytes JMP 0000000161b38595 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!AttachConsole 00000000763b6bc2 5 bytes JMP 0000000161b385a7 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751c2aa4 4 bytes JMP 0000000161b0ad8f .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076428a29 5 bytes JMP 0000000161b3857d .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007642d22e 5 bytes JMP 0000000161b38565 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007523d3c2 4 bytes JMP 0000000161b181eb .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\GDI32.dll!AddFontResourceA 000000007523d8cb 1 byte JMP 0000000161b181cf .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\GDI32.dll!AddFontResourceA + 2 000000007523d8cd 2 bytes [A8, 8D] .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesW 0000000074fb1e3a 7 bytes JMP 0000000161b1b1d3 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW 0000000074fbb406 7 bytes JMP 0000000161b1c0f4 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW 0000000074fd7897 7 bytes JMP 0000000161b1b87a .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW 0000000074fd7953 7 bytes JMP 0000000161b1ba2b .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA 0000000074fda37a 7 bytes JMP 0000000161b1c1ba .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000074ff2642 4 bytes JMP 0000000161b0a070 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA 0000000075011d74 7 bytes JMP 0000000161b1b932 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA 0000000075011e11 7 bytes JMP 0000000161b1bae3 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusA 0000000075012201 7 bytes JMP 0000000161b1c036 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesA 00000000750122e4 7 bytes JMP 0000000161b1b28a .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusW 0000000075012401 4 bytes JMP 0000000161b1bf78 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!ControlService 0000000076254d5c 7 bytes JMP 0000000161b1b018 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000076254dc3 7 bytes JMP 0000000161b1b341 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatus 0000000076254e4b 7 bytes JMP 0000000161b1b0a4 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatusEx 0000000076254eaf 7 bytes JMP 0000000161b1b137 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!StartServiceW 0000000076254f35 7 bytes JMP 0000000161b1ae93 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!StartServiceA 000000007625508d 7 bytes JMP 0000000161b1af29 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity 00000000762550f4 7 bytes JMP 0000000161b1be46 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076255181 7 bytes JMP 0000000161b1bee2 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076255254 7 bytes JMP 0000000161b1b542 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762553d5 7 bytes JMP 0000000161b1b45d .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762554c2 7 bytes JMP 0000000161b1b7e4 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762555e2 7 bytes JMP 0000000161b1b74e .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007625567c 7 bytes JMP 0000000161b1ac75 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007625589f 7 bytes JMP 0000000161b1ab9f .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076255a22 7 bytes JMP 0000000161b1b3cf .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigA 0000000076255a83 7 bytes JMP 0000000161b1bc75 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW 0000000076255b29 7 bytes JMP 0000000161b1bbdc .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA 0000000076255ca0 7 bytes JMP 0000000161b1a34f .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!ControlServiceExW 0000000076255d8c 7 bytes JMP 0000000161b1a2d6 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerW 00000000762563ad 7 bytes JMP 0000000161b1a89d .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerA 00000000762564f0 7 bytes JMP 0000000161b1a929 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2A 0000000076256633 7 bytes JMP 0000000161b1bdaa .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2W 000000007625680c 7 bytes JMP 0000000161b1bd0e .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 000000007625714b 7 bytes JMP 0000000161b1aa12 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 0000000076257245 7 bytes JMP 0000000161b1aa9e .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoRegisterPSClsid 00000000769ac56e 5 bytes JMP 0000000161b2196d .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 00000000769aea09 7 bytes JMP 0000000161b21f3e .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!OleRun 00000000769b07de 5 bytes JMP 0000000161b21df9 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 00000000769b21e1 5 bytes JMP 0000000161b22a6e .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!OleUninitialize 00000000769beba1 6 bytes JMP 0000000161b21d18 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!OleInitialize 00000000769befd7 5 bytes JMP 0000000161b21ca8 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoGetPSClsid 00000000769c26b9 5 bytes JMP 0000000161b21ae5 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000769d54ad 5 bytes JMP 0000000161b22ffc .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoInitializeEx 00000000769e09ad 5 bytes JMP 0000000161b21b58 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoUninitialize 00000000769e86d3 5 bytes JMP 0000000161b21bda .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769e9d0b 5 bytes JMP 0000000161b242ca .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000769e9d4e 5 bytes JMP 0000000161b22405 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 0000000076a0bb09 7 bytes JMP 0000000161b21e69 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 0000000076a2eacf 5 bytes JMP 0000000161b213ca .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 0000000076a6340b 5 bytes JMP 0000000161b234bc .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 0000000076aacfd9 5 bytes JMP 0000000161b21d83 .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\oleaut32.dll!RegisterActiveObject 0000000076de279e 5 bytes JMP 0000000161b2165d .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\oleaut32.dll!RevokeActiveObject 0000000076de3294 5 bytes JMP 0000000161b2177e .text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\oleaut32.dll!GetActiveObject 0000000076df8f40 5 bytes JMP 0000000161b217f1 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000772613a0 8 bytes JMP 000000016fff02b8 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772613b0 8 bytes JMP 000000016fff0838 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000772613d0 8 bytes JMP 000000016fff0158 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 00000000772613e0 8 bytes JMP 000000016fff04c8 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey 0000000077261410 8 bytes JMP 000000016fff03c0 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey 0000000077261420 8 bytes JMP 000000016fff0470 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077261480 1 byte JMP 000000016fff0310 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 2 0000000077261482 6 bytes {JMP 0xfffffffff8d8ee90} .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077261520 8 bytes JMP 000000016fff0aa0 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey 00000000772615d0 8 bytes JMP 000000016fff0368 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000772615e0 8 bytes JMP 000000016fff0890 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile 0000000077261600 8 bytes JMP 000000016fff0a48 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077261670 8 bytes JMP 000000016fff07e0 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077261680 8 bytes JMP 000000016fff0998 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077261800 8 bytes JMP 000000016fff08e8 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000772618b0 8 bytes JMP 000000016fff0520 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 0000000077261e00 8 bytes JMP 000000016fff0940 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 0000000077261e10 8 bytes JMP 000000016fff0208 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077261e40 8 bytes JMP 000000016fff0578 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtFlushKey 0000000077261f10 8 bytes JMP 000000016fff0260 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077262190 8 bytes JMP 000000016fff0680 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772621a0 8 bytes JMP 000000016fff06d8 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 0000000077262200 8 bytes JMP 000000016fff01b0 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077262410 8 bytes JMP 000000016fff09f0 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey 00000000772624e0 8 bytes JMP 000000016fff0628 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityObject 0000000077262550 8 bytes JMP 000000016fff0730 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 0000000077262690 8 bytes JMP 000000016fff05d0 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationKey 00000000772628a0 8 bytes JMP 000000016fff0418 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 0000000077262970 8 bytes JMP 000000016fff0788 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000770fa420 12 bytes JMP 000000016fff0e10 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077111b50 12 bytes JMP 000000016fff0d08 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!SetDllDirectoryW 000000007713d890 6 bytes JMP 000000016fff0e68 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!SetDllDirectoryA 0000000077153380 6 bytes JMP 000000016fff0ec0 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!AttachConsole 0000000077175980 9 bytes JMP 000000016fff0c00 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!AllocConsole 0000000077175a70 9 bytes JMP 000000016fff0ba8 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!ReplaceFile 00000000771843c0 5 bytes JMP 000000016fff0cb0 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!ReplaceFileA 0000000077185140 7 bytes JMP 000000016fff0c58 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077188810 7 bytes JMP 000000016fff0d60 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!WinExec 0000000077188d50 7 bytes JMP 000000016fff0db8 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fefd3e14f0 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\GDI32.dll!AddFontResourceW 000007fefd4047e4 2 bytes JMP 000007fffd3e0838 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\GDI32.dll!AddFontResourceW + 3 000007fefd4047e7 2 bytes [FD, FF] .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\GDI32.dll!AddFontResourceA 000007fefd4190cc 5 bytes JMP 000007fffd3e07e0 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesW 000007fefd871460 5 bytes JMP 000007fffd3e0e68 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExW 000007fefd87eac0 7 bytes JMP 000007fffd3e0fc8 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameW 000007fefd895720 7 bytes JMP 000007fffd3e1128 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameW 000007fefd8957f0 7 bytes JMP 000007fffd3e1078 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefd8ba6f0 7 bytes JMP 000007fffd3e1498 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesA 000007fefd8bd090 5 bytes JMP 000007fffd3e0ec0 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExA 000007fefd8bd200 7 bytes JMP 000007fffd3e1020 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusA 000007fefd8bd400 7 bytes JMP 000007fffd3e0f70 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusW 000007fefd8bd800 7 bytes JMP 000007fffd3e0f18 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameA 000007fefd8bdb60 9 bytes JMP 000007fffd3e1180 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameA 000007fefd8bdbf0 9 bytes JMP 000007fffd3e10d0 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefd46642c 9 bytes JMP 000007fffd3e0af8 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd466484 7 bytes JMP 000007fffd3e0940 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefd466518 7 bytes JMP 000007fffd3e09f0 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerW 000007fefd46659c 7 bytes JMP 000007fffd3e0890 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatus 000007fefd466730 7 bytes JMP 000007fffd3e13e8 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatusEx 000007fefd466784 6 bytes JMP 000007fffd3e1440 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!StartServiceW 000007fefd466824 9 bytes JMP 000007fffd3e0a48 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerA 000007fefd466aa4 7 bytes JMP 000007fffd3e08e8 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd466c34 7 bytes JMP 000007fffd3e0998 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!StartServiceA 000007fefd466d00 9 bytes JMP 000007fffd3e0aa0 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!QueryServiceObjectSecurity 000007fefd466d58 5 bytes JMP 000007fffd3e1338 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd466e00 1 byte JMP 000007fffd3e1390 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity + 2 000007fefd466e02 5 bytes {JMP 0xfffffffffff7a590} .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd466f2c 7 bytes JMP 000007fffd3e0d60 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd467220 7 bytes JMP 000007fffd3e0d08 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd46739c 7 bytes JMP 000007fffd3e0e10 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd467538 7 bytes JMP 000007fffd3e0db8 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd4675e8 7 bytes JMP 000007fffd3e0c58 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd46790c 7 bytes JMP 000007fffd3e0c00 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd467ab4 7 bytes JMP 000007fffd3e0cb0 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigA 000007fefd467b04 5 bytes JMP 000007fffd3e1230 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigW 000007fefd467c34 5 bytes JMP 000007fffd3e11d8 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2A 000007fefd467d78 7 bytes JMP 000007fffd3e12e0 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2W 000007fefd468244 7 bytes JMP 000007fffd3e1288 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA 000007fefd468b00 7 bytes JMP 000007fffd3e0ba8 .text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW 000007fefd468c38 7 bytes JMP 000007fffd3e0b50 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\oleaut32.dll!RevokeActiveObject 000007fefedf6700 5 bytes JMP 000007fffd3e0418 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\oleaut32.dll!GetActiveObject 000007fefee0c1e0 5 bytes JMP 000007fffd3e0470 .text C:\Windows\splwow64.exe[6256] C:\Windows\system32\oleaut32.dll!RegisterActiveObject 000007fefee0c260 7 bytes JMP 000007fffd3e03c0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd61e2844 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da2bfad Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd61e2844 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da2bfad (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk1\DR1 unknown MBR code ---- EOF - GMER 2.1 ---- |
|
06.04.2014, 15:07
| #2 |
| /// the machine /// TB-Ausbilder    | Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Scan mit Combofix
__________________ |
|
06.04.2014, 16:11
| #3 |
| | Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf Hi schrauber
__________________soll ich dir die anderen Auswertungen auch noch mal in CODE.- Tags schicken? Als ich combofix.exe laufen lassen habe, habe ich die Internetverbindung gekappt, fals das von Bedeutung ist Hier die Auswertung: Code:
ATTFilter Hi,
soll ich dir die anderen Auswertungen auch noch mal in CODE.- Tags schicken?
Als ich combofix.exe laufen lassen habe, habe ich die Internetverbindung gekappt, fals das von Bedeutung ist
Hier die Auswertung:
Code:
ATTFilter ComboFix 14-04-05.01 - Odin 06.04.2014 16:53:30.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6125.4715 [GMT 2:00]
ausgeführt von:: c:\users\Odin\Desktop\ComboFix.exe
AV: Norton 360 Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Odin\dmp_1.10.4_setup.exe
D:\Uninstall.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-06 bis 2014-04-06 ))))))))))))))))))))))))))))))
.
.
2014-04-06 14:57 . 2014-04-06 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-06 12:06 . 2014-04-06 12:08 -------- d-----w- C:\FRST
2014-04-01 10:05 . 2014-04-01 10:05 -------- d-----w- c:\windows\Sun
2014-03-21 20:15 . 2014-04-06 12:15 -------- d-----w- c:\users\Odin\AppData\Roaming\TS3Client
2014-03-21 19:03 . 2014-03-21 19:03 -------- d-----w- c:\users\Odin\AppData\Roaming\ts3overlay
2014-03-21 19:03 . 2014-03-21 19:03 -------- d-----w- c:\programdata\dbg
2014-03-20 13:55 . 2014-03-20 13:55 -------- d-----w- c:\users\Public\Sony Online Entertainment
2014-03-13 18:38 . 2014-03-13 19:05 -------- d-----w- c:\program files (x86)\Origin Games
2014-03-13 18:37 . 2014-03-13 18:58 -------- d-----w- c:\users\Odin\AppData\Roaming\Origin
2014-03-13 18:37 . 2014-03-13 18:38 -------- d-----w- c:\users\Odin\AppData\Local\Origin
2014-03-13 18:35 . 2014-03-13 19:05 -------- d-----w- c:\programdata\Origin
2014-03-13 18:35 . 2014-03-13 18:35 -------- d-----w- c:\programdata\Electronic Arts
2014-03-13 18:35 . 2014-03-13 18:58 -------- d-----w- c:\program files (x86)\Origin
2014-03-13 06:26 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 06:26 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-13 06:26 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-13 06:26 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-16 22:19 . 2010-09-26 13:42 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-12 17:23 . 2013-12-27 16:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 17:23 . 2013-12-27 16:14 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 14:35 . 2014-02-20 13:32 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2013-09-05 01:36 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2010-09-26 14:46 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2010-09-26 14:46 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 13:06 . 2010-08-02 03:00 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2010-08-02 03:00 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2010-08-02 03:00 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2010-08-02 03:00 2558808 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-04 13:05 . 2010-08-02 02:00 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2010-08-02 03:00 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-08 18:34 . 2014-02-20 13:32 1885472 ----a-w- c:\windows\system32\nvdispco6433489.dll
2014-02-08 18:34 . 2014-02-20 13:32 1515296 ----a-w- c:\windows\system32\nvdispgenco6433489.dll
2014-02-05 09:31 . 2014-02-20 13:36 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-02-05 09:30 . 2014-02-20 13:36 1179576 ----a-w- c:\windows\system32\nvspcap64.dll
2014-01-29 16:04 . 2014-01-29 16:04 312744 ----a-w- c:\windows\system32\javaws.exe
2014-01-29 16:04 . 2014-01-29 16:04 189352 ----a-w- c:\windows\system32\javaw.exe
2014-01-29 16:04 . 2014-01-29 16:04 189352 ----a-w- c:\windows\system32\java.exe
2014-01-29 16:04 . 2014-01-29 16:04 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-29 16:03 . 2014-01-29 16:03 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-23 03:21 . 2014-03-07 12:39 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-01-23 03:21 . 2014-03-07 12:39 108800 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-01-09 02:22 . 2014-02-26 07:47 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecureBanking"="c:\program files (x86)\Secure Banking\SecureBanking.exe" [2013-06-30 507904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-3 1082144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
2;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140319.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140404.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140404.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\0604010.00E\SYMNETS.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe;c:\program files (x86)\System Control Manager\MSIService.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 19:51 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-27 17:23]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-27 05:33]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-27 05:33]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-BsScanner
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Steam - c:\program files (x86)\Steam\uninstall.exe
AddRemove-Steam App 104900 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 241540 - c:\program files (x86)\Steam\steam.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1 - d:\wot test\World_of_Tanks_CT\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-06 16:58:34
ComboFix-quarantined-files.txt 2014-04-06 14:58
.
Vor Suchlauf: 13 Verzeichnis(se), 10.663.354.368 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 10.526.371.840 Bytes frei
.
- - End Of File - - 4A1B3CB58AA3182CDF2A02CD1538A466
|
|
07.04.2014, 12:55
| #4 |
| /// the machine /// TB-Ausbilder | Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf Internet bitte nicht kappen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.04.2014, 19:54
| #5 |
| | Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf So habe jetzt alles gemacht, auch noch mal nenn neuen comboifix.exe mit bestehender Internetverbindung 2-mal das erste Mal normal und das 2te-mal als Administrator, hoffe das war recht?!? Also ich die jetzt öffnen und dir Posten wollte kam folgende Meldung „ Die Version dieser Datei ist nicht mit der ausgeführten Windows-Version kompatibel. Öffnen Sie die Systeminformationen des Computers, um zu überprüfen, ob eine x86-(32 Bit)- oder eine x64-(64 Bit(- Version des Programms erforderlich ist, und wenden Sie dich anschließend an der Herausgeber der Software.“ Viele Grüße Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08.04.2014 Suchlauf-Zeit: 19:56:30 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.08.06 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Odin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 255023 Verstrichene Zeit: 8 Min, 55 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 08/04/2014 um 20:06:28
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Odin - ODIN-PC
# Gestartet von : C:\Users\Odin\Downloads\adwcleaner (1).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Google Chrome v33.0.1750.154
[ Datei : C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [789 octets] - [30/01/2014 00:03:48]
AdwCleaner[R1].txt - [2052 octets] - [20/03/2014 21:45:28]
AdwCleaner[R2].txt - [973 octets] - [20/03/2014 21:48:19]
AdwCleaner[R3].txt - [1032 octets] - [02/04/2014 10:25:54]
AdwCleaner[R4].txt - [1093 octets] - [02/04/2014 20:12:54]
AdwCleaner[R5].txt - [1217 octets] - [08/04/2014 20:05:14]
AdwCleaner[S0].txt - [2058 octets] - [20/03/2014 21:47:01]
AdwCleaner[S1].txt - [1155 octets] - [02/04/2014 20:13:43]
AdwCleaner[S2].txt - [1139 octets] - [08/04/2014 20:06:28]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1199 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Odin on 08.04.2014 at 20:12:56,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.04.2014 at 20:20:20,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Odin (administrator) on ODIN-PC on 08-04-2014 20:28:18
Running from C:\Users\Odin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Secure Banking) C:\Program Files (x86)\Secure Banking\SecureBanking.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
==================== Registry (Whitelisted) ==================
HKU\S-1-5-21-2478809043-2154460372-851361966-1001\...\Run: [SecureBanking] - C:\Program Files (x86)\Secure Banking\SecureBanking.exe [507904 2013-06-30] (Secure Banking)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB
CHR Extension: (Google Docs) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-27]
CHR Extension: (Google Drive) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-27]
CHR Extension: (WOT) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-27]
CHR Extension: (YouTube) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-27]
CHR Extension: (Google-Suche) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-27]
CHR Extension: (Heroes & Generals) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-02-26]
CHR Extension: (Norton Identity Protection) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-12-27]
CHR Extension: (Google Wallet) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-27]
CHR Extension: (Google Mail) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2014-02-03]
==================== Services (Whitelisted) =================
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-01-30] (Overwolf LTD)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140405.001\IDSvia64.sys [525016 2014-03-24] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140407.024\ENG64.SYS [126040 2014-03-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140407.024\EX64.SYS [2099288 2014-03-27] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-12-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-08 20:20 - 2014-04-08 20:21 - 00000624 _____ () C:\Users\Odin\Desktop\JRT.txt
2014-04-08 20:12 - 2014-04-08 20:12 - 01016261 _____ (Thisisu) C:\Users\Odin\Downloads\JRT.exe
2014-04-08 20:08 - 2014-04-08 20:08 - 00001279 _____ () C:\Users\Odin\Desktop\AdwCleaner[S2].txt
2014-04-08 20:04 - 2014-04-08 20:04 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner (1).exe
2014-04-08 20:02 - 2014-04-08 20:02 - 00001145 _____ () C:\Users\Odin\Desktop\mbam.txt
2014-04-08 19:45 - 2014-04-08 20:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 19:44 - 2014-04-08 19:44 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-08 19:44 - 2014-04-08 19:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-08 19:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-08 19:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-08 19:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-08 19:43 - 2014-04-08 19:43 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Odin\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 19:38 - 2014-04-08 19:38 - 00015393 _____ () C:\Users\Odin\Desktop\ComboFix3.exe
2014-04-08 19:37 - 2014-04-08 19:37 - 00015393 _____ () C:\ComboFix.txt
2014-04-08 19:31 - 2014-04-08 19:31 - 00015409 _____ () C:\Users\Odin\Desktop\ComboFix2.exe
2014-04-08 13:17 - 2014-04-08 13:18 - 00001534 _____ () C:\Users\Odin\Desktop\WOWpLauncher.log
2014-04-08 13:17 - 2014-04-08 13:17 - 00000600 ____N () C:\Users\Odin\Desktop\WOWpLauncher.cfg
2014-04-08 13:17 - 2014-04-08 13:17 - 00000000 ____D () C:\Users\Odin\Desktop\Updates
2014-04-07 16:47 - 2014-04-07 16:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Odin\Downloads\UnityWebPlayer.exe
2014-04-06 16:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-06 16:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-06 16:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-06 16:42 - 2014-04-08 19:37 - 00000000 ____D () C:\Qoobox
2014-04-06 16:42 - 2014-04-06 16:57 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 16:38 - 2014-04-08 19:23 - 05194596 ____R (Swearware) C:\Users\Odin\Desktop\ComboFix.exe
2014-04-06 14:33 - 2014-04-06 14:33 - 00057150 _____ () C:\Users\Odin\Desktop\Gamer.txt.log
2014-04-06 14:19 - 2014-04-06 14:19 - 00380416 _____ () C:\Users\Odin\Downloads\Gmer-19357.exe
2014-04-06 14:15 - 2014-04-06 14:15 - 00030568 _____ () C:\Users\Odin\Desktop\Addition.txt
2014-04-06 14:07 - 2014-04-08 20:28 - 00010999 _____ () C:\Users\Odin\Downloads\FRST.txt
2014-04-06 14:07 - 2014-04-06 14:08 - 00030568 _____ () C:\Users\Odin\Downloads\Addition.txt
2014-04-06 14:06 - 2014-04-08 20:28 - 00000000 ____D () C:\FRST
2014-04-06 14:05 - 2014-04-06 14:06 - 02157056 _____ (Farbar) C:\Users\Odin\Downloads\FRST64.exe
2014-04-06 14:03 - 2014-04-06 14:04 - 00000470 _____ () C:\Users\Odin\Downloads\defogger_disable.log
2014-04-06 14:03 - 2014-04-06 14:03 - 00000000 _____ () C:\Users\Odin\defogger_reenable
2014-04-06 14:02 - 2014-04-06 14:02 - 00050477 _____ () C:\Users\Odin\Downloads\Defogger.exe
2014-04-05 17:41 - 2014-04-05 17:41 - 00002296 _____ () C:\{C05329E7-B55A-40D4-B4C3-564269EA5997}
2014-04-02 10:25 - 2014-04-02 10:25 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner.exe
2014-04-01 12:05 - 2014-04-01 12:05 - 00000000 ____D () C:\Windows\Sun
2014-03-29 07:31 - 2014-03-29 07:32 - 14851176 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.6_setup.exe
2014-03-22 01:54 - 2014-03-22 01:55 - 00000000 ____D () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23
2014-03-22 01:54 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Desktop\New Folder
2014-03-22 00:12 - 2014-03-22 00:12 - 06782040 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.rar
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.ts3_plugin
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23 (1).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (2).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (1).ts3_plugin
2014-03-21 23:03 - 2014-03-21 23:03 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23.ts3_plugin
2014-03-21 22:15 - 2014-04-08 17:19 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\TS3Client
2014-03-21 22:15 - 2014-03-22 19:29 - 00001221 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-03-21 21:58 - 2014-03-21 21:58 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\Odin\Downloads\TeamSpeak3-Client-win64-3.0.14.exe
2014-03-21 21:03 - 2014-03-21 21:03 - 00003326 _____ () C:\Windows\System32\Tasks\{41328DD1-6DED-4075-B6D7-AE9CB59626B1}
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\ts3overlay
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\ProgramData\dbg
2014-03-20 21:49 - 2014-03-20 21:50 - 14843439 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.5_setup.exe
2014-03-20 15:55 - 2014-03-20 15:55 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-03-18 11:23 - 2014-03-04 16:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-18 11:23 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-16 22:04 - 2014-03-17 01:33 - 00006945 _____ () C:\Users\Odin\Downloads\Entwurf 2.04.odt
2014-03-13 20:38 - 2014-03-13 21:05 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-03-13 20:37 - 2014-03-13 20:58 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Origin
2014-03-13 20:37 - 2014-03-13 20:38 - 00000000 ____D () C:\Users\Odin\AppData\Local\Origin
2014-03-13 20:35 - 2014-03-13 21:05 - 00000000 ____D () C:\ProgramData\Origin
2014-03-13 20:35 - 2014-03-13 20:58 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-13 20:35 - 2014-03-13 20:35 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-03-13 20:35 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-13 20:34 - 2014-03-13 20:34 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Odin\Downloads\OriginThinSetup.exe
2014-03-13 10:51 - 2014-03-13 10:51 - 00574416 _____ () C:\Windows\Minidump\031314-19312-01.dmp
2014-03-13 08:27 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 08:27 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 08:27 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 08:27 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 08:27 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 08:27 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 08:27 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 08:27 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 08:27 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 08:27 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 08:27 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 08:27 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 08:27 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 08:27 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 08:27 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 08:27 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 08:27 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 08:27 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 08:27 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 08:27 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 08:27 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 08:27 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 08:27 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 08:27 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 08:27 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 08:27 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 08:27 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 08:27 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 08:27 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 08:27 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 08:27 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 08:27 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 08:27 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 08:27 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 08:27 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 08:27 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 08:27 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 08:27 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 08:27 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 08:27 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 08:27 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 08:27 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 08:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 08:27 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 08:26 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 08:26 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 08:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 08:26 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 12:37 - 2014-03-26 16:53 - 00000000 ____D () C:\Users\Odin\Documents\Panzer Noah
2014-03-09 19:55 - 2014-03-16 21:48 - 00150647 _____ () C:\Users\Odin\Downloads\Entwurf 2.03.odt
2014-03-09 19:27 - 2014-03-09 19:28 - 00149749 _____ () C:\Users\Odin\Downloads\Entwurf 2.02.odt
2014-03-09 19:26 - 2014-03-09 19:27 - 00149719 _____ () C:\Users\Odin\Downloads\Entwurf 2.01.odt
2014-03-09 14:39 - 2014-03-09 14:39 - 00109493 _____ () C:\Users\Odin\Downloads\CLAN AN SCHRIFFT 3.odt
2014-03-09 02:00 - 2014-03-09 02:00 - 00392718 _____ () C:\Users\Odin\Downloads\logo 2.psd
==================== One Month Modified Files and Folders =======
2014-04-08 20:28 - 2014-04-06 14:07 - 00010999 _____ () C:\Users\Odin\Downloads\FRST.txt
2014-04-08 20:28 - 2014-04-06 14:06 - 00000000 ____D () C:\FRST
2014-04-08 20:23 - 2013-12-27 18:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 20:21 - 2014-04-08 20:20 - 00000624 _____ () C:\Users\Odin\Desktop\JRT.txt
2014-04-08 20:15 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 20:15 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 20:12 - 2014-04-08 20:12 - 01016261 _____ (Thisisu) C:\Users\Odin\Downloads\JRT.exe
2014-04-08 20:12 - 2013-12-27 17:49 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 20:11 - 2010-05-12 10:18 - 01853570 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 20:11 - 2010-05-12 10:18 - 00519052 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 20:11 - 2009-07-14 07:13 - 00006452 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 20:09 - 2014-04-08 19:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 20:08 - 2014-04-08 20:08 - 00001279 _____ () C:\Users\Odin\Desktop\AdwCleaner[S2].txt
2014-04-08 20:07 - 2013-12-27 07:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 20:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 20:07 - 2009-07-14 06:51 - 00101286 _____ () C:\Windows\setupact.log
2014-04-08 20:06 - 2013-12-27 17:52 - 00000000 ____D () C:\AdwCleaner
2014-04-08 20:06 - 2013-12-27 07:29 - 01877536 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 20:04 - 2014-04-08 20:04 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner (1).exe
2014-04-08 20:02 - 2014-04-08 20:02 - 00001145 _____ () C:\Users\Odin\Desktop\mbam.txt
2014-04-08 19:58 - 2013-12-27 07:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 19:44 - 2014-04-08 19:44 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-08 19:44 - 2014-04-08 19:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-08 19:44 - 2013-12-27 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 19:43 - 2014-04-08 19:43 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Odin\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 19:38 - 2014-04-08 19:38 - 00015393 _____ () C:\Users\Odin\Desktop\ComboFix3.exe
2014-04-08 19:38 - 2010-09-26 16:56 - 00154310 _____ () C:\Windows\PFRO.log
2014-04-08 19:37 - 2014-04-08 19:37 - 00015393 _____ () C:\ComboFix.txt
2014-04-08 19:37 - 2014-04-06 16:42 - 00000000 ____D () C:\Qoobox
2014-04-08 19:36 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-08 19:31 - 2014-04-08 19:31 - 00015409 _____ () C:\Users\Odin\Desktop\ComboFix2.exe
2014-04-08 19:23 - 2014-04-06 16:38 - 05194596 ____R (Swearware) C:\Users\Odin\Desktop\ComboFix.exe
2014-04-08 17:19 - 2014-03-21 22:15 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\TS3Client
2014-04-08 13:18 - 2014-04-08 13:17 - 00001534 _____ () C:\Users\Odin\Desktop\WOWpLauncher.log
2014-04-08 13:17 - 2014-04-08 13:17 - 00000600 ____N () C:\Users\Odin\Desktop\WOWpLauncher.cfg
2014-04-08 13:17 - 2014-04-08 13:17 - 00000000 ____D () C:\Users\Odin\Desktop\Updates
2014-04-07 16:47 - 2014-04-07 16:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Odin\Downloads\UnityWebPlayer.exe
2014-04-07 07:43 - 2013-12-27 19:29 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\SoftGrid Client
2014-04-07 07:22 - 2014-01-30 16:59 - 00000000 ____D () C:\Users\Odin\Desktop\USB Stick
2014-04-06 22:45 - 2013-12-27 18:47 - 00001680 _____ () C:\Windows\Sandboxie.ini
2014-04-06 16:57 - 2014-04-06 16:42 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 16:56 - 2013-12-27 07:33 - 00000000 ____D () C:\Users\Odin
2014-04-06 14:33 - 2014-04-06 14:33 - 00057150 _____ () C:\Users\Odin\Desktop\Gamer.txt.log
2014-04-06 14:19 - 2014-04-06 14:19 - 00380416 _____ () C:\Users\Odin\Downloads\Gmer-19357.exe
2014-04-06 14:15 - 2014-04-06 14:15 - 00030568 _____ () C:\Users\Odin\Desktop\Addition.txt
2014-04-06 14:08 - 2014-04-06 14:07 - 00030568 _____ () C:\Users\Odin\Downloads\Addition.txt
2014-04-06 14:06 - 2014-04-06 14:05 - 02157056 _____ (Farbar) C:\Users\Odin\Downloads\FRST64.exe
2014-04-06 14:04 - 2014-04-06 14:03 - 00000470 _____ () C:\Users\Odin\Downloads\defogger_disable.log
2014-04-06 14:03 - 2014-04-06 14:03 - 00000000 _____ () C:\Users\Odin\defogger_reenable
2014-04-06 14:02 - 2014-04-06 14:02 - 00050477 _____ () C:\Users\Odin\Downloads\Defogger.exe
2014-04-05 17:41 - 2014-04-05 17:41 - 00002296 _____ () C:\{C05329E7-B55A-40D4-B4C3-564269EA5997}
2014-04-03 19:47 - 2013-12-30 21:00 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2014-04-03 09:51 - 2014-04-08 19:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-08 19:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-08 19:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 10:25 - 2014-04-02 10:25 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner.exe
2014-04-01 20:54 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-01 12:05 - 2014-04-01 12:05 - 00000000 ____D () C:\Windows\Sun
2014-03-29 15:53 - 2013-12-27 07:33 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 15:53 - 2013-12-27 07:33 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 07:32 - 2014-03-29 07:31 - 14851176 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.6_setup.exe
2014-03-26 16:53 - 2014-03-11 12:37 - 00000000 ____D () C:\Users\Odin\Documents\Panzer Noah
2014-03-23 19:21 - 2014-02-21 15:34 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-22 21:14 - 2014-01-05 19:08 - 00001198 _____ () C:\Windows\wmsetup.log
2014-03-22 19:29 - 2014-03-21 22:15 - 00001221 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-03-22 01:55 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23
2014-03-22 01:54 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Desktop\New Folder
2014-03-22 00:12 - 2014-03-22 00:12 - 06782040 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.rar
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.ts3_plugin
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23 (1).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (2).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (1).ts3_plugin
2014-03-21 23:03 - 2014-03-21 23:03 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23.ts3_plugin
2014-03-21 22:15 - 2013-12-27 17:38 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-21 21:58 - 2014-03-21 21:58 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\Odin\Downloads\TeamSpeak3-Client-win64-3.0.14.exe
2014-03-21 21:03 - 2014-03-21 21:03 - 00003326 _____ () C:\Windows\System32\Tasks\{41328DD1-6DED-4075-B6D7-AE9CB59626B1}
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\ts3overlay
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\ProgramData\dbg
2014-03-20 21:50 - 2014-03-20 21:49 - 14843439 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.5_setup.exe
2014-03-20 15:55 - 2014-03-20 15:55 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-03-19 20:01 - 2013-12-27 16:36 - 00000000 ____D () C:\Users\Odin\Desktop\Mod
2014-03-18 11:26 - 2010-09-26 16:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-17 01:33 - 2014-03-16 22:04 - 00006945 _____ () C:\Users\Odin\Downloads\Entwurf 2.04.odt
2014-03-17 00:20 - 2013-12-27 09:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-17 00:19 - 2010-09-26 15:42 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-16 21:48 - 2014-03-09 19:55 - 00150647 _____ () C:\Users\Odin\Downloads\Entwurf 2.03.odt
2014-03-13 21:05 - 2014-03-13 20:38 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-03-13 21:05 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Origin
2014-03-13 20:58 - 2014-03-13 20:37 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Origin
2014-03-13 20:58 - 2014-03-13 20:35 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-13 20:38 - 2014-03-13 20:37 - 00000000 ____D () C:\Users\Odin\AppData\Local\Origin
2014-03-13 20:35 - 2014-03-13 20:35 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-03-13 20:35 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-13 20:34 - 2014-03-13 20:34 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Odin\Downloads\OriginThinSetup.exe
2014-03-13 18:20 - 2013-12-27 09:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 18:20 - 2013-12-27 09:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 18:20 - 2009-07-14 06:45 - 00276584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 10:51 - 2014-03-13 10:51 - 00574416 _____ () C:\Windows\Minidump\031314-19312-01.dmp
2014-03-13 10:51 - 2014-01-31 23:05 - 00000000 ____D () C:\Windows\Minidump
2014-03-12 19:23 - 2013-12-27 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 19:23 - 2013-12-27 18:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 19:23 - 2013-12-27 18:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 13:06 - 2014-01-01 02:34 - 00000000 ____D () C:\Users\Odin\AppData\Local\CrashDumps
2014-03-11 12:46 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-09 19:28 - 2014-03-09 19:27 - 00149749 _____ () C:\Users\Odin\Downloads\Entwurf 2.02.odt
2014-03-09 19:27 - 2014-03-09 19:26 - 00149719 _____ () C:\Users\Odin\Downloads\Entwurf 2.01.odt
2014-03-09 14:39 - 2014-03-09 14:39 - 00109493 _____ () C:\Users\Odin\Downloads\CLAN AN SCHRIFFT 3.odt
2014-03-09 02:00 - 2014-03-09 02:00 - 00392718 _____ () C:\Users\Odin\Downloads\logo 2.psd
Some content of TEMP:
====================
C:\Users\Odin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-01 14:16
==================== End Of Log ============================
|
|
09.04.2014, 15:03
| #6 |
| /// the machine /// TB-Ausbilder | Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich aufESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf |
|
10.04.2014, 19:01
| #7 |
| | Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf So die folgenden Scans habe ich durchgeführt und hier die Auswertungen davon. Hatte ich einen Virus, Trojaner oder der gleichen auf meinem Rechner? Und ob ich noch Probleme habe? Ja, leider, ich wollte einen Vollscan mit Norton durchführen und er hat sich wieder bei der gleichen Datei aufgehängt. Wenn ich auch nur diese Datei scannen möchte oder bzw. sie mit der rechten maustaste anklicke hängt sich die Anwendung auf und ich muss es mit dem Task Manger beenden. Pfad der Anwendung: D:\World_of_Warplanes\res\packages\08-asian_border.pkg Ob ich noch weitere Probleme habe weiß ich bis jetzt noch nicht. Grüße Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e821e5ca32cc4f4287eb3d7b6fdf5e93
# engine=17823
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-09 09:16:14
# local_time=2014-04-09 11:16:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 95 5623177 147740670 0 0
# compatibility_mode=5893 16776574 100 94 7618331 148708024 0 0
# scanned=296847
# found=0
# cleaned=0
# scan_time=5022
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e821e5ca32cc4f4287eb3d7b6fdf5e93
# engine=17826
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-10 12:43:23
# local_time=2014-04-10 02:43:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 95 5678806 147796299 0 0
# compatibility_mode=5893 16776574 100 94 7673960 148763653 0 0
# scanned=471723
# found=0
# cleaned=0
# scan_time=22490
Code:
ATTFilter Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Norton 360 Online
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.9016)
Java 7 Update 51
Adobe Flash Player 12.0.0.77
Adobe Reader 9
Adobe Reader XI
Google Chrome 33.0.1750.154
Google Chrome 34.0.1847.116
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
ESET ESET Online Scanner OnlineScannerApp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by Odin (administrator) on ODIN-PC on 10-04-2014 15:04:46
Running from C:\Users\Odin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Secure Banking) C:\Program Files (x86)\Secure Banking\SecureBanking.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKU\S-1-5-21-2478809043-2154460372-851361966-1001\...\Run: [SecureBanking] - C:\Program Files (x86)\Secure Banking\SecureBanking.exe [507904 2013-06-30] (Secure Banking)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB
CHR Extension: (Google Docs) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-27]
CHR Extension: (Google Drive) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-27]
CHR Extension: (WOT) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-27]
CHR Extension: (YouTube) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-27]
CHR Extension: (Google-Suche) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-27]
CHR Extension: (Heroes & Generals) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-02-26]
CHR Extension: (Norton Identity Protection) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-12-27]
CHR Extension: (Google Wallet) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-27]
CHR Extension: (Google Mail) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2014-02-03]
==================== Services (Whitelisted) =================
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-01-30] (Overwolf LTD)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140408.001\IDSvia64.sys [525016 2014-03-24] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140408.025\ENG64.SYS [126040 2014-03-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140408.025\EX64.SYS [2099288 2014-03-27] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-12-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-10 14:58 - 2014-04-10 14:58 - 00000887 _____ () C:\Users\Odin\Desktop\checkup.txt
2014-04-10 14:56 - 2014-04-10 14:56 - 00987448 _____ () C:\Users\Odin\Downloads\SecurityCheck.exe
2014-04-09 23:16 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 23:16 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 23:16 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-09 23:16 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 23:16 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 23:16 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 23:16 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-09 23:16 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 23:16 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 23:16 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 23:16 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 23:16 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 23:16 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 23:16 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-09 23:16 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-09 23:16 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-09 23:16 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 23:16 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-09 23:16 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 23:16 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-09 23:16 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-09 23:16 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-09 23:16 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-09 23:16 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-09 23:16 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 23:16 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 23:16 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 23:16 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-09 23:16 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-09 23:16 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 23:16 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-09 23:16 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-09 23:16 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-09 23:16 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 23:16 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-09 23:16 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 23:16 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-09 23:16 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-09 23:16 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 23:16 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 23:16 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-09 23:16 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 23:16 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 23:16 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 23:16 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-09 23:16 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-09 23:16 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 23:16 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 21:49 - 2014-04-09 21:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-09 21:39 - 2014-04-09 21:39 - 02347384 _____ (ESET) C:\Users\Odin\Downloads\esetsmartinstaller_enu.exe
2014-04-08 20:29 - 2014-04-08 20:29 - 00037678 _____ () C:\Users\Odin\Desktop\FRST2.txt
2014-04-08 20:20 - 2014-04-08 20:21 - 00000624 _____ () C:\Users\Odin\Desktop\JRT.txt
2014-04-08 20:12 - 2014-04-08 20:12 - 01016261 _____ (Thisisu) C:\Users\Odin\Downloads\JRT.exe
2014-04-08 20:08 - 2014-04-08 20:08 - 00001279 _____ () C:\Users\Odin\Desktop\AdwCleaner[S2].txt
2014-04-08 20:04 - 2014-04-08 20:04 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner (1).exe
2014-04-08 20:02 - 2014-04-08 20:02 - 00001145 _____ () C:\Users\Odin\Desktop\mbam.txt
2014-04-08 19:45 - 2014-04-08 21:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 19:44 - 2014-04-08 19:44 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-08 19:44 - 2014-04-08 19:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-08 19:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-08 19:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-08 19:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-08 19:43 - 2014-04-08 19:43 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Odin\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 19:38 - 2014-04-08 19:38 - 00015393 _____ () C:\Users\Odin\Desktop\ComboFix3.exe
2014-04-08 19:37 - 2014-04-08 19:37 - 00015393 _____ () C:\ComboFix.txt
2014-04-08 19:31 - 2014-04-08 19:31 - 00015409 _____ () C:\Users\Odin\Desktop\ComboFix2.exe
2014-04-08 13:17 - 2014-04-08 13:18 - 00001534 _____ () C:\Users\Odin\Desktop\WOWpLauncher.log
2014-04-08 13:17 - 2014-04-08 13:17 - 00000600 ____N () C:\Users\Odin\Desktop\WOWpLauncher.cfg
2014-04-08 13:17 - 2014-04-08 13:17 - 00000000 ____D () C:\Users\Odin\Desktop\Updates
2014-04-07 16:47 - 2014-04-07 16:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Odin\Downloads\UnityWebPlayer.exe
2014-04-06 16:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-06 16:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-06 16:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-06 16:42 - 2014-04-08 19:37 - 00000000 ____D () C:\Qoobox
2014-04-06 16:42 - 2014-04-06 16:57 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 16:38 - 2014-04-08 19:23 - 05194596 ____R (Swearware) C:\Users\Odin\Desktop\ComboFix.exe
2014-04-06 14:33 - 2014-04-06 14:33 - 00057150 _____ () C:\Users\Odin\Desktop\Gamer.txt.log
2014-04-06 14:19 - 2014-04-06 14:19 - 00380416 _____ () C:\Users\Odin\Downloads\Gmer-19357.exe
2014-04-06 14:15 - 2014-04-06 14:15 - 00030568 _____ () C:\Users\Odin\Desktop\Addition.txt
2014-04-06 14:07 - 2014-04-10 15:04 - 00011350 _____ () C:\Users\Odin\Downloads\FRST.txt
2014-04-06 14:07 - 2014-04-06 14:08 - 00030568 _____ () C:\Users\Odin\Downloads\Addition.txt
2014-04-06 14:06 - 2014-04-10 15:04 - 00000000 ____D () C:\FRST
2014-04-06 14:05 - 2014-04-06 14:06 - 02157056 _____ (Farbar) C:\Users\Odin\Downloads\FRST64.exe
2014-04-06 14:03 - 2014-04-06 14:04 - 00000470 _____ () C:\Users\Odin\Downloads\defogger_disable.log
2014-04-06 14:03 - 2014-04-06 14:03 - 00000000 _____ () C:\Users\Odin\defogger_reenable
2014-04-06 14:02 - 2014-04-06 14:02 - 00050477 _____ () C:\Users\Odin\Downloads\Defogger.exe
2014-04-05 17:41 - 2014-04-05 17:41 - 00002296 _____ () C:\{C05329E7-B55A-40D4-B4C3-564269EA5997}
2014-04-02 10:25 - 2014-04-02 10:25 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner.exe
2014-04-01 12:05 - 2014-04-01 12:05 - 00000000 ____D () C:\Windows\Sun
2014-03-29 07:31 - 2014-03-29 07:32 - 14851176 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.6_setup.exe
2014-03-22 01:54 - 2014-03-22 01:55 - 00000000 ____D () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23
2014-03-22 01:54 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Desktop\New Folder
2014-03-22 00:12 - 2014-03-22 00:12 - 06782040 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.rar
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.ts3_plugin
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23 (1).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (2).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (1).ts3_plugin
2014-03-21 23:03 - 2014-03-21 23:03 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23.ts3_plugin
2014-03-21 22:15 - 2014-04-09 21:45 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\TS3Client
2014-03-21 22:15 - 2014-03-22 19:29 - 00001221 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-03-21 21:58 - 2014-03-21 21:58 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\Odin\Downloads\TeamSpeak3-Client-win64-3.0.14.exe
2014-03-21 21:03 - 2014-03-21 21:03 - 00003326 _____ () C:\Windows\System32\Tasks\{41328DD1-6DED-4075-B6D7-AE9CB59626B1}
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\ts3overlay
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\ProgramData\dbg
2014-03-20 21:49 - 2014-03-20 21:50 - 14843439 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.5_setup.exe
2014-03-20 15:55 - 2014-03-20 15:55 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-03-18 11:23 - 2014-03-04 16:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-18 11:23 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-16 22:04 - 2014-03-17 01:33 - 00006945 _____ () C:\Users\Odin\Downloads\Entwurf 2.04.odt
2014-03-13 20:38 - 2014-03-13 21:05 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-03-13 20:37 - 2014-03-13 20:58 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Origin
2014-03-13 20:37 - 2014-03-13 20:38 - 00000000 ____D () C:\Users\Odin\AppData\Local\Origin
2014-03-13 20:35 - 2014-03-13 21:05 - 00000000 ____D () C:\ProgramData\Origin
2014-03-13 20:35 - 2014-03-13 20:58 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-13 20:35 - 2014-03-13 20:35 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-03-13 20:35 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-13 20:34 - 2014-03-13 20:34 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Odin\Downloads\OriginThinSetup.exe
2014-03-13 10:51 - 2014-03-13 10:51 - 00574416 _____ () C:\Windows\Minidump\031314-19312-01.dmp
2014-03-13 08:27 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 08:27 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 08:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 08:27 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 08:26 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 08:26 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 08:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 08:26 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 12:37 - 2014-03-26 16:53 - 00000000 ____D () C:\Users\Odin\Documents\Panzer Noah
==================== One Month Modified Files and Folders =======
2014-04-10 15:04 - 2014-04-06 14:07 - 00011350 _____ () C:\Users\Odin\Downloads\FRST.txt
2014-04-10 15:04 - 2014-04-06 14:06 - 00000000 ____D () C:\FRST
2014-04-10 14:58 - 2014-04-10 14:58 - 00000887 _____ () C:\Users\Odin\Desktop\checkup.txt
2014-04-10 14:58 - 2013-12-27 07:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-10 14:58 - 2013-12-27 07:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-10 14:56 - 2014-04-10 14:56 - 00987448 _____ () C:\Users\Odin\Downloads\SecurityCheck.exe
2014-04-10 14:23 - 2013-12-27 18:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-10 13:56 - 2013-12-27 07:29 - 01064955 _____ () C:\Windows\WindowsUpdate.log
2014-04-10 07:31 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 07:31 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 07:30 - 2010-05-12 10:18 - 01971906 _____ () C:\Windows\system32\perfh007.dat
2014-04-10 07:30 - 2010-05-12 10:18 - 00556940 _____ () C:\Windows\system32\perfc007.dat
2014-04-10 07:30 - 2009-07-14 07:13 - 00006452 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 07:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-10 07:24 - 2009-07-14 06:51 - 00103593 _____ () C:\Windows\setupact.log
2014-04-10 07:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2014-04-10 07:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-04-10 07:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-09 21:49 - 2014-04-09 21:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-09 21:45 - 2014-03-21 22:15 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\TS3Client
2014-04-09 21:39 - 2014-04-09 21:39 - 02347384 _____ (ESET) C:\Users\Odin\Downloads\esetsmartinstaller_enu.exe
2014-04-08 22:43 - 2013-12-27 19:29 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\SoftGrid Client
2014-04-08 21:02 - 2014-04-08 19:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 20:29 - 2014-04-08 20:29 - 00037678 _____ () C:\Users\Odin\Desktop\FRST2.txt
2014-04-08 20:21 - 2014-04-08 20:20 - 00000624 _____ () C:\Users\Odin\Desktop\JRT.txt
2014-04-08 20:12 - 2014-04-08 20:12 - 01016261 _____ (Thisisu) C:\Users\Odin\Downloads\JRT.exe
2014-04-08 20:12 - 2013-12-27 17:49 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 20:08 - 2014-04-08 20:08 - 00001279 _____ () C:\Users\Odin\Desktop\AdwCleaner[S2].txt
2014-04-08 20:06 - 2013-12-27 17:52 - 00000000 ____D () C:\AdwCleaner
2014-04-08 20:04 - 2014-04-08 20:04 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner (1).exe
2014-04-08 20:02 - 2014-04-08 20:02 - 00001145 _____ () C:\Users\Odin\Desktop\mbam.txt
2014-04-08 19:44 - 2014-04-08 19:44 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-08 19:44 - 2014-04-08 19:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-08 19:44 - 2013-12-27 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 19:43 - 2014-04-08 19:43 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Odin\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 19:38 - 2014-04-08 19:38 - 00015393 _____ () C:\Users\Odin\Desktop\ComboFix3.exe
2014-04-08 19:38 - 2010-09-26 16:56 - 00154310 _____ () C:\Windows\PFRO.log
2014-04-08 19:37 - 2014-04-08 19:37 - 00015393 _____ () C:\ComboFix.txt
2014-04-08 19:37 - 2014-04-06 16:42 - 00000000 ____D () C:\Qoobox
2014-04-08 19:36 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-08 19:31 - 2014-04-08 19:31 - 00015409 _____ () C:\Users\Odin\Desktop\ComboFix2.exe
2014-04-08 19:23 - 2014-04-06 16:38 - 05194596 ____R (Swearware) C:\Users\Odin\Desktop\ComboFix.exe
2014-04-08 13:18 - 2014-04-08 13:17 - 00001534 _____ () C:\Users\Odin\Desktop\WOWpLauncher.log
2014-04-08 13:17 - 2014-04-08 13:17 - 00000600 ____N () C:\Users\Odin\Desktop\WOWpLauncher.cfg
2014-04-08 13:17 - 2014-04-08 13:17 - 00000000 ____D () C:\Users\Odin\Desktop\Updates
2014-04-07 16:47 - 2014-04-07 16:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Odin\Downloads\UnityWebPlayer.exe
2014-04-07 07:22 - 2014-01-30 16:59 - 00000000 ____D () C:\Users\Odin\Desktop\USB Stick
2014-04-06 22:45 - 2013-12-27 18:47 - 00001680 _____ () C:\Windows\Sandboxie.ini
2014-04-06 16:57 - 2014-04-06 16:42 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 16:56 - 2013-12-27 07:33 - 00000000 ____D () C:\Users\Odin
2014-04-06 14:33 - 2014-04-06 14:33 - 00057150 _____ () C:\Users\Odin\Desktop\Gamer.txt.log
2014-04-06 14:19 - 2014-04-06 14:19 - 00380416 _____ () C:\Users\Odin\Downloads\Gmer-19357.exe
2014-04-06 14:15 - 2014-04-06 14:15 - 00030568 _____ () C:\Users\Odin\Desktop\Addition.txt
2014-04-06 14:08 - 2014-04-06 14:07 - 00030568 _____ () C:\Users\Odin\Downloads\Addition.txt
2014-04-06 14:06 - 2014-04-06 14:05 - 02157056 _____ (Farbar) C:\Users\Odin\Downloads\FRST64.exe
2014-04-06 14:04 - 2014-04-06 14:03 - 00000470 _____ () C:\Users\Odin\Downloads\defogger_disable.log
2014-04-06 14:03 - 2014-04-06 14:03 - 00000000 _____ () C:\Users\Odin\defogger_reenable
2014-04-06 14:02 - 2014-04-06 14:02 - 00050477 _____ () C:\Users\Odin\Downloads\Defogger.exe
2014-04-05 17:41 - 2014-04-05 17:41 - 00002296 _____ () C:\{C05329E7-B55A-40D4-B4C3-564269EA5997}
2014-04-03 19:47 - 2013-12-30 21:00 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2014-04-03 09:51 - 2014-04-08 19:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-08 19:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-08 19:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 10:25 - 2014-04-02 10:25 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner.exe
2014-04-01 20:54 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-01 12:05 - 2014-04-01 12:05 - 00000000 ____D () C:\Windows\Sun
2014-03-29 15:53 - 2013-12-27 07:33 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 15:53 - 2013-12-27 07:33 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 07:32 - 2014-03-29 07:31 - 14851176 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.6_setup.exe
2014-03-26 16:53 - 2014-03-11 12:37 - 00000000 ____D () C:\Users\Odin\Documents\Panzer Noah
2014-03-23 19:21 - 2014-02-21 15:34 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-22 21:14 - 2014-01-05 19:08 - 00001198 _____ () C:\Windows\wmsetup.log
2014-03-22 19:29 - 2014-03-21 22:15 - 00001221 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-03-22 01:55 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23
2014-03-22 01:54 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Desktop\New Folder
2014-03-22 00:12 - 2014-03-22 00:12 - 06782040 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.rar
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.ts3_plugin
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23 (1).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (2).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (1).ts3_plugin
2014-03-21 23:03 - 2014-03-21 23:03 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23.ts3_plugin
2014-03-21 22:15 - 2013-12-27 17:38 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-21 21:58 - 2014-03-21 21:58 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\Odin\Downloads\TeamSpeak3-Client-win64-3.0.14.exe
2014-03-21 21:03 - 2014-03-21 21:03 - 00003326 _____ () C:\Windows\System32\Tasks\{41328DD1-6DED-4075-B6D7-AE9CB59626B1}
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\ts3overlay
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\ProgramData\dbg
2014-03-20 21:50 - 2014-03-20 21:49 - 14843439 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.5_setup.exe
2014-03-20 15:55 - 2014-03-20 15:55 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-03-19 20:01 - 2013-12-27 16:36 - 00000000 ____D () C:\Users\Odin\Desktop\Mod
2014-03-18 11:26 - 2010-09-26 16:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-17 01:33 - 2014-03-16 22:04 - 00006945 _____ () C:\Users\Odin\Downloads\Entwurf 2.04.odt
2014-03-17 00:20 - 2013-12-27 09:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-17 00:19 - 2010-09-26 15:42 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-16 21:48 - 2014-03-09 19:55 - 00150647 _____ () C:\Users\Odin\Downloads\Entwurf 2.03.odt
2014-03-13 21:05 - 2014-03-13 20:38 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-03-13 21:05 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Origin
2014-03-13 20:58 - 2014-03-13 20:37 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Origin
2014-03-13 20:58 - 2014-03-13 20:35 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-13 20:38 - 2014-03-13 20:37 - 00000000 ____D () C:\Users\Odin\AppData\Local\Origin
2014-03-13 20:35 - 2014-03-13 20:35 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-03-13 20:35 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-13 20:34 - 2014-03-13 20:34 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Odin\Downloads\OriginThinSetup.exe
2014-03-13 18:20 - 2013-12-27 09:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 18:20 - 2013-12-27 09:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 18:20 - 2009-07-14 06:45 - 00276584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 10:51 - 2014-03-13 10:51 - 00574416 _____ () C:\Windows\Minidump\031314-19312-01.dmp
2014-03-13 10:51 - 2014-01-31 23:05 - 00000000 ____D () C:\Windows\Minidump
2014-03-12 19:23 - 2013-12-27 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 19:23 - 2013-12-27 18:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 19:23 - 2013-12-27 18:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 13:06 - 2014-01-01 02:34 - 00000000 ____D () C:\Users\Odin\AppData\Local\CrashDumps
2014-03-11 12:46 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
Some content of TEMP:
====================
C:\Users\Odin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-09 11:18
==================== End Of Log ============================
|
|
11.04.2014, 07:39
| #8 |
| /// the machine /// TB-Ausbilder | Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf Das ist ein Problem bei Norton. Mal neuinstallierne. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf |
| .com, adobe, defender, desktop, device driver, error, explorer, fehler, festplatte, flash player, helper, home, homepage, horde, hängt, minidump, ntdll.dll, problem, registry, scan, security, server, services.exe, starten, svchost.exe, symantec, temp, windows |
Linear-Darstellung
