Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   backdoor.graybird von Norton gefunden (https://www.trojaner-board.de/152733-backdoor-graybird-norton-gefunden.html)

Raymond 19.04.2014 09:20
backdoor.graybird von Norton gefunden
 
Am 14. und 15.04. hat Norton zweimal den Trojaner backdoor.graybird gefunden.
Folgendes habe ich heute gemacht: Volle Scan mit Norton und Malwarebytes haben nichts gefunden. Ein Scan mit aswMBR.exe hat nichts gefunden. Es gab allerdings auch das Problem, dass das Programm ein paar mal abgestürzt ist (Norton war deaktiviert).

Ich habe auch FRST benutzt. Hier sind die logs:

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Karsten (administrator) on KARSTEN on 19-04-2014 07:43:30
Running from C:\Users\Karsten\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AMD) C:\windows\system32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-06] (IDT, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-28] (RealNetworks, Inc.)
HKU\S-1-5-21-4084426041-1636381982-3049202617-1001\...\Run: [EPSON SX410 Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE [223232 2008-10-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4084426041-1636381982-3049202617-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4084426041-1636381982-3049202617-1001\...\MountPoints2: {11d845d0-33d5-11e2-be6f-78e3b5b1eb8d} - "L:\autorun.exe"
Startup: C:\Users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Karsten\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {19B9E307-FBC7-461C-B092-16D9234C20BA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {19B9E307-FBC7-461C-B092-16D9234C20BA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {19B9E307-FBC7-461C-B092-16D9234C20BA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default
FF user.js: detected! => C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\user.js
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: chrome://foxtab/content/homepage.html
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=BFC9CCA8-518D-487C-929E-64A722B1AEF0&apn_ptnrs=%5EAGS&apn_sauid=095E12B4-6FD1-410F-BA0D-5AC249BCB302&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @coreonline.com/run3d,version=1.0 - C:\Users\Karsten\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=2.0.8.2 - C:\Users\Karsten\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\staged [2014-04-19]
FF Extension: Bitdefender QuickScan - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013-08-02]
FF Extension: Redirect Remover - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} [2012-11-21]
FF Extension: BrowserProtect - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\browserprotect@browserprotect.com.xpi [2012-11-21]
FF Extension: RSS Icon - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\kitsuneymg@gmail.com.xpi [2012-11-21]
FF Extension: All-in-One Sidebar - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-11-21]
FF Extension: FlashGot - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-11-21]
FF Extension: X-notifier - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-11-21]
FF Extension: NoScript - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-21]
FF Extension: ImTranslator - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012-11-21]
FF Extension: LinkExtend - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-21]
FF Extension: BetterPrivacy - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-11-21]
FF Extension: DownThemAll! - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-11-21]
FF Extension: Torbutton - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2012-11-21]
FF Extension: FoxTab - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012-11-21]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-28]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-02-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Karsten\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Karsten\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2013-03-01]

==================== Services (Whitelisted) =================

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140417.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140418.016\ENG64.SYS [126040 2014-04-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140418.016\EX64.SYS [2099288 2014-04-15] (Symantec Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-19 07:43 - 2014-04-19 07:43 - 00022780 _____ () C:\Users\Karsten\Desktop\FRST.txt
2014-04-19 07:43 - 2014-04-19 07:43 - 00000000 ____D () C:\FRST
2014-04-19 07:39 - 2014-04-17 21:54 - 02158592 _____ (Farbar) C:\Users\Karsten\Desktop\FRST64.exe
2014-04-19 05:59 - 2014-04-19 05:59 - 00000000 ____D () C:\windows\en
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ____D () C:\windows\de
2014-04-19 05:57 - 2014-04-19 05:57 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-19 05:56 - 2014-04-19 05:56 - 00000382 _____ () C:\windows\DirectX.log
2014-04-19 05:54 - 2014-04-17 13:38 - 01239752 _____ (Microsoft Corporation) C:\Users\Karsten\Downloads\wlsetup-web.exe
2014-04-19 05:51 - 2014-03-25 15:28 - 04787368 _____ (Piriform Ltd) C:\Users\Karsten\Downloads\ccsetup412.exe
2014-04-19 05:50 - 2014-04-19 07:42 - 00000400 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Karsten.job
2014-04-19 05:50 - 2014-04-19 05:50 - 00003618 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002966 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002962 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002670 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00000394 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Karsten.job
2014-04-19 05:50 - 2014-04-19 05:50 - 00000390 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Karsten.job
2014-04-19 05:06 - 2013-03-18 21:00 - 04745728 _____ (AVAST Software) C:\Users\karsten_2\Downloads\aswMBR.exe
2014-04-19 04:40 - 2014-04-19 04:43 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 04:40 - 2014-04-19 04:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-19 04:40 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-19 04:40 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-19 04:40 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-19 04:38 - 2014-04-19 04:38 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\karsten_2\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 04:10 - 2014-04-19 04:10 - 00000154 _____ () C:\Users\karsten_2\Desktop\norton.txt
2014-04-19 04:09 - 2014-04-17 19:01 - 03077584 ____N (Symantec Corporation) C:\Users\karsten_2\Downloads\NPE.exe
2014-04-16 19:47 - 2014-04-19 05:29 - 00003346 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-16 19:47 - 2014-04-19 05:29 - 00003220 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-12 22:35 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-12 22:35 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-12 22:35 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-12 22:35 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-12 22:35 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-12 22:35 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 22:35 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-04-12 22:35 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-12 22:35 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-04-12 22:35 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-04-12 22:35 - 2014-01-27 01:17 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml
2014-04-12 22:35 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2014-04-12 22:35 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-04-12 22:35 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-04-12 22:35 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 22:35 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-04-12 22:35 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-04-12 22:35 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-04-12 22:35 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-12 22:35 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-12 22:35 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-12 22:35 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-04-12 22:35 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-12 22:35 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-04-12 22:35 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-12 22:35 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-12 22:35 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-04-12 22:34 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-12 22:34 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-10 02:15 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-10 02:15 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-04-10 02:15 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-04-10 02:15 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-03-31 21:41 - 2014-03-31 21:41 - 00058568 _____ (Microsoft Corporation) C:\windows\SysWOW64\sirenacm.dll
2014-03-31 21:34 - 2014-03-31 21:34 - 00322248 _____ (Microsoft Corporation) C:\windows\WLXPGSS.SCR
2014-03-29 08:35 - 2014-03-29 08:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 04:55 - 2014-03-28 04:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-03-28 04:49 - 2014-04-10 05:47 - 00446968 _____ () C:\windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2014-04-19 07:43 - 2014-04-19 07:43 - 00022780 _____ () C:\Users\Karsten\Desktop\FRST.txt
2014-04-19 07:43 - 2014-04-19 07:43 - 00000000 ____D () C:\FRST
2014-04-19 07:42 - 2014-04-19 05:50 - 00000400 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Karsten.job
2014-04-19 07:41 - 2013-10-29 22:00 - 00000000 ____D () C:\Users\karsten_2\AppData\Roaming\ClassicShell
2014-04-19 07:33 - 2012-11-23 21:33 - 01062422 _____ () C:\windows\WindowsUpdate.log
2014-04-19 07:24 - 2012-11-21 19:52 - 00005090 _____ () C:\windows\Sandboxie.ini
2014-04-19 07:23 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-04-19 06:00 - 2014-02-05 22:00 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\ClassicShell
2014-04-19 05:59 - 2014-04-19 05:59 - 00000000 ____D () C:\windows\en
2014-04-19 05:59 - 2012-11-22 19:40 - 00000000 ____D () C:\Users\Karsten\Tracing
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ____D () C:\windows\de
2014-04-19 05:57 - 2014-04-19 05:57 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-19 05:57 - 2012-09-28 08:39 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-04-19 05:56 - 2014-04-19 05:56 - 00000382 _____ () C:\windows\DirectX.log
2014-04-19 05:55 - 2012-11-21 19:42 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-19 05:55 - 2012-11-21 12:44 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4084426041-1636381982-3049202617-1001
2014-04-19 05:53 - 2013-03-22 19:59 - 00000000 ____D () C:\windows\Minidump
2014-04-19 05:53 - 2013-03-17 17:56 - 00000000 ____D () C:\Users\Karsten\AppData\Local\CrashDumps
2014-04-19 05:52 - 2012-11-22 00:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-19 05:52 - 2012-11-21 15:18 - 00000000 ____D () C:\Users\Karsten\AppData\Local\Mozilla
2014-04-19 05:50 - 2014-04-19 05:50 - 00003618 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002966 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002962 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002670 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00000394 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Karsten.job
2014-04-19 05:50 - 2014-04-19 05:50 - 00000390 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Karsten.job
2014-04-19 05:48 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-19 05:39 - 2012-11-21 19:42 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-19 05:33 - 2012-11-22 18:42 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-19 05:29 - 2014-04-16 19:47 - 00003346 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-19 05:29 - 2014-04-16 19:47 - 00003220 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-19 05:28 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-19 05:27 - 2012-07-26 07:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-04-19 05:16 - 2012-11-23 20:29 - 00000000 ____D () C:\Users\Karsten\AppData\Local\NPE
2014-04-19 05:13 - 2013-03-16 19:19 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\Real
2014-04-19 05:12 - 2012-11-21 12:36 - 00000000 ___RD () C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-19 05:12 - 2012-11-21 12:36 - 00000000 ___RD () C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-19 04:43 - 2014-04-19 04:40 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 04:40 - 2014-04-19 04:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-19 04:38 - 2014-04-19 04:38 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\karsten_2\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 04:32 - 2012-11-24 23:41 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{3454E9CE-74EC-4794-80EB-8B50E51C0BDD}
2014-04-19 04:18 - 2012-09-28 17:11 - 00745562 _____ () C:\windows\system32\perfh007.dat
2014-04-19 04:18 - 2012-09-28 17:11 - 00169488 _____ () C:\windows\system32\perfc007.dat
2014-04-19 04:18 - 2012-07-26 09:28 - 01752656 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-19 04:13 - 2014-03-14 03:03 - 00003242 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-19 04:13 - 2014-01-29 23:22 - 00003368 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-19 04:13 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-04-19 04:12 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-04-19 04:10 - 2014-04-19 04:10 - 00000154 _____ () C:\Users\karsten_2\Desktop\norton.txt
2014-04-17 21:54 - 2014-04-19 07:39 - 02158592 _____ (Farbar) C:\Users\Karsten\Desktop\FRST64.exe
2014-04-17 21:01 - 2012-12-27 15:39 - 00000000 ____D () C:\Users\karsten_2\AppData\Local\CrashDumps
2014-04-17 19:01 - 2014-04-19 04:09 - 03077584 ____N (Symantec Corporation) C:\Users\karsten_2\Downloads\NPE.exe
2014-04-17 13:38 - 2014-04-19 05:54 - 01239752 _____ (Microsoft Corporation) C:\Users\Karsten\Downloads\wlsetup-web.exe
2014-04-14 08:08 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-04-13 08:12 - 2012-11-22 18:36 - 00000000 ___RD () C:\Users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-13 08:12 - 2012-11-22 18:36 - 00000000 ___RD () C:\Users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-13 08:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData
2014-04-13 08:06 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-04-10 05:49 - 2013-02-21 20:12 - 00000000 ____D () C:\Users\karsten_2\AppData\Roaming\QuickScan
2014-04-10 05:47 - 2014-03-28 04:49 - 00446968 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-10 05:47 - 2013-01-28 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-10 02:21 - 2013-08-14 14:22 - 00000000 ____D () C:\windows\system32\MRT
2014-04-10 02:21 - 2012-11-21 14:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 02:19 - 2012-12-12 19:21 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-03 09:51 - 2014-04-19 04:40 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 04:40 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 04:40 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-31 23:18 - 2014-01-16 07:15 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2014-01-16 07:15 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 21:41 - 2014-03-31 21:41 - 00058568 _____ (Microsoft Corporation) C:\windows\SysWOW64\sirenacm.dll
2014-03-31 21:34 - 2014-03-31 21:34 - 00322248 _____ (Microsoft Corporation) C:\windows\WLXPGSS.SCR
2014-03-29 08:35 - 2014-03-29 08:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 04:55 - 2014-03-28 04:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-03-28 04:50 - 2014-02-10 19:18 - 00002503 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-03-28 04:50 - 2012-09-28 08:42 - 00003234 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-03-28 04:50 - 2012-09-28 08:41 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-03-25 15:28 - 2014-04-19 05:51 - 04787368 _____ (Piriform Ltd) C:\Users\Karsten\Downloads\ccsetup412.exe
2014-03-23 20:21 - 2012-11-23 14:21 - 00000000 ____D () C:\Users\karsten_2\Documents\trle
2014-03-23 20:21 - 2012-11-22 19:12 - 00000000 ____D () C:\Users\karsten_2\Documents\test
2014-03-21 23:03 - 2013-04-19 16:31 - 00000000 ____D () C:\Program Files (x86)\PDF24

Some content of TEMP:
====================
C:\Users\karsten_2\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-18 03:01

==================== End Of Log ============================


und


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by Karsten at 2014-04-19 07:44:01
Running from C:\Users\Karsten\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 13 Plugin (HKLM-x32\...\{28ADCCAD-3C23-44A1-A93F-47AA176F7AD7}) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{BF821093-CFD3-EC1B-B357-6817EE34E5C7}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3109 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.1.4319 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Epson Stylus SX210_SX410_TX210_TX410 Handbuch (HKLM-x32\...\Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch) (Version:  - )
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version:  - SEIKO EPSON Corporation)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
FirstClass Client (HKLM-x32\...\{6EBED885-73D9-4750-B96E-FD654500E59F}) (Version: 11.063 - OpenText)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.23.320 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NG Center 1.3 (C:\Program Files (x86)\NG_CENTER\) (HKLM-x32\...\ST6UNST #2) (Version:  - )
NG Center 1.3 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.2 - )
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PDF Image Extraction Wizard 1.2 (HKLM-x32\...\PDF Image Extraction Wizard 1.2_is1) (Version:  - RL Vision)
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Portal 2 (HKLM\...\{C7ADD544-7212-4294-93B4-35A917802F57}_is1) (Version: 1.28 - Valve)
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.4001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.4001 - Secunia)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Square Enix Secure Launcher (HKCU\...\Square Enix Secure Launcher) (Version: 1.0.0.108 - Square Enix)
Tomb Raider: Underworld 1.0 (HKLM-x32\...\Tomb Raider: Underworld) (Version:  - )
Torrent Stream 2.0.8.2 (HKCU\...\TorrentStream) (Version: 2.0.8.2 - Torrent Stream)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media 8 Encoding Utility (HKLM-x32\...\wm8eutil) (Version:  - )

==================== Restore Points  =========================

28-03-2014 05:54:47 Geplanter Prüfpunkt
05-04-2014 09:43:55 Geplanter Prüfpunkt
10-04-2014 00:18:22 Windows Update
13-04-2014 05:54:54 Windows Update
17-04-2014 17:20:55 Windows Update
19-04-2014 03:55:29 Windows Live Essentials

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0FD112A7-7F87-4829-BB9E-B9312628AE9D} - System32\Tasks\ReclaimerUpdateFiles_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1BC3AC19-486A-48F4-8053-5EE64A7CB816} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {2064DABC-F816-49AE-BF2C-0B049D18D797} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {2101431E-D2FC-4FDA-B878-403E464181FF} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {213BEEDC-746D-4FB0-8EE3-275DD1AE7628} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\SymErr.exe
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {37DEA58B-8462-4805-996F-F1F43FD47C19} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {536E6974-C855-4784-B003-060E0F9DB9CC} - System32\Tasks\ReclaimerUpdateXML_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {59E63EB5-854D-40CF-8647-E60440202B92} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {5E15A49D-D139-4E34-97BD-E972FCF0356D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {67203319-C175-43E9-AF13-18F32A779471} - System32\Tasks\RNUpgradeHelperLogonPrompt_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {67C732A8-3943-4A4D-981B-8624BDB78D67} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-19] (Adobe Systems Incorporated)
Task: {6FAAD3FA-7D3D-4EBA-AFCB-826927D3EB19} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {774FFC74-76B2-4F7C-BCE4-E3AD73ED172B} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\SymErr.exe
Task: {7FACDD51-5853-4884-BCE3-D0DF29E84F48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {83456510-8F6A-4FA9-8C35-9AFE19A9A419} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8FA3AC7C-04EB-46FA-B94B-37E9073E8E59} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9546EAA3-39C3-4DED-8713-946248B95374} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {A0C88627-80D5-477B-BE77-701DCD45D2D0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AFD44EBF-961E-4823-9B59-DA4C7F614202} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B786AA05-BA0A-448B-B222-EE5E8AF7C821} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C1B82AC9-DFF7-4309-BBB9-37FEE2677B46} - System32\Tasks\RNUpgradeHelperResumePrompt_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C8945FB9-372E-4A44-B22E-53A3034C67CF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D3DE6F95-558B-42D6-B1F8-77CA1D220B89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F3C8CE70-E5A6-4093-BD3F-33340A24C0ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2012-07-13] (Hewlett-Packard)
Task: {F4DFFBBB-E4D4-4E13-AB13-2C81A47C81DD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\ReclaimerUpdateFiles_Karsten.job => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\windows\Tasks\ReclaimerUpdateXML_Karsten.job => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Karsten.job => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-08-29 11:02 - 2012-08-29 11:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2012-07-26 11:48 - 2012-07-26 11:46 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-09-28 08:31 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2014 05:56:55 AM) (Source: Windows Search Service) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz  konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet.  0x0.

Error: (04/19/2014 05:56:55 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (04/19/2014 05:56:54 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Error: (04/19/2014 05:29:00 AM) (Source: Windows Search Service) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz  konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet.  0x0.

Error: (04/19/2014 05:28:59 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (04/19/2014 05:28:58 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Error: (04/19/2014 05:25:45 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000618d0
ID des fehlerhaften Prozesses: 0x1618
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3
Vollständiger Name des fehlerhaften Pakets: aswMBR.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: aswMBR.exe5

Error: (04/19/2014 05:22:54 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000618d0
ID des fehlerhaften Prozesses: 0x1480
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3
Vollständiger Name des fehlerhaften Pakets: aswMBR.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: aswMBR.exe5

Error: (04/19/2014 04:13:35 AM) (Source: Windows Search Service) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz  konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet.  0x0.

Error: (04/19/2014 04:13:35 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog


System errors:
=============
Error: (04/19/2014 06:00:08 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/19/2014 05:50:03 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/19/2014 05:31:24 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/19/2014 05:30:57 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/19/2014 05:28:50 AM) (Source: DCOM) (User: Karsten)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Karstenkarsten_2S-1-5-21-4084426041-1636381982-3049202617-1004LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/19/2014 05:27:42 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/19/2014 05:12:57 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/19/2014 04:16:07 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/19/2014 04:15:53 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/16/2014 07:19:27 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 6039.52 MB
Available physical RAM: 4567.83 MB
Total Pagefile: 6999.52 MB
Available Pagefile: 5559.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.74 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.36 GB) (Free:301.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:10.92 GB) (Free:1.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (YOU_ARE_THE_QUESTION) (CDROM) (Total:7.56 GB) (Free:0 GB) UDF
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (RecoveryDaten) (Fixed) (Total:297.99 GB) (Free:277.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 7304BB38)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Muss ich noch weitere Schritte unternehmen?

schrauber 19.04.2014 09:37
Hi,

Logfile von Norton? Wo hat Norton das gefunden?

Raymond 19.04.2014 17:44
Oh je, ich ahne schlimmes! Hier mal drei Logeinträge:

Code:
Dateiname: iulnbeys.dat
Bedrohungsname: Backdoor.Graybird
Vollständiger Pfad: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\iulnbeys.dat

____________________________



Details
Unbekannte Community-Verbreitung,* Unbekanntes Alter,* Risiko Hoch





Ursprung
Heruntergeladen von
*Unbekannt





Aktivität
Ausgeführte Aktionen: 13



____________________________



Auf Computern ab*
Nicht verfügbar


Zuletzt verwendet*
14.04.2014 um 19:50:19


Start-Element*
Nein


Gestartet*
Nein


____________________________


Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.

Unbekannt
Diese Dateiversion ist nicht bekannt.

Hoch
Das Risiko dieser Datei ist hoch.

Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen.



____________________________



Quelle: externe Medien



____________________________

Dateiaktionen

Datei: C:\Users\karsten_2\AppData\Local\virtualstore\windows\syswow64\ comsa32.sys entfernt
Datei: C:\Users\karsten_2\AppData\Local\virtualstore\windows\syswow64\ installed.dat entfernt
Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ iulnbeys.dat entfernt
Datei: C:\windows\SysWOW64\ Installed.dat entfernt
____________________________

Registrierungsaktionen

Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->AntiVirusDisableNotify:0 Repariert
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->UpdatesDisableNotify:0 Repariert
Registrierungsänderung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\ ->Start:2 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Repariert
____________________________


Dateiabdruck - SHA:
bbbbe4e428de60fe59cc3501b8bf600bbbc132711fa7fe69457fb7bc5e7139fb
Dateiabdruck - MD5:
Nicht verfügbar
Code:
Dateiname: tww7zblv.dat
Bedrohungsname: Backdoor.Graybird
Vollständiger Pfad: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\tww7zblv.dat

____________________________



Details
Unbekannte Community-Verbreitung,* Unbekanntes Alter,* Risiko Hoch





Ursprung
Heruntergeladen von
*Unbekannt





Aktivität
Ausgeführte Aktionen: 109



____________________________



Auf Computern ab*
Nicht verfügbar


Zuletzt verwendet*
14.04.2014 um 19:50:22


Start-Element*
Nein


Gestartet*
Ja


____________________________


Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.

Unbekannt
Diese Dateiversion ist nicht bekannt.

Hoch
Das Risiko dieser Datei ist hoch.

Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen.



____________________________



Quelle: externe Medien



____________________________

Dateiaktionen

Datei: C:\Users\karsten_2\AppData\Local\virtualstore\windows\syswow64\ comsa32.sys entfernt
Datei: C:\Users\karsten_2\AppData\Local\virtualstore\windows\syswow64\ installed.dat entfernt
Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ tww7zblv.dat entfernt
Datei: C:\windows\SysWOW64\ Installed.dat entfernt
Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ iazguxcw.dat entfernt
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\syswow64\ gh14rs.txt Keine Aktion erforderlich
Datei: c:\windows\syswow64\ gh14rs.txt Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\system\ mmtaskclean.log Keine Aktion erforderlich
Datei: c:\windows\system\ mmtaskclean.log Keine Aktion erforderlich
Datei: c:\windows\syswow64\ comsa32.sys Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\system\ win32in.dll Keine Aktion erforderlich
Datei: c:\windows\system\ win32in.dll Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\system\ win32out.dll Keine Aktion erforderlich
Datei: c:\windows\system\ win32out.dll Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\syswow64\ settings.dll Keine Aktion erforderlich
Datei: c:\windows\syswow64\ settings.dll Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\syswow64\wbem\ inetno.chm Keine Aktion erforderlich
Datei: c:\windows\syswow64\wbem\ inetno.chm Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\ win32.btl Keine Aktion erforderlich
Datei: c:\windows\ win32.btl Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\syswow64\wbem\ inetno.exe Keine Aktion erforderlich
Datei: c:\windows\syswow64\wbem\ inetno.exe Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\windows\syswow64\wbem\ windows_nt_ck.exe Keine Aktion erforderlich
Datei: c:\windows\syswow64\wbem\ windows_nt_ck.exe Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\programdata\downloadsave\ recordpath Keine Aktion erforderlich
Datei: c:\programdata\downloadsave\ recordpath Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\program files (x86)\addendum\ addendov.dll Keine Aktion erforderlich
Datei: c:\program files (x86)\addendum\ addendov.dll Keine Aktion erforderlich
Datei: c:\users\karsten_2\appdata\local\virtualstore\program files (x86)\addendum\ addendov_uninstall.exe Keine Aktion erforderlich
Datei: c:\program files (x86)\addendum\ addendov_uninstall.exe Keine Aktion erforderlich
Ereignis: Laufender Prozess: C:\Users\karsten_2\AppData\Local\virtualstore\program files (x86)\internet explorer\ iexplore.exe Keine Aktion erforderlich
Ereignis: Laufender Prozess: C:\Program Files (x86)\Internet Explorer\ iexplore.exe Keine Aktion erforderlich
____________________________

Registrierungsaktionen

Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->AntiVirusDisableNotify:0 Repariert
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->UpdatesDisableNotify:0 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\ ->Start:2 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Repariert
Registrierungsänderung: HKEY_CLASSES_ROOT\ .me0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\ .mem Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\Folder\shell\ !exestrong Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\ me0file Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\ memfile Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ ->Wopti Memory Defreg Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Wom\ ->Wopti ???? Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Wom\ ->Wopti ???? Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run->ravmond Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ RunServices->ravmond Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run->system Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ RunServices->system Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run->ravmond Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run->ravmond Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run->ravmond Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run->ravmond Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run->ravmond Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\ Windows->run Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\ Windows->run Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows NT\CurrentVersion\ Windows->run Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\ Windows->run Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows NT\CurrentVersion\ Windows->run Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\ Run->system Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\ Run->system Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\ Run->system Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ Run->system Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\ Run->system Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ Run->Windows Printing Driver Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ Run->Windows Printing Driver Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ Run->Windows Printing Driver Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ Run->Windows Printing Driver Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ Run->Windows Printing Driver Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\ IEHelper.IEHlprObj.1 Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\ IEHelper.IEHlprObj Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\Interface\ {C0BEBABF-1785-4075-8C4D-8FEE7833D3CD} Keine Aktion erforderlich
Registrierungsänderung: HKEY_CLASSES_ROOT\TypeLib\ {D42047D9-38C2-4FD1-8337-F69C8F835A30} Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\ DC3_FEXEC Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\ DC3_FEXEC Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\ DC3_FEXEC Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\ DC3_FEXEC Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\ DC3_FEXEC Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\ B-Wing_Go Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\ B-Wing_Go Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\ B-Wing_Go Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\ B-Wing_Go Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\ B-Wing_Go Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\ A-Wing_Go Keine Aktion erforderlich
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\ B-Wing_Go Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\ System->DisableRegistryTools:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\ System->DisableRegistryTools:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\Policies\ System->DisableRegistryTools:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ System->DisableRegistryTools:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ System->DisableRegistryTools:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System\ ->DisableTaskMgr:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System\ ->DisableTaskMgr:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System\ ->DisableTaskMgr:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\ ->DisableTaskMgr:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System\ ->DisableTaskMgr:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ ->NofolderOptions:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ ->NofolderOptions:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ ->NofolderOptions:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ ->NofolderOptions:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ ->NofolderOptions:0 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Keine Aktion erforderlich
Registrierungsänderung: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Keine Aktion erforderlich
____________________________


Dateiabdruck - SHA:
bbbbe4e428de60fe59cc3501b8bf600bbbc132711fa7fe69457fb7bc5e7139fb
Dateiabdruck - MD5:
Nicht verfügbar
Code:
Dateiname: iomthxqh.dat
Bedrohungsname: Backdoor.Graybird
Vollständiger Pfad: c:\users\karsten\appdata\local\virtualstore\program files\portal 2\iomthxqh.dat

____________________________



Details
Viele Benutzer,* Schon länger bekannt,* Risiko Hoch





Ursprung
Heruntergeladen von
*Unbekannt





Aktivität
Ausgeführte Aktionen: 56



____________________________



Auf Computern ab*
23.11.2012 um 15:14:46


Zuletzt verwendet*
15.04.2014 um 23:03:46


Start-Element*
Nein


Gestartet*
Nein


____________________________


Viele Benutzer
Zehntausende Benutzer in der Norton Community haben diese Datei verwendet.

Schon länger bekannt
Diese Datei wurde vor mehr als 31 Tagen 3 Jahren 9 Monaten  veröffentlicht.

Hoch
Das Risiko dieser Datei ist hoch.

Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen.



____________________________



Quelle: externe Medien

Quelldatei:
setup.exe

Datei erstellt:
setup.tmp

Datei erstellt:
portal2.exe

Datei erstellt:
iomthxqh.dat

____________________________

Dateiaktionen

Datei: C:\Users\karsten_2\AppData\Local\virtualstore\windows\syswow64\ comsa32.sys entfernt
Datei: C:\Users\karsten_2\AppData\Local\virtualstore\windows\syswow64\ installed.dat entfernt
Datei: C:\windows\SysWOW64\ Installed.dat entfernt
Infizierte Datei: c:\users\karsten\appdata\local\virtualstore\program files\portal 2\ iomthxqh.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ kg8mxd9x.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ l7ikmcaj.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ lltxdr6s.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ ltseqdjx.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ luek0jmi.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ m6sbojq7.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ mencbbtw.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ moh4mipq.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ mtmwovba.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ mxfuodp6.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ nnhdwlcc.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ omxwqvdz.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ onopjdgv.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ otqr8whx.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 0kaqjfyi.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ p7kxehtk.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 0kn4bscn.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ p8or0b1z.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 29pvmqfw.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ pccm5kmp.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 2peftbva.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 2xatoaoq.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ pfuebvz1.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 2ykste3w.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 3fth4oln.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 4ke1k77r.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 4lug334g.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 4otvisg1.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 4rkpu0uh.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 51rognoa.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 5gkb110i.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 7hglwtcp.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ 8m2gfu2c.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ ai9a6lg4.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ e69oxs09.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ apj07uss.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ ecbx7v6e.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ eplrcjqj.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ aziwfvhc.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ ese59rir.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ bfmcjbwc.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ exh4y5bd.dat entfernt
Infizierte Datei: c:\users\karsten_2\appdata\local\virtualstore\program files\portal 2\ xsaadudy.dat entfernt
____________________________

Registrierungsaktionen

Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->AntiVirusDisableNotify:0 Repariert
Registrierungsänderung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ ->UpdatesDisableNotify:0 Repariert
Registrierungsänderung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\ ->Start:2 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1001\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Repariert
Registrierungsänderung: HKEY_USERS\S-1-5-21-4084426041-1636381982-3049202617-1004\Software\Microsoft\Internet Explorer\New Windows\ ->PopupMgr:yes Repariert
____________________________


Dateiabdruck - SHA:
bbbbe4e428de60fe59cc3501b8bf600bbbc132711fa7fe69457fb7bc5e7139fb
Dateiabdruck - MD5:
Nicht verfügbar
Das habe ich jetzt noch entsprechend den allgemeinen Anweisungen nachgeholt:


defogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:13 on 19/04/2014 (Karsten)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
-=E.O.F=-

gmer-Scan

Am Anfang und Ende gab es diese Fehlermeldung:
c:\windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-19 18:25:41
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000031 ST500DM002-1BD142 rev.HP73 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Karsten\AppData\Local\Temp\fwdoqpoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\windows\system32\atieclxx.exe[1284] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                        000007fdc133177a 4 bytes [33, C1, FD, 07]
.text  C:\windows\system32\atieclxx.exe[1284] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                        000007fdc1331782 4 bytes [33, C1, FD, 07]
.text  C:\windows\system32\atieclxx.exe[1284] C:\windows\system32\WSOCK32.dll!recvfrom + 742                                      000007fdbcc11b32 4 bytes [C1, BC, FD, 07]
.text  C:\windows\system32\atieclxx.exe[1284] C:\windows\system32\WSOCK32.dll!recvfrom + 750                                      000007fdbcc11b3a 4 bytes [C1, BC, FD, 07]
.text  C:\windows\Explorer.EXE[3484] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                            000007fdbe591532 4 bytes [59, BE, FD, 07]
.text  C:\windows\Explorer.EXE[3484] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                            000007fdbe59153a 4 bytes [59, BE, FD, 07]
.text  C:\windows\Explorer.EXE[3484] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                          000007fdbe59165a 4 bytes [59, BE, FD, 07]
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                000007fdbe591532 4 bytes [59, BE, FD, 07]
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                000007fdbe59153a 4 bytes [59, BE, FD, 07]
.text  C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246              000007fdbe59165a 4 bytes [59, BE, FD, 07]
.text  C:\Program Files\Sandboxie\SbieCtrl.exe[6216] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                  000007fdc133177a 4 bytes [33, C1, FD, 07]
.text  C:\Program Files\Sandboxie\SbieCtrl.exe[6216] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                  000007fdc1331782 4 bytes [33, C1, FD, 07]

---- Threads - GMER 2.1 ----

Thread  C:\windows\System32\spoolsv.exe [1664:1836]                                                                                000007fdb81c54c0
Thread  C:\windows\System32\spoolsv.exe [1664:3504]                                                                                000007fdb81a30ec
Thread  C:\windows\System32\spoolsv.exe [1664:3644]                                                                                000007fdb2f781ac
Thread  C:\windows\System32\spoolsv.exe [1664:3932]                                                                                000007fdb2a82364
Thread  C:\windows\System32\spoolsv.exe [1664:3892]                                                                                000007fdb2a82364
Thread  C:\windows\System32\spoolsv.exe [1664:4032]                                                                                000007fdb2a82364
Thread  C:\windows\System32\spoolsv.exe [1664:3772]                                                                                000007fdb2a82364
Thread  C:\windows\system32\svchost.exe [1736:1800]                                                                                000007fdbf9e3c90
Thread  C:\windows\system32\svchost.exe [1736:1804]                                                                                000007fdbf9e3c90
Thread  C:\windows\system32\svchost.exe [1736:1848]                                                                                000007fdbf9e3c90
Thread  C:\windows\system32\svchost.exe [1736:1876]                                                                                000007fdbaed9240
Thread  C:\windows\system32\svchost.exe [1736:1940]                                                                                000007fdbaeb7cf0
Thread  C:\windows\system32\svchost.exe [1736:1956]                                                                                000007fdbaee6d90
Thread  C:\windows\system32\svchost.exe [1736:1960]                                                                                000007fdbaeb7ea0
Thread  C:\windows\system32\svchost.exe [1736:2128]                                                                                000007fdb9c131a0
Thread  C:\windows\system32\svchost.exe [1736:2772]                                                                                000007fdb9c19c68
Thread  C:\windows\system32\svchost.exe [1736:3064]                                                                                000007fdb7194910
Thread  C:\windows\system32\svchost.exe [1736:2096]                                                                                000007fdb71824e8
Thread  C:\windows\system32\svchost.exe [1736:2116]                                                                                000007fdb7121544
Thread  C:\windows\system32\svchost.exe [1736:2148]                                                                                000007fdb71055dc
Thread  C:\windows\system32\svchost.exe [1736:4120]                                                                                000007fdb7191044
Thread  C:\windows\system32\csrss.exe [5236:6340]                                                                                  fffff9600090a5e8
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [4992:3388]  000007fdba2877b0
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [4992:3044]  000007fdba2877b0
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [4992:5940]  000007fdc15564e0
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [4992:7112]  000007fdc0fdb2b8
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [4992:6888]  000007fdbff85990
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [4992:5472]  000007fdc0773af0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 20.04.2014 18:02
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Raymond 20.04.2014 22:07
Combofix lief ohne Probleme.

Code:
ComboFix 14-04-20.01 - Karsten 20.04.2014  22:32:15.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.6040.4782 [GMT 2:00]
ausgeführt von:: c:\users\Karsten\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Karsten\AppData\Local\assembly\tmp
c:\users\karsten_2\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-20 bis 2014-04-20  ))))))))))))))))))))))))))))))
.
.
2014-04-19 05:43 . 2014-04-19 05:44        --------        d-----w-        C:\FRST
2014-04-19 03:59 . 2014-04-19 03:59        --------        d-----w-        c:\windows\en
2014-04-19 03:58 . 2014-04-19 03:58        --------        d-----w-        c:\windows\de
2014-04-19 03:57 . 2014-04-19 03:57        --------        d-----w-        c:\program files\Windows Live
2014-04-19 02:40 . 2014-04-19 02:43        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-19 02:40 . 2014-04-19 02:40        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-19 02:40 . 2014-04-19 02:40        --------        d-----w-        c:\programdata\Malwarebytes
2014-04-19 02:40 . 2014-04-03 07:51        63192        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-04-19 02:40 . 2014-04-03 07:51        88280        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-04-19 02:40 . 2014-04-03 07:50        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-04-12 20:34 . 2013-10-25 06:19        1084928        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-04-12 20:34 . 2014-03-07 00:08        2648576        ----a-w-        c:\windows\system32\iertutil.dll
2014-04-12 20:34 . 2014-03-07 00:47        2877952        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-04-12 20:34 . 2014-03-07 00:08        3959808        ----a-w-        c:\windows\system32\jscript9.dll
2014-04-12 20:34 . 2013-04-28 22:30        108032        ----a-w-        c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2014-04-10 00:15 . 2014-02-05 23:41        978432        ----a-w-        c:\windows\system32\KernelBase.dll
2014-04-10 00:15 . 2014-02-05 23:41        1257984        ----a-w-        c:\windows\system32\kernel32.dll
2014-04-10 00:15 . 2014-02-05 23:26        666112        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2014-03-31 19:41 . 2014-03-31 19:41        58568        ----a-w-        c:\windows\SysWow64\sirenacm.dll
2014-03-31 19:34 . 2014-03-31 19:34        322248        ----a-w-        c:\windows\WLXPGSS.SCR
2014-03-27 17:14 . 2014-04-19 02:56        --------        d-----w-        c:\windows\system32\drivers\NISx64\1502000.026
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-10 00:19 . 2012-12-12 17:21        90655440        ----a-w-        c:\windows\system32\MRT.exe
2014-03-31 21:18 . 2014-01-16 05:15        78296        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 21:18 . 2014-01-16 05:15        694232        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-16 14:58 . 2014-03-16 14:58        254640        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
2014-02-10 17:18 . 2014-02-10 17:18        177752        ----a-w-        c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-02-08 04:34 . 2014-03-12 16:03        4036608        ----a-w-        c:\windows\system32\win32k.sys
2014-02-05 23:41 . 2014-03-12 16:02        595968        ----a-w-        c:\windows\system32\qedit.dll
2014-02-05 23:37 . 2014-03-12 16:02        496640        ----a-w-        c:\windows\SysWow64\qedit.dll
2014-01-31 00:48 . 2014-03-12 16:02        1339392        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-01-31 00:06 . 2014-03-12 16:02        1628160        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-01-24 03:25 . 2014-01-15 15:39        96600        ----a-w-        c:\windows\system32\drivers\wfplwfs.sys
2014-01-24 03:25 . 2014-01-15 15:39        723968        ----a-w-        c:\windows\system32\BFE.DLL
2014-01-24 03:25 . 2014-01-15 15:39        1160192        ----a-w-        c:\windows\system32\IKEEXT.DLL
2014-01-24 03:25 . 2014-01-15 15:39        576512        ----a-w-        c:\windows\system32\drivers\afd.sys
2014-01-24 03:25 . 2014-01-15 15:39        62976        ----a-w-        c:\windows\system32\imagehlp.dll
2014-01-24 03:25 . 2014-01-15 15:39        59392        ----a-w-        c:\windows\SysWow64\imagehlp.dll
2014-01-24 03:25 . 2014-01-15 15:39        1300992        ----a-w-        c:\windows\system32\gdi32.dll
2014-01-24 03:25 . 2014-01-15 15:39        1022976        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-01-24 03:24 . 2014-01-15 15:38        626688        ----a-w-        c:\windows\system32\resutils.dll
2014-01-24 03:24 . 2014-01-15 15:38        374784        ----a-w-        c:\windows\system32\clusapi.dll
2014-01-24 03:24 . 2014-01-15 15:38        628736        ----a-w-        c:\windows\SysWow64\wuapi.dll
2014-01-24 03:24 . 2014-01-15 15:38        84992        ----a-w-        c:\windows\SysWow64\wudriver.dll
2014-01-24 03:24 . 2014-01-15 15:38        551424        ----a-w-        c:\windows\SysWow64\oleaut32.dll
2014-01-24 03:24 . 2014-01-15 15:38        175104        ----a-w-        c:\windows\system32\storewuauth.dll
2014-01-24 03:24 . 2014-01-15 15:38        3279872        ----a-w-        c:\windows\system32\wuaueng.dll
2014-01-24 03:24 . 2014-01-15 15:38        1622016        ----a-w-        c:\windows\system32\wucltux.dll
2014-01-24 03:24 . 2014-01-15 15:38        59416        ----a-w-        c:\windows\system32\wuauclt.exe
2014-01-24 03:24 . 2014-01-15 15:38        252928        ----a-w-        c:\windows\system32\WUSettingsProvider.dll
2014-01-24 03:24 . 2014-01-15 15:38        488960        ----a-w-        c:\windows\SysWow64\resutils.dll
2014-01-24 03:24 . 2014-01-15 15:38        302080        ----a-w-        c:\windows\SysWow64\clusapi.dll
2014-01-24 03:24 . 2014-01-15 15:38        1455448        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2014-01-24 03:24 . 2014-01-15 15:38        40448        ----a-w-        c:\windows\system32\wuapp.exe
2014-01-24 03:24 . 2014-01-15 15:38        35328        ----a-w-        c:\windows\SysWow64\wuapp.exe
2014-01-24 03:24 . 2014-01-15 15:38        142848        ----a-w-        c:\windows\system32\wuwebv.dll
2014-01-24 03:24 . 2014-01-15 15:38        126976        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2014-01-24 03:24 . 2014-01-15 15:38        778752        ----a-w-        c:\windows\system32\oleaut32.dll
2014-01-24 03:24 . 2014-01-15 15:38        773120        ----a-w-        c:\windows\system32\wuapi.dll
2014-01-24 03:24 . 2014-01-15 15:38        99328        ----a-w-        c:\windows\system32\wudriver.dll
2014-01-24 03:24 . 2014-01-15 15:38        1173504        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2014-01-24 03:24 . 2014-01-15 15:38        817152        ----a-w-        c:\windows\system32\kerberos.dll
2014-01-24 03:24 . 2014-01-15 15:38        247296        ----a-w-        c:\windows\SysWow64\ubpm.dll
2014-01-24 03:24 . 2014-01-15 15:38        61784        ----a-w-        c:\windows\system32\drivers\crashdmp.sys
2014-01-24 03:24 . 2014-01-15 15:38        13661696        ----a-w-        c:\windows\system32\Windows.UI.Xaml.dll
2014-01-24 03:24 . 2014-01-15 15:38        914432        ----a-w-        c:\windows\SysWow64\UIAutomationCore.dll
2014-01-24 03:24 . 2014-01-15 15:38        656896        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-01-24 03:24 . 2014-01-15 15:38        465240        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2014-01-24 03:24 . 2014-01-15 15:38        328192        ----a-w-        c:\windows\system32\ubpm.dll
2014-01-24 03:24 . 2014-01-15 15:38        10799104        ----a-w-        c:\windows\SysWow64\Windows.UI.Xaml.dll
2014-01-24 03:23 . 2014-01-15 15:38        1890816        ----a-w-        c:\windows\system32\crypt32.dll
2014-01-24 03:23 . 2014-01-15 15:38        1569280        ----a-w-        c:\windows\SysWow64\crypt32.dll
2014-01-24 03:23 . 2014-01-15 15:37        419328        ----a-w-        c:\windows\system32\schannel.dll
2014-01-24 03:23 . 2014-01-15 15:37        323072        ----a-w-        c:\windows\SysWow64\schannel.dll
2014-01-24 03:23 . 2014-01-15 15:37        550400        ----a-w-        c:\windows\SysWow64\FirewallAPI.dll
2014-01-24 03:23 . 2014-01-15 15:37        199168        ----a-w-        c:\windows\SysWow64\WebClnt.dll
2014-01-24 03:23 . 2014-01-15 15:37        104448        ----a-w-        c:\windows\system32\davclnt.dll
2014-01-24 03:23 . 2014-01-15 15:37        915968        ----a-w-        c:\windows\system32\MPSSVC.dll
2014-01-24 03:23 . 2014-01-15 15:37        758784        ----a-w-        c:\windows\system32\FirewallAPI.dll
2014-01-24 03:23 . 2014-01-15 15:37        74752        ----a-w-        c:\windows\system32\drivers\mpsdrv.sys
2014-01-24 03:23 . 2014-01-15 15:37        86016        ----a-w-        c:\windows\SysWow64\davclnt.dll
2014-01-24 03:23 . 2014-01-15 15:37        588288        ----a-w-        c:\windows\system32\SHCore.dll
2014-01-24 03:23 . 2014-01-15 15:37        452608        ----a-w-        c:\windows\SysWow64\SHCore.dll
2014-01-24 03:23 . 2014-01-15 15:37        227840        ----a-w-        c:\windows\system32\WebClnt.dll
2014-01-24 03:23 . 2014-01-15 15:37        222720        ----a-w-        c:\windows\system32\scrobj.dll
2014-01-24 03:23 . 2014-01-15 15:37        194048        ----a-w-        c:\windows\system32\scrrun.dll
2014-01-24 03:23 . 2014-01-15 15:37        162304        ----a-w-        c:\windows\SysWow64\scrobj.dll
2014-01-24 03:23 . 2014-01-15 15:37        156160        ----a-w-        c:\windows\SysWow64\scrrun.dll
2014-01-24 03:23 . 2014-01-15 15:37        146944        ----a-w-        c:\windows\system32\cscript.exe
2014-01-24 03:23 . 2014-01-15 15:37        143872        ----a-w-        c:\windows\system32\wshom.ocx
2014-01-24 03:23 . 2014-01-15 15:37        115712        ----a-w-        c:\windows\SysWow64\cscript.exe
2014-01-24 03:23 . 2014-01-15 15:37        2062848        ----a-w-        c:\windows\system32\d3d11.dll
2014-01-24 03:23 . 2014-01-15 15:37        1711616        ----a-w-        c:\windows\SysWow64\d3d11.dll
2014-01-24 03:23 . 2014-01-15 15:37        420864        ----a-w-        c:\windows\system32\WMPhoto.dll
2014-01-24 03:23 . 2014-01-15 15:37        368640        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2014-01-24 03:22 . 2014-01-15 15:37        2035712        ----a-w-        c:\windows\SysWow64\authui.dll
2014-01-24 03:22 . 2014-01-15 15:37        2304512        ----a-w-        c:\windows\system32\authui.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-01-18 16:11        674496        ----a-w-        c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-01-17 759496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 642728]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-02 491120]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-03-20 162856]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-20 2249352]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-09-28 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1502000.026\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\SymELAM.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1502000.026\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1502000.026\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140417.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140417.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1502000.026\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPConnectedRemote;HP Connected Remote Service;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost        REG_MULTI_SZ          apphostsvc
iissvcs        REG_MULTI_SZ          w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04        215416        ----a-w-        c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-21 03:39]
.
2014-04-19 c:\windows\Tasks\ReclaimerUpdateFiles_Karsten.job
- c:\users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19 03:13]
.
2014-04-19 c:\windows\Tasks\ReclaimerUpdateXML_Karsten.job
- c:\users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19 03:13]
.
2014-04-20 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Karsten.job
- c:\users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19 03:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\karsten_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\karsten_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\karsten_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\karsten_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-01-18 16:12        796352        ----a-w-        c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-08-10 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-06-06 1703424]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2014-01-18 161984]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://foxtab/content/homepage.html
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=BFC9CCA8-518D-487C-929E-64A722B1AEF0&apn_ptnrs=%5EAGS&apn_sauid=095E12B4-6FD1-410F-BA0D-5AC249BCB302&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
c:\users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Karsten\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
AddRemove-{FF27F674-821E-4BA2-985B-DDF539C2CD03} - c:\program files (x86)\InstallShield Installation Information\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38;c:\program files (x86)\Norton Internet Security\Engine64\21.2.0.38"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-04-20  22:53:12
ComboFix-quarantined-files.txt  2014-04-20 20:53
.
Vor Suchlauf: 15 Verzeichnis(se), 342.666.661.888 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 342.406.860.800 Bytes frei
.
- - End Of File - - E440311B01DCFFECDBBD9D2DEE141302
5FB38429D5D77768867C76DCBDB35194

schrauber 21.04.2014 20:31
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Raymond 21.04.2014 21:45
Die angeforderten logs:

MBAM

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 21.04.2014
Suchlauf-Zeit: 22:06:14
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.21.06
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Karsten

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 291615
Verstrichene Zeit: 15 Min, 52 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
adwcleaner
Code:
# AdwCleaner v3.103 - Bericht erstellt am 21/04/2014 um 22:10:41
# Aktualisiert 21/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Karsten - KARSTEN
# Gestartet von : C:\Users\Karsten\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\browserprotect@browserprotect.com.xpi
Datei Gefunden : C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\user.js
Datei Gefunden : C:\Users\karsten_2\AppData\Roaming\Mozilla\Firefox\Profiles\f0z1bxxg.default\Extensions\browserprotect@browserprotect.com.xpi
Datei Gefunden : C:\Users\karsten_2\AppData\Roaming\Mozilla\Firefox\Profiles\f0z1bxxg.default\searchplugins\safesearch.xml
Datei Gefunden : C:\Users\karsten_2\AppData\Roaming\Mozilla\Firefox\Profiles\f0z1bxxg.default\user.js
Ordner Gefunden C:\Program Files (x86)\Common Files\DVDVideoSoft
Ordner Gefunden C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gefunden C:\Program Files (x86)\DVDVideoSoft
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
Ordner Gefunden C:\Users\Karsten\AppData\Local\Temp\FoxTab
Ordner Gefunden C:\Users\Karsten\AppData\Roaming\DVDVideoSoft
Ordner Gefunden C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\FoxTab
Ordner Gefunden C:\Users\karsten_2\AppData\Local\Temp\FoxTab
Ordner Gefunden C:\Users\karsten_2\AppData\Roaming\DVDVideoSoft
Ordner Gefunden C:\Users\karsten_2\AppData\Roaming\Mozilla\Firefox\Profiles\f0z1bxxg.default\FoxTab
Ordner Gefunden C:\Users\karsten_2\Documents\DVDVideoSoft

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gefunden : [x64] HKCU\Software\APN PIP
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{BBDA0591-3099-440a-AA10-41764D9DB4DB}]

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\prefs.js ]

Zeile gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gefunden : user_pref("browser.search.order.1", "Ask.com");
Zeile gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gefunden : user_pref("extensions.browserprotect.urlBarEngine", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=BFC9CCA8-518D-487C-929E-64A722B1AEF0&apn_ptnrs=%5EAGS&a[...]
Zeile gefunden : user_pref("extensions.enabledItems", "{097d3191-e6fa-4728-9826-b533d755359d}:0.7.13,{37fa1426-b82d-11db-8314-0800200c9a66}:2.7.5,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,vshare@toolbar:1.0.0,{e001[...]
Zeile gefunden : user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"13\": {\"id\": \"13\",\"title\": \"PriceGong\",\"type\": \"XPI\",\"url\": \"hxxps://www.radialsearch.com/downloads/price[...]
Zeile gefunden : user_pref("extensions.vshare@toolbar.install-event-fired", true);
Zeile gefunden : user_pref("extensions.vshare@toolbar.update.enabled", false);
Zeile gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=BFC9CCA8-518D-487C-929E-64A722B1AEF0&apn_ptnrs=%5EAGS&apn_sauid=095E12B4-6FD1-410F[...]
Zeile gefunden : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Zeile gefunden : user_pref("surfcanyon.last_checked_ts", "1266995904324");

[ Datei : C:\Users\karsten_2\AppData\Roaming\Mozilla\Firefox\Profiles\f0z1bxxg.default\prefs.js ]

Zeile gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gefunden : user_pref("browser.search.order.1", "Ask.com");
Zeile gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gefunden : user_pref("extensions.browserprotect.urlBarEngine", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=BFC9CCA8-518D-487C-929E-64A722B1AEF0&apn_ptnrs=%5EAGS&a[...]
Zeile gefunden : user_pref("extensions.enabledItems", "{097d3191-e6fa-4728-9826-b533d755359d}:0.7.13,{37fa1426-b82d-11db-8314-0800200c9a66}:2.7.5,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,vshare@toolbar:1.0.0,{e001[...]
Zeile gefunden : user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"13\": {\"id\": \"13\",\"title\": \"PriceGong\",\"type\": \"XPI\",\"url\": \"hxxps://www.radialsearch.com/downloads/price[...]
Zeile gefunden : user_pref("extensions.vshare@toolbar.install-event-fired", true);
Zeile gefunden : user_pref("extensions.vshare@toolbar.update.enabled", false);
Zeile gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=BFC9CCA8-518D-487C-929E-64A722B1AEF0&apn_ptnrs=%5EAGS&apn_sauid=095E12B4-6FD1-410F[...]
Zeile gefunden : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Zeile gefunden : user_pref("surfcanyon.last_checked_ts", "1266995904324");

*************************

AdwCleaner[R0].txt - [6242 octets] - [21/04/2014 22:10:41]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6302 octets] ##########
JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Karsten on 21.04.2014 at 22:18:25,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{19B9E307-FBC7-461C-B092-16D9234C20BA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{19B9E307-FBC7-461C-B092-16D9234C20BA}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Karsten\AppData\Roaming\mozilla\firefox\profiles\etdtmevn.default\prefs.js

user_pref("extensions.linkextend.defaultsearchengine", "ixquick");
Emptied folder: C:\Users\Karsten\AppData\Roaming\mozilla\firefox\profiles\etdtmevn.default\minidumps [50 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.04.2014 at 22:24:40,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2014 01
Ran by Karsten (administrator) on KARSTEN on 21-04-2014 22:26:30
Running from C:\Users\Karsten\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AMD) C:\windows\system32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-06] (IDT, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-28] (RealNetworks, Inc.)
HKU\S-1-5-21-4084426041-1636381982-3049202617-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {19B9E307-FBC7-461C-B092-16D9234C20BA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default
FF SelectedSearchEngine: Google
FF Homepage: chrome://foxtab/content/homepage.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @coreonline.com/run3d,version=1.0 - C:\Users\Karsten\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=2.0.8.2 - C:\Users\Karsten\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Bitdefender QuickScan - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013-08-02]
FF Extension: Redirect Remover - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} [2012-11-21]
FF Extension: RSS Icon - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\kitsuneymg@gmail.com.xpi [2012-11-21]
FF Extension: All-in-One Sidebar - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-11-21]
FF Extension: FlashGot - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-11-21]
FF Extension: X-notifier - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-11-21]
FF Extension: NoScript - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-21]
FF Extension: ImTranslator - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012-11-21]
FF Extension: LinkExtend - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-21]
FF Extension: BetterPrivacy - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-11-21]
FF Extension: DownThemAll! - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-11-21]
FF Extension: Torbutton - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2012-11-21]
FF Extension: FoxTab - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012-11-21]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-28]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-02-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Karsten\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Karsten\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2013-03-01]

==================== Services (Whitelisted) =================

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140417.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140421.001\ENG64.SYS [126040 2014-04-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140421.001\EX64.SYS [2099288 2014-04-15] (Symantec Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 22:26 - 2014-04-21 22:26 - 00020160 _____ () C:\Users\Karsten\Desktop\FRST.txt
2014-04-21 22:26 - 2014-04-21 22:26 - 00000000 ____D () C:\Users\Karsten\Desktop\FRST-OlderVersion
2014-04-21 22:24 - 2014-04-21 22:24 - 00001236 _____ () C:\Users\Karsten\Desktop\JRT.txt
2014-04-21 22:18 - 2014-04-21 22:18 - 00000000 ____D () C:\windows\ERUNT
2014-04-21 22:12 - 2014-04-21 22:12 - 00006402 _____ () C:\Users\Karsten\Desktop\AdwCleaner[R0].txt
2014-04-21 22:10 - 2014-04-21 22:12 - 00000000 ____D () C:\AdwCleaner
2014-04-21 22:10 - 2014-04-21 22:10 - 01324843 _____ () C:\Users\Karsten\Desktop\adwcleaner.exe
2014-04-21 22:07 - 2014-04-21 22:07 - 00001136 _____ () C:\Users\Karsten\Desktop\mbam.txt
2014-04-21 21:48 - 2014-04-21 21:48 - 00002289 _____ () C:\Users\Karsten\Desktop\anweisung.txt
2014-04-21 21:42 - 2014-04-06 08:36 - 01016261 _____ (Thisisu) C:\Users\Karsten\Desktop\JRT.exe
2014-04-21 21:41 - 2014-04-21 21:41 - 01016261 _____ (Thisisu) C:\Users\karsten_2\Downloads\JRT.exe
2014-04-20 23:03 - 2014-04-20 23:03 - 00000782 _____ () C:\windows\PFRO.log
2014-04-20 22:53 - 2014-04-20 22:53 - 00021544 _____ () C:\ComboFix.txt
2014-04-20 22:30 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-04-20 22:30 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-04-20 22:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-04-20 22:29 - 2014-04-20 22:53 - 00000000 ____D () C:\Qoobox
2014-04-20 22:29 - 2014-04-20 22:49 - 00000000 ____D () C:\windows\erdnt
2014-04-20 22:26 - 2014-04-20 17:11 - 05196870 ____R (Swearware) C:\Users\Karsten\Desktop\ComboFix.exe
2014-04-19 18:25 - 2014-04-19 18:25 - 00006854 _____ () C:\Users\Karsten\Desktop\gmer.log
2014-04-19 18:13 - 2014-04-19 18:13 - 00000476 _____ () C:\Users\Karsten\Desktop\defogger_disable.log
2014-04-19 18:13 - 2014-04-19 18:13 - 00000000 _____ () C:\Users\Karsten\defogger_reenable
2014-04-19 18:10 - 2014-04-19 18:10 - 00380416 _____ () C:\Users\Karsten\Desktop\Gmer-19357.exe
2014-04-19 18:10 - 2014-04-19 18:10 - 00050477 _____ () C:\Users\Karsten\Desktop\Defogger.exe
2014-04-19 07:43 - 2014-04-21 22:26 - 00000000 ____D () C:\FRST
2014-04-19 07:39 - 2014-04-21 22:26 - 02163712 _____ (Farbar) C:\Users\Karsten\Desktop\FRST64.exe
2014-04-19 05:59 - 2014-04-19 05:59 - 00000000 ____D () C:\windows\en
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ____D () C:\windows\de
2014-04-19 05:57 - 2014-04-19 05:57 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-19 05:56 - 2014-04-19 05:56 - 00000382 _____ () C:\windows\DirectX.log
2014-04-19 05:54 - 2014-04-17 13:38 - 01239752 _____ (Microsoft Corporation) C:\Users\Karsten\Downloads\wlsetup-web.exe
2014-04-19 05:51 - 2014-03-25 15:28 - 04787368 _____ (Piriform Ltd) C:\Users\Karsten\Downloads\ccsetup412.exe
2014-04-19 05:50 - 2014-04-21 22:15 - 00000400 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Karsten.job
2014-04-19 05:50 - 2014-04-21 04:51 - 00000394 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Karsten.job
2014-04-19 05:50 - 2014-04-19 08:02 - 00000390 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Karsten.job
2014-04-19 05:50 - 2014-04-19 05:50 - 00003618 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002966 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002962 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002670 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Karsten
2014-04-19 05:06 - 2013-03-18 21:00 - 04745728 _____ (AVAST Software) C:\Users\Karsten\Desktop\aswMBR.exe
2014-04-19 04:40 - 2014-04-21 21:50 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 04:40 - 2014-04-19 04:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-19 04:40 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-19 04:40 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-19 04:40 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-19 04:38 - 2014-04-19 04:38 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\karsten_2\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 04:10 - 2014-04-19 04:10 - 00000154 _____ () C:\Users\karsten_2\Desktop\norton.txt
2014-04-19 04:09 - 2014-04-17 19:01 - 03077584 ____N (Symantec Corporation) C:\Users\karsten_2\Downloads\NPE.exe
2014-04-16 19:47 - 2014-04-21 22:15 - 00003346 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-16 19:47 - 2014-04-21 22:15 - 00003220 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-12 22:35 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-12 22:35 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-12 22:35 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-12 22:35 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-12 22:35 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-12 22:35 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 22:35 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-04-12 22:35 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-12 22:35 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-04-12 22:35 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-04-12 22:35 - 2014-01-27 01:17 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml
2014-04-12 22:35 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2014-04-12 22:35 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-04-12 22:35 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-04-12 22:35 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 22:35 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-04-12 22:35 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-04-12 22:35 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-04-12 22:35 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-12 22:35 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-12 22:35 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-12 22:35 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-04-12 22:35 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-12 22:35 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-04-12 22:35 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-12 22:35 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-12 22:35 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-04-12 22:34 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-12 22:34 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-10 02:15 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-10 02:15 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-04-10 02:15 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-04-10 02:15 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-03-31 21:41 - 2014-03-31 21:41 - 00058568 _____ (Microsoft Corporation) C:\windows\SysWOW64\sirenacm.dll
2014-03-31 21:34 - 2014-03-31 21:34 - 00322248 _____ (Microsoft Corporation) C:\windows\WLXPGSS.SCR
2014-03-29 08:35 - 2014-03-29 08:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 04:55 - 2014-03-28 04:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-03-28 04:49 - 2014-04-10 05:47 - 00446968 _____ () C:\windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2014-04-21 22:26 - 2014-04-21 22:26 - 00020160 _____ () C:\Users\Karsten\Desktop\FRST.txt
2014-04-21 22:26 - 2014-04-21 22:26 - 00000000 ____D () C:\Users\Karsten\Desktop\FRST-OlderVersion
2014-04-21 22:26 - 2014-04-19 07:43 - 00000000 ____D () C:\FRST
2014-04-21 22:26 - 2014-04-19 07:39 - 02163712 _____ (Farbar) C:\Users\Karsten\Desktop\FRST64.exe
2014-04-21 22:25 - 2012-11-23 21:33 - 01213452 _____ () C:\windows\WindowsUpdate.log
2014-04-21 22:25 - 2012-11-21 12:44 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4084426041-1636381982-3049202617-1001
2014-04-21 22:24 - 2014-04-21 22:24 - 00001236 _____ () C:\Users\Karsten\Desktop\JRT.txt
2014-04-21 22:18 - 2014-04-21 22:18 - 00000000 ____D () C:\windows\ERUNT
2014-04-21 22:15 - 2014-04-19 05:50 - 00000400 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Karsten.job
2014-04-21 22:15 - 2014-04-16 19:47 - 00003346 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-21 22:15 - 2014-04-16 19:47 - 00003220 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-21 22:15 - 2013-10-29 22:00 - 00000000 ____D () C:\Users\karsten_2\AppData\Roaming\ClassicShell
2014-04-21 22:14 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-21 22:13 - 2012-07-26 07:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-04-21 22:12 - 2014-04-21 22:12 - 00006402 _____ () C:\Users\Karsten\Desktop\AdwCleaner[R0].txt
2014-04-21 22:12 - 2014-04-21 22:10 - 00000000 ____D () C:\AdwCleaner
2014-04-21 22:10 - 2014-04-21 22:10 - 01324843 _____ () C:\Users\Karsten\Desktop\adwcleaner.exe
2014-04-21 22:07 - 2014-04-21 22:07 - 00001136 _____ () C:\Users\Karsten\Desktop\mbam.txt
2014-04-21 22:02 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-04-21 21:55 - 2012-11-21 19:42 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 21:50 - 2014-04-19 04:40 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 21:48 - 2014-04-21 21:48 - 00002289 _____ () C:\Users\Karsten\Desktop\anweisung.txt
2014-04-21 21:41 - 2014-04-21 21:41 - 01016261 _____ (Thisisu) C:\Users\karsten_2\Downloads\JRT.exe
2014-04-21 20:00 - 2012-11-22 18:42 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-21 19:55 - 2014-03-14 03:03 - 00003242 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-21 19:55 - 2014-01-29 23:22 - 00003368 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-21 08:46 - 2012-11-24 23:41 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{3454E9CE-74EC-4794-80EB-8B50E51C0BDD}
2014-04-21 04:51 - 2014-04-19 05:50 - 00000394 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Karsten.job
2014-04-20 23:03 - 2014-04-20 23:03 - 00000782 _____ () C:\windows\PFRO.log
2014-04-20 22:53 - 2014-04-20 22:53 - 00021544 _____ () C:\ComboFix.txt
2014-04-20 22:53 - 2014-04-20 22:29 - 00000000 ____D () C:\Qoobox
2014-04-20 22:50 - 2012-11-22 18:36 - 00000000 ___RD () C:\Users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-20 22:49 - 2014-04-20 22:29 - 00000000 ____D () C:\windows\erdnt
2014-04-20 22:42 - 2012-07-26 07:26 - 00000215 _____ () C:\windows\system.ini
2014-04-20 17:11 - 2014-04-20 22:26 - 05196870 ____R (Swearware) C:\Users\Karsten\Desktop\ComboFix.exe
2014-04-20 15:45 - 2012-12-27 15:39 - 00000000 ____D () C:\Users\karsten_2\AppData\Local\CrashDumps
2014-04-20 15:44 - 2012-11-21 12:34 - 00000000 ____D () C:\Users\Karsten\AppData\Local\VirtualStore
2014-04-20 15:36 - 2012-11-23 13:34 - 00000000 ____D () C:\Karsten
2014-04-20 15:33 - 2012-11-22 18:35 - 00000000 ____D () C:\Users\karsten_2\AppData\Local\VirtualStore
2014-04-20 12:49 - 2012-09-28 17:11 - 00745562 _____ () C:\windows\system32\perfh007.dat
2014-04-20 12:49 - 2012-09-28 17:11 - 00169488 _____ () C:\windows\system32\perfc007.dat
2014-04-20 12:49 - 2012-07-26 09:28 - 01752656 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-20 12:48 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-20 06:52 - 2012-11-23 22:04 - 00119240 _____ () C:\Users\karsten_2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-19 18:35 - 2014-02-05 22:00 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\ClassicShell
2014-04-19 18:25 - 2014-04-19 18:25 - 00006854 _____ () C:\Users\Karsten\Desktop\gmer.log
2014-04-19 18:13 - 2014-04-19 18:13 - 00000476 _____ () C:\Users\Karsten\Desktop\defogger_disable.log
2014-04-19 18:13 - 2014-04-19 18:13 - 00000000 _____ () C:\Users\Karsten\defogger_reenable
2014-04-19 18:13 - 2012-11-21 12:33 - 00000000 ____D () C:\Users\Karsten
2014-04-19 18:10 - 2014-04-19 18:10 - 00380416 _____ () C:\Users\Karsten\Desktop\Gmer-19357.exe
2014-04-19 18:10 - 2014-04-19 18:10 - 00050477 _____ () C:\Users\Karsten\Desktop\Defogger.exe
2014-04-19 08:05 - 2013-03-17 17:56 - 00000000 ____D () C:\Users\Karsten\AppData\Local\CrashDumps
2014-04-19 08:02 - 2014-04-19 05:50 - 00000390 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Karsten.job
2014-04-19 07:24 - 2012-11-21 19:52 - 00005090 _____ () C:\windows\Sandboxie.ini
2014-04-19 05:59 - 2014-04-19 05:59 - 00000000 ____D () C:\windows\en
2014-04-19 05:59 - 2012-11-22 19:40 - 00000000 ____D () C:\Users\Karsten\Tracing
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ____D () C:\windows\de
2014-04-19 05:57 - 2014-04-19 05:57 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-19 05:57 - 2012-09-28 08:39 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-04-19 05:56 - 2014-04-19 05:56 - 00000382 _____ () C:\windows\DirectX.log
2014-04-19 05:53 - 2013-03-22 19:59 - 00000000 ____D () C:\windows\Minidump
2014-04-19 05:52 - 2012-11-22 00:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-19 05:52 - 2012-11-21 15:18 - 00000000 ____D () C:\Users\Karsten\AppData\Local\Mozilla
2014-04-19 05:50 - 2014-04-19 05:50 - 00003618 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002966 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002962 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Karsten
2014-04-19 05:50 - 2014-04-19 05:50 - 00002670 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Karsten
2014-04-19 05:39 - 2012-11-21 19:42 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-19 05:16 - 2012-11-23 20:29 - 00000000 ____D () C:\Users\Karsten\AppData\Local\NPE
2014-04-19 05:13 - 2013-03-16 19:19 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\Real
2014-04-19 05:12 - 2012-11-21 12:36 - 00000000 ___RD () C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-19 05:12 - 2012-11-21 12:36 - 00000000 ___RD () C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-19 04:40 - 2014-04-19 04:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-19 04:38 - 2014-04-19 04:38 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\karsten_2\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 04:13 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-04-19 04:12 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-04-19 04:10 - 2014-04-19 04:10 - 00000154 _____ () C:\Users\karsten_2\Desktop\norton.txt
2014-04-17 19:01 - 2014-04-19 04:09 - 03077584 ____N (Symantec Corporation) C:\Users\karsten_2\Downloads\NPE.exe
2014-04-17 13:38 - 2014-04-19 05:54 - 01239752 _____ (Microsoft Corporation) C:\Users\Karsten\Downloads\wlsetup-web.exe
2014-04-14 08:08 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-04-13 08:12 - 2012-11-22 18:36 - 00000000 ___RD () C:\Users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-13 08:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData
2014-04-13 08:06 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-04-10 05:49 - 2013-02-21 20:12 - 00000000 ____D () C:\Users\karsten_2\AppData\Roaming\QuickScan
2014-04-10 05:47 - 2014-03-28 04:49 - 00446968 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-10 05:47 - 2013-01-28 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-10 02:21 - 2013-08-14 14:22 - 00000000 ____D () C:\windows\system32\MRT
2014-04-10 02:21 - 2012-11-21 14:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 02:19 - 2012-12-12 19:21 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-06 08:36 - 2014-04-21 21:42 - 01016261 _____ (Thisisu) C:\Users\Karsten\Desktop\JRT.exe
2014-04-03 09:51 - 2014-04-19 04:40 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 04:40 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 04:40 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-31 23:18 - 2014-01-16 07:15 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2014-01-16 07:15 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 21:41 - 2014-03-31 21:41 - 00058568 _____ (Microsoft Corporation) C:\windows\SysWOW64\sirenacm.dll
2014-03-31 21:34 - 2014-03-31 21:34 - 00322248 _____ (Microsoft Corporation) C:\windows\WLXPGSS.SCR
2014-03-29 08:35 - 2014-03-29 08:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 04:55 - 2014-03-28 04:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-03-28 04:50 - 2014-02-10 19:18 - 00002503 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-03-28 04:50 - 2012-09-28 08:42 - 00003234 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-03-28 04:50 - 2012-09-28 08:41 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-03-25 15:28 - 2014-04-19 05:51 - 04787368 _____ (Piriform Ltd) C:\Users\Karsten\Downloads\ccsetup412.exe
2014-03-23 20:21 - 2012-11-23 14:21 - 00000000 ____D () C:\Users\karsten_2\Documents\trle
2014-03-23 20:21 - 2012-11-22 19:12 - 00000000 ____D () C:\Users\karsten_2\Documents\test

Some content of TEMP:
====================
C:\Users\Karsten\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-18 03:01

==================== End Of Log ============================
--- --- ---



FRST-addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-04-2014 01
Ran by Karsten at 2014-04-21 22:27:02
Running from C:\Users\Karsten\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 13 Plugin (HKLM-x32\...\{28ADCCAD-3C23-44A1-A93F-47AA176F7AD7}) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{BF821093-CFD3-EC1B-B357-6817EE34E5C7}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3109 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.1.4319 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Epson Stylus SX210_SX410_TX210_TX410 Handbuch (HKLM-x32\...\Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch) (Version:  - )
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version:  - SEIKO EPSON Corporation)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
FirstClass Client (HKLM-x32\...\{6EBED885-73D9-4750-B96E-FD654500E59F}) (Version: 11.063 - OpenText)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.23.320 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NG Center 1.3 (C:\Program Files (x86)\NG_CENTER\) (HKLM-x32\...\ST6UNST #2) (Version:  - )
NG Center 1.3 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.2 - )
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PDF Image Extraction Wizard 1.2 (HKLM-x32\...\PDF Image Extraction Wizard 1.2_is1) (Version:  - RL Vision)
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.4001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.4001 - Secunia)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Square Enix Secure Launcher (HKCU\...\Square Enix Secure Launcher) (Version: 1.0.0.108 - Square Enix)
Tomb Raider: Underworld 1.0 (HKLM-x32\...\Tomb Raider: Underworld) (Version:  - )
Torrent Stream 2.0.8.2 (HKCU\...\TorrentStream) (Version: 2.0.8.2 - Torrent Stream)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media 8 Encoding Utility (HKLM-x32\...\wm8eutil) (Version:  - )

==================== Restore Points  =========================

05-04-2014 09:43:55 Geplanter Prüfpunkt
10-04-2014 00:18:22 Windows Update
13-04-2014 05:54:54 Windows Update
17-04-2014 17:20:55 Windows Update
19-04-2014 03:55:29 Windows Live Essentials

==================== Hosts content: ==========================

2012-07-26 07:26 - 2014-04-20 22:42 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0FD112A7-7F87-4829-BB9E-B9312628AE9D} - System32\Tasks\ReclaimerUpdateFiles_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1BC3AC19-486A-48F4-8053-5EE64A7CB816} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {2064DABC-F816-49AE-BF2C-0B049D18D797} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {2101431E-D2FC-4FDA-B878-403E464181FF} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {213BEEDC-746D-4FB0-8EE3-275DD1AE7628} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\SymErr.exe
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2FF00A12-A928-4ECA-9C2E-BE87B368C59C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {346A87A1-E047-4B7D-92AC-5373BD8CADFB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {536E6974-C855-4784-B003-060E0F9DB9CC} - System32\Tasks\ReclaimerUpdateXML_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {59E63EB5-854D-40CF-8647-E60440202B92} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {5E15A49D-D139-4E34-97BD-E972FCF0356D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {67203319-C175-43E9-AF13-18F32A779471} - System32\Tasks\RNUpgradeHelperLogonPrompt_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {67C732A8-3943-4A4D-981B-8624BDB78D67} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-19] (Adobe Systems Incorporated)
Task: {6FAAD3FA-7D3D-4EBA-AFCB-826927D3EB19} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {774FFC74-76B2-4F7C-BCE4-E3AD73ED172B} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\SymErr.exe
Task: {7FACDD51-5853-4884-BCE3-D0DF29E84F48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {83456510-8F6A-4FA9-8C35-9AFE19A9A419} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8FA3AC7C-04EB-46FA-B94B-37E9073E8E59} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9546EAA3-39C3-4DED-8713-946248B95374} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {971499DF-481A-4BC0-B62E-5E543C0E3FFE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AC4EB255-2D46-4F4A-8A26-4AE43DAEBDEC} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AFD44EBF-961E-4823-9B59-DA4C7F614202} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B786AA05-BA0A-448B-B222-EE5E8AF7C821} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C1B82AC9-DFF7-4309-BBB9-37FEE2677B46} - System32\Tasks\RNUpgradeHelperResumePrompt_Karsten => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-19] (RealNetworks, Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D3DE6F95-558B-42D6-B1F8-77CA1D220B89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F3C8CE70-E5A6-4093-BD3F-33340A24C0ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2012-07-13] (Hewlett-Packard)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\ReclaimerUpdateFiles_Karsten.job => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\windows\Tasks\ReclaimerUpdateXML_Karsten.job => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Karsten.job => C:\Users\Karsten\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-07-26 11:48 - 2012-07-26 11:46 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2012-11-21 12:35 - 2012-11-21 12:35 - 00120224 _____ () C:\Users\Karsten\AppData\Local\assembly\dl3\QP4W3VP8.MXJ\LXD3OH7N.ZEZ\3c7a996f\00af4ffb_c485cd01\HPItunesModule.DLL
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2012-07-04 22:37 - 2012-07-04 22:37 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-05-04 17:42 - 2012-05-04 17:42 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2012-05-04 17:42 - 2012-05-04 17:42 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2012-09-28 08:31 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-04-20 22:38:43.671
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 6039.52 MB
Available physical RAM: 4659.19 MB
Total Pagefile: 6999.52 MB
Available Pagefile: 5520.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.36 GB) (Free:310.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:10.92 GB) (Free:1.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (YOU_ARE_THE_QUESTION) (CDROM) (Total:7.56 GB) (Free:0 GB) UDF
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (RecoveryDaten) (Fixed) (Total:297.99 GB) (Free:277.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 7304BB38)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Zusätzlich als Nachtrag der log von einem erfolgreichen Scan von aswMBR:

Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-21 22:30:36
-----------------------------
22:30:36.715    OS Version: Windows x64 6.2.9200
22:30:36.715    Number of processors: 4 586 0x1001
22:30:36.715    ComputerName: KARSTEN  UserName: Karsten
22:30:36.762    Initialze error 1
22:32:14.227    AVAST engine defs: 14042101
22:32:19.827    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000031
22:32:19.843    Disk 0 Vendor: ST500DM002-1BD142 HP73 Size: 476940MB BusType: 11
22:32:19.843    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000032
22:32:19.843    Disk 1 Vendor: WDC_WD3200AACS-00ZUB0 01.01B01 Size: 305245MB BusType: 11
22:32:19.874    Disk 0 MBR read successfully
22:32:19.874    Disk 0 MBR scan
22:32:19.905    Disk 0 unknown MBR code
22:32:19.983    Disk 0 Partition 1 00    EE          GPT          2097151 MB offset 1
22:32:19.983    Disk 0 scanning C:\windows\system32\drivers
22:32:19.999    Service scanning
22:32:20.872    Modules scanning
22:32:20.872    Disk 0 trace - called modules:
22:32:20.888    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys
22:32:20.888    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800689a060]
22:32:20.888    3 CLASSPNP.SYS[fffff88001320e0a] -> nt!IofCallDriver -> \Device\00000031[0xfffffa8005e17060]
22:32:20.904    AVAST engine scan C:\windows
22:32:20.904    AVAST engine scan C:\windows\system32
22:32:20.904    AVAST engine scan C:\windows\system32\drivers
22:32:20.919    AVAST engine scan C:\Users\Karsten
22:32:20.919    AVAST engine scan C:\ProgramData
22:32:20.919    Scan finished successfully
22:33:22.852    Disk 0 MBR has been saved successfully to "C:\Users\Karsten\Desktop\MBR.dat"
22:33:23.133    The log file has been saved successfully to "C:\Users\Karsten\Desktop\aswMBR.txt"

schrauber 22.04.2014 13:57
AdwCleaner hast Du auch löschen lassen?

Raymond 22.04.2014 19:59
Ja, den Log hatte ich schon vor dem Löschen gespeichert.

schrauber 23.04.2014 08:57

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Raymond 24.04.2014 07:09
ESET

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dd5d21c5c37261488a7ad9505027c81e
# engine=18003
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-23 11:20:39
# local_time=2014-04-24 01:20:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=3591 16777213 100 88 9200 160891824 0 0
# compatibility_mode=5893 16776574 100 94 3605635 57801350 0 0
# scanned=351041
# found=0
# cleaned=0
# scan_time=8844

Securitycheck

Code:
Results of screen317's Security Check version 0.99.82 
  x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Defender         
Norton Internet Security 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.4001) 
 Adobe Flash Player        13.0.0.182 
 Adobe Reader XI 
 Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by Karsten (administrator) on KARSTEN on 24-04-2014 07:59:31
Running from C:\Users\Karsten\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\windows\system32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-06] (IDT, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-04-22] (RealNetworks, Inc.)
HKU\S-1-5-21-4084426041-1636381982-3049202617-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {19B9E307-FBC7-461C-B092-16D9234C20BA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default
FF SelectedSearchEngine: Google
FF Homepage: chrome://foxtab/content/homepage.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @coreonline.com/run3d,version=1.0 - C:\Users\Karsten\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=2.0.8.2 - C:\Users\Karsten\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Bitdefender QuickScan - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013-08-02]
FF Extension: Redirect Remover - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} [2012-11-21]
FF Extension: RSS Icon - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\kitsuneymg@gmail.com.xpi [2012-11-21]
FF Extension: All-in-One Sidebar - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-11-21]
FF Extension: FlashGot - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-11-21]
FF Extension: X-notifier - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-11-21]
FF Extension: NoScript - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-21]
FF Extension: ImTranslator - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012-11-21]
FF Extension: LinkExtend - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-21]
FF Extension: BetterPrivacy - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-11-21]
FF Extension: DownThemAll! - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-11-21]
FF Extension: Torbutton - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2012-11-21]
FF Extension: FoxTab - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\etdtmevn.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012-11-21]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-22]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-02-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Karsten\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Karsten\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2013-03-01]

==================== Services (Whitelisted) =================

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-22] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140423.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140423.016\ENG64.SYS [126040 2014-04-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140423.016\EX64.SYS [2099288 2014-04-15] (Symantec Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-24 07:59 - 2014-04-24 07:59 - 00020968 _____ () C:\Users\Karsten\Desktop\FRST.txt
2014-04-24 07:59 - 2014-04-24 07:59 - 00000000 ____D () C:\Users\Karsten\Desktop\FRST-OlderVersion
2014-04-24 07:55 - 2014-04-24 07:55 - 00000791 _____ () C:\Users\Karsten\Desktop\checkup.txt
2014-04-24 03:11 - 2014-04-24 03:11 - 00001388 _____ () C:\Users\Karsten\Desktop\anweisung.txt
2014-04-23 22:50 - 2014-04-23 22:50 - 00855379 _____ () C:\Users\Karsten\Desktop\SecurityCheck.exe
2014-04-23 22:49 - 2013-04-04 14:07 - 02347384 _____ (ESET) C:\Users\Karsten\Desktop\esetsmartinstaller_enu.exe
2014-04-22 22:16 - 2014-04-22 22:16 - 00142848 _____ () C:\Users\karsten_2\Desktop\Order Berlin.xls
2014-04-22 21:42 - 2014-04-22 21:42 - 01345485 _____ () C:\Users\Karsten\Desktop\adwcleaner.exe
2014-04-22 21:40 - 2014-04-22 21:40 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\RealNetworks
2014-04-22 21:37 - 2014-04-22 21:37 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-04-22 21:37 - 2014-04-22 21:37 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-04-22 21:01 - 2014-04-22 21:01 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-21 22:18 - 2014-04-21 22:18 - 00000000 ____D () C:\windows\ERUNT
2014-04-21 22:10 - 2014-04-22 21:44 - 00000000 ____D () C:\AdwCleaner
2014-04-21 21:42 - 2014-04-06 08:36 - 01016261 _____ (Thisisu) C:\Users\Karsten\Desktop\JRT.exe
2014-04-21 21:41 - 2014-04-21 21:41 - 01016261 _____ (Thisisu) C:\Users\karsten_2\Downloads\JRT.exe
2014-04-20 23:03 - 2014-04-20 23:03 - 00000782 _____ () C:\windows\PFRO.log
2014-04-20 22:53 - 2014-04-20 22:53 - 00021544 _____ () C:\ComboFix.txt
2014-04-20 22:30 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-04-20 22:30 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-04-20 22:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-04-20 22:30 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-04-20 22:29 - 2014-04-20 22:53 - 00000000 ____D () C:\Qoobox
2014-04-20 22:29 - 2014-04-20 22:49 - 00000000 ____D () C:\windows\erdnt
2014-04-20 22:26 - 2014-04-20 17:11 - 05196870 ____R (Swearware) C:\Users\Karsten\Desktop\ComboFix.exe
2014-04-19 18:13 - 2014-04-19 18:13 - 00000000 _____ () C:\Users\Karsten\defogger_reenable
2014-04-19 18:10 - 2014-04-19 18:10 - 00380416 _____ () C:\Users\Karsten\Desktop\Gmer-19357.exe
2014-04-19 18:10 - 2014-04-19 18:10 - 00050477 _____ () C:\Users\Karsten\Desktop\Defogger.exe
2014-04-19 07:43 - 2014-04-24 07:59 - 00000000 ____D () C:\FRST
2014-04-19 07:39 - 2014-04-24 07:59 - 02061824 _____ (Farbar) C:\Users\Karsten\Desktop\FRST64.exe
2014-04-19 05:59 - 2014-04-19 05:59 - 00000000 ____D () C:\windows\en
2014-04-19 05:58 - 2014-04-19 05:58 - 00001307 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ____D () C:\windows\de
2014-04-19 05:57 - 2014-04-19 05:57 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-19 05:56 - 2014-04-19 05:56 - 00000382 _____ () C:\windows\DirectX.log
2014-04-19 05:54 - 2014-04-17 13:38 - 01239752 _____ (Microsoft Corporation) C:\Users\Karsten\Downloads\wlsetup-web.exe
2014-04-19 05:51 - 2014-03-25 15:28 - 04787368 _____ (Piriform Ltd) C:\Users\Karsten\Downloads\ccsetup412.exe
2014-04-19 05:06 - 2013-03-18 21:00 - 04745728 _____ (AVAST Software) C:\Users\Karsten\Desktop\aswMBR.exe
2014-04-19 04:40 - 2014-04-21 21:50 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 04:40 - 2014-04-19 04:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-19 04:40 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-19 04:40 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-19 04:40 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-19 04:38 - 2014-04-19 04:38 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\karsten_2\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 04:09 - 2014-04-17 19:01 - 03077584 ____N (Symantec Corporation) C:\Users\karsten_2\Downloads\NPE.exe
2014-04-16 19:47 - 2014-04-24 03:15 - 00003346 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-16 19:47 - 2014-04-24 03:15 - 00003220 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-12 22:35 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-12 22:35 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-12 22:35 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-12 22:35 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-12 22:35 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-12 22:35 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-12 22:35 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-12 22:35 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 22:35 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-04-12 22:35 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 22:35 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-04-12 22:35 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-12 22:35 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-04-12 22:35 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-04-12 22:35 - 2014-01-27 01:17 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml
2014-04-12 22:35 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2014-04-12 22:35 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-04-12 22:35 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-04-12 22:35 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 22:35 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-04-12 22:35 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-04-12 22:35 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-04-12 22:35 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-12 22:35 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-12 22:35 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-12 22:35 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-12 22:35 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-04-12 22:35 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-12 22:35 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-04-12 22:35 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-12 22:35 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-12 22:35 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-12 22:34 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-04-12 22:34 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-12 22:34 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-10 02:15 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-10 02:15 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-04-10 02:15 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-04-10 02:15 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-03-31 21:41 - 2014-03-31 21:41 - 00058568 _____ (Microsoft Corporation) C:\windows\SysWOW64\sirenacm.dll
2014-03-31 21:34 - 2014-03-31 21:34 - 00322248 _____ (Microsoft Corporation) C:\windows\WLXPGSS.SCR
2014-03-29 08:35 - 2014-03-29 08:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 04:55 - 2014-03-28 04:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-03-28 04:49 - 2014-04-10 05:47 - 00446968 _____ () C:\windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2014-04-24 07:59 - 2014-04-24 07:59 - 00020968 _____ () C:\Users\Karsten\Desktop\FRST.txt
2014-04-24 07:59 - 2014-04-24 07:59 - 00000000 ____D () C:\Users\Karsten\Desktop\FRST-OlderVersion
2014-04-24 07:59 - 2014-04-19 07:43 - 00000000 ____D () C:\FRST
2014-04-24 07:59 - 2014-04-19 07:39 - 02061824 _____ (Farbar) C:\Users\Karsten\Desktop\FRST64.exe
2014-04-24 07:58 - 2012-11-21 12:44 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4084426041-1636381982-3049202617-1001
2014-04-24 07:56 - 2012-11-23 19:13 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\Notepad++
2014-04-24 07:56 - 2012-11-23 19:13 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-04-24 07:55 - 2014-04-24 07:55 - 00000791 _____ () C:\Users\Karsten\Desktop\checkup.txt
2014-04-24 07:55 - 2012-11-21 19:42 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-24 07:53 - 2013-10-29 22:00 - 00000000 ____D () C:\Users\karsten_2\AppData\Roaming\ClassicShell
2014-04-24 07:40 - 2012-11-22 18:42 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-24 07:37 - 2013-02-21 20:12 - 00000000 ____D () C:\Users\karsten_2\AppData\Roaming\QuickScan
2014-04-24 07:36 - 2014-03-14 03:03 - 00003242 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-24 07:36 - 2014-01-29 23:22 - 00003368 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-24 07:35 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-04-24 03:15 - 2014-04-16 19:47 - 00003346 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-24 03:15 - 2014-04-16 19:47 - 00003220 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4084426041-1636381982-3049202617-1004
2014-04-24 03:15 - 2014-02-05 22:00 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\ClassicShell
2014-04-24 03:11 - 2014-04-24 03:11 - 00001388 _____ () C:\Users\Karsten\Desktop\anweisung.txt
2014-04-24 01:32 - 2012-11-23 21:33 - 01309414 _____ () C:\windows\WindowsUpdate.log
2014-04-23 23:03 - 2013-07-16 05:51 - 00000000 ____D () C:\Users\Karsten\AppData\Local\Adobe
2014-04-23 23:03 - 2012-11-21 12:36 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\Adobe
2014-04-23 22:50 - 2014-04-23 22:50 - 00855379 _____ () C:\Users\Karsten\Desktop\SecurityCheck.exe
2014-04-23 22:49 - 2012-09-28 17:11 - 00745562 _____ () C:\windows\system32\perfh007.dat
2014-04-23 22:49 - 2012-09-28 17:11 - 00169488 _____ () C:\windows\system32\perfc007.dat
2014-04-23 22:49 - 2012-07-26 09:28 - 01752656 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-23 20:52 - 2012-11-24 23:41 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{3454E9CE-74EC-4794-80EB-8B50E51C0BDD}
2014-04-23 07:32 - 2012-11-21 19:52 - 00005090 _____ () C:\windows\Sandboxie.ini
2014-04-22 22:16 - 2014-04-22 22:16 - 00142848 _____ () C:\Users\karsten_2\Desktop\Order Berlin.xls
2014-04-22 21:46 - 2013-03-16 19:24 - 00000000 ____D () C:\Users\karsten_2\AppData\Roaming\Real
2014-04-22 21:45 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-22 21:44 - 2014-04-21 22:10 - 00000000 ____D () C:\AdwCleaner
2014-04-22 21:44 - 2012-07-26 07:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-04-22 21:42 - 2014-04-22 21:42 - 01345485 _____ () C:\Users\Karsten\Desktop\adwcleaner.exe
2014-04-22 21:41 - 2013-03-17 17:43 - 00003364 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4084426041-1636381982-3049202617-1001
2014-04-22 21:40 - 2014-04-22 21:40 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\RealNetworks
2014-04-22 21:40 - 2013-03-16 19:19 - 00000000 ____D () C:\Users\Karsten\AppData\Roaming\Real
2014-04-22 21:37 - 2014-04-22 21:37 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-04-22 21:37 - 2014-04-22 21:37 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-04-22 21:37 - 2013-03-16 19:20 - 00201800 _____ (RealNetworks, Inc.) C:\windows\SysWOW64\rmoc3260.dll
2014-04-22 21:37 - 2013-03-16 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-04-22 21:37 - 2013-03-16 19:20 - 00000000 ____D () C:\Program Files (x86)\Real
2014-04-22 21:37 - 2013-03-16 19:17 - 00000000 ____D () C:\ProgramData\Real
2014-04-22 21:37 - 2012-09-28 08:37 - 00505416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp71.dll
2014-04-22 21:37 - 2012-09-28 08:37 - 00353864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll
2014-04-22 21:37 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-04-22 21:01 - 2014-04-22 21:01 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-21 22:18 - 2014-04-21 22:18 - 00000000 ____D () C:\windows\ERUNT
2014-04-21 21:50 - 2014-04-19 04:40 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 21:41 - 2014-04-21 21:41 - 01016261 _____ (Thisisu) C:\Users\karsten_2\Downloads\JRT.exe
2014-04-20 23:03 - 2014-04-20 23:03 - 00000782 _____ () C:\windows\PFRO.log
2014-04-20 22:53 - 2014-04-20 22:53 - 00021544 _____ () C:\ComboFix.txt
2014-04-20 22:53 - 2014-04-20 22:29 - 00000000 ____D () C:\Qoobox
2014-04-20 22:50 - 2012-11-22 18:36 - 00000000 ___RD () C:\Users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-20 22:49 - 2014-04-20 22:29 - 00000000 ____D () C:\windows\erdnt
2014-04-20 22:42 - 2012-07-26 07:26 - 00000215 _____ () C:\windows\system.ini
2014-04-20 17:11 - 2014-04-20 22:26 - 05196870 ____R (Swearware) C:\Users\Karsten\Desktop\ComboFix.exe
2014-04-20 15:45 - 2012-12-27 15:39 - 00000000 ____D () C:\Users\karsten_2\AppData\Local\CrashDumps
2014-04-20 15:44 - 2012-11-21 12:34 - 00000000 ____D () C:\Users\Karsten\AppData\Local\VirtualStore
2014-04-20 15:36 - 2012-11-23 13:34 - 00000000 ____D () C:\Karsten
2014-04-20 15:33 - 2012-11-22 18:35 - 00000000 ____D () C:\Users\karsten_2\AppData\Local\VirtualStore
2014-04-20 12:48 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-20 06:52 - 2012-11-23 22:04 - 00119240 _____ () C:\Users\karsten_2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-19 18:13 - 2014-04-19 18:13 - 00000000 _____ () C:\Users\Karsten\defogger_reenable
2014-04-19 18:13 - 2012-11-21 12:33 - 00000000 ____D () C:\Users\Karsten
2014-04-19 18:10 - 2014-04-19 18:10 - 00380416 _____ () C:\Users\Karsten\Desktop\Gmer-19357.exe
2014-04-19 18:10 - 2014-04-19 18:10 - 00050477 _____ () C:\Users\Karsten\Desktop\Defogger.exe
2014-04-19 08:05 - 2013-03-17 17:56 - 00000000 ____D () C:\Users\Karsten\AppData\Local\CrashDumps
2014-04-19 05:59 - 2014-04-19 05:59 - 00000000 ____D () C:\windows\en
2014-04-19 05:59 - 2012-11-22 19:40 - 00000000 ____D () C:\Users\Karsten\Tracing
2014-04-19 05:58 - 2014-04-19 05:58 - 00001307 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-04-19 05:58 - 2014-04-19 05:58 - 00000000 ____D () C:\windows\de
2014-04-19 05:58 - 2012-11-22 19:38 - 00001376 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-04-19 05:58 - 2012-11-22 19:37 - 00001492 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-04-19 05:57 - 2014-04-19 05:57 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-19 05:57 - 2012-11-22 19:37 - 00002536 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-04-19 05:57 - 2012-09-28 08:39 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-04-19 05:56 - 2014-04-19 05:56 - 00000382 _____ () C:\windows\DirectX.log
2014-04-19 05:53 - 2013-03-22 19:59 - 00000000 ____D () C:\windows\Minidump
2014-04-19 05:52 - 2012-11-22 00:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-19 05:52 - 2012-11-21 15:18 - 00000000 ____D () C:\Users\Karsten\AppData\Local\Mozilla
2014-04-19 05:39 - 2012-11-21 19:42 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-19 05:16 - 2012-11-23 20:29 - 00000000 ____D () C:\Users\Karsten\AppData\Local\NPE
2014-04-19 05:12 - 2012-11-21 12:36 - 00000000 ___RD () C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-19 05:12 - 2012-11-21 12:36 - 00000000 ___RD () C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-19 04:40 - 2014-04-19 04:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 04:40 - 2014-04-19 04:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-19 04:38 - 2014-04-19 04:38 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\karsten_2\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 04:13 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-04-19 04:12 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-04-17 19:01 - 2014-04-19 04:09 - 03077584 ____N (Symantec Corporation) C:\Users\karsten_2\Downloads\NPE.exe
2014-04-17 13:38 - 2014-04-19 05:54 - 01239752 _____ (Microsoft Corporation) C:\Users\Karsten\Downloads\wlsetup-web.exe
2014-04-14 08:08 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-04-13 08:12 - 2012-11-22 18:36 - 00000000 ___RD () C:\Users\karsten_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-13 08:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData
2014-04-13 08:06 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-04-10 05:47 - 2014-03-28 04:49 - 00446968 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-10 05:47 - 2013-01-28 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-10 02:21 - 2013-08-14 14:22 - 00000000 ____D () C:\windows\system32\MRT
2014-04-10 02:21 - 2012-11-21 14:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 02:19 - 2012-12-12 19:21 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-06 08:36 - 2014-04-21 21:42 - 01016261 _____ (Thisisu) C:\Users\Karsten\Desktop\JRT.exe
2014-04-03 09:51 - 2014-04-19 04:40 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 04:40 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 04:40 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-31 23:18 - 2014-01-16 07:15 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2014-01-16 07:15 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 21:41 - 2014-03-31 21:41 - 00058568 _____ (Microsoft Corporation) C:\windows\SysWOW64\sirenacm.dll
2014-03-31 21:34 - 2014-03-31 21:34 - 00322248 _____ (Microsoft Corporation) C:\windows\WLXPGSS.SCR
2014-03-29 08:35 - 2014-03-29 08:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 04:55 - 2014-03-28 04:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-03-28 04:50 - 2014-02-10 19:18 - 00002503 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-03-28 04:50 - 2014-02-10 19:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-03-28 04:50 - 2012-09-28 08:42 - 00003234 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-03-28 04:50 - 2012-09-28 08:41 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-03-25 15:28 - 2014-04-19 05:51 - 04787368 _____ (Piriform Ltd) C:\Users\Karsten\Downloads\ccsetup412.exe

Some content of TEMP:
====================
C:\Users\Karsten\AppData\Local\temp\npp.6.5.5.Installer.exe
C:\Users\Karsten\AppData\Local\temp\Quarantine.exe
C:\Users\Karsten\AppData\Local\temp\stubhelper.dll
C:\Users\Karsten\AppData\Local\temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-18 03:01

==================== End Of Log ============================
--- --- ---


Scheint alles ok zu sein?

schrauber 24.04.2014 12:49
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Raymond 25.04.2014 09:59
Alles erledigt! Keine Fragen mehr!
Vielen Dank für deine Hilfe!

schrauber 25.04.2014 19:12
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27