| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: backdoor.graybird von Norton gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.04.2014, 09:20
| #1 |
 |  backdoor.graybird von Norton gefunden Am 14. und 15.04. hat Norton zweimal den Trojaner backdoor.graybird gefunden. Folgendes habe ich heute gemacht: Volle Scan mit Norton und Malwarebytes haben nichts gefunden. Ein Scan mit aswMBR.exe hat nichts gefunden. Es gab allerdings auch das Problem, dass das Programm ein paar mal abgestürzt ist (Norton war deaktiviert). Ich habe auch FRST benutzt. Hier sind die logs: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Karsten (administrator) on KARSTEN on 19-04-2014 07:43:30
Running from C:\Users\Karsten\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AMD) C:\windows\system32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-06] (IDT, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-28] (RealNetworks, Inc.)
HKU\S-1-5-21-4084426041-1636381982-3049202617-1001\...\Run: [EPSON SX410 Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE [223232 2008-10-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4084426041-1636381982-3049202617-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4084426041-1636381982-3049202617-1001\...\MountPoints2: {11d845d0-33d5-11e2-be6f-78e3b5b1eb8d} - "L:\autorun.exe"
Startup: C:\Users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Karsten\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {19B9E307-FBC7-461C-B092-16D9234C20BA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {19B9E307-FBC7-461C-B092-16D9234C20BA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {19B9E307-FBC7-461C-B092-16D9234C20BA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default
FF user.js: detected! => C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\user.js
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: chrome://foxtab/content/homepage.html
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=BFC9CCA8-518D-487C-929E-64A722B1AEF0&apn_ptnrs=%5EAGS&apn_sauid=095E12B4-6FD1-410F-BA0D-5AC249BCB302&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @coreonline.com/run3d,version=1.0 - C:\Users\Karsten\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=2.0.8.2 - C:\Users\Karsten\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\staged [2014-04-19]
FF Extension: Bitdefender QuickScan - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013-08-02]
FF Extension: Redirect Remover - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} [2012-11-21]
FF Extension: BrowserProtect - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\browserprotect@browserprotect.com.xpi [2012-11-21]
FF Extension: RSS Icon - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\kitsuneymg@gmail.com.xpi [2012-11-21]
FF Extension: All-in-One Sidebar - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-11-21]
FF Extension: FlashGot - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-11-21]
FF Extension: X-notifier - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-11-21]
FF Extension: NoScript - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-21]
FF Extension: ImTranslator - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012-11-21]
FF Extension: LinkExtend - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-21]
FF Extension: BetterPrivacy - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-11-21]
FF Extension: DownThemAll! - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-11-21]
FF Extension: Torbutton - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2012-11-21]
FF Extension: FoxTab - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012-11-21]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-28]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-02-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Karsten\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Karsten\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2013-03-01]
==================== Services (Whitelisted) =================
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140417.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140418.016\ENG64.SYS [126040 2014-04-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140418.016\EX64.SYS [2099288 2014-04-15] (Symantec Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-19 07:43 - 2014-04-19 07:43 - 00022780 _____ () C:\Users\Karsten\Desktop\FRST.txt
2014-04-19 07:43 - 2014-04-19 07:43 - 00000000 ____D () C:\FRST
2014-04-19 07:39 - 2014-04-17 21:54 - 02158592 _____ (Farbar) C:\Users\Karsten\Desktop\FRST64.exe
2014-04-19 05:59 - 2014-04-19 05:59 - 00000000 ____D () C:\windows\en
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ____D () C:\windows\de
2014-04-19 05:57 - 2014-04-19 05:57 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-19 05:56 - 2014-04-19 05:56 - 00000382 _____ () C:\windows\DirectX.log
2014-04-19 05:54 - 2014-04-17 13:38 - 01239752 _____ (Microsoft Corporation) C:\Users\Karsten\Downloads\wlsetup-web.exe
2014-04-19 05:51 - 2014-03-25 15:28 - 04787368 _____ (Piriform Ltd) C:\Users\Karsten\Downloads\ccsetup412.exe
2014-04-19 05:50 - 2014-04-19 07:42 - 00000400 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Karsten.job
2014-04-19 05:50 - 2014-04-19 05:50 - 00003618 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002966 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002962 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002670 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00000394 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Karsten.job
2014-04-19 05:50 - 2014-04-19 05:50 - 00000390 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Karsten.job
2014-04-19 05:06 - 2013-03-18 21:00 - 04745728 _____ (AVAST Software) C:\Users\karsten_2\Downloads\aswMBR.exe
2014-04-19 04:40 - 2014-04-19 04:43 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 04:40 - 2014-04-19 04:40 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-19 04:40 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-19 04:40 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-19 04:40 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-19 04:38 - 2014-04-19 04:38 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\karsten_2\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 04:10 - 2014-04-19 04:10 - 00000154 _____ () C:\Users\karsten_2\Desktop\norton.txt
2014-04-19 04:09 - 2014-04-17 19:01 - 03077584 ____N (Symantec Corporation) C:\Users\karsten_2\Downloads\NPE.exe
2014-04-16 19:47 - 2014-04-19 05:29 - 00003346 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-16 19:47 - 2014-04-19 05:29 - 00003220 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-12 22:35 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-12 22:35 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-12 22:35 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-12 22:35 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-12 22:35 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-12 22:35 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 22:35 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-04-12 22:35 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-12 22:35 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-04-12 22:35 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-04-12 22:35 - 2014-01-27 01:17 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml
2014-04-12 22:35 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2014-04-12 22:35 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-04-12 22:35 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-04-12 22:35 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 22:35 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-04-12 22:35 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-04-12 22:35 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-04-12 22:35 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-12 22:35 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-12 22:35 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-12 22:35 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-04-12 22:35 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-12 22:35 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-04-12 22:35 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-12 22:35 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-12 22:35 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-04-12 22:34 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-12 22:34 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-10 02:15 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-10 02:15 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-04-10 02:15 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-04-10 02:15 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-03-31 21:41 - 2014-03-31 21:41 - 00058568 _____ (Microsoft Corporation) C:\windows\SysWOW64\sirenacm.dll
2014-03-31 21:34 - 2014-03-31 21:34 - 00322248 _____ (Microsoft Corporation) C:\windows\WLXPGSS.SCR
2014-03-29 08:35 - 2014-03-29 08:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 04:55 - 2014-03-28 04:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-03-28 04:49 - 2014-04-10 05:47 - 00446968 _____ () C:\windows\system32\FNTCACHE.DAT
==================== One Month Modified Files and Folders =======
2014-04-19 07:43 - 2014-04-19 07:43 - 00022780 _____ () C:\Users\Karsten\Desktop\FRST.txt
2014-04-19 07:43 - 2014-04-19 07:43 - 00000000 ____D () C:\FRST
2014-04-19 07:42 - 2014-04-19 05:50 - 00000400 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Karsten.job
2014-04-19 07:41 - 2013-10-29 22:00 - 00000000 ____D () C:\Users\karsten_2\AppData\Roaming\ClassicShell
2014-04-19 07:33 - 2012-11-23 21:33 - 01062422 _____ () C:\windows\WindowsUpdate.log
2014-04-19 07:24 - 2012-11-21 19:52 - 00005090 _____ () C:\windows\Sandboxie.ini
2014-04-19 07:23 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-04-19 06:00 - 2014-02-05 22:00 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\ClassicShell
2014-04-19 05:59 - 2014-04-19 05:59 - 00000000 ____D () C:\windows\en
2014-04-19 05:59 - 2012-11-22 19:40 - 00000000 ____D () C:\Users\Karsten\Tracing
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ____D () C:\windows\de
2014-04-19 05:57 - 2014-04-19 05:57 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-19 05:57 - 2012-09-28 08:39 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-04-19 05:56 - 2014-04-19 05:56 - 00000382 _____ () C:\windows\DirectX.log
2014-04-19 05:55 - 2012-11-21 19:42 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-19 05:55 - 2012-11-21 12:44 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4084426041-1636381982-3049202617-1001
2014-04-19 05:53 - 2013-03-22 19:59 - 00000000 ____D () C:\windows\Minidump
2014-04-19 05:53 - 2013-03-17 17:56 - 00000000 ____D () C:\Users\Karsten\AppData\Local\CrashDumps
2014-04-19 05:52 - 2012-11-22 00:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-19 05:52 - 2012-11-21 15:18 - 00000000 ____D () C:\Users\Karsten\AppData\Local\Mozilla
2014-04-19 05:50 - 2014-04-19 05:50 - 00003618 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002966 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002962 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002670 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00000394 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Karsten.job
2014-04-19 05:50 - 2014-04-19 05:50 - 00000390 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Karsten.job
2014-04-19 05:48 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-19 05:39 - 2012-11-21 19:42 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-19 05:33 - 2012-11-22 18:42 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-19 05:29 - 2014-04-16 19:47 - 00003346 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-19 05:29 - 2014-04-16 19:47 - 00003220 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-19 05:28 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-19 05:27 - 2012-07-26 07:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-04-19 05:16 - 2012-11-23 20:29 - 00000000 ____D () C:\Users\Karsten\AppData\Local\NPE
2014-04-19 05:13 - 2013-03-16 19:19 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\Real
2014-04-19 05:12 - 2012-11-21 12:36 - 00000000 ___RD () C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-19 05:12 - 2012-11-21 12:36 - 00000000 ___RD () C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-19 04:43 - 2014-04-19 04:40 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 04:40 - 2014-04-19 04:40 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-19 04:38 - 2014-04-19 04:38 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\karsten_2\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 04:32 - 2012-11-24 23:41 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{3454E9CE-74EC-4794-80EB-8B50E51C0BDD}
2014-04-19 04:18 - 2012-09-28 17:11 - 00745562 _____ () C:\windows\system32\perfh007.dat
2014-04-19 04:18 - 2012-09-28 17:11 - 00169488 _____ () C:\windows\system32\perfc007.dat
2014-04-19 04:18 - 2012-07-26 09:28 - 01752656 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-19 04:13 - 2014-03-14 03:03 - 00003242 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-19 04:13 - 2014-01-29 23:22 - 00003368 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-19 04:13 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-04-19 04:12 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-04-19 04:10 - 2014-04-19 04:10 - 00000154 _____ () C:\Users\karsten_2\Desktop\norton.txt
2014-04-17 21:54 - 2014-04-19 07:39 - 02158592 _____ (Farbar) C:\Users\Karsten\Desktop\FRST64.exe
2014-04-17 21:01 - 2012-12-27 15:39 - 00000000 ____D () C:\Users\karsten_2\AppData\Local\CrashDumps
2014-04-17 19:01 - 2014-04-19 04:09 - 03077584 ____N (Symantec Corporation) C:\Users\karsten_2\Downloads\NPE.exe
2014-04-17 13:38 - 2014-04-19 05:54 - 01239752 _____ (Microsoft Corporation) C:\Users\Karsten\Downloads\wlsetup-web.exe
2014-04-14 08:08 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-04-13 08:12 - 2012-11-22 18:36 - 00000000 ___RD () C:\Users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-13 08:12 - 2012-11-22 18:36 - 00000000 ___RD () C:\Users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-13 08:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData
2014-04-13 08:06 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-04-10 05:49 - 2013-02-21 20:12 - 00000000 ____D () C:\Users\karsten_2\AppData\Roaming\QuickScan
2014-04-10 05:47 - 2014-03-28 04:49 - 00446968 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-10 05:47 - 2013-01-28 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-10 02:21 - 2013-08-14 14:22 - 00000000 ____D () C:\windows\system32\MRT
2014-04-10 02:21 - 2012-11-21 14:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 02:19 - 2012-12-12 19:21 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-03 09:51 - 2014-04-19 04:40 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 04:40 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 04:40 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-31 23:18 - 2014-01-16 07:15 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2014-01-16 07:15 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 21:41 - 2014-03-31 21:41 - 00058568 _____ (Microsoft Corporation) C:\windows\SysWOW64\sirenacm.dll
2014-03-31 21:34 - 2014-03-31 21:34 - 00322248 _____ (Microsoft Corporation) C:\windows\WLXPGSS.SCR
2014-03-29 08:35 - 2014-03-29 08:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 04:55 - 2014-03-28 04:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-03-28 04:50 - 2014-02-10 19:18 - 00002503 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-03-28 04:50 - 2012-09-28 08:42 - 00003234 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-03-28 04:50 - 2012-09-28 08:41 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-03-25 15:28 - 2014-04-19 05:51 - 04787368 _____ (Piriform Ltd) C:\Users\Karsten\Downloads\ccsetup412.exe
2014-03-23 20:21 - 2012-11-23 14:21 - 00000000 ____D () C:\Users\karsten_2\Documents\trle
2014-03-23 20:21 - 2012-11-22 19:12 - 00000000 ____D () C:\Users\karsten_2\Documents\test
2014-03-21 23:03 - 2013-04-19 16:31 - 00000000 ____D () C:\Program Files (x86)\PDF24
Some content of TEMP:
====================
C:\Users\karsten_2\AppData\Local\Temp\vlc-2.1.3-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-18 03:01
==================== End Of Log ============================
und Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by Karsten at 2014-04-19 07:44:01
Running from C:\Users\Karsten\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 13 Plugin (HKLM-x32\...\{28ADCCAD-3C23-44A1-A93F-47AA176F7AD7}) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{BF821093-CFD3-EC1B-B357-6817EE34E5C7}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3109 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.1.4319 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Epson Stylus SX210_SX410_TX210_TX410 Handbuch (HKLM-x32\...\Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch) (Version: - )
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version: - SEIKO EPSON Corporation)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
FirstClass Client (HKLM-x32\...\{6EBED885-73D9-4750-B96E-FD654500E59F}) (Version: 11.063 - OpenText)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.23.320 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NG Center 1.3 (C:\Program Files (x86)\NG_CENTER\) (HKLM-x32\...\ST6UNST #2) (Version: - )
NG Center 1.3 (HKLM-x32\...\ST6UNST #1) (Version: - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.2 - )
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
PDF Image Extraction Wizard 1.2 (HKLM-x32\...\PDF Image Extraction Wizard 1.2_is1) (Version: - RL Vision)
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Portal 2 (HKLM\...\{C7ADD544-7212-4294-93B4-35A917802F57}_is1) (Version: 1.28 - Valve)
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.4001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.4001 - Secunia)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Square Enix Secure Launcher (HKCU\...\Square Enix Secure Launcher) (Version: 1.0.0.108 - Square Enix)
Tomb Raider: Underworld 1.0 (HKLM-x32\...\Tomb Raider: Underworld) (Version: - )
Torrent Stream 2.0.8.2 (HKCU\...\TorrentStream) (Version: 2.0.8.2 - Torrent Stream)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media 8 Encoding Utility (HKLM-x32\...\wm8eutil) (Version: - )
==================== Restore Points =========================
28-03-2014 05:54:47 Geplanter Prüfpunkt
05-04-2014 09:43:55 Geplanter Prüfpunkt
10-04-2014 00:18:22 Windows Update
13-04-2014 05:54:54 Windows Update
17-04-2014 17:20:55 Windows Update
19-04-2014 03:55:29 Windows Live Essentials
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0FD112A7-7F87-4829-BB9E-B9312628AE9D} - System32\Tasks\ReclaimerUpdateFiles_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1BC3AC19-486A-48F4-8053-5EE64A7CB816} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {2064DABC-F816-49AE-BF2C-0B049D18D797} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {2101431E-D2FC-4FDA-B878-403E464181FF} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {213BEEDC-746D-4FB0-8EE3-275DD1AE7628} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\SymErr.exe
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {37DEA58B-8462-4805-996F-F1F43FD47C19} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {536E6974-C855-4784-B003-060E0F9DB9CC} - System32\Tasks\ReclaimerUpdateXML_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {59E63EB5-854D-40CF-8647-E60440202B92} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {5E15A49D-D139-4E34-97BD-E972FCF0356D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {67203319-C175-43E9-AF13-18F32A779471} - System32\Tasks\RNUpgradeHelperLogonPrompt_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {67C732A8-3943-4A4D-981B-8624BDB78D67} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-19] (Adobe Systems Incorporated)
Task: {6FAAD3FA-7D3D-4EBA-AFCB-826927D3EB19} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {774FFC74-76B2-4F7C-BCE4-E3AD73ED172B} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\SymErr.exe
Task: {7FACDD51-5853-4884-BCE3-D0DF29E84F48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {83456510-8F6A-4FA9-8C35-9AFE19A9A419} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8FA3AC7C-04EB-46FA-B94B-37E9073E8E59} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9546EAA3-39C3-4DED-8713-946248B95374} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {A0C88627-80D5-477B-BE77-701DCD45D2D0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AFD44EBF-961E-4823-9B59-DA4C7F614202} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B786AA05-BA0A-448B-B222-EE5E8AF7C821} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C1B82AC9-DFF7-4309-BBB9-37FEE2677B46} - System32\Tasks\RNUpgradeHelperResumePrompt_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C8945FB9-372E-4A44-B22E-53A3034C67CF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D3DE6F95-558B-42D6-B1F8-77CA1D220B89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F3C8CE70-E5A6-4093-BD3F-33340A24C0ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2012-07-13] (Hewlett-Packard)
Task: {F4DFFBBB-E4D4-4E13-AB13-2C81A47C81DD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\ReclaimerUpdateFiles_Karsten.job => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\windows\Tasks\ReclaimerUpdateXML_Karsten.job => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Karsten.job => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
==================== Loaded Modules (whitelisted) =============
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-08-29 11:02 - 2012-08-29 11:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2012-07-26 11:48 - 2012-07-26 11:46 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-09-28 08:31 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/19/2014 05:56:55 AM) (Source: Windows Search Service) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
Error: (04/19/2014 05:56:55 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (04/19/2014 05:56:54 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Error: (04/19/2014 05:29:00 AM) (Source: Windows Search Service) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
Error: (04/19/2014 05:28:59 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (04/19/2014 05:28:58 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Error: (04/19/2014 05:25:45 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000618d0
ID des fehlerhaften Prozesses: 0x1618
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3
Vollständiger Name des fehlerhaften Pakets: aswMBR.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: aswMBR.exe5
Error: (04/19/2014 05:22:54 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000618d0
ID des fehlerhaften Prozesses: 0x1480
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3
Vollständiger Name des fehlerhaften Pakets: aswMBR.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: aswMBR.exe5
Error: (04/19/2014 04:13:35 AM) (Source: Windows Search Service) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
Error: (04/19/2014 04:13:35 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
System errors:
=============
Error: (04/19/2014 06:00:08 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (04/19/2014 05:50:03 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (04/19/2014 05:31:24 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (04/19/2014 05:30:57 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (04/19/2014 05:28:50 AM) (Source: DCOM) (User: Karsten)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Karstenkarsten_2S-1-5-21-4084426041-1636381982-3049202617-1004LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (04/19/2014 05:27:42 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (04/19/2014 05:12:57 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (04/19/2014 04:16:07 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (04/19/2014 04:15:53 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error: (04/16/2014 07:19:27 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 24%
Total physical RAM: 6039.52 MB
Available physical RAM: 4567.83 MB
Total Pagefile: 6999.52 MB
Available Pagefile: 5559.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.74 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:453.36 GB) (Free:301.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:10.92 GB) (Free:1.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (YOU_ARE_THE_QUESTION) (CDROM) (Total:7.56 GB) (Free:0 GB) UDF
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (RecoveryDaten) (Fixed) (Total:297.99 GB) (Free:277.74 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 7304BB38)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
19.04.2014, 09:37
| #2 |
| /// the machine /// TB-Ausbilder    | backdoor.graybird von Norton gefunden Hi,
__________________Logfile von Norton? Wo hat Norton das gefunden?
__________________ |
|
19.04.2014, 17:44
| #3 |
| | backdoor.graybird von Norton gefunden Oh je, ich ahne schlimmes! Hier mal drei Logeinträge:
__________________Code:
ATTFilter Dateiname: iulnbeys.dat
Bedrohungsname: Backdoor.Graybird
Vollständiger Pfad: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\iulnbeys.dat
____________________________
Details
Unbekannte Community-Verbreitung,* Unbekanntes Alter,* Risiko Hoch
Ursprung
Heruntergeladen von
*Unbekannt
Aktivität
Ausgeführte Aktionen: 13
____________________________
Auf Computern ab*
Nicht verfügbar
Zuletzt verwendet*
14.04.2014 um 19:50:19
Start-Element*
Nein
Gestartet*
Nein
____________________________
Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.
Unbekannt
Diese Dateiversion ist nicht bekannt.
Hoch
Das Risiko dieser Datei ist hoch.
Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen.
____________________________
Quelle: externe Medien
____________________________
Dateiaktionen
Datei: C:\Users\karsten_2\AppData\Local\virtualstore\windows\syswow64\ comsa32.sys entfernt
Datei: C:\Users\karsten_2\AppData\Local\virtualstore\windows\syswow64\ installed.dat entfernt
Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ iulnbeys.dat entfernt
Datei: C:\windows\SysWOW64\ Installed.dat entfernt
____________________________
Registrierungsaktionen
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->AntiVirusDisableNotify:0 Repariert
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->UpdatesDisableNotify:0 Repariert
Registrierungsänderung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\ ->Start:2 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Repariert
____________________________
Dateiabdruck - SHA:
bbbbe4e428de60fe59cc3501b8bf600bbbc132711fa7fe69457fb7bc5e7139fb
Dateiabdruck - MD5:
Nicht verfügbar
Code:
ATTFilter Dateiname: tww7zblv.dat
Bedrohungsname: Backdoor.Graybird
Vollständiger Pfad: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\tww7zblv.dat
____________________________
Details
Unbekannte Community-Verbreitung,* Unbekanntes Alter,* Risiko Hoch
Ursprung
Heruntergeladen von
*Unbekannt
Aktivität
Ausgeführte Aktionen: 109
____________________________
Auf Computern ab*
Nicht verfügbar
Zuletzt verwendet*
14.04.2014 um 19:50:22
Start-Element*
Nein
Gestartet*
Ja
____________________________
Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.
Unbekannt
Diese Dateiversion ist nicht bekannt.
Hoch
Das Risiko dieser Datei ist hoch.
Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen.
____________________________
Quelle: externe Medien
____________________________
Dateiaktionen
Datei: C:\Users\karsten_2\AppData\Local\virtualstore\windows\syswow64\ comsa32.sys entfernt
Datei: C:\Users\karsten_2\AppData\Local\virtualstore\windows\syswow64\ installed.dat entfernt
Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ tww7zblv.dat entfernt
Datei: C:\windows\SysWOW64\ Installed.dat entfernt
Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ iazguxcw.dat entfernt
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\syswow64\ gh14rs.txt Keine Aktion erforderlich
Datei: c:\windows\syswow64\ gh14rs.txt Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\system\ mmtaskclean.log Keine Aktion erforderlich
Datei: c:\windows\system\ mmtaskclean.log Keine Aktion erforderlich
Datei: c:\windows\syswow64\ comsa32.sys Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\system\ win32in.dll Keine Aktion erforderlich
Datei: c:\windows\system\ win32in.dll Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\system\ win32out.dll Keine Aktion erforderlich
Datei: c:\windows\system\ win32out.dll Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\syswow64\ settings.dll Keine Aktion erforderlich
Datei: c:\windows\syswow64\ settings.dll Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\syswow64\wbem\ inetno.chm Keine Aktion erforderlich
Datei: c:\windows\syswow64\wbem\ inetno.chm Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\ win32.btl Keine Aktion erforderlich
Datei: c:\windows\ win32.btl Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\syswow64\wbem\ inetno.exe Keine Aktion erforderlich
Datei: c:\windows\syswow64\wbem\ inetno.exe Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\syswow64\wbem\ windows_nt_ck.exe Keine Aktion erforderlich
Datei: c:\windows\syswow64\wbem\ windows_nt_ck.exe Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\programdata\downloadsave\ recordpath Keine Aktion erforderlich
Datei: c:\programdata\downloadsave\ recordpath Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\program files (x86)\addendum\ addendov.dll Keine Aktion erforderlich
Datei: c:\program files (x86)\addendum\ addendov.dll Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\program files (x86)\addendum\ addendov_uninstall.exe Keine Aktion erforderlich
Datei: c:\program files (x86)\addendum\ addendov_uninstall.exe Keine Aktion erforderlich
Ereignis: Laufender Prozess: C:\Users\karsten_2\AppData\Local\virtualstore\program files (x86)\internet explorer\ iexplore.exe Keine Aktion erforderlich
Ereignis: Laufender Prozess: C:\Program Files (x86)\Internet Explorer\ iexplore.exe Keine Aktion erforderlich
____________________________
Registrierungsaktionen
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->AntiVirusDisableNotify:0 Repariert
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->UpdatesDisableNotify:0 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\ ->Start:2 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Repariert
Registrierungsänderung: HKEY_CLASSES_ROOT\ .me0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\ .mem Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\Folder\shell\ !exestrong Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\ me0file Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\ memfile Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ ->Wopti Memory Defreg Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Wom\ ->Wopti ???? Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Wom\ ->Wopti ???? Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run->ravmond Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ RunServices->ravmond Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run->system Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ RunServices->system Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run->ravmond Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run->ravmond Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run->ravmond Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run->ravmond Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run->ravmond Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\ Windows->run Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\ Windows->run Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows NT\CurrentVersion\ Windows->run Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\ Windows->run Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows NT\CurrentVersion\ Windows->run Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\ Run->system Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\ Run->system Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\ Run->system Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ Run->system Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\ Run->system Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ Run->Windows Printing Driver Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ Run->Windows Printing Driver Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ Run->Windows Printing Driver Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ Run->Windows Printing Driver Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ Run->Windows Printing Driver Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\ IEHelper.IEHlprObj.1 Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\ IEHelper.IEHlprObj Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\Interface\ {C0BEBABF-1785-4075-8C4D-8FEE7833D3CD} Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\TypeLib\ {D42047D9-38C2-4FD1-8337-F69C8F835A30} Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\ DC3_FEXEC Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\ DC3_FEXEC Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\ DC3_FEXEC Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\ DC3_FEXEC Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\ DC3_FEXEC Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\ B-Wing_Go Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\ B-Wing_Go Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\ B-Wing_Go Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\ B-Wing_Go Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\ B-Wing_Go Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\ A-Wing_Go Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\ B-Wing_Go Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\ System->DisableRegistryTools:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\ System->DisableRegistryTools:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\Policies\ System->DisableRegistryTools:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ System->DisableRegistryTools:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ System->DisableRegistryTools:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System\ ->DisableTaskMgr:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System\ ->DisableTaskMgr:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System\ ->DisableTaskMgr:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\ ->DisableTaskMgr:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System\ ->DisableTaskMgr:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ ->NofolderOptions:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ ->NofolderOptions:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ ->NofolderOptions:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ ->NofolderOptions:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ ->NofolderOptions:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Keine Aktion erforderlich
____________________________
Dateiabdruck - SHA:
bbbbe4e428de60fe59cc3501b8bf600bbbc132711fa7fe69457fb7bc5e7139fb
Dateiabdruck - MD5:
Nicht verfügbar
Code:
ATTFilter Dateiname: iomthxqh.dat
Bedrohungsname: Backdoor.Graybird
Vollständiger Pfad: c:\users\karsten\appdata\local\virtualstore\program files\portal 2\iomthxqh.dat
____________________________
Details
Viele Benutzer,* Schon länger bekannt,* Risiko Hoch
Ursprung
Heruntergeladen von
*Unbekannt
Aktivität
Ausgeführte Aktionen: 56
____________________________
Auf Computern ab*
23.11.2012 um 15:14:46
Zuletzt verwendet*
15.04.2014 um 23:03:46
Start-Element*
Nein
Gestartet*
Nein
____________________________
Viele Benutzer
Zehntausende Benutzer in der Norton Community haben diese Datei verwendet.
Schon länger bekannt
Diese Datei wurde vor mehr als 31 Tagen 3 Jahren 9 Monaten veröffentlicht.
Hoch
Das Risiko dieser Datei ist hoch.
Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen.
____________________________
Quelle: externe Medien
Quelldatei:
setup.exe
Datei erstellt:
setup.tmp
Datei erstellt:
portal2.exe
Datei erstellt:
iomthxqh.dat
____________________________
Dateiaktionen
Datei: C:\Users\karsten_2\AppData\Local\virtualstore\windows\syswow64\ comsa32.sys entfernt
Datei: C:\Users\karsten_2\AppData\Local\virtualstore\windows\syswow64\ installed.dat entfernt
Datei: C:\windows\SysWOW64\ Installed.dat entfernt
Infizierte Datei: c:\users\karsten\appdata\local\virtualstore\program files\portal 2\ iomthxqh.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ kg8mxd9x.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ l7ikmcaj.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ lltxdr6s.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ ltseqdjx.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ luek0jmi.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ m6sbojq7.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ mencbbtw.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ moh4mipq.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ mtmwovba.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ mxfuodp6.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ nnhdwlcc.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ omxwqvdz.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ onopjdgv.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ otqr8whx.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 0kaqjfyi.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ p7kxehtk.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 0kn4bscn.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ p8or0b1z.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 29pvmqfw.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ pccm5kmp.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 2peftbva.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 2xatoaoq.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ pfuebvz1.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 2ykste3w.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 3fth4oln.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 4ke1k77r.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 4lug334g.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 4otvisg1.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 4rkpu0uh.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 51rognoa.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 5gkb110i.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 7hglwtcp.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 8m2gfu2c.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ ai9a6lg4.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ e69oxs09.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ apj07uss.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ ecbx7v6e.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ eplrcjqj.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ aziwfvhc.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ ese59rir.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ bfmcjbwc.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ exh4y5bd.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ xsaadudy.dat entfernt
____________________________
Registrierungsaktionen
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->AntiVirusDisableNotify:0 Repariert
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->UpdatesDisableNotify:0 Repariert
Registrierungsänderung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\ ->Start:2 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Repariert
____________________________
Dateiabdruck - SHA:
bbbbe4e428de60fe59cc3501b8bf600bbbc132711fa7fe69457fb7bc5e7139fb
Dateiabdruck - MD5:
Nicht verfügbar
defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:13 on 19/04/2014 (Karsten) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- gmer-Scan Am Anfang und Ende gab es diese Fehlermeldung: c:\windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-19 18:25:41
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000031 ST500DM002-1BD142 rev.HP73 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Karsten\AppData\Local\Temp\fwdoqpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\windows\system32\atieclxx.exe[1284] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdc133177a 4 bytes [33, C1, FD, 07]
.text C:\windows\system32\atieclxx.exe[1284] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdc1331782 4 bytes [33, C1, FD, 07]
.text C:\windows\system32\atieclxx.exe[1284] C:\windows\system32\WSOCK32.dll!recvfrom + 742 000007fdbcc11b32 4 bytes [C1, BC, FD, 07]
.text C:\windows\system32\atieclxx.exe[1284] C:\windows\system32\WSOCK32.dll!recvfrom + 750 000007fdbcc11b3a 4 bytes [C1, BC, FD, 07]
.text C:\windows\Explorer.EXE[3484] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fdbe591532 4 bytes [59, BE, FD, 07]
.text C:\windows\Explorer.EXE[3484] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fdbe59153a 4 bytes [59, BE, FD, 07]
.text C:\windows\Explorer.EXE[3484] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fdbe59165a 4 bytes [59, BE, FD, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fdbe591532 4 bytes [59, BE, FD, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fdbe59153a 4 bytes [59, BE, FD, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fdbe59165a 4 bytes [59, BE, FD, 07]
.text C:\Program Files\Sandboxie\SbieCtrl.exe[6216] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdc133177a 4 bytes [33, C1, FD, 07]
.text C:\Program Files\Sandboxie\SbieCtrl.exe[6216] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdc1331782 4 bytes [33, C1, FD, 07]
---- Threads - GMER 2.1 ----
Thread C:\windows\System32\spoolsv.exe [1664:1836] 000007fdb81c54c0
Thread C:\windows\System32\spoolsv.exe [1664:3504] 000007fdb81a30ec
Thread C:\windows\System32\spoolsv.exe [1664:3644] 000007fdb2f781ac
Thread C:\windows\System32\spoolsv.exe [1664:3932] 000007fdb2a82364
Thread C:\windows\System32\spoolsv.exe [1664:3892] 000007fdb2a82364
Thread C:\windows\System32\spoolsv.exe [1664:4032] 000007fdb2a82364
Thread C:\windows\System32\spoolsv.exe [1664:3772] 000007fdb2a82364
Thread C:\windows\system32\svchost.exe [1736:1800] 000007fdbf9e3c90
Thread C:\windows\system32\svchost.exe [1736:1804] 000007fdbf9e3c90
Thread C:\windows\system32\svchost.exe [1736:1848] 000007fdbf9e3c90
Thread C:\windows\system32\svchost.exe [1736:1876] 000007fdbaed9240
Thread C:\windows\system32\svchost.exe [1736:1940] 000007fdbaeb7cf0
Thread C:\windows\system32\svchost.exe [1736:1956] 000007fdbaee6d90
Thread C:\windows\system32\svchost.exe [1736:1960] 000007fdbaeb7ea0
Thread C:\windows\system32\svchost.exe [1736:2128] 000007fdb9c131a0
Thread C:\windows\system32\svchost.exe [1736:2772] 000007fdb9c19c68
Thread C:\windows\system32\svchost.exe [1736:3064] 000007fdb7194910
Thread C:\windows\system32\svchost.exe [1736:2096] 000007fdb71824e8
Thread C:\windows\system32\svchost.exe [1736:2116] 000007fdb7121544
Thread C:\windows\system32\svchost.exe [1736:2148] 000007fdb71055dc
Thread C:\windows\system32\svchost.exe [1736:4120] 000007fdb7191044
Thread C:\windows\system32\csrss.exe [5236:6340] fffff9600090a5e8
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [4992:3388] 000007fdba2877b0
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [4992:3044] 000007fdba2877b0
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [4992:5940] 000007fdc15564e0
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [4992:7112] 000007fdc0fdb2b8
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [4992:6888] 000007fdbff85990
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [4992:5472] 000007fdc0773af0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
20.04.2014, 18:02
| #4 |
| /// the machine /// TB-Ausbilder | backdoor.graybird von Norton gefunden hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.04.2014, 22:07
| #5 |
| | backdoor.graybird von Norton gefunden Combofix lief ohne Probleme. Code:
ATTFilter ComboFix 14-04-20.01 - Karsten 20.04.2014 22:32:15.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.6040.4782 [GMT 2:00]
ausgeführt von:: c:\users\Karsten\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Karsten\AppData\Local\assembly\tmp
c:\users\karsten_2\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-20 bis 2014-04-20 ))))))))))))))))))))))))))))))
.
.
2014-04-19 05:43 . 2014-04-19 05:44 -------- d-----w- C:\FRST
2014-04-19 03:59 . 2014-04-19 03:59 -------- d-----w- c:\windows\en
2014-04-19 03:58 . 2014-04-19 03:58 -------- d-----w- c:\windows\de
2014-04-19 03:57 . 2014-04-19 03:57 -------- d-----w- c:\program files\Windows Live
2014-04-19 02:40 . 2014-04-19 02:43 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-19 02:40 . 2014-04-19 02:40 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-04-19 02:40 . 2014-04-19 02:40 -------- d-----w- c:\programdata\Malwarebytes
2014-04-19 02:40 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-19 02:40 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-19 02:40 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-12 20:34 . 2013-10-25 06:19 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-04-12 20:34 . 2014-03-07 00:08 2648576 ----a-w- c:\windows\system32\iertutil.dll
2014-04-12 20:34 . 2014-03-07 00:47 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-04-12 20:34 . 2014-03-07 00:08 3959808 ----a-w- c:\windows\system32\jscript9.dll
2014-04-12 20:34 . 2013-04-28 22:30 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2014-04-10 00:15 . 2014-02-05 23:41 978432 ----a-w- c:\windows\system32\KernelBase.dll
2014-04-10 00:15 . 2014-02-05 23:41 1257984 ----a-w- c:\windows\system32\kernel32.dll
2014-04-10 00:15 . 2014-02-05 23:26 666112 ----a-w- c:\windows\SysWow64\KernelBase.dll
2014-03-31 19:41 . 2014-03-31 19:41 58568 ----a-w- c:\windows\SysWow64\sirenacm.dll
2014-03-31 19:34 . 2014-03-31 19:34 322248 ----a-w- c:\windows\WLXPGSS.SCR
2014-03-27 17:14 . 2014-04-19 02:56 -------- d-----w- c:\windows\system32\drivers\NISx64\1502000.026
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-10 00:19 . 2012-12-12 17:21 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 21:18 . 2014-01-16 05:15 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 21:18 . 2014-01-16 05:15 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-16 14:58 . 2014-03-16 14:58 254640 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
2014-02-10 17:18 . 2014-02-10 17:18 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-02-08 04:34 . 2014-03-12 16:03 4036608 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 23:41 . 2014-03-12 16:02 595968 ----a-w- c:\windows\system32\qedit.dll
2014-02-05 23:37 . 2014-03-12 16:02 496640 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-31 00:48 . 2014-03-12 16:02 1339392 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-01-31 00:06 . 2014-03-12 16:02 1628160 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-01-24 03:25 . 2014-01-15 15:39 96600 ----a-w- c:\windows\system32\drivers\wfplwfs.sys
2014-01-24 03:25 . 2014-01-15 15:39 723968 ----a-w- c:\windows\system32\BFE.DLL
2014-01-24 03:25 . 2014-01-15 15:39 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-01-24 03:25 . 2014-01-15 15:39 576512 ----a-w- c:\windows\system32\drivers\afd.sys
2014-01-24 03:25 . 2014-01-15 15:39 62976 ----a-w- c:\windows\system32\imagehlp.dll
2014-01-24 03:25 . 2014-01-15 15:39 59392 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-01-24 03:25 . 2014-01-15 15:39 1300992 ----a-w- c:\windows\system32\gdi32.dll
2014-01-24 03:25 . 2014-01-15 15:39 1022976 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-01-24 03:24 . 2014-01-15 15:38 626688 ----a-w- c:\windows\system32\resutils.dll
2014-01-24 03:24 . 2014-01-15 15:38 374784 ----a-w- c:\windows\system32\clusapi.dll
2014-01-24 03:24 . 2014-01-15 15:38 628736 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-01-24 03:24 . 2014-01-15 15:38 84992 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-01-24 03:24 . 2014-01-15 15:38 551424 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-01-24 03:24 . 2014-01-15 15:38 175104 ----a-w- c:\windows\system32\storewuauth.dll
2014-01-24 03:24 . 2014-01-15 15:38 3279872 ----a-w- c:\windows\system32\wuaueng.dll
2014-01-24 03:24 . 2014-01-15 15:38 1622016 ----a-w- c:\windows\system32\wucltux.dll
2014-01-24 03:24 . 2014-01-15 15:38 59416 ----a-w- c:\windows\system32\wuauclt.exe
2014-01-24 03:24 . 2014-01-15 15:38 252928 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2014-01-24 03:24 . 2014-01-15 15:38 488960 ----a-w- c:\windows\SysWow64\resutils.dll
2014-01-24 03:24 . 2014-01-15 15:38 302080 ----a-w- c:\windows\SysWow64\clusapi.dll
2014-01-24 03:24 . 2014-01-15 15:38 1455448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-01-24 03:24 . 2014-01-15 15:38 40448 ----a-w- c:\windows\system32\wuapp.exe
2014-01-24 03:24 . 2014-01-15 15:38 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-01-24 03:24 . 2014-01-15 15:38 142848 ----a-w- c:\windows\system32\wuwebv.dll
2014-01-24 03:24 . 2014-01-15 15:38 126976 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-01-24 03:24 . 2014-01-15 15:38 778752 ----a-w- c:\windows\system32\oleaut32.dll
2014-01-24 03:24 . 2014-01-15 15:38 773120 ----a-w- c:\windows\system32\wuapi.dll
2014-01-24 03:24 . 2014-01-15 15:38 99328 ----a-w- c:\windows\system32\wudriver.dll
2014-01-24 03:24 . 2014-01-15 15:38 1173504 ----a-w- c:\windows\system32\UIAutomationCore.dll
2014-01-24 03:24 . 2014-01-15 15:38 817152 ----a-w- c:\windows\system32\kerberos.dll
2014-01-24 03:24 . 2014-01-15 15:38 247296 ----a-w- c:\windows\SysWow64\ubpm.dll
2014-01-24 03:24 . 2014-01-15 15:38 61784 ----a-w- c:\windows\system32\drivers\crashdmp.sys
2014-01-24 03:24 . 2014-01-15 15:38 13661696 ----a-w- c:\windows\system32\Windows.UI.Xaml.dll
2014-01-24 03:24 . 2014-01-15 15:38 914432 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2014-01-24 03:24 . 2014-01-15 15:38 656896 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-01-24 03:24 . 2014-01-15 15:38 465240 ----a-w- c:\windows\system32\drivers\fvevol.sys
2014-01-24 03:24 . 2014-01-15 15:38 328192 ----a-w- c:\windows\system32\ubpm.dll
2014-01-24 03:24 . 2014-01-15 15:38 10799104 ----a-w- c:\windows\SysWow64\Windows.UI.Xaml.dll
2014-01-24 03:23 . 2014-01-15 15:38 1890816 ----a-w- c:\windows\system32\crypt32.dll
2014-01-24 03:23 . 2014-01-15 15:38 1569280 ----a-w- c:\windows\SysWow64\crypt32.dll
2014-01-24 03:23 . 2014-01-15 15:37 419328 ----a-w- c:\windows\system32\schannel.dll
2014-01-24 03:23 . 2014-01-15 15:37 323072 ----a-w- c:\windows\SysWow64\schannel.dll
2014-01-24 03:23 . 2014-01-15 15:37 550400 ----a-w- c:\windows\SysWow64\FirewallAPI.dll
2014-01-24 03:23 . 2014-01-15 15:37 199168 ----a-w- c:\windows\SysWow64\WebClnt.dll
2014-01-24 03:23 . 2014-01-15 15:37 104448 ----a-w- c:\windows\system32\davclnt.dll
2014-01-24 03:23 . 2014-01-15 15:37 915968 ----a-w- c:\windows\system32\MPSSVC.dll
2014-01-24 03:23 . 2014-01-15 15:37 758784 ----a-w- c:\windows\system32\FirewallAPI.dll
2014-01-24 03:23 . 2014-01-15 15:37 74752 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2014-01-24 03:23 . 2014-01-15 15:37 86016 ----a-w- c:\windows\SysWow64\davclnt.dll
2014-01-24 03:23 . 2014-01-15 15:37 588288 ----a-w- c:\windows\system32\SHCore.dll
2014-01-24 03:23 . 2014-01-15 15:37 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
2014-01-24 03:23 . 2014-01-15 15:37 227840 ----a-w- c:\windows\system32\WebClnt.dll
2014-01-24 03:23 . 2014-01-15 15:37 222720 ----a-w- c:\windows\system32\scrobj.dll
2014-01-24 03:23 . 2014-01-15 15:37 194048 ----a-w- c:\windows\system32\scrrun.dll
2014-01-24 03:23 . 2014-01-15 15:37 162304 ----a-w- c:\windows\SysWow64\scrobj.dll
2014-01-24 03:23 . 2014-01-15 15:37 156160 ----a-w- c:\windows\SysWow64\scrrun.dll
2014-01-24 03:23 . 2014-01-15 15:37 146944 ----a-w- c:\windows\system32\cscript.exe
2014-01-24 03:23 . 2014-01-15 15:37 143872 ----a-w- c:\windows\system32\wshom.ocx
2014-01-24 03:23 . 2014-01-15 15:37 115712 ----a-w- c:\windows\SysWow64\cscript.exe
2014-01-24 03:23 . 2014-01-15 15:37 2062848 ----a-w- c:\windows\system32\d3d11.dll
2014-01-24 03:23 . 2014-01-15 15:37 1711616 ----a-w- c:\windows\SysWow64\d3d11.dll
2014-01-24 03:23 . 2014-01-15 15:37 420864 ----a-w- c:\windows\system32\WMPhoto.dll
2014-01-24 03:23 . 2014-01-15 15:37 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-01-24 03:22 . 2014-01-15 15:37 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2014-01-24 03:22 . 2014-01-15 15:37 2304512 ----a-w- c:\windows\system32\authui.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-01-18 16:11 674496 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-01-17 759496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 642728]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-02 491120]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-03-20 162856]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-20 2249352]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-09-28 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1502000.026\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\SymELAM.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1502000.026\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1502000.026\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140417.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140417.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1502000.026\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPConnectedRemote;HP Connected Remote Service;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-21 03:39]
.
2014-04-19 c:\windows\Tasks\ReclaimerUpdateFiles_Karsten.job
- c:\users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19 03:13]
.
2014-04-19 c:\windows\Tasks\ReclaimerUpdateXML_Karsten.job
- c:\users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19 03:13]
.
2014-04-20 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Karsten.job
- c:\users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19 03:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\karsten_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\karsten_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\karsten_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\karsten_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-01-18 16:12 796352 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-08-10 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-06-06 1703424]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2014-01-18 161984]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://foxtab/content/homepage.html
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=BFC9CCA8-518D-487C-929E-64A722B1AEF0&apn_ptnrs=%5EAGS&apn_sauid=095E12B4-6FD1-410F-BA0D-5AC249BCB302&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
c:\users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Karsten\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
AddRemove-{FF27F674-821E-4BA2-985B-DDF539C2CD03} - c:\program files (x86)\InstallShield Installation Information\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38;c:\program files (x86)\Norton Internet Security\Engine64\21.2.0.38"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-04-20 22:53:12
ComboFix-quarantined-files.txt 2014-04-20 20:53
.
Vor Suchlauf: 15 Verzeichnis(se), 342.666.661.888 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 342.406.860.800 Bytes frei
.
- - End Of File - - E440311B01DCFFECDBBD9D2DEE141302
5FB38429D5D77768867C76DCBDB35194
|
|
21.04.2014, 20:31
| #6 |
| /// the machine /// TB-Ausbilder | backdoor.graybird von Norton gefunden Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> backdoor.graybird von Norton gefunden |
|
21.04.2014, 21:45
| #7 |
| | backdoor.graybird von Norton gefunden Die angeforderten logs: MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.04.2014 Suchlauf-Zeit: 22:06:14 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.21.06 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Karsten Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 291615 Verstrichene Zeit: 15 Min, 52 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.103 - Bericht erstellt am 21/04/2014 um 22:10:41
# Aktualisiert 21/04/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Karsten - KARSTEN
# Gestartet von : C:\Users\Karsten\Desktop\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\browserprotect@browserprotect.com.xpi
Datei Gefunden : C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\user.js
Datei Gefunden : C:\Users\karsten_2\AppData\Roaming\Mozilla\Firefox\Profiles\f0z1bxxg.default\Extensions\browserprotect@browserprotect.com.xpi
Datei Gefunden : C:\Users\karsten_2\AppData\Roaming\Mozilla\Firefox\Profiles\f0z1bxxg.default\searchplugins\safesearch.xml
Datei Gefunden : C:\Users\karsten_2\AppData\Roaming\Mozilla\Firefox\Profiles\f0z1bxxg.default\user.js
Ordner Gefunden C:\Program Files (x86)\Common Files\DVDVideoSoft
Ordner Gefunden C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gefunden C:\Program Files (x86)\DVDVideoSoft
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
Ordner Gefunden C:\Users\Karsten\AppData\Local\Temp\FoxTab
Ordner Gefunden C:\Users\Karsten\AppData\Roaming\DVDVideoSoft
Ordner Gefunden C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\FoxTab
Ordner Gefunden C:\Users\karsten_2\AppData\Local\Temp\FoxTab
Ordner Gefunden C:\Users\karsten_2\AppData\Roaming\DVDVideoSoft
Ordner Gefunden C:\Users\karsten_2\AppData\Roaming\Mozilla\Firefox\Profiles\f0z1bxxg.default\FoxTab
Ordner Gefunden C:\Users\karsten_2\Documents\DVDVideoSoft
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gefunden : [x64] HKCU\Software\APN PIP
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{BBDA0591-3099-440a-AA10-41764D9DB4DB}]
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\prefs.js ]
Zeile gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gefunden : user_pref("browser.search.order.1", "Ask.com");
Zeile gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gefunden : user_pref("extensions.browserprotect.urlBarEngine", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=BFC9CCA8-518D-487C-929E-64A722B1AEF0&apn_ptnrs=%5EAGS&a[...]
Zeile gefunden : user_pref("extensions.enabledItems", "{097d3191-e6fa-4728-9826-b533d755359d}:0.7.13,{37fa1426-b82d-11db-8314-0800200c9a66}:2.7.5,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,vshare@toolbar:1.0.0,{e001[...]
Zeile gefunden : user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"13\": {\"id\": \"13\",\"title\": \"PriceGong\",\"type\": \"XPI\",\"url\": \"hxxps://www.radialsearch.com/downloads/price[...]
Zeile gefunden : user_pref("extensions.vshare@toolbar.install-event-fired", true);
Zeile gefunden : user_pref("extensions.vshare@toolbar.update.enabled", false);
Zeile gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=BFC9CCA8-518D-487C-929E-64A722B1AEF0&apn_ptnrs=%5EAGS&apn_sauid=095E12B4-6FD1-410F[...]
Zeile gefunden : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Zeile gefunden : user_pref("surfcanyon.last_checked_ts", "1266995904324");
[ Datei : C:\Users\karsten_2\AppData\Roaming\Mozilla\Firefox\Profiles\f0z1bxxg.default\prefs.js ]
Zeile gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gefunden : user_pref("browser.search.order.1", "Ask.com");
Zeile gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gefunden : user_pref("extensions.browserprotect.urlBarEngine", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=BFC9CCA8-518D-487C-929E-64A722B1AEF0&apn_ptnrs=%5EAGS&a[...]
Zeile gefunden : user_pref("extensions.enabledItems", "{097d3191-e6fa-4728-9826-b533d755359d}:0.7.13,{37fa1426-b82d-11db-8314-0800200c9a66}:2.7.5,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,vshare@toolbar:1.0.0,{e001[...]
Zeile gefunden : user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"13\": {\"id\": \"13\",\"title\": \"PriceGong\",\"type\": \"XPI\",\"url\": \"hxxps://www.radialsearch.com/downloads/price[...]
Zeile gefunden : user_pref("extensions.vshare@toolbar.install-event-fired", true);
Zeile gefunden : user_pref("extensions.vshare@toolbar.update.enabled", false);
Zeile gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=BFC9CCA8-518D-487C-929E-64A722B1AEF0&apn_ptnrs=%5EAGS&apn_sauid=095E12B4-6FD1-410F[...]
Zeile gefunden : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Zeile gefunden : user_pref("surfcanyon.last_checked_ts", "1266995904324");
*************************
AdwCleaner[R0].txt - [6242 octets] - [21/04/2014 22:10:41]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6302 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Karsten on 21.04.2014 at 22:18:25,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{19B9E307-FBC7-461C-B092-16D9234C20BA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{19B9E307-FBC7-461C-B092-16D9234C20BA}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Karsten\AppData\Roaming\mozilla\firefox\profiles\etdtmevn.default\prefs.js
user_pref("extensions.linkextend.defaultsearchengine", "ixquick");
Emptied folder: C:\Users\Karsten\AppData\Roaming\mozilla\firefox\profiles\etdtmevn.default\minidumps [50 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.04.2014 at 22:24:40,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2014 01
Ran by Karsten (administrator) on KARSTEN on 21-04-2014 22:26:30
Running from C:\Users\Karsten\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AMD) C:\windows\system32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-06] (IDT, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-28] (RealNetworks, Inc.)
HKU\S-1-5-21-4084426041-1636381982-3049202617-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {19B9E307-FBC7-461C-B092-16D9234C20BA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default
FF SelectedSearchEngine: Google
FF Homepage: chrome://foxtab/content/homepage.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @coreonline.com/run3d,version=1.0 - C:\Users\Karsten\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=2.0.8.2 - C:\Users\Karsten\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Bitdefender QuickScan - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013-08-02]
FF Extension: Redirect Remover - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} [2012-11-21]
FF Extension: RSS Icon - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\kitsuneymg@gmail.com.xpi [2012-11-21]
FF Extension: All-in-One Sidebar - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-11-21]
FF Extension: FlashGot - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-11-21]
FF Extension: X-notifier - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-11-21]
FF Extension: NoScript - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-21]
FF Extension: ImTranslator - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012-11-21]
FF Extension: LinkExtend - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-21]
FF Extension: BetterPrivacy - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-11-21]
FF Extension: DownThemAll! - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-11-21]
FF Extension: Torbutton - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2012-11-21]
FF Extension: FoxTab - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012-11-21]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-28]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-02-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Karsten\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Karsten\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2013-03-01]
==================== Services (Whitelisted) =================
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140417.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140421.001\ENG64.SYS [126040 2014-04-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140421.001\EX64.SYS [2099288 2014-04-15] (Symantec Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-21 22:26 - 2014-04-21 22:26 - 00020160 _____ () C:\Users\Karsten\Desktop\FRST.txt
2014-04-21 22:26 - 2014-04-21 22:26 - 00000000 ____D () C:\Users\Karsten\Desktop\FRST-OlderVersion
2014-04-21 22:24 - 2014-04-21 22:24 - 00001236 _____ () C:\Users\Karsten\Desktop\JRT.txt
2014-04-21 22:18 - 2014-04-21 22:18 - 00000000 ____D () C:\windows\ERUNT
2014-04-21 22:12 - 2014-04-21 22:12 - 00006402 _____ () C:\Users\Karsten\Desktop\AdwCleaner[R0].txt
2014-04-21 22:10 - 2014-04-21 22:12 - 00000000 ____D () C:\AdwCleaner
2014-04-21 22:10 - 2014-04-21 22:10 - 01324843 _____ () C:\Users\Karsten\Desktop\adwcleaner.exe
2014-04-21 22:07 - 2014-04-21 22:07 - 00001136 _____ () C:\Users\Karsten\Desktop\mbam.txt
2014-04-21 21:48 - 2014-04-21 21:48 - 00002289 _____ () C:\Users\Karsten\Desktop\anweisung.txt
2014-04-21 21:42 - 2014-04-06 08:36 - 01016261 _____ (Thisisu) C:\Users\Karsten\Desktop\JRT.exe
2014-04-21 21:41 - 2014-04-21 21:41 - 01016261 _____ (Thisisu) C:\Users\karsten_2\Downloads\JRT.exe
2014-04-20 23:03 - 2014-04-20 23:03 - 00000782 _____ () C:\windows\PFRO.log
2014-04-20 22:53 - 2014-04-20 22:53 - 00021544 _____ () C:\ComboFix.txt
2014-04-20 22:30 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-04-20 22:30 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-04-20 22:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-04-20 22:29 - 2014-04-20 22:53 - 00000000 ____D () C:\Qoobox
2014-04-20 22:29 - 2014-04-20 22:49 - 00000000 ____D () C:\windows\erdnt
2014-04-20 22:26 - 2014-04-20 17:11 - 05196870 ____R (Swearware) C:\Users\Karsten\Desktop\ComboFix.exe
2014-04-19 18:25 - 2014-04-19 18:25 - 00006854 _____ () C:\Users\Karsten\Desktop\gmer.log
2014-04-19 18:13 - 2014-04-19 18:13 - 00000476 _____ () C:\Users\Karsten\Desktop\defogger_disable.log
2014-04-19 18:13 - 2014-04-19 18:13 - 00000000 _____ () C:\Users\Karsten\defogger_reenable
2014-04-19 18:10 - 2014-04-19 18:10 - 00380416 _____ () C:\Users\Karsten\Desktop\Gmer-19357.exe
2014-04-19 18:10 - 2014-04-19 18:10 - 00050477 _____ () C:\Users\Karsten\Desktop\Defogger.exe
2014-04-19 07:43 - 2014-04-21 22:26 - 00000000 ____D () C:\FRST
2014-04-19 07:39 - 2014-04-21 22:26 - 02163712 _____ (Farbar) C:\Users\Karsten\Desktop\FRST64.exe
2014-04-19 05:59 - 2014-04-19 05:59 - 00000000 ____D () C:\windows\en
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ____D () C:\windows\de
2014-04-19 05:57 - 2014-04-19 05:57 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-19 05:56 - 2014-04-19 05:56 - 00000382 _____ () C:\windows\DirectX.log
2014-04-19 05:54 - 2014-04-17 13:38 - 01239752 _____ (Microsoft Corporation) C:\Users\Karsten\Downloads\wlsetup-web.exe
2014-04-19 05:51 - 2014-03-25 15:28 - 04787368 _____ (Piriform Ltd) C:\Users\Karsten\Downloads\ccsetup412.exe
2014-04-19 05:50 - 2014-04-21 22:15 - 00000400 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Karsten.job
2014-04-19 05:50 - 2014-04-21 04:51 - 00000394 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Karsten.job
2014-04-19 05:50 - 2014-04-19 08:02 - 00000390 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Karsten.job
2014-04-19 05:50 - 2014-04-19 05:50 - 00003618 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002966 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002962 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002670 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Karsten
2014-04-19 05:06 - 2013-03-18 21:00 - 04745728 _____ (AVAST Software) C:\Users\Karsten\Desktop\aswMBR.exe
2014-04-19 04:40 - 2014-04-21 21:50 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 04:40 - 2014-04-19 04:40 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-19 04:40 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-19 04:40 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-19 04:40 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-19 04:38 - 2014-04-19 04:38 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\karsten_2\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 04:10 - 2014-04-19 04:10 - 00000154 _____ () C:\Users\karsten_2\Desktop\norton.txt
2014-04-19 04:09 - 2014-04-17 19:01 - 03077584 ____N (Symantec Corporation) C:\Users\karsten_2\Downloads\NPE.exe
2014-04-16 19:47 - 2014-04-21 22:15 - 00003346 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-16 19:47 - 2014-04-21 22:15 - 00003220 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-12 22:35 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-12 22:35 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-12 22:35 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-12 22:35 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-12 22:35 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-12 22:35 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 22:35 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-04-12 22:35 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-12 22:35 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-04-12 22:35 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-04-12 22:35 - 2014-01-27 01:17 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml
2014-04-12 22:35 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2014-04-12 22:35 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-04-12 22:35 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-04-12 22:35 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 22:35 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-04-12 22:35 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-04-12 22:35 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-04-12 22:35 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-12 22:35 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-12 22:35 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-12 22:35 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-04-12 22:35 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-12 22:35 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-04-12 22:35 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-12 22:35 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-12 22:35 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-04-12 22:34 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-12 22:34 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-10 02:15 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-10 02:15 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-04-10 02:15 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-04-10 02:15 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-03-31 21:41 - 2014-03-31 21:41 - 00058568 _____ (Microsoft Corporation) C:\windows\SysWOW64\sirenacm.dll
2014-03-31 21:34 - 2014-03-31 21:34 - 00322248 _____ (Microsoft Corporation) C:\windows\WLXPGSS.SCR
2014-03-29 08:35 - 2014-03-29 08:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 04:55 - 2014-03-28 04:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-03-28 04:49 - 2014-04-10 05:47 - 00446968 _____ () C:\windows\system32\FNTCACHE.DAT
==================== One Month Modified Files and Folders =======
2014-04-21 22:26 - 2014-04-21 22:26 - 00020160 _____ () C:\Users\Karsten\Desktop\FRST.txt
2014-04-21 22:26 - 2014-04-21 22:26 - 00000000 ____D () C:\Users\Karsten\Desktop\FRST-OlderVersion
2014-04-21 22:26 - 2014-04-19 07:43 - 00000000 ____D () C:\FRST
2014-04-21 22:26 - 2014-04-19 07:39 - 02163712 _____ (Farbar) C:\Users\Karsten\Desktop\FRST64.exe
2014-04-21 22:25 - 2012-11-23 21:33 - 01213452 _____ () C:\windows\WindowsUpdate.log
2014-04-21 22:25 - 2012-11-21 12:44 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4084426041-1636381982-3049202617-1001
2014-04-21 22:24 - 2014-04-21 22:24 - 00001236 _____ () C:\Users\Karsten\Desktop\JRT.txt
2014-04-21 22:18 - 2014-04-21 22:18 - 00000000 ____D () C:\windows\ERUNT
2014-04-21 22:15 - 2014-04-19 05:50 - 00000400 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Karsten.job
2014-04-21 22:15 - 2014-04-16 19:47 - 00003346 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-21 22:15 - 2014-04-16 19:47 - 00003220 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-21 22:15 - 2013-10-29 22:00 - 00000000 ____D () C:\Users\karsten_2\AppData\Roaming\ClassicShell
2014-04-21 22:14 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-21 22:13 - 2012-07-26 07:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-04-21 22:12 - 2014-04-21 22:12 - 00006402 _____ () C:\Users\Karsten\Desktop\AdwCleaner[R0].txt
2014-04-21 22:12 - 2014-04-21 22:10 - 00000000 ____D () C:\AdwCleaner
2014-04-21 22:10 - 2014-04-21 22:10 - 01324843 _____ () C:\Users\Karsten\Desktop\adwcleaner.exe
2014-04-21 22:07 - 2014-04-21 22:07 - 00001136 _____ () C:\Users\Karsten\Desktop\mbam.txt
2014-04-21 22:02 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-04-21 21:55 - 2012-11-21 19:42 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 21:50 - 2014-04-19 04:40 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 21:48 - 2014-04-21 21:48 - 00002289 _____ () C:\Users\Karsten\Desktop\anweisung.txt
2014-04-21 21:41 - 2014-04-21 21:41 - 01016261 _____ (Thisisu) C:\Users\karsten_2\Downloads\JRT.exe
2014-04-21 20:00 - 2012-11-22 18:42 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-21 19:55 - 2014-03-14 03:03 - 00003242 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-21 19:55 - 2014-01-29 23:22 - 00003368 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-21 08:46 - 2012-11-24 23:41 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{3454E9CE-74EC-4794-80EB-8B50E51C0BDD}
2014-04-21 04:51 - 2014-04-19 05:50 - 00000394 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Karsten.job
2014-04-20 23:03 - 2014-04-20 23:03 - 00000782 _____ () C:\windows\PFRO.log
2014-04-20 22:53 - 2014-04-20 22:53 - 00021544 _____ () C:\ComboFix.txt
2014-04-20 22:53 - 2014-04-20 22:29 - 00000000 ____D () C:\Qoobox
2014-04-20 22:50 - 2012-11-22 18:36 - 00000000 ___RD () C:\Users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-20 22:49 - 2014-04-20 22:29 - 00000000 ____D () C:\windows\erdnt
2014-04-20 22:42 - 2012-07-26 07:26 - 00000215 _____ () C:\windows\system.ini
2014-04-20 17:11 - 2014-04-20 22:26 - 05196870 ____R (Swearware) C:\Users\Karsten\Desktop\ComboFix.exe
2014-04-20 15:45 - 2012-12-27 15:39 - 00000000 ____D () C:\Users\karsten_2\AppData\Local\CrashDumps
2014-04-20 15:44 - 2012-11-21 12:34 - 00000000 ____D () C:\Users\Karsten\AppData\Local\VirtualStore
2014-04-20 15:36 - 2012-11-23 13:34 - 00000000 ____D () C:\Karsten
2014-04-20 15:33 - 2012-11-22 18:35 - 00000000 ____D () C:\Users\karsten_2\AppData\Local\VirtualStore
2014-04-20 12:49 - 2012-09-28 17:11 - 00745562 _____ () C:\windows\system32\perfh007.dat
2014-04-20 12:49 - 2012-09-28 17:11 - 00169488 _____ () C:\windows\system32\perfc007.dat
2014-04-20 12:49 - 2012-07-26 09:28 - 01752656 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-20 12:48 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-20 06:52 - 2012-11-23 22:04 - 00119240 _____ () C:\Users\karsten_2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-19 18:35 - 2014-02-05 22:00 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\ClassicShell
2014-04-19 18:25 - 2014-04-19 18:25 - 00006854 _____ () C:\Users\Karsten\Desktop\gmer.log
2014-04-19 18:13 - 2014-04-19 18:13 - 00000476 _____ () C:\Users\Karsten\Desktop\defogger_disable.log
2014-04-19 18:13 - 2014-04-19 18:13 - 00000000 _____ () C:\Users\Karsten\defogger_reenable
2014-04-19 18:13 - 2012-11-21 12:33 - 00000000 ____D () C:\Users\Karsten
2014-04-19 18:10 - 2014-04-19 18:10 - 00380416 _____ () C:\Users\Karsten\Desktop\Gmer-19357.exe
2014-04-19 18:10 - 2014-04-19 18:10 - 00050477 _____ () C:\Users\Karsten\Desktop\Defogger.exe
2014-04-19 08:05 - 2013-03-17 17:56 - 00000000 ____D () C:\Users\Karsten\AppData\Local\CrashDumps
2014-04-19 08:02 - 2014-04-19 05:50 - 00000390 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Karsten.job
2014-04-19 07:24 - 2012-11-21 19:52 - 00005090 _____ () C:\windows\Sandboxie.ini
2014-04-19 05:59 - 2014-04-19 05:59 - 00000000 ____D () C:\windows\en
2014-04-19 05:59 - 2012-11-22 19:40 - 00000000 ____D () C:\Users\Karsten\Tracing
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ____D () C:\windows\de
2014-04-19 05:57 - 2014-04-19 05:57 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-19 05:57 - 2012-09-28 08:39 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-04-19 05:56 - 2014-04-19 05:56 - 00000382 _____ () C:\windows\DirectX.log
2014-04-19 05:53 - 2013-03-22 19:59 - 00000000 ____D () C:\windows\Minidump
2014-04-19 05:52 - 2012-11-22 00:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-19 05:52 - 2012-11-21 15:18 - 00000000 ____D () C:\Users\Karsten\AppData\Local\Mozilla
2014-04-19 05:50 - 2014-04-19 05:50 - 00003618 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002966 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002962 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002670 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Karsten
2014-04-19 05:39 - 2012-11-21 19:42 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-19 05:16 - 2012-11-23 20:29 - 00000000 ____D () C:\Users\Karsten\AppData\Local\NPE
2014-04-19 05:13 - 2013-03-16 19:19 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\Real
2014-04-19 05:12 - 2012-11-21 12:36 - 00000000 ___RD () C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-19 05:12 - 2012-11-21 12:36 - 00000000 ___RD () C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-19 04:40 - 2014-04-19 04:40 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-19 04:38 - 2014-04-19 04:38 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\karsten_2\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 04:13 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-04-19 04:12 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-04-19 04:10 - 2014-04-19 04:10 - 00000154 _____ () C:\Users\karsten_2\Desktop\norton.txt
2014-04-17 19:01 - 2014-04-19 04:09 - 03077584 ____N (Symantec Corporation) C:\Users\karsten_2\Downloads\NPE.exe
2014-04-17 13:38 - 2014-04-19 05:54 - 01239752 _____ (Microsoft Corporation) C:\Users\Karsten\Downloads\wlsetup-web.exe
2014-04-14 08:08 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-04-13 08:12 - 2012-11-22 18:36 - 00000000 ___RD () C:\Users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-13 08:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData
2014-04-13 08:06 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-04-10 05:49 - 2013-02-21 20:12 - 00000000 ____D () C:\Users\karsten_2\AppData\Roaming\QuickScan
2014-04-10 05:47 - 2014-03-28 04:49 - 00446968 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-10 05:47 - 2013-01-28 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-10 02:21 - 2013-08-14 14:22 - 00000000 ____D () C:\windows\system32\MRT
2014-04-10 02:21 - 2012-11-21 14:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 02:19 - 2012-12-12 19:21 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-06 08:36 - 2014-04-21 21:42 - 01016261 _____ (Thisisu) C:\Users\Karsten\Desktop\JRT.exe
2014-04-03 09:51 - 2014-04-19 04:40 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 04:40 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 04:40 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-31 23:18 - 2014-01-16 07:15 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2014-01-16 07:15 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 21:41 - 2014-03-31 21:41 - 00058568 _____ (Microsoft Corporation) C:\windows\SysWOW64\sirenacm.dll
2014-03-31 21:34 - 2014-03-31 21:34 - 00322248 _____ (Microsoft Corporation) C:\windows\WLXPGSS.SCR
2014-03-29 08:35 - 2014-03-29 08:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 04:55 - 2014-03-28 04:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-03-28 04:50 - 2014-02-10 19:18 - 00002503 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-03-28 04:50 - 2012-09-28 08:42 - 00003234 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-03-28 04:50 - 2012-09-28 08:41 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-03-25 15:28 - 2014-04-19 05:51 - 04787368 _____ (Piriform Ltd) C:\Users\Karsten\Downloads\ccsetup412.exe
2014-03-23 20:21 - 2012-11-23 14:21 - 00000000 ____D () C:\Users\karsten_2\Documents\trle
2014-03-23 20:21 - 2012-11-22 19:12 - 00000000 ____D () C:\Users\karsten_2\Documents\test
Some content of TEMP:
====================
C:\Users\Karsten\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-18 03:01
==================== End Of Log ============================
FRST-addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-04-2014 01
Ran by Karsten at 2014-04-21 22:27:02
Running from C:\Users\Karsten\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 13 Plugin (HKLM-x32\...\{28ADCCAD-3C23-44A1-A93F-47AA176F7AD7}) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{BF821093-CFD3-EC1B-B357-6817EE34E5C7}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3109 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.1.4319 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Epson Stylus SX210_SX410_TX210_TX410 Handbuch (HKLM-x32\...\Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch) (Version: - )
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version: - SEIKO EPSON Corporation)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
FirstClass Client (HKLM-x32\...\{6EBED885-73D9-4750-B96E-FD654500E59F}) (Version: 11.063 - OpenText)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.23.320 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NG Center 1.3 (C:\Program Files (x86)\NG_CENTER\) (HKLM-x32\...\ST6UNST #2) (Version: - )
NG Center 1.3 (HKLM-x32\...\ST6UNST #1) (Version: - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.2 - )
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
PDF Image Extraction Wizard 1.2 (HKLM-x32\...\PDF Image Extraction Wizard 1.2_is1) (Version: - RL Vision)
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.4001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.4001 - Secunia)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Square Enix Secure Launcher (HKCU\...\Square Enix Secure Launcher) (Version: 1.0.0.108 - Square Enix)
Tomb Raider: Underworld 1.0 (HKLM-x32\...\Tomb Raider: Underworld) (Version: - )
Torrent Stream 2.0.8.2 (HKCU\...\TorrentStream) (Version: 2.0.8.2 - Torrent Stream)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media 8 Encoding Utility (HKLM-x32\...\wm8eutil) (Version: - )
==================== Restore Points =========================
05-04-2014 09:43:55 Geplanter Prüfpunkt
10-04-2014 00:18:22 Windows Update
13-04-2014 05:54:54 Windows Update
17-04-2014 17:20:55 Windows Update
19-04-2014 03:55:29 Windows Live Essentials
==================== Hosts content: ==========================
2012-07-26 07:26 - 2014-04-20 22:42 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0FD112A7-7F87-4829-BB9E-B9312628AE9D} - System32\Tasks\ReclaimerUpdateFiles_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1BC3AC19-486A-48F4-8053-5EE64A7CB816} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {2064DABC-F816-49AE-BF2C-0B049D18D797} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {2101431E-D2FC-4FDA-B878-403E464181FF} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {213BEEDC-746D-4FB0-8EE3-275DD1AE7628} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\SymErr.exe
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2FF00A12-A928-4ECA-9C2E-BE87B368C59C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {346A87A1-E047-4B7D-92AC-5373BD8CADFB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {536E6974-C855-4784-B003-060E0F9DB9CC} - System32\Tasks\ReclaimerUpdateXML_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {59E63EB5-854D-40CF-8647-E60440202B92} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {5E15A49D-D139-4E34-97BD-E972FCF0356D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {67203319-C175-43E9-AF13-18F32A779471} - System32\Tasks\RNUpgradeHelperLogonPrompt_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {67C732A8-3943-4A4D-981B-8624BDB78D67} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-19] (Adobe Systems Incorporated)
Task: {6FAAD3FA-7D3D-4EBA-AFCB-826927D3EB19} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {774FFC74-76B2-4F7C-BCE4-E3AD73ED172B} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\SymErr.exe
Task: {7FACDD51-5853-4884-BCE3-D0DF29E84F48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {83456510-8F6A-4FA9-8C35-9AFE19A9A419} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8FA3AC7C-04EB-46FA-B94B-37E9073E8E59} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9546EAA3-39C3-4DED-8713-946248B95374} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {971499DF-481A-4BC0-B62E-5E543C0E3FFE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AC4EB255-2D46-4F4A-8A26-4AE43DAEBDEC} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AFD44EBF-961E-4823-9B59-DA4C7F614202} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B786AA05-BA0A-448B-B222-EE5E8AF7C821} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C1B82AC9-DFF7-4309-BBB9-37FEE2677B46} - System32\Tasks\RNUpgradeHelperResumePrompt_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D3DE6F95-558B-42D6-B1F8-77CA1D220B89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F3C8CE70-E5A6-4093-BD3F-33340A24C0ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2012-07-13] (Hewlett-Packard)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\ReclaimerUpdateFiles_Karsten.job => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\windows\Tasks\ReclaimerUpdateXML_Karsten.job => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Karsten.job => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
==================== Loaded Modules (whitelisted) =============
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-07-26 11:48 - 2012-07-26 11:46 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2012-11-21 12:35 - 2012-11-21 12:35 - 00120224 _____ () C:\Users\Karsten\AppData\Local\assembly\dl3\QP4W3VP8.MXJ\LXD3OH7N.ZEZ\3c7a996f\00af4ffb_c485cd01\HPItunesModule.DLL
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2012-07-04 22:37 - 2012-07-04 22:37 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-05-04 17:42 - 2012-05-04 17:42 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2012-05-04 17:42 - 2012-05-04 17:42 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2012-09-28 08:31 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-04-20 22:38:43.671
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 22%
Total physical RAM: 6039.52 MB
Available physical RAM: 4659.19 MB
Total Pagefile: 6999.52 MB
Available Pagefile: 5520.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:453.36 GB) (Free:310.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:10.92 GB) (Free:1.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (YOU_ARE_THE_QUESTION) (CDROM) (Total:7.56 GB) (Free:0 GB) UDF
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (RecoveryDaten) (Fixed) (Total:297.99 GB) (Free:277.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 7304BB38)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-21 22:30:36
-----------------------------
22:30:36.715 OS Version: Windows x64 6.2.9200
22:30:36.715 Number of processors: 4 586 0x1001
22:30:36.715 ComputerName: KARSTEN UserName: Karsten
22:30:36.762 Initialze error 1
22:32:14.227 AVAST engine defs: 14042101
22:32:19.827 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000031
22:32:19.843 Disk 0 Vendor: ST500DM002-1BD142 HP73 Size: 476940MB BusType: 11
22:32:19.843 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000032
22:32:19.843 Disk 1 Vendor: WDC_WD3200AACS-00ZUB0 01.01B01 Size: 305245MB BusType: 11
22:32:19.874 Disk 0 MBR read successfully
22:32:19.874 Disk 0 MBR scan
22:32:19.905 Disk 0 unknown MBR code
22:32:19.983 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
22:32:19.983 Disk 0 scanning C:\windows\system32\drivers
22:32:19.999 Service scanning
22:32:20.872 Modules scanning
22:32:20.872 Disk 0 trace - called modules:
22:32:20.888 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys
22:32:20.888 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800689a060]
22:32:20.888 3 CLASSPNP.SYS[fffff88001320e0a] -> nt!IofCallDriver -> \Device\00000031[0xfffffa8005e17060]
22:32:20.904 AVAST engine scan C:\windows
22:32:20.904 AVAST engine scan C:\windows\system32
22:32:20.904 AVAST engine scan C:\windows\system32\drivers
22:32:20.919 AVAST engine scan C:\Users\Karsten
22:32:20.919 AVAST engine scan C:\ProgramData
22:32:20.919 Scan finished successfully
22:33:22.852 Disk 0 MBR has been saved successfully to "C:\Users\Karsten\Desktop\MBR.dat"
22:33:23.133 The log file has been saved successfully to "C:\Users\Karsten\Desktop\aswMBR.txt"
|
|
22.04.2014, 13:57
| #8 |
| /// the machine /// TB-Ausbilder | backdoor.graybird von Norton gefunden AdwCleaner hast Du auch löschen lassen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.04.2014, 19:59
| #9 |
| | backdoor.graybird von Norton gefunden Ja, den Log hatte ich schon vor dem Löschen gespeichert. |
|
23.04.2014, 08:57
| #10 |
| /// the machine /// TB-Ausbilder | backdoor.graybird von Norton gefundenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.04.2014, 07:09
| #11 |
| | backdoor.graybird von Norton gefunden ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dd5d21c5c37261488a7ad9505027c81e
# engine=18003
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-23 11:20:39
# local_time=2014-04-24 01:20:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=3591 16777213 100 88 9200 160891824 0 0
# compatibility_mode=5893 16776574 100 94 3605635 57801350 0 0
# scanned=351041
# found=0
# cleaned=0
# scan_time=8844
Securitycheck Code:
ATTFilter Results of screen317's Security Check version 0.99.82
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.4001)
Adobe Flash Player 13.0.0.182
Adobe Reader XI
Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by Karsten (administrator) on KARSTEN on 24-04-2014 07:59:31
Running from C:\Users\Karsten\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\windows\system32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-06] (IDT, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-04-22] (RealNetworks, Inc.)
HKU\S-1-5-21-4084426041-1636381982-3049202617-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {19B9E307-FBC7-461C-B092-16D9234C20BA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default
FF SelectedSearchEngine: Google
FF Homepage: chrome://foxtab/content/homepage.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @coreonline.com/run3d,version=1.0 - C:\Users\Karsten\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=2.0.8.2 - C:\Users\Karsten\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Bitdefender QuickScan - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013-08-02]
FF Extension: Redirect Remover - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} [2012-11-21]
FF Extension: RSS Icon - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\kitsuneymg@gmail.com.xpi [2012-11-21]
FF Extension: All-in-One Sidebar - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-11-21]
FF Extension: FlashGot - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-11-21]
FF Extension: X-notifier - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-11-21]
FF Extension: NoScript - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-21]
FF Extension: ImTranslator - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012-11-21]
FF Extension: LinkExtend - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-21]
FF Extension: BetterPrivacy - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-11-21]
FF Extension: DownThemAll! - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-11-21]
FF Extension: Torbutton - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2012-11-21]
FF Extension: FoxTab - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012-11-21]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-22]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-02-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Karsten\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Karsten\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2013-03-01]
==================== Services (Whitelisted) =================
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-22] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140423.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140423.016\ENG64.SYS [126040 2014-04-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140423.016\EX64.SYS [2099288 2014-04-15] (Symantec Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-24 07:59 - 2014-04-24 07:59 - 00020968 _____ () C:\Users\Karsten\Desktop\FRST.txt
2014-04-24 07:59 - 2014-04-24 07:59 - 00000000 ____D () C:\Users\Karsten\Desktop\FRST-OlderVersion
2014-04-24 07:55 - 2014-04-24 07:55 - 00000791 _____ () C:\Users\Karsten\Desktop\checkup.txt
2014-04-24 03:11 - 2014-04-24 03:11 - 00001388 _____ () C:\Users\Karsten\Desktop\anweisung.txt
2014-04-23 22:50 - 2014-04-23 22:50 - 00855379 _____ () C:\Users\Karsten\Desktop\SecurityCheck.exe
2014-04-23 22:49 - 2013-04-04 14:07 - 02347384 _____ (ESET) C:\Users\Karsten\Desktop\esetsmartinstaller_enu.exe
2014-04-22 22:16 - 2014-04-22 22:16 - 00142848 _____ () C:\Users\karsten_2\Desktop\Order Berlin.xls
2014-04-22 21:42 - 2014-04-22 21:42 - 01345485 _____ () C:\Users\Karsten\Desktop\adwcleaner.exe
2014-04-22 21:40 - 2014-04-22 21:40 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\RealNetworks
2014-04-22 21:37 - 2014-04-22 21:37 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-04-22 21:37 - 2014-04-22 21:37 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-04-22 21:01 - 2014-04-22 21:01 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-21 22:18 - 2014-04-21 22:18 - 00000000 ____D () C:\windows\ERUNT
2014-04-21 22:10 - 2014-04-22 21:44 - 00000000 ____D () C:\AdwCleaner
2014-04-21 21:42 - 2014-04-06 08:36 - 01016261 _____ (Thisisu) C:\Users\Karsten\Desktop\JRT.exe
2014-04-21 21:41 - 2014-04-21 21:41 - 01016261 _____ (Thisisu) C:\Users\karsten_2\Downloads\JRT.exe
2014-04-20 23:03 - 2014-04-20 23:03 - 00000782 _____ () C:\windows\PFRO.log
2014-04-20 22:53 - 2014-04-20 22:53 - 00021544 _____ () C:\ComboFix.txt
2014-04-20 22:30 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-04-20 22:30 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-04-20 22:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-04-20 22:29 - 2014-04-20 22:53 - 00000000 ____D () C:\Qoobox
2014-04-20 22:29 - 2014-04-20 22:49 - 00000000 ____D () C:\windows\erdnt
2014-04-20 22:26 - 2014-04-20 17:11 - 05196870 ____R (Swearware) C:\Users\Karsten\Desktop\ComboFix.exe
2014-04-19 18:13 - 2014-04-19 18:13 - 00000000 _____ () C:\Users\Karsten\defogger_reenable
2014-04-19 18:10 - 2014-04-19 18:10 - 00380416 _____ () C:\Users\Karsten\Desktop\Gmer-19357.exe
2014-04-19 18:10 - 2014-04-19 18:10 - 00050477 _____ () C:\Users\Karsten\Desktop\Defogger.exe
2014-04-19 07:43 - 2014-04-24 07:59 - 00000000 ____D () C:\FRST
2014-04-19 07:39 - 2014-04-24 07:59 - 02061824 _____ (Farbar) C:\Users\Karsten\Desktop\FRST64.exe
2014-04-19 05:59 - 2014-04-19 05:59 - 00000000 ____D () C:\windows\en
2014-04-19 05:58 - 2014-04-19 05:58 - 00001307 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ____D () C:\windows\de
2014-04-19 05:57 - 2014-04-19 05:57 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-19 05:56 - 2014-04-19 05:56 - 00000382 _____ () C:\windows\DirectX.log
2014-04-19 05:54 - 2014-04-17 13:38 - 01239752 _____ (Microsoft Corporation) C:\Users\Karsten\Downloads\wlsetup-web.exe
2014-04-19 05:51 - 2014-03-25 15:28 - 04787368 _____ (Piriform Ltd) C:\Users\Karsten\Downloads\ccsetup412.exe
2014-04-19 05:06 - 2013-03-18 21:00 - 04745728 _____ (AVAST Software) C:\Users\Karsten\Desktop\aswMBR.exe
2014-04-19 04:40 - 2014-04-21 21:50 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 04:40 - 2014-04-19 04:40 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-19 04:40 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-19 04:40 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-19 04:40 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-19 04:38 - 2014-04-19 04:38 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\karsten_2\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 04:09 - 2014-04-17 19:01 - 03077584 ____N (Symantec Corporation) C:\Users\karsten_2\Downloads\NPE.exe
2014-04-16 19:47 - 2014-04-24 03:15 - 00003346 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-16 19:47 - 2014-04-24 03:15 - 00003220 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-12 22:35 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-12 22:35 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-12 22:35 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-12 22:35 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-12 22:35 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-12 22:35 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 22:35 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-04-12 22:35 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-12 22:35 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-04-12 22:35 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-04-12 22:35 - 2014-01-27 01:17 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml
2014-04-12 22:35 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2014-04-12 22:35 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-04-12 22:35 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-04-12 22:35 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 22:35 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-04-12 22:35 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-04-12 22:35 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-04-12 22:35 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-12 22:35 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-12 22:35 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-12 22:35 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-04-12 22:35 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-12 22:35 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-04-12 22:35 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-12 22:35 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-12 22:35 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-04-12 22:34 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-12 22:34 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-10 02:15 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-10 02:15 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-04-10 02:15 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-04-10 02:15 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-03-31 21:41 - 2014-03-31 21:41 - 00058568 _____ (Microsoft Corporation) C:\windows\SysWOW64\sirenacm.dll
2014-03-31 21:34 - 2014-03-31 21:34 - 00322248 _____ (Microsoft Corporation) C:\windows\WLXPGSS.SCR
2014-03-29 08:35 - 2014-03-29 08:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 04:55 - 2014-03-28 04:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-03-28 04:49 - 2014-04-10 05:47 - 00446968 _____ () C:\windows\system32\FNTCACHE.DAT
==================== One Month Modified Files and Folders =======
2014-04-24 07:59 - 2014-04-24 07:59 - 00020968 _____ () C:\Users\Karsten\Desktop\FRST.txt
2014-04-24 07:59 - 2014-04-24 07:59 - 00000000 ____D () C:\Users\Karsten\Desktop\FRST-OlderVersion
2014-04-24 07:59 - 2014-04-19 07:43 - 00000000 ____D () C:\FRST
2014-04-24 07:59 - 2014-04-19 07:39 - 02061824 _____ (Farbar) C:\Users\Karsten\Desktop\FRST64.exe
2014-04-24 07:58 - 2012-11-21 12:44 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4084426041-1636381982-3049202617-1001
2014-04-24 07:56 - 2012-11-23 19:13 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\Notepad++
2014-04-24 07:56 - 2012-11-23 19:13 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-04-24 07:55 - 2014-04-24 07:55 - 00000791 _____ () C:\Users\Karsten\Desktop\checkup.txt
2014-04-24 07:55 - 2012-11-21 19:42 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-24 07:53 - 2013-10-29 22:00 - 00000000 ____D () C:\Users\karsten_2\AppData\Roaming\ClassicShell
2014-04-24 07:40 - 2012-11-22 18:42 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-24 07:37 - 2013-02-21 20:12 - 00000000 ____D () C:\Users\karsten_2\AppData\Roaming\QuickScan
2014-04-24 07:36 - 2014-03-14 03:03 - 00003242 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-24 07:36 - 2014-01-29 23:22 - 00003368 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-24 07:35 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-04-24 03:15 - 2014-04-16 19:47 - 00003346 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-24 03:15 - 2014-04-16 19:47 - 00003220 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-24 03:15 - 2014-02-05 22:00 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\ClassicShell
2014-04-24 03:11 - 2014-04-24 03:11 - 00001388 _____ () C:\Users\Karsten\Desktop\anweisung.txt
2014-04-24 01:32 - 2012-11-23 21:33 - 01309414 _____ () C:\windows\WindowsUpdate.log
2014-04-23 23:03 - 2013-07-16 05:51 - 00000000 ____D () C:\Users\Karsten\AppData\Local\Adobe
2014-04-23 23:03 - 2012-11-21 12:36 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\Adobe
2014-04-23 22:50 - 2014-04-23 22:50 - 00855379 _____ () C:\Users\Karsten\Desktop\SecurityCheck.exe
2014-04-23 22:49 - 2012-09-28 17:11 - 00745562 _____ () C:\windows\system32\perfh007.dat
2014-04-23 22:49 - 2012-09-28 17:11 - 00169488 _____ () C:\windows\system32\perfc007.dat
2014-04-23 22:49 - 2012-07-26 09:28 - 01752656 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-23 20:52 - 2012-11-24 23:41 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{3454E9CE-74EC-4794-80EB-8B50E51C0BDD}
2014-04-23 07:32 - 2012-11-21 19:52 - 00005090 _____ () C:\windows\Sandboxie.ini
2014-04-22 22:16 - 2014-04-22 22:16 - 00142848 _____ () C:\Users\karsten_2\Desktop\Order Berlin.xls
2014-04-22 21:46 - 2013-03-16 19:24 - 00000000 ____D () C:\Users\karsten_2\AppData\Roaming\Real
2014-04-22 21:45 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-22 21:44 - 2014-04-21 22:10 - 00000000 ____D () C:\AdwCleaner
2014-04-22 21:44 - 2012-07-26 07:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-04-22 21:42 - 2014-04-22 21:42 - 01345485 _____ () C:\Users\Karsten\Desktop\adwcleaner.exe
2014-04-22 21:41 - 2013-03-17 17:43 - 00003364 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1001
2014-04-22 21:40 - 2014-04-22 21:40 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\RealNetworks
2014-04-22 21:40 - 2013-03-16 19:19 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\Real
2014-04-22 21:37 - 2014-04-22 21:37 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-04-22 21:37 - 2014-04-22 21:37 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-04-22 21:37 - 2013-03-16 19:20 - 00201800 _____ (RealNetworks, Inc.) C:\windows\SysWOW64\rmoc3260.dll
2014-04-22 21:37 - 2013-03-16 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-04-22 21:37 - 2013-03-16 19:20 - 00000000 ____D () C:\Program Files (x86)\Real
2014-04-22 21:37 - 2013-03-16 19:17 - 00000000 ____D () C:\ProgramData\Real
2014-04-22 21:37 - 2012-09-28 08:37 - 00505416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp71.dll
2014-04-22 21:37 - 2012-09-28 08:37 - 00353864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll
2014-04-22 21:37 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-04-22 21:01 - 2014-04-22 21:01 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-21 22:18 - 2014-04-21 22:18 - 00000000 ____D () C:\windows\ERUNT
2014-04-21 21:50 - 2014-04-19 04:40 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 21:41 - 2014-04-21 21:41 - 01016261 _____ (Thisisu) C:\Users\karsten_2\Downloads\JRT.exe
2014-04-20 23:03 - 2014-04-20 23:03 - 00000782 _____ () C:\windows\PFRO.log
2014-04-20 22:53 - 2014-04-20 22:53 - 00021544 _____ () C:\ComboFix.txt
2014-04-20 22:53 - 2014-04-20 22:29 - 00000000 ____D () C:\Qoobox
2014-04-20 22:50 - 2012-11-22 18:36 - 00000000 ___RD () C:\Users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-20 22:49 - 2014-04-20 22:29 - 00000000 ____D () C:\windows\erdnt
2014-04-20 22:42 - 2012-07-26 07:26 - 00000215 _____ () C:\windows\system.ini
2014-04-20 17:11 - 2014-04-20 22:26 - 05196870 ____R (Swearware) C:\Users\Karsten\Desktop\ComboFix.exe
2014-04-20 15:45 - 2012-12-27 15:39 - 00000000 ____D () C:\Users\karsten_2\AppData\Local\CrashDumps
2014-04-20 15:44 - 2012-11-21 12:34 - 00000000 ____D () C:\Users\Karsten\AppData\Local\VirtualStore
2014-04-20 15:36 - 2012-11-23 13:34 - 00000000 ____D () C:\Karsten
2014-04-20 15:33 - 2012-11-22 18:35 - 00000000 ____D () C:\Users\karsten_2\AppData\Local\VirtualStore
2014-04-20 12:48 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-20 06:52 - 2012-11-23 22:04 - 00119240 _____ () C:\Users\karsten_2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-19 18:13 - 2014-04-19 18:13 - 00000000 _____ () C:\Users\Karsten\defogger_reenable
2014-04-19 18:13 - 2012-11-21 12:33 - 00000000 ____D () C:\Users\Karsten
2014-04-19 18:10 - 2014-04-19 18:10 - 00380416 _____ () C:\Users\Karsten\Desktop\Gmer-19357.exe
2014-04-19 18:10 - 2014-04-19 18:10 - 00050477 _____ () C:\Users\Karsten\Desktop\Defogger.exe
2014-04-19 08:05 - 2013-03-17 17:56 - 00000000 ____D () C:\Users\Karsten\AppData\Local\CrashDumps
2014-04-19 05:59 - 2014-04-19 05:59 - 00000000 ____D () C:\windows\en
2014-04-19 05:59 - 2012-11-22 19:40 - 00000000 ____D () C:\Users\Karsten\Tracing
2014-04-19 05:58 - 2014-04-19 05:58 - 00001307 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ____D () C:\windows\de
2014-04-19 05:58 - 2012-11-22 19:38 - 00001376 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-04-19 05:58 - 2012-11-22 19:37 - 00001492 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-04-19 05:57 - 2014-04-19 05:57 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-19 05:57 - 2012-11-22 19:37 - 00002536 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-04-19 05:57 - 2012-09-28 08:39 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-04-19 05:56 - 2014-04-19 05:56 - 00000382 _____ () C:\windows\DirectX.log
2014-04-19 05:53 - 2013-03-22 19:59 - 00000000 ____D () C:\windows\Minidump
2014-04-19 05:52 - 2012-11-22 00:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-19 05:52 - 2012-11-21 15:18 - 00000000 ____D () C:\Users\Karsten\AppData\Local\Mozilla
2014-04-19 05:39 - 2012-11-21 19:42 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-19 05:16 - 2012-11-23 20:29 - 00000000 ____D () C:\Users\Karsten\AppData\Local\NPE
2014-04-19 05:12 - 2012-11-21 12:36 - 00000000 ___RD () C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-19 05:12 - 2012-11-21 12:36 - 00000000 ___RD () C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-19 04:40 - 2014-04-19 04:40 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-19 04:38 - 2014-04-19 04:38 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\karsten_2\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 04:13 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-04-19 04:12 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-04-17 19:01 - 2014-04-19 04:09 - 03077584 ____N (Symantec Corporation) C:\Users\karsten_2\Downloads\NPE.exe
2014-04-17 13:38 - 2014-04-19 05:54 - 01239752 _____ (Microsoft Corporation) C:\Users\Karsten\Downloads\wlsetup-web.exe
2014-04-14 08:08 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-04-13 08:12 - 2012-11-22 18:36 - 00000000 ___RD () C:\Users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-13 08:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData
2014-04-13 08:06 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-04-10 05:47 - 2014-03-28 04:49 - 00446968 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-10 05:47 - 2013-01-28 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-10 02:21 - 2013-08-14 14:22 - 00000000 ____D () C:\windows\system32\MRT
2014-04-10 02:21 - 2012-11-21 14:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 02:19 - 2012-12-12 19:21 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-06 08:36 - 2014-04-21 21:42 - 01016261 _____ (Thisisu) C:\Users\Karsten\Desktop\JRT.exe
2014-04-03 09:51 - 2014-04-19 04:40 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 04:40 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 04:40 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-31 23:18 - 2014-01-16 07:15 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2014-01-16 07:15 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 21:41 - 2014-03-31 21:41 - 00058568 _____ (Microsoft Corporation) C:\windows\SysWOW64\sirenacm.dll
2014-03-31 21:34 - 2014-03-31 21:34 - 00322248 _____ (Microsoft Corporation) C:\windows\WLXPGSS.SCR
2014-03-29 08:35 - 2014-03-29 08:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 04:55 - 2014-03-28 04:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-03-28 04:50 - 2014-02-10 19:18 - 00002503 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-03-28 04:50 - 2014-02-10 19:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-03-28 04:50 - 2012-09-28 08:42 - 00003234 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-03-28 04:50 - 2012-09-28 08:41 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-03-25 15:28 - 2014-04-19 05:51 - 04787368 _____ (Piriform Ltd) C:\Users\Karsten\Downloads\ccsetup412.exe
Some content of TEMP:
====================
C:\Users\Karsten\AppData\Local\temp\npp.6.5.5.Installer.exe
C:\Users\Karsten\AppData\Local\temp\Quarantine.exe
C:\Users\Karsten\AppData\Local\temp\stubhelper.dll
C:\Users\Karsten\AppData\Local\temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-18 03:01
==================== End Of Log ============================
Scheint alles ok zu sein? |
|
24.04.2014, 12:49
| #12 |
| /// the machine /// TB-Ausbilder | backdoor.graybird von Norton gefunden Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.04.2014, 09:59
| #13 |
| | backdoor.graybird von Norton gefunden Alles erledigt! Keine Fragen mehr! Vielen Dank für deine Hilfe! |
|
25.04.2014, 19:12
| #14 |
| /// the machine /// TB-Ausbilder | backdoor.graybird von Norton gefunden Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu backdoor.graybird von Norton gefunden |
| adobe, bonjour, branding, ccsetup, defender, dvdvideosoft ltd., email, error, excel, flash player, helper, homepage, mozilla, mp3, panda usb vaccine, problem, programm, registry, rundll, scan, security, services.exe, software, starten, svchost.exe, symantec, system, trojaner, usb, windowsapps |
WARNUNG an die MITLESER: 
Linear-Darstellung
