Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Von GVU-Trojaner befallen (Win7)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.07.2013, 00:13   #1
HalloX1990
 
Von GVU-Trojaner befallen (Win7) - Standard

Von GVU-Trojaner befallen (Win7)



Hallo,

ich habe das Problem, dass am 17.07 beim Einloggen in ein Benutzer-Konto (nicht der Admin) der GVU-Trojaner erschien. Glücklicherweise konnte ich mich mit dem Admin normal einloggen.

Ich habe den PC die letzten drei Tage vom Strom getrennt und mich heute gleich hier registriert. Was ich bisher auf eigene Faust unternommen habe:

1. Eine .exe vom 17.07 gelöscht, was dazu führte, dass die Meldung der "GVU" nicht mehr nach dem Einloggen erschien, sondern der Vorgang dort stoppte, wo eine Art Windows-Fenster (schwarzer Hintergrund, weiße Schrift) erscheint. Dort stand dann irgendwas davon, dass X.exe (X= willkürliche Buchstabenkombination) nicht ausgeführt werden konnte.

2. Malware Bytes scannen lassen, jedoch abgebrochen um mit den benötigten Schritten für einen Forenpost zu beginnen, damit ich den Thread heute noch fertig bekomme.

Ich frage mich nun, wie ich diesen Trojaner(?) vollständig entfernen kann, welche Risiken dadurch entstanden sind und wie ich mich wieder vollkommen sicher fühlen kann.

Danke für eure Hilfe !

Anhang 58052

Alt 20.07.2013, 09:02   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Von GVU-Trojaner befallen (Win7) - Standard

Von GVU-Trojaner befallen (Win7)



Hi,

Logfiles bitte in den thread posten und nicht anhängen
__________________

__________________

Alt 20.07.2013, 11:13   #3
HalloX1990
 
Von GVU-Trojaner befallen (Win7) - Standard

Von GVU-Trojaner befallen (Win7)



Das sind allerdings zuviele Zeichen und ich bekomme die Info, die Logs als Archiv anzuhängen ? Ich mache nun einfach zwei Posts draus.
Kann ich den PC übrigens nutzen, solange das Problem bearbeitet wird, oder laufe ich Gefahr, das z.B. Log-in Passwörter etc in falsche Hände gelangen ?

Extras

Code:
ATTFilter
OTL Extras logfile created on: 20.07.2013 00:10:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = Z:\Trojaner Board Programme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,05 Gb Available Physical Memory | 75,57% Memory free
10,00 Gb Paging File | 7,98 Gb Available in Paging File | 79,81% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 3,71 Gb Free Space | 6,24% Space Free | Partition Type: NTFS
Drive G: | 688,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive R: | 135,72 Gb Total Space | 1,35 Gb Free Space | 1,00% Space Free | Partition Type: NTFS
Drive Z: | 97,75 Gb Total Space | 8,24 Gb Free Space | 8,43% Space Free | Partition Type: NTFS
 
Computer Name: CARPEDIEM | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- R:\Mozilla\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "R:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "R:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "Z:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "Z:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "R:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "R:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "Z:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "Z:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EC9074-0840-4A5E-8C01-25E77D57A532}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{09ADAA60-946B-4563-B0DF-03ACEA7F3E1B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{104EDB9E-3193-4326-AF33-708F96B04735}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{151C5C9E-1167-4C26-8128-27DE7FBD3BAE}" = lport=6004 | protocol=17 | dir=in | app=r:\microsoft office\office14\outlook.exe | 
"{18825E51-FE15-4DF2-A1AD-CF7C4A8E2487}" = rport=80 | protocol=6 | dir=out | app=r:\steam\steamapps\common\warframe\warframe.exe | 
"{1A4AFB7B-7E1D-4342-964D-A8B7D854451A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{1E1228AF-ECCA-4AD3-A778-81072C8908BF}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port | 
"{28220421-E589-4675-AAB8-D961C2DED3AF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{367248EB-6BB1-4BFF-9E0B-2A992F11EFB4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3C6AF7FF-63B6-48B2-ABD8-095F8AD92117}" = lport=138 | protocol=17 | dir=in | app=system | 
"{56515D11-242F-41AB-80EB-D0E1A628D210}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5D02B701-A934-4F43-94E2-92CBAC491132}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{5D73F37A-12F4-49A5-ABC8-F6A995BFBA7F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{60219D22-7F17-42CC-9272-AE9D8DC384B3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{668B15F4-412C-4653-A2AF-32FBB9B36007}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6964B9C8-E3FC-4F58-A842-3719C3F5DD3B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{6ADED509-8E54-4C67-8984-43BC83391C9D}" = rport=80 | protocol=6 | dir=out | app=r:\steam\steamapps\common\warframe\warframe.x64.exe | 
"{6E952DD3-C1B3-4061-A919-F586D0EF4AEF}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 | 
"{762B2C9B-7E3B-4836-BB85-C2ED072E32B3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7BD3F538-90D9-4C58-A656-BC9F5402D104}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{80AFFA58-1678-44CE-896D-EB8375EB8930}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{814E5B8A-7441-4A56-807B-FC48D71883D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{866AE956-0601-4FEF-88E0-A492885E5F1B}" = lport=53 | protocol=6 | dir=in | name=rtldns-port | 
"{89B52819-53E9-4D23-B53F-424592A89809}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{90093921-9F03-489F-98A9-A5A82AE603CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{978FD291-1B9B-4C13-B7B6-1E430D38BEBC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99A2C1FA-C039-418A-AEDE-9C4805F5B477}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{9D345F78-ED51-4D7C-AC94-AB7B7216893C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9DBB513C-78D2-43FC-AE43-003C6436DB00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ABE3EFAB-F3C6-454B-988F-6997F7943C95}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ACCCDA1B-CF26-4CE7-BD6A-A43C3640439B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AD35D270-CC95-4DDC-B569-4C1E060835D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B28B4DAA-F164-44B7-A689-5A43F25E8970}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B5A4386E-66A6-40CB-BE23-F80AFC803634}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B80DCA76-9A80-48DB-8AC6-81AD7FFDC1DC}" = lport=rpc | protocol=6 | dir=in | app=r:\sisoftware sandra lite 2012.sp1c\wnt500x64\rpcsandrasrv.exe | 
"{B943BE3A-8A69-403C-89C8-B9788CC4AE73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BDD8C180-3D47-4960-B46C-15B107F47F10}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C2F91682-ECC6-4C26-BD38-25D1B6332AC8}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{C4C75F8E-1250-49D9-80F0-458C59D602A9}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{EF7C21F7-05F9-4EA0-8FD5-023B3AFE3DAD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F4B23E78-D9B6-4810-8A90-1A261A1EFFB5}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 | 
"{FD1E3AFA-504D-4163-AA7B-26CA4BC62691}" = rport=80 | protocol=6 | dir=out | app=r:\steam\steamapps\common\warframe\tools\launcher.exe | 
"{FD4BC17B-3FA5-4EAB-83C4-1151CDB9CB2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0022CE8C-5701-404C-8E3B-98E22B69B40C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{002EDD9A-3B60-4ED8-86C4-56CA3146EAC3}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{0340E960-024D-432F-89AD-3DBBCE930842}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{03E9D524-EB33-4216-A89C-1636DFE49459}" = protocol=58 | dir=in | app=system | 
"{0759AC7C-00A9-4021-A2C8-C3B7D919E351}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{0805A13A-948A-4721-B0E8-2F1D3DB08B6B}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{08D1D10C-382F-4C05-87F9-ECCAF077061D}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\brawl busters\bin\pblauncher.exe | 
"{09F2C52F-A85F-45A4-B79C-8C48F7B0D9FA}" = protocol=6 | dir=in | app=r:\vindictus eu\en-eu\nmservice.exe | 
"{0B893FDB-415D-4489-987B-F60F361204E3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0D426C48-34E5-4030-8779-812A0A276022}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{113EEB1B-E969-407D-829C-44E7C1179609}" = protocol=6 | dir=in | app=r:\starcraft ii\versions\base15405\sc2.exe | 
"{12C570BC-56FA-4EF4-9F33-A9344B5B6EEA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{12F2C9B3-1059-44D9-B81F-1E860D5051F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{143ED5BB-C5BF-4EEF-B38A-92F8C2339798}" = protocol=17 | dir=in | app=r:\starcraft ii\starcraft ii.exe | 
"{16838E49-BE72-4BDF-A294-7391CA190AF1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{179D668A-E0B4-471D-8F7F-C33A24DFC93E}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{1E6BBFCF-01DF-4113-9817-1BA423B10ECF}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{1EF0D3D1-1D1D-43EC-9DB0-0B32ABD87312}" = protocol=17 | dir=in | app=r:\vindictus eu\en-eu\nmservice.exe | 
"{2054887B-E288-4DD8-8022-A1323B9877B1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{22161AB7-D407-4ED5-A562-465D2455450B}" = protocol=6 | dir=in | app=r:\mass effect 2\masseffect2launcher.exe | 
"{23A4CDB1-941B-4312-BA43-6B9E5E12C290}" = protocol=6 | dir=in | app=z:\diablo iii\diablo iii.exe | 
"{245AE70F-2440-40EB-9C03-5B62DD74D633}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{2656F467-72AE-437A-BDF6-D8359D402C01}" = protocol=17 | dir=in | app=r:\starcraft ii\versions\base15405\sc2.exe | 
"{26DE9217-01D3-439B-8A45-DC737A3D647C}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\warframe\warframe.exe | 
"{27666962-949C-484C-B417-CB0C1DF4B058}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{2C385A83-A6CA-4343-9112-CD709B0A5839}" = protocol=6 | dir=out | app=system | 
"{2DEDD79E-5134-48FA-BBCB-1233163ECEB0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{2E9C32A5-3492-4B8E-82B0-BDF8EE53C194}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\warframe\warframe.x64.exe | 
"{2EFFBF84-C88F-4500-BDFC-015F74212396}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{35FE07BD-C928-481F-8B5D-58D975C63A7A}" = protocol=6 | dir=in | app=r:\mass effect 1\mass effect\binaries\masseffect.exe | 
"{363BF90D-F02A-4684-90BB-D89D4D6EC1EA}" = dir=in | app=r:\skype\phone\skype.exe | 
"{3746768C-458F-431F-81C3-EB413E24E356}" = protocol=17 | dir=out | app=r:\steam\steamapps\common\warframe\warframe.x64.exe | 
"{37AE9492-0F6D-4250-BA2F-56AA871DD227}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{39E0AA9C-C257-4BC5-AC63-65C3A1235B5A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3CB0C8E4-E285-48B0-97A3-53112BCDAE8C}" = protocol=6 | dir=in | app=c:\users\k\appdata\local\akamai\netsession_win.exe | 
"{3DB656B0-6B47-4AC3-A07F-A0FA40C7F92D}" = protocol=17 | dir=in | app=z:\diablo 3\diablo iii\diablo iii.exe | 
"{3E4EEA2D-57E9-481E-A22C-F3C2D87A3C37}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{400C974D-3C63-4595-84B0-1A904BA84D1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4075C9A6-6CC5-4214-B99F-7C6EEE3672BA}" = protocol=17 | dir=in | app=r:\mass effect 3\mass effect 3\binaries\win32\masseffect3.exe | 
"{409169A4-A9F2-455B-9315-AB1AC442A951}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{42430B3C-9FE0-4461-A5E8-46D5F7EBB571}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{46B2BA95-F2EA-4BCA-B5E9-3BF38C82A601}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{46C89427-6310-4DDD-ABAF-C9FC3FD5771B}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{4833266C-54E4-441E-859E-2080BE192988}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{487D8494-37AC-49A8-8440-F804E6C7413A}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\planetside 2\launchpad.exe | 
"{48EC5C13-19B5-4864-8DC3-6FCD6C839031}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{499BFFEA-EF88-4A0F-8D80-424F906B7C35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4CA4D952-9491-4B4C-9635-1C0D97246522}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{4E5F25E0-DAFF-46FE-8CAE-79D9FE436526}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{556B6234-914C-4C81-A881-965471F87D61}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{56CA949A-1D57-46AA-B6A5-AD25B0851F93}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{59302405-7676-4D92-90BC-CECA0833BEED}" = protocol=17 | dir=in | app=r:\edeneternal\edeneternal-de\_launcher.exe | 
"{5AF5427F-67DF-41EB-B827-A5773972ED9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5D0C41E1-1D36-4F00-9752-B85B3B62AE05}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{5DFA2F12-55EC-4BF2-85B1-69587D353D46}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{603A132B-B140-43CF-AD5E-4C4D53E725BE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6150D2B0-7F88-4D46-BE38-F2C1EEF49429}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{65064AB1-A1BF-4CEA-BA7F-AD9DC5B95CD7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{674499DD-3F47-40C6-B1F1-9F7C9AAFD3B9}" = protocol=6 | dir=in | app=r:\starcraft ii\starcraft ii.exe | 
"{67DED5C1-C99C-4776-BE78-47851B1529CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6C6CFDC4-D13B-4900-81EA-34FD2FA520C2}" = protocol=6 | dir=in | app=b:\downloads\videoconvertersdm.exe | 
"{6D27BA5F-73B2-4271-82FE-BB3DED66514C}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{6D92EF4E-9245-44F8-B19A-6EBC62C565CB}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\torchlight ii\torchlight2demo.exe | 
"{6DA72067-6EFB-4E97-8A3B-7B65262E4FAD}" = protocol=17 | dir=in | app=r:\microsoft office\office14\onenote.exe | 
"{708C7345-25EE-4323-AA2C-9F36ADE923A1}" = protocol=17 | dir=out | app=r:\steam\steamapps\common\warframe\warframe.exe | 
"{72C367B2-EA4A-418D-8F03-31CB73F74140}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{746EE179-DA01-4308-A66B-8F1700F3497F}" = protocol=17 | dir=in | app=r:\mass effect 2\masseffect2launcher.exe | 
"{757D7E92-9BF3-4FB3-BE85-B876A84071A9}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{76049B53-2FB0-4A4F-8A72-8C255E0637F0}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\brawl busters\bin\pblauncher.exe | 
"{789861BE-5336-4554-9C7E-05922130D36E}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{7960689A-5C01-4A0D-A40D-6E09E23E9640}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{79FA511F-EAA2-48EA-B8FD-4659994BB62B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7AE4EE0A-C675-4275-8C64-6339F6CB7027}" = dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtldhcp.exe | 
"{7E0B5BD5-CFB0-4B24-9DD6-78A7189505DF}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{7EDBD380-5B6E-487C-B080-1A6A8FB9EB06}" = protocol=6 | dir=in | app=r:\sony\update service\update service.exe | 
"{7F2F5FD9-3745-4DDD-A531-97FF51920B2F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{813E010C-F3D2-4986-90FE-5E0DE027AC30}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\torchlight ii\torchlight2demo.exe | 
"{81944D1D-44E5-431C-9D4D-D65381E729F2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{82F93780-1977-4BCD-8AA1-99C582D5838F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{84FB5D5B-86A2-4917-BE01-641CA4DF88E9}" = protocol=17 | dir=in | app=r:\starcraft ii\starcraft ii public test.exe | 
"{854AA40D-68DF-427B-BCB0-2479C71860B5}" = protocol=6 | dir=in | app=r:\steam\steam.exe | 
"{8561ADF1-43F7-4FE5-BB00-610BDA243B56}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{8658E204-5EB5-4A1A-B80A-AAF6C42373B3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{8687EAAD-3906-4761-9028-977628F05F32}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{889D18C6-98D5-41CA-93F4-B03890956456}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\warframe\tools\launcher.exe | 
"{88A2B085-145C-4684-B769-7FC77834BDA0}" = protocol=17 | dir=in | app=c:\users\k\appdata\local\akamai\netsession_win.exe | 
"{89DC63D4-9DE0-423D-BBA0-81FFCB5EAE8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8B715EBD-8DDC-4AC1-822D-43C534CDB484}" = protocol=6 | dir=in | app=r:\mass effect 2\binaries\masseffect2.exe | 
"{8D181B0C-964C-40F8-94DB-AB43C4370FCA}" = protocol=6 | dir=in | app=r:\mass effect 3\mass effect 3\binaries\win32\masseffect3.exe | 
"{8DC08A7E-AB57-414B-9ADC-2E8C6BAAC24E}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{936BBA05-6257-42CE-9E81-5135FA47E790}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{93702F4C-E16D-4702-A399-815C563203C3}" = protocol=17 | dir=in | app=r:\mass effect 2\binaries\masseffect2.exe | 
"{93CFCE59-F957-4397-8649-02F557A77260}" = protocol=17 | dir=in | app=r:\steam\steam.exe | 
"{97B4519C-B097-427A-A6E0-52F61B0CB3E0}" = protocol=17 | dir=in | app=r:\microsoft office\office14\groove.exe | 
"{99A6A5D9-4E6A-44E5-BB08-2F1E094B5E6E}" = protocol=17 | dir=in | app=r:\sony\update service\update service.exe | 
"{9B2931C6-D72D-4FEC-BB14-0B45709B4EB3}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{9C22EA6B-4E9A-4B81-8046-06F34865C5AC}" = protocol=17 | dir=in | app=r:\mass effect 1\mass effect\binaries\masseffect.exe | 
"{A0E7614A-A303-42CF-9401-4199D1698931}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A151E97E-61A8-495E-B1E8-357752A1796C}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\brawl busters\bin\pbclient.exe | 
"{A1C9157C-55B9-4A19-8A2D-D024FCA6FD7E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{A390FCA5-8C95-4944-B60A-9395ED056B6A}" = protocol=17 | dir=in | app=r:\mass effect 1\mass effect\masseffectlauncher.exe | 
"{A3E85977-4A0C-4FA1-9481-3885AE232515}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\brawl busters\bin\pbclient.exe | 
"{A4D7F382-284F-4A5C-9BB4-E0D42D6C43E9}" = protocol=17 | dir=in | app=r:\star wars-the old republic\launcher.exe | 
"{A5B091AF-18F9-4919-9111-9FA264706253}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\planetside 2\launchpad.exe | 
"{AAA6D31B-7672-426A-9C78-C99B27675980}" = protocol=6 | dir=in | app=z:\diablo 3\diablo iii\diablo iii.exe | 
"{AEAD95CF-9C0D-4F3C-9521-C9088108CF3D}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{AECEA470-0E27-43E4-B52D-36F7D2898956}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{B1551ADE-7374-475A-988E-B15D22FD25B9}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{B99F3550-FD02-4444-A09E-B9099D84E83D}" = protocol=6 | dir=in | app=r:\microsoft office\office14\groove.exe | 
"{BAF07E7A-FE85-4055-8A87-F46E53D56AD0}" = protocol=6 | dir=in | app=z:\bf3\battlefield 3\bf3.exe | 
"{BCEC881A-FE89-4FAA-B174-23EFE2DF34E3}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{BDBBEA7A-4EE3-44EB-B3A9-4FEA4AC92ECA}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{BFD543C7-EA71-4781-BAB6-B40D7BB551A7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C20D091E-8A53-4067-B05D-B72DE9C93207}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{C292203A-B072-4ABE-89F5-241E21153ECE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C5260B8B-E983-4133-A117-8AC407E58B35}" = protocol=6 | dir=in | app=r:\mass effect 1\mass effect\masseffectlauncher.exe | 
"{C56C2485-0618-491A-BB64-A40BC7BF2EDB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C6CF5E6C-9677-4FA5-8E17-6AE100A09C83}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{CA989CEF-CF39-4781-ADBE-1D10F508EC9B}" = protocol=17 | dir=in | app=z:\bf3\battlefield 3\bf3.exe | 
"{CE30F5AE-6405-4000-B28C-D3E4E3E17FCC}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D02405C4-8538-4C3A-921F-D595A2166EC3}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{D0390A6A-C611-4019-B17D-D79798075F41}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{D4A1C9B5-1876-47A3-99A4-0948F6C20FEE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{D4C9E568-6AF5-4A29-B1F2-641894A26E0D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D9201D71-3858-4D3C-AB34-78B5412D904B}" = protocol=6 | dir=in | app=r:\microsoft office\office14\onenote.exe | 
"{DC1395E7-046D-45D1-979C-710E542D5AB2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{E07BED0A-5F39-41B8-9731-F5CA30D83C89}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E1175A1F-85CC-4632-A219-2F528AEA1120}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{E26AFB84-A60E-43C4-9D0B-80417085A202}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{E670B5DE-710D-486D-A477-6403DDDFDD70}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{E6FF8922-E5C9-4F6D-9128-1E078A7AE9C9}" = protocol=17 | dir=in | app=b:\downloads\videoconvertersdm.exe | 
"{EB7A5DB6-4E8A-47EB-A909-D14609813B66}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\warframe\tools\launcher.exe | 
"{EC1C0B3C-214D-4B5A-87E2-CB275610664D}" = protocol=17 | dir=in | app=z:\diablo iii\diablo iii.exe | 
"{F2131161-D255-4CCA-8836-5FAB70967ECB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F2AF5ADE-67B7-4FDC-BD98-5B4E4C5828AF}" = protocol=6 | dir=in | app=r:\edeneternal\edeneternal-de\_launcher.exe | 
"{F4055C89-C2F2-4983-BF61-A01330D065D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F63D5DD8-4C20-4F24-A6D6-64A865DD0C1E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{FA0FB5D1-4940-48FD-8240-9CB3CF52BF19}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{FB5C1886-797D-490F-AFC9-BC436924105F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{FB7D1827-F48E-4FA2-B431-A6E8AAC46D0D}" = protocol=6 | dir=in | app=r:\starcraft ii\starcraft ii public test.exe | 
"{FC0A6E4F-621F-41C4-8432-6F4D2C91C5E9}" = protocol=6 | dir=in | app=r:\star wars-the old republic\launcher.exe | 
"{FCBD5D69-1B22-4440-B578-8CB9F1E23B30}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"Logitech Gaming Software" = Logitech Gaming Software 8.46
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pen Tablet Driver" = Bamboo
"VLC media player" = VLC media player 2.0.6
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E850E20-07C3-40E5-875B-9D7CC907D67A}" = Media Add-ons für Acronis True Image Home 2011
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.2
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2CAB55FA-A147-4215-81A6-E9A9038B7970}" = Plus Pack für Acronis True Image Home 2011
"{30DD6255-BF58-4F07-AC03-68A73C5BCD5D}" = TP-LINK 150Mbps Mini Wireless N USB Adapter Driver
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{517CC397-B22F-4593-8DCB-DE72CC541E9A}" = League of Legends
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8F3A1F92-C29F-4DF9-8459-B739A4831C69}_is1" = SUPER © +Recorder.2013.55 (Mar 7, 2013) Version +Recorder.2013.
"{90DFD61B-8224-00C6-3D69-A983B60A394E}" = Bamboo Dock
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}" = Firefall
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.165
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"AMP WinOFF" = AMP WinOFF 5.0.1
"Bamboo Dock" = Bamboo Dock
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"Donald Duck" = Disneys Donald Duck
"ESN Sonar-0.70.4" = ESN Sonar
"Flashtool" = Flashtool
"Fraps" = Fraps
"Free YouTube Download_is1" = Free YouTube Download version 3.2.1.320
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"Guild Wars" = GUILD WARS
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"League of Legends 3.0.1" = League of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenAL" = OpenAL
"Origin" = Origin
"Picasa 3" = Picasa 3
"PrecisionX" = EVGA Precision X 3.0.4
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SixaxisPairTool_is1" = SixaxisPairTool 0.2.3
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 201790" = Orcs Must Die! 2
"Steam App 219850" = Torchlight II Demo
"Steam App 49520" = Borderlands 2
"Steam App 570" = Dota 2
"Update Engine" = Sony Ericsson Update Engine
"Update Service" = Sony Mobile Update Service
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.07.2013 16:55:39 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 19.07.2013 17:26:14 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 19.07.2013 17:26:14 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 19.07.2013 17:26:14 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 19.07.2013 17:37:19 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 19.07.2013 17:37:19 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 19.07.2013 17:37:19 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 19.07.2013 18:14:21 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 19.07.2013 18:14:21 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 19.07.2013 18:14:21 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
[ System Events ]
Error - 19.07.2013 16:47:40 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst 
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 19.07.2013 16:47:40 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 19.07.2013 16:47:40 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 19.07.2013 16:47:40 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 19.07.2013 16:47:40 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  BHDrvx64  ccSet_NIS  DfsC  discache  eeCtrl  IDSVia64  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr
SRTSP
SRTSPX
SymIM
SymIRON
SymNetS
tdx
vwififlt
Wanarpv6
WfpLwf
 
Error - 19.07.2013 16:48:44 | Computer Name = CarpeDiem | Source = DCOM | ID = 10005
Description = 
 
Error - 19.07.2013 16:52:11 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 19.07.2013 16:52:11 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 19.07.2013 18:09:56 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 19.07.2013 18:09:56 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
OTL

Code:
ATTFilter
OTL logfile created on: 20.07.2013 00:10:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = Z:\Trojaner Board Programme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,05 Gb Available Physical Memory | 75,57% Memory free
10,00 Gb Paging File | 7,98 Gb Available in Paging File | 79,81% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 3,71 Gb Free Space | 6,24% Space Free | Partition Type: NTFS
Drive G: | 688,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive R: | 135,72 Gb Total Space | 1,35 Gb Free Space | 1,00% Space Free | Partition Type: NTFS
Drive Z: | 97,75 Gb Total Space | 8,24 Gb Free Space | 8,43% Space Free | Partition Type: NTFS
 
Computer Name: CARPEDIEM | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.19 23:19:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- Z:\Trojaner Board Programme\OTL.exe
PRC - [2013.07.06 13:15:38 | 000,920,472 | ---- | M] (Mozilla Corporation) -- R:\Mozilla\firefox.exe
PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\K\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.02.14 08:05:44 | 000,523,264 | ---- | M] (LOL Replay) -- Z:\LOLReplay\LOLRecorder.exe
PRC - [2013.02.11 03:24:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.11.12 15:22:38 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- Z:\Hamachi\hamachi-2-ui.exe
PRC - [2012.10.16 11:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2012.10.08 16:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Programme\Tablet\Pen\WacomHost.exe
PRC - [2012.06.12 01:12:43 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.09.22 22:21:12 | 000,395,344 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011.09.22 22:20:44 | 005,587,832 | ---- | M] (Acronis) -- R:\Acronis\TrueImageHome\TrueImageMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.13 03:31:23 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2c5c86bb5156ff508ca8045aff50a482\System.Core.ni.dll
MOD - [2013.07.13 03:31:20 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013.07.13 03:31:01 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll
MOD - [2013.07.13 03:30:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013.07.13 03:30:47 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013.07.13 03:30:45 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll
MOD - [2013.07.13 03:30:38 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013.07.13 03:30:34 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013.07.13 03:30:32 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013.07.13 03:30:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013.07.13 03:30:26 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013.07.06 13:15:38 | 003,285,912 | ---- | M] () -- R:\Mozilla\mozjs.dll
MOD - [2013.02.14 08:05:36 | 000,311,808 | ---- | M] () -- Z:\LOLReplay\LOLUtils.dll
MOD - [2012.10.16 11:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
MOD - [2011.09.22 22:20:28 | 011,233,136 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.07.01 16:26:51 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013.06.12 14:45:33 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- R:\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.02.11 03:24:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.02.04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.11.14 14:45:32 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV - [2012.11.12 15:22:38 | 002,452,912 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- Z:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.09.20 14:33:22 | 050,899,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- R:\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.08.25 04:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.12 01:12:43 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.09.22 22:21:28 | 001,114,280 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.25 12:39:04 | 000,052,320 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2013.06.24 22:47:38 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2013.06.19 14:28:05 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.05.23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.05.21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013.05.16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.04.25 02:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.04.16 04:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.05 04:14:18 | 000,043,680 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2013.03.05 03:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013.03.05 03:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.01.22 00:47:52 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2013.01.22 00:47:52 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2013.01.17 21:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.10.12 09:54:54 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012.10.12 09:20:38 | 000,081,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012.10.12 09:20:38 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012.06.12 01:12:43 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012.06.12 01:12:41 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2012.06.12 01:12:40 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012.06.12 01:12:38 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012.05.11 01:02:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.02.22 21:55:36 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.02.22 21:55:36 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.09.21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.05 11:13:10 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.25 21:06:02 | 001,276,928 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.30 14:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013.07.10 02:11:59 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130719.016\ex64.sys -- (NAVEX15)
DRV - [2013.07.10 02:11:59 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130719.016\eng64.sys -- (NAVENG)
DRV - [2013.05.31 18:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.10.23 19:05:44 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130718.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.18 03:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.09 14:54:04 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F 45 88 C5 C2 EE CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: Z:\Java\bin\plugin2\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: R:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: Z:\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: R:\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013.07.20 00:07:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2012.10.24 18:26:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: R:\Mozilla\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: R:\Mozilla\plugins [2013.07.06 13:15:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: R:\Mozilla\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: R:\Mozilla\plugins [2013.07.06 13:15:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: R:\Mozilla\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: R:\Mozilla\plugins [2013.07.06 13:15:35 | 000,000,000 | ---D | M]
 
[2012.01.30 21:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K\AppData\Roaming\mozilla\Extensions
[2013.07.10 13:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\4xh1b7px.default\extensions
[2013.07.10 14:19:17 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\4xh1b7px.default\extensions\plugin@getwebcake.com
[2012.12.08 15:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\ij9ke9cb.Test\extensions
[2012.01.30 21:40:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\ij9ke9cb.Test\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.07.10 14:19:17 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\ij9ke9cb.Test\extensions\plugin@getwebcake.com
[2013.06.20 00:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\extensions
[2013.05.10 12:19:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.07.10 14:19:17 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\extensions\plugin@getwebcake.com
[2013.07.10 13:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\zlh6tra1.default\extensions
[2013.07.10 14:19:17 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\zlh6tra1.default\extensions\plugin@getwebcake.com
[2013.07.03 12:37:57 | 000,671,953 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ij9ke9cb.Test\extensions\webbooster@iminent.com.xpi
[2013.06.20 00:23:05 | 000,043,476 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ntwhzn6q.Standard-Benutzer\extensions\privateTab@infocatcher.xpi
[2013.06.08 22:26:16 | 000,004,525 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ntwhzn6q.Standard-Benutzer\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.06.13 11:52:40 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ntwhzn6q.Standard-Benutzer\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.04.18 01:11:12 | 000,282,569 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ntwhzn6q.Standard-Benutzer\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.12.23 16:23:36 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ntwhzn6q.Standard-Benutzer\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2012.12.12 18:38:12 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ntwhzn6q.Standard-Benutzer\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.10 12:19:49 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ntwhzn6q.Standard-Benutzer\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - R:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Z:\Java\bin\ssv.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - R:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Java\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BCSSync] R:\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] Z:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] R:\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\K\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - R:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - R:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - R:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - R:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll File not found
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{500A26D3-82C5-42F1-9127-7CA9DE21A49A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1CE1F40-6735-444F-BB85-4A94F59AB7F3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - R:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.11.16 02:05:00 | 000,595,456 | R--- | M] (MAX DESIGN) - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001.11.16 02:05:00 | 000,000,766 | R--- | M] () - G:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2001.11.16 02:05:00 | 000,000,045 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{09595dbc-48d3-11e1-ab79-002522d5e445}\Shell - "" = AutoRun
O33 - MountPoints2\{09595dbc-48d3-11e1-ab79-002522d5e445}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{09595dbc-48d3-11e1-ab79-002522d5e445}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{09595dbc-48d3-11e1-ab79-002522d5e445}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{0cf3f0ef-484e-11e1-a8fb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0cf3f0ef-484e-11e1-a8fb-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2001.11.16 02:05:00 | 000,595,456 | R--- | M] (MAX DESIGN)
O33 - MountPoints2\{14d72354-c938-11e2-b8d1-002522fa314a}\Shell - "" = AutoRun
O33 - MountPoints2\{14d72354-c938-11e2-b8d1-002522fa314a}\Shell\AutoRun\command - "" = E:\pushinst.exe
O33 - MountPoints2\{c2be7f0f-5fd8-11e2-83a9-002522fa314a}\Shell - "" = AutoRun
O33 - MountPoints2\{c2be7f0f-5fd8-11e2-83a9-002522fa314a}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.19 23:03:51 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\Malwarebytes
[2013.07.19 23:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.19 23:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.19 23:03:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.07.19 23:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.07.11 18:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.07.11 18:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2013.07.11 18:07:51 | 000,019,392 | ---- | C] (Dll-Files.com) -- C:\Windows\SysNative\roboot64.exe
[2013.07.11 14:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013.07.11 14:41:48 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Local\PMB Files
[2013.07.11 14:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.07.11 14:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.07.11 14:34:21 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013.07.11 14:32:03 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\Riot Games
[2013.07.10 14:07:46 | 000,000,000 | ---D | C] -- C:\Users\K\Local Settings
[2013.07.10 14:06:20 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013.07.10 14:06:08 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Local\Programs
[2013.07.10 14:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.07.10 14:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsPal
[2013.07.10 13:57:56 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\Iminent
[2013.07.10 13:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013.07.10 13:57:54 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
[2013.07.10 13:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013.07.10 13:57:25 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\WebCake
[2013.07.10 13:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsContainer
[2013.07.10 13:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.07.10 01:13:45 | 000,000,000 | ---D | C] -- B:\Eigene Dokumente\ANNO 1404 Venedig
[2013.07.10 00:51:50 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\Ubisoft
[2013.07.10 00:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2013.07.09 23:47:52 | 000,000,000 | ---D | C] -- B:\Eigene Dokumente\Amazon Downloader Logs
[2013.06.25 12:38:10 | 000,076,384 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\libusb0.dll
[2013.06.25 12:38:10 | 000,052,320 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\drivers\libusb0.sys
[2013.06.25 12:36:46 | 000,067,680 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2013.06.25 12:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SixaxisPairTool
[2013.06.24 23:37:07 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
[2013.06.24 22:47:38 | 000,034,032 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys
[2013.06.24 19:36:03 | 000,000,000 | ---D | C] -- C:\Users\K\.swt
[2013.06.24 15:10:41 | 000,000,000 | ---D | C] -- C:\Users\K\.android
[2013.06.24 14:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013.06.24 14:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013.06.23 18:56:56 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.20 00:07:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.20 00:07:40 | 2146,934,783 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.19 23:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.19 23:37:22 | 008,862,284 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.19 23:37:22 | 003,053,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.19 23:37:22 | 002,694,436 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.19 23:37:22 | 002,410,172 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.19 23:37:22 | 000,006,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.19 23:18:30 | 000,000,128 | ---- | M] () -- C:\Users\K\defogger_reenable
[2013.07.19 23:03:43 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.19 22:57:14 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.19 22:57:14 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.19 22:35:07 | 001,925,889 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013.07.17 22:55:43 | 000,163,062 | ---- | M] () -- C:\ProgramData\2433f433
[2013.07.13 03:26:58 | 005,035,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.11 22:43:24 | 000,276,148 | ---- | M] () -- B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
[2013.07.11 14:42:03 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends.lnk
[2013.07.10 21:41:20 | 000,000,975 | ---- | M] () -- C:\Users\K\Desktop\Anno 1404.lnk
[2013.07.06 00:46:14 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.07.06 00:46:14 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.07.06 00:45:56 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.06.27 09:43:02 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.06.25 15:35:22 | 008,056,281 | ---- | M] () -- C:\Users\K\Desktop\RecoverX.zip
[2013.06.25 12:39:04 | 000,076,384 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\libusb0.dll
[2013.06.25 12:39:04 | 000,052,320 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\drivers\libusb0.sys
[2013.06.24 22:47:38 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys
[2013.06.24 15:14:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2013.06.24 14:21:59 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.06.24 10:59:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2013.06.23 18:56:56 | 000,000,681 | ---- | M] () -- C:\Users\K\Desktop\Update Service.lnk
[2013.06.20 12:19:36 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\VT20130115.021
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.19 23:18:30 | 000,000,128 | ---- | C] () -- C:\Users\K\defogger_reenable
[2013.07.19 23:03:43 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.17 22:55:43 | 000,163,062 | ---- | C] () -- C:\ProgramData\2433f433
[2013.07.11 22:43:24 | 000,276,148 | ---- | C] () -- B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
[2013.07.11 14:34:20 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends.lnk
[2013.07.10 21:41:20 | 000,000,975 | ---- | C] () -- C:\Users\K\Desktop\Anno 1404.lnk
[2013.06.26 01:44:32 | 006,040,792 | ---- | C] () -- B:\Eigene Dokumente\com.android.vending-4.1.10.apk
[2013.06.25 15:36:07 | 008,056,281 | ---- | C] () -- C:\Users\K\Desktop\RecoverX.zip
[2013.06.25 12:38:16 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.06.24 15:14:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2013.06.24 14:21:59 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.06.24 10:59:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2013.06.23 18:56:56 | 000,000,681 | ---- | C] () -- C:\Users\K\Desktop\Update Service.lnk
[2013.05.19 17:59:48 | 000,000,040 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2013.05.19 16:33:44 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2013.05.19 16:32:43 | 000,000,853 | ---- | C] () -- C:\Windows\disney.ini
[2013.04.08 21:31:54 | 000,188,416 | RHS- | C] () -- C:\Windows\SysWow64\winDCE32.dll
[2013.04.08 21:31:54 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2013.03.07 19:15:53 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012.05.11 00:22:01 | 000,000,132 | ---- | C] () -- C:\Users\K\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.05.07 21:51:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.29 14:13:28 | 000,001,069 | ---- | C] () -- C:\Users\K\AppData\Roaming\EasyToolz.ini
[2012.04.25 19:43:17 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.27 23:08:33 | 000,000,089 | ---- | C] () -- C:\Users\K\AppData\Local\fusioncache.dat
[2012.02.27 23:07:56 | 001,619,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.18 19:14:31 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012.01.30 19:59:26 | 000,007,641 | ---- | C] () -- C:\Users\K\AppData\Local\Resmon.ResmonCfg
[2012.01.30 19:02:03 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.30 19:02:01 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L
[2012.07.28 22:32:43 | 000,002,048 | -HS- | M] () -- C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.28 17:44:59 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\.minecraft
[2012.01.27 13:43:04 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Acronis
[2012.07.11 17:32:07 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Akyn
[2012.10.11 17:13:13 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Atari
[2012.02.26 19:52:53 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Babylon
[2012.05.04 16:34:34 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.07.23 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Cool Record Edit Pro
[2012.04.28 16:35:52 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\CPUControl
[2012.05.11 01:01:53 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\DAEMON Tools Lite
[2012.05.10 23:39:06 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Dexpot
[2013.05.13 23:45:42 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\DVDVideoSoft
[2013.02.14 18:04:59 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.23 11:46:28 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Free Sound Recorder
[2013.07.10 14:13:02 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
[2013.07.10 13:57:56 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Iminent
[2012.10.11 17:12:38 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Leadertech
[2012.01.27 12:42:26 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\LolClient
[2012.06.02 23:11:07 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\LolClient2
[2012.08.01 00:08:28 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\MediaMonkey
[2012.02.24 15:36:02 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Notepad++
[2012.07.11 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Ocusk
[2013.06.04 13:20:05 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Origin
[2013.04.13 16:55:50 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\PDAppFlex
[2012.10.10 17:36:06 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\ProtectDISC
[2012.11.10 14:37:11 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\RIFT
[2013.07.11 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Riot Games
[2013.01.16 17:34:24 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Sony
[2013.04.16 23:35:54 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\TeamViewer
[2012.07.28 22:45:47 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Tific
[2013.05.20 15:40:43 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Tropico 4 Demo
[2012.06.20 19:14:34 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\TrueCrypt
[2013.07.13 23:12:00 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\TS3Client
[2013.07.10 00:55:38 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Ubisoft
[2013.04.13 17:12:30 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Wacom
[2013.04.13 17:13:34 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2013.07.10 14:19:17 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\WebCake
[2012.10.06 12:27:47 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Wildlife Park 2
[2012.07.28 19:45:51 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\xsecva
 
========== Purity Check ==========
 
 

< End of report >
         
__________________

Geändert von HalloX1990 (20.07.2013 um 11:19 Uhr)

Alt 20.07.2013, 19:12   #4
HalloX1990
 
Von GVU-Trojaner befallen (Win7) - Standard

Von GVU-Trojaner befallen (Win7)



Gmer

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-20 00:45:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000079 M4-CT064 rev.0009 59,63GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\K\AppData\Local\Temp\uwlyypoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                          0000000077e0fc90 5 bytes JMP 000000010028091c
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                        0000000077e0fdf4 5 bytes JMP 0000000100280048
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                 0000000077e0fe88 5 bytes JMP 00000001002802ee
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                              0000000077e0ffe4 5 bytes JMP 00000001002804b2
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                      0000000077e10018 5 bytes JMP 00000001002809fe
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                              0000000077e10048 5 bytes JMP 0000000100280ae0
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                           0000000077e10064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                              0000000077e1077c 5 bytes JMP 000000010028012a
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                  0000000077e1086c 5 bytes JMP 0000000100280758
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                            0000000077e10884 5 bytes JMP 0000000100280676
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                0000000077e10dd4 5 bytes JMP 00000001002803d0
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                          0000000077e11900 5 bytes JMP 0000000100280594
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                      0000000077e11bc4 5 bytes JMP 000000010028083a
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                             0000000077e11d50 5 bytes JMP 000000010028020c
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206            0000000075a0524f 7 bytes JMP 0000000100280f52
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                0000000075a053d0 7 bytes JMP 0000000100290210
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149               0000000075a05677 1 byte JMP 0000000100290048
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151               0000000075a05679 5 bytes {JMP 0xffffffff8a88a9d1}
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                      0000000075a0589a 7 bytes JMP 0000000100280ca6
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                      0000000075a05a1d 7 bytes JMP 00000001002903d8
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                 0000000075a05c9b 7 bytes JMP 000000010029012c
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                   0000000075a05d87 7 bytes JMP 00000001002902f4
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123  0000000075a07240 7 bytes JMP 0000000100280e6e
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                 0000000077151492 7 bytes JMP 00000001002904bc
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                0000000077e0fc90 5 bytes JMP 000000010015091c
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                              0000000077e0fdf4 5 bytes JMP 0000000100150048
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                       0000000077e0fe88 5 bytes JMP 00000001001502ee
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                    0000000077e0ffe4 5 bytes JMP 00000001001504b2
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                            0000000077e10018 5 bytes JMP 00000001001509fe
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                    0000000077e10048 5 bytes JMP 0000000100150ae0
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                 0000000077e10064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                    0000000077e1077c 5 bytes JMP 000000010015012a
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                        0000000077e1086c 5 bytes JMP 0000000100150758
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                  0000000077e10884 5 bytes JMP 0000000100150676
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                      0000000077e10dd4 5 bytes JMP 00000001001503d0
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                0000000077e11900 5 bytes JMP 0000000100150594
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                            0000000077e11bc4 5 bytes JMP 000000010015083a
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                   0000000077e11d50 5 bytes JMP 000000010015020c
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                       0000000077151492 7 bytes JMP 000000010016059e
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                  0000000075a0524f 7 bytes JMP 0000000100150f52
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                      0000000075a053d0 7 bytes JMP 0000000100160210
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                     0000000075a05677 1 byte JMP 0000000100160048
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                     0000000075a05679 5 bytes {JMP 0xffffffff8a75a9d1}
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                            0000000075a0589a 7 bytes JMP 0000000100150ca6
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                            0000000075a05a1d 7 bytes JMP 00000001001603d8
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                       0000000075a05c9b 7 bytes JMP 000000010016012c
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                         0000000075a05d87 7 bytes JMP 00000001001602f4
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123        0000000075a07240 7 bytes JMP 0000000100150e6e
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                0000000077e0fc90 5 bytes JMP 000000010018091c
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                              0000000077e0fdf4 5 bytes JMP 0000000100180048
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                       0000000077e0fe88 5 bytes JMP 00000001001802ee
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                    0000000077e0ffe4 5 bytes JMP 00000001001804b2
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                            0000000077e10018 5 bytes JMP 00000001001809fe
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                    0000000077e10048 5 bytes JMP 0000000100180ae0
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                 0000000077e10064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                    0000000077e1077c 5 bytes JMP 000000010018012a
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                        0000000077e1086c 5 bytes JMP 0000000100180758
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                  0000000077e10884 5 bytes JMP 0000000100180676
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                      0000000077e10dd4 5 bytes JMP 00000001001803d0
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                0000000077e11900 5 bytes JMP 0000000100180594
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                            0000000077e11bc4 5 bytes JMP 000000010018083a
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                   0000000077e11d50 5 bytes JMP 000000010018020c
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                  0000000075a0524f 7 bytes JMP 0000000100180f52
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                      0000000075a053d0 7 bytes JMP 0000000100190210
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                     0000000075a05677 1 byte JMP 0000000100190048
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                     0000000075a05679 5 bytes {JMP 0xffffffff8a78a9d1}
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                            0000000075a0589a 7 bytes JMP 0000000100180ca6
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                            0000000075a05a1d 7 bytes JMP 00000001001903d8
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                       0000000075a05c9b 7 bytes JMP 000000010019012c
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                         0000000075a05d87 7 bytes JMP 00000001001902f4
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123        0000000075a07240 7 bytes JMP 0000000100180e6e
.text   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                       0000000077151492 7 bytes JMP 000000010019059e
.text   C:\Windows\SysWOW64\svchost.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                      00000000768f1465 2 bytes [8F, 76]
.text   C:\Windows\SysWOW64\svchost.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                     00000000768f14bb 2 bytes [8F, 76]
.text   ...                                                                                                                                                * 2
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                            0000000077e0fc90 5 bytes JMP 000000010023091c
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                          0000000077e0fdf4 5 bytes JMP 0000000100230048
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                   0000000077e0fe88 5 bytes JMP 00000001002302ee
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                0000000077e0ffe4 5 bytes JMP 00000001002304b2
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                        0000000077e10018 5 bytes JMP 00000001002309fe
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                0000000077e10048 5 bytes JMP 0000000100230ae0
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                             0000000077e10064 5 bytes JMP 000000010002004c
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                0000000077e1077c 5 bytes JMP 000000010023012a
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                    0000000077e1086c 5 bytes JMP 0000000100230758
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                              0000000077e10884 5 bytes JMP 0000000100230676
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                  0000000077e10dd4 5 bytes JMP 00000001002303d0
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                            0000000077e11900 5 bytes JMP 0000000100230594
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                        0000000077e11bc4 5 bytes JMP 000000010023083a
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                               0000000077e11d50 5 bytes JMP 000000010023020c
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                   0000000077151492 7 bytes JMP 000000010024059e
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                              0000000075a0524f 7 bytes JMP 0000000100230f52
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                  0000000075a053d0 7 bytes JMP 0000000100240210
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                 0000000075a05677 1 byte JMP 0000000100240048
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                 0000000075a05679 5 bytes {JMP 0xffffffff8a83a9d1}
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                        0000000075a0589a 7 bytes JMP 0000000100230ca6
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                        0000000075a05a1d 7 bytes JMP 00000001002403d8
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                   0000000075a05c9b 7 bytes JMP 000000010024012c
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                     0000000075a05d87 7 bytes JMP 00000001002402f4
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                    0000000075a07240 7 bytes JMP 0000000100230e6e
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                            0000000072361a22 2 bytes [36, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                            0000000072361ad0 2 bytes [36, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                            0000000072361b08 2 bytes [36, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                            0000000072361bba 2 bytes [36, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                            0000000072361bda 2 bytes [36, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                     00000000768f1465 2 bytes [8F, 76]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    00000000768f14bb 2 bytes [8F, 76]
.text   ...                                                                                                                                                * 2
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                          0000000077e0fc90 5 bytes JMP 000000010028091c
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                        0000000077e0fdf4 5 bytes JMP 0000000100280048
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                 0000000077e0fe88 5 bytes JMP 00000001002802ee
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                              0000000077e0ffe4 5 bytes JMP 00000001002804b2
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                      0000000077e10018 5 bytes JMP 00000001002809fe
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                              0000000077e10048 5 bytes JMP 0000000100280ae0
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                           0000000077e10064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                              0000000077e1077c 5 bytes JMP 000000010028012a
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                  0000000077e1086c 5 bytes JMP 0000000100280758
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                            0000000077e10884 5 bytes JMP 0000000100280676
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                0000000077e10dd4 5 bytes JMP 00000001002803d0
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                          0000000077e11900 5 bytes JMP 0000000100280594
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                      0000000077e11bc4 5 bytes JMP 000000010028083a
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                             0000000077e11d50 5 bytes JMP 000000010028020c
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206            0000000075a0524f 7 bytes JMP 0000000100280f52
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                0000000075a053d0 7 bytes JMP 0000000100290210
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149               0000000075a05677 1 byte JMP 0000000100290048
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151               0000000075a05679 5 bytes {JMP 0xffffffff8a88a9d1}
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                      0000000075a0589a 7 bytes JMP 0000000100280ca6
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                      0000000075a05a1d 7 bytes JMP 00000001002903d8
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                 0000000075a05c9b 7 bytes JMP 000000010029012c
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                   0000000075a05d87 7 bytes JMP 00000001002902f4
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123  0000000075a07240 7 bytes JMP 0000000100280e6e
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                 0000000077151492 7 bytes JMP 000000010029059e
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                          0000000077e0fc90 5 bytes JMP 000000010023091c
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                        0000000077e0fdf4 5 bytes JMP 0000000100230048
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                 0000000077e0fe88 5 bytes JMP 00000001002302ee
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                              0000000077e0ffe4 5 bytes JMP 00000001002304b2
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                      0000000077e10018 5 bytes JMP 00000001002309fe
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                              0000000077e10048 5 bytes JMP 0000000100230ae0
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                           0000000077e10064 5 bytes JMP 000000010002004c
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                              0000000077e1077c 5 bytes JMP 000000010023012a
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                  0000000077e1086c 5 bytes JMP 0000000100230758
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                            0000000077e10884 5 bytes JMP 0000000100230676
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                0000000077e10dd4 5 bytes JMP 00000001002303d0
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                          0000000077e11900 5 bytes JMP 0000000100230594
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                      0000000077e11bc4 5 bytes JMP 000000010023083a
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                             0000000077e11d50 5 bytes JMP 000000010023020c
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                 0000000077151492 7 bytes JMP 000000010024059e
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                            0000000075a0524f 7 bytes JMP 0000000100230f52
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                0000000075a053d0 7 bytes JMP 0000000100240210
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                               0000000075a05677 1 byte JMP 0000000100240048
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                               0000000075a05679 5 bytes {JMP 0xffffffff8a83a9d1}
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                      0000000075a0589a 7 bytes JMP 0000000100230ca6
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                      0000000075a05a1d 7 bytes JMP 00000001002403d8
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                 0000000075a05c9b 7 bytes JMP 000000010024012c
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                   0000000075a05d87 7 bytes JMP 00000001002402f4
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                  0000000075a07240 7 bytes JMP 0000000100230e6e
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   00000000768f1465 2 bytes [8F, 76]
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000768f14bb 2 bytes [8F, 76]
.text   ...                                                                                                                                                * 2
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                          0000000077e0fc90 5 bytes JMP 00000001001c091c
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                        0000000077e0fdf4 5 bytes JMP 00000001001c0048
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                 0000000077e0fe88 5 bytes JMP 00000001001c02ee
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                              0000000077e0ffe4 5 bytes JMP 00000001001c04b2
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                      0000000077e10018 5 bytes JMP 00000001001c09fe
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                              0000000077e10048 5 bytes JMP 00000001001c0ae0
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                           0000000077e10064 5 bytes JMP 000000010002004c
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                              0000000077e1077c 5 bytes JMP 00000001001c012a
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                  0000000077e1086c 5 bytes JMP 00000001001c0758
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                            0000000077e10884 5 bytes JMP 00000001001c0676
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                0000000077e10dd4 5 bytes JMP 00000001001c03d0
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                          0000000077e11900 5 bytes JMP 00000001001c0594
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                      0000000077e11bc4 5 bytes JMP 00000001001c083a
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                             0000000077e11d50 5 bytes JMP 00000001001c020c
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                 0000000077151492 7 bytes JMP 00000001001d059e
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                            0000000075a0524f 7 bytes JMP 00000001001c0f52
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                0000000075a053d0 7 bytes JMP 00000001001d0210
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                               0000000075a05677 1 byte JMP 00000001001d0048
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                               0000000075a05679 5 bytes {JMP 0xffffffff8a7ca9d1}
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                      0000000075a0589a 7 bytes JMP 00000001001c0ca6
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                      0000000075a05a1d 7 bytes JMP 00000001001d03d8
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                 0000000075a05c9b 7 bytes JMP 00000001001d012c
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                   0000000075a05d87 7 bytes JMP 00000001001d02f4
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                  0000000075a07240 7 bytes JMP 00000001001c0e6e
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   00000000768f1465 2 bytes [8F, 76]
.text   C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000768f14bb 2 bytes [8F, 76]
.text   ...                                                                                                                                                * 2
.text   Z:\LOLReplay\LOLRecorder.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                         00000000768f1465 2 bytes [8F, 76]
.text   Z:\LOLReplay\LOLRecorder.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        00000000768f14bb 2 bytes [8F, 76]
.text   ...                                                                                                                                                * 2
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                               0000000077e0fc90 5 bytes JMP 000000010025091c
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                             0000000077e0fdf4 5 bytes JMP 0000000100250048
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                      0000000077e0fe88 5 bytes JMP 00000001002502ee
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                   0000000077e0ffe4 5 bytes JMP 00000001002504b2
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                           0000000077e10018 5 bytes JMP 00000001002509fe
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                   0000000077e10048 5 bytes JMP 0000000100250ae0
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                0000000077e10064 5 bytes JMP 000000010003004c
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                   0000000077e1077c 5 bytes JMP 000000010025012a
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                       0000000077e1086c 5 bytes JMP 0000000100250758
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                 0000000077e10884 5 bytes JMP 0000000100250676
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                     0000000077e10dd4 5 bytes JMP 00000001002503d0
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                               0000000077e11900 5 bytes JMP 0000000100250594
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                           0000000077e11bc4 5 bytes JMP 000000010025083a
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                  0000000077e11d50 5 bytes JMP 000000010025020c
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                 0000000075a0524f 7 bytes JMP 0000000100250f52
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                     0000000075a053d0 7 bytes JMP 0000000100260210
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                    0000000075a05677 1 byte JMP 0000000100260048
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                    0000000075a05679 5 bytes {JMP 0xffffffff8a85a9d1}
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                           0000000075a0589a 7 bytes JMP 0000000100250ca6
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                           0000000075a05a1d 7 bytes JMP 00000001002603d8
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                      0000000075a05c9b 7 bytes JMP 000000010026012c
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                        0000000075a05d87 7 bytes JMP 00000001002602f4
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                       0000000075a07240 7 bytes JMP 0000000100250e6e
.text   R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                      0000000077151492 7 bytes JMP 000000010026059e
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                   0000000077e0fc90 5 bytes JMP 000000010024091c
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                 0000000077e0fdf4 5 bytes JMP 0000000100240048
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                          0000000077e0fe88 5 bytes JMP 00000001002402ee
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                       0000000077e0ffe4 5 bytes JMP 00000001002404b2
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                               0000000077e10018 5 bytes JMP 00000001002409fe
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                       0000000077e10048 5 bytes JMP 0000000100240ae0
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                    0000000077e10064 5 bytes JMP 000000010002004c
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                       0000000077e1077c 5 bytes JMP 000000010024012a
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                           0000000077e1086c 5 bytes JMP 0000000100240758
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                     0000000077e10884 5 bytes JMP 0000000100240676
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                         0000000077e10dd4 5 bytes JMP 00000001002403d0
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                   0000000077e11900 5 bytes JMP 0000000100240594
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                               0000000077e11bc4 5 bytes JMP 000000010024083a
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                      0000000077e11d50 5 bytes JMP 000000010024020c
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                          0000000077151492 7 bytes JMP 000000010025059e
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                     0000000075a0524f 7 bytes JMP 0000000100240f52
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                         0000000075a053d0 7 bytes JMP 0000000100250210
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                        0000000075a05677 1 byte JMP 0000000100250048
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                        0000000075a05679 5 bytes {JMP 0xffffffff8a84a9d1}
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                               0000000075a0589a 7 bytes JMP 0000000100240ca6
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                               0000000075a05a1d 7 bytes JMP 00000001002503d8
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                          0000000075a05c9b 7 bytes JMP 000000010025012c
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                            0000000075a05d87 7 bytes JMP 00000001002502f4
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                           0000000075a07240 7 bytes JMP 0000000100240e6e
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                 0000000077e0fc90 5 bytes JMP 000000010028091c
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                               0000000077e0fdf4 5 bytes JMP 0000000100280048
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                        0000000077e0fe88 5 bytes JMP 00000001002802ee
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                     0000000077e0ffe4 5 bytes JMP 00000001002804b2
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                             0000000077e10018 5 bytes JMP 00000001002809fe
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                     0000000077e10048 5 bytes JMP 0000000100280ae0
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                  0000000077e10064 5 bytes JMP 000000010002004c
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                     0000000077e1077c 5 bytes JMP 000000010028012a
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                         0000000077e1086c 5 bytes JMP 0000000100280758
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                   0000000077e10884 5 bytes JMP 0000000100280676
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                       0000000077e10dd4 5 bytes JMP 00000001002803d0
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                 0000000077e11900 5 bytes JMP 0000000100280594
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                             0000000077e11bc4 5 bytes JMP 000000010028083a
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                    0000000077e11d50 5 bytes JMP 000000010028020c
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                        0000000077151492 7 bytes JMP 000000010029059e
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                   0000000075a0524f 7 bytes JMP 0000000100280f52
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                       0000000075a053d0 7 bytes JMP 0000000100290210
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                      0000000075a05677 1 byte JMP 0000000100290048
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                      0000000075a05679 5 bytes {JMP 0xffffffff8a88a9d1}
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                             0000000075a0589a 7 bytes JMP 0000000100280ca6
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                             0000000075a05a1d 7 bytes JMP 00000001002903d8
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                        0000000075a05c9b 7 bytes JMP 000000010029012c
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                          0000000075a05d87 7 bytes JMP 00000001002902f4
.text   Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                         0000000075a07240 7 bytes JMP 0000000100280e6e
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                            0000000077e0fc90 5 bytes JMP 000000010029091c
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                          0000000077e0fdf4 5 bytes JMP 0000000100290048
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                   0000000077e0fe88 5 bytes JMP 00000001002902ee
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                0000000077e0ffe4 5 bytes JMP 00000001002904b2
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                        0000000077e10018 5 bytes JMP 00000001002909fe
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                0000000077e10048 5 bytes JMP 0000000100290ae0
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                             0000000077e10064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                0000000077e1077c 5 bytes JMP 000000010029012a
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                    0000000077e1086c 5 bytes JMP 0000000100290758
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                              0000000077e10884 5 bytes JMP 0000000100290676
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                  0000000077e10dd4 5 bytes JMP 00000001002903d0
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                            0000000077e11900 5 bytes JMP 0000000100290594
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                        0000000077e11bc4 5 bytes JMP 000000010029083a
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                               0000000077e11d50 5 bytes JMP 000000010029020c
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206              0000000075a0524f 7 bytes JMP 0000000100290f52
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                  0000000075a053d0 7 bytes JMP 00000001002a0210
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                 0000000075a05677 1 byte JMP 00000001002a0048
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                 0000000075a05679 5 bytes {JMP 0xffffffff8a89a9d1}
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                        0000000075a0589a 7 bytes JMP 0000000100290ca6
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                        0000000075a05a1d 7 bytes JMP 00000001002a03d8
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                   0000000075a05c9b 7 bytes JMP 00000001002a012c
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                     0000000075a05d87 7 bytes JMP 00000001002a02f4
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123    0000000075a07240 7 bytes JMP 0000000100290e6e
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                   0000000077151492 7 bytes JMP 00000001002a059e
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                           0000000077e0fc90 5 bytes JMP 000000010028091c
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                         0000000077e0fdf4 5 bytes JMP 0000000100280048
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                  0000000077e0fe88 5 bytes JMP 00000001002802ee
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                               0000000077e0ffe4 5 bytes JMP 00000001002804b2
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                       0000000077e10018 5 bytes JMP 00000001002809fe
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                               0000000077e10048 5 bytes JMP 0000000100280ae0
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                            0000000077e10064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                               0000000077e1077c 5 bytes JMP 000000010028012a
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                   0000000077e1086c 5 bytes JMP 0000000100280758
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                             0000000077e10884 5 bytes JMP 0000000100280676
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                 0000000077e10dd4 5 bytes JMP 00000001002803d0
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                           0000000077e11900 5 bytes JMP 0000000100280594
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                       0000000077e11bc4 5 bytes JMP 000000010028083a
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                              0000000077e11d50 5 bytes JMP 000000010028020c
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                             0000000075a0524f 7 bytes JMP 0000000100280f52
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                 0000000075a053d0 7 bytes JMP 0000000100290210
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                0000000075a05677 1 byte JMP 0000000100290048
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                0000000075a05679 5 bytes {JMP 0xffffffff8a88a9d1}
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                       0000000075a0589a 7 bytes JMP 0000000100280ca6
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                       0000000075a05a1d 7 bytes JMP 00000001002903d8
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                  0000000075a05c9b 7 bytes JMP 000000010029012c
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                    0000000075a05d87 7 bytes JMP 00000001002902f4
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                   0000000075a07240 7 bytes JMP 0000000100280e6e
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                  0000000077151492 7 bytes JMP 0000000100290762
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000768f1465 2 bytes [8F, 76]
.text   C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000768f14bb 2 bytes [8F, 76]
.text   ...                                                                                                                                                * 2
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                              0000000077e0fc90 5 bytes JMP 000000010028091c
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                            0000000077e0fdf4 5 bytes JMP 0000000100280048
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                     0000000077e0fe88 5 bytes JMP 00000001002802ee
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                  0000000077e0ffe4 5 bytes JMP 00000001002804b2
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                          0000000077e10018 5 bytes JMP 00000001002809fe
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                  0000000077e10048 5 bytes JMP 0000000100280ae0
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                               0000000077e10064 5 bytes JMP 000000010002004c
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                  0000000077e1077c 5 bytes JMP 000000010028012a
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                      0000000077e1086c 5 bytes JMP 0000000100280758
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                0000000077e10884 5 bytes JMP 0000000100280676
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                    0000000077e10dd4 5 bytes JMP 00000001002803d0
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                              0000000077e11900 5 bytes JMP 0000000100280594
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                          0000000077e11bc4 5 bytes JMP 000000010028083a
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                 0000000077e11d50 5 bytes JMP 000000010028020c
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                0000000075a0524f 7 bytes JMP 0000000100280f52
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                    0000000075a053d0 7 bytes JMP 0000000100290210
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                   0000000075a05677 1 byte JMP 0000000100290048
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                   0000000075a05679 5 bytes {JMP 0xffffffff8a88a9d1}
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                          0000000075a0589a 7 bytes JMP 0000000100280ca6
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                          0000000075a05a1d 7 bytes JMP 00000001002903d8
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                     0000000075a05c9b 7 bytes JMP 000000010029012c
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                       0000000075a05d87 7 bytes JMP 00000001002902f4
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                      0000000075a07240 7 bytes JMP 0000000100280e6e
.text   Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                     0000000077151492 7 bytes JMP 00000001002904bc

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5236:5784]                                                                                     000007fefc0e2a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5236:5812]                                                                                     000007feee43d618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5236:5844]                                                                                     000007feee43d618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5236:5848]                                                                                     000007feee43d618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5236:5440]                                                                                     000007feee3d9730
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5236:5520]                                                                                     000007feee43d618

---- EOF - GMER 2.1 ----
         
Malware Bytes

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.19.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
K :: CARPEDIEM [Administrator]

Schutz: Aktiviert

19.07.2013 23:05:25
mbam-log-2013-07-19 (23-05-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|R:\|Z:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343728
Laufzeit: 1 Stunde(n), 34 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
B:\$RECYCLE.BIN\S-1-5-21-2664304544-449774840-1103248043-1012\$RBGGZQ9.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
B:\$RECYCLE.BIN\S-1-5-21-2664304544-449774840-1103248043-1012\$RSKYHPH.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
B:\Eigene Dokumente\PSP+PC Sachen\PC\Microsoft Office\Microsoft.Office.Professional.Plus.2010.x64.German.VL.Edition-Bart\Dox\mini-KMS_Activator_v1.052.exe (Riskware.Keygen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
B:\Eigene Dokumente\PSP+PC Sachen\PC\Spiele\Orcs Must Die!\TDU5k.exe (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\K\AppData\Local\Temp\7iZwaIMT.zip.part (Malware.Packer.RH1Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Falls der Reinigungsvorgang sehr aufwändig ist und man sich auch danach nicht ganz sicher sein kann, hätte ich folgende Fragen:

1. Kann man den Trojaner (und alles was er ggf. mitgeschleppt hat) durch eine Formatierung aller Festplatten vollständig entfernen ?

2. Falls ja, gibt es eine Möglichkeit meine eigenen Dateien (Musik, Dokumente, etc.) zu sichern, ohne die Gefahr eine Schadsoftware mitzuschleppen ? Dafür ist vllt noch wichtig zu wissen, dass ich die Ordner Download/Musik/Bilder/Dokumente/Videos auf einer anderen Festplatte habe wie mein Betriebssystem und meine Programme.

Geändert von HalloX1990 (20.07.2013 um 19:21 Uhr)

Alt 20.07.2013, 20:13   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Von GVU-Trojaner befallen (Win7) - Standard

Von GVU-Trojaner befallen (Win7)



Wenn Du formatierst ist alles sauber, Daten kannste sichern, da passiert nix.
Passwörter würde ich ändern.

Wir können den aber bereinigen.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.07.2013, 00:00   #6
HalloX1990
 
Von GVU-Trojaner befallen (Win7) - Standard

Von GVU-Trojaner befallen (Win7)



Sind Passwörter auch zu ändern, falls ich sie seit dem ersten visuellen Erscheinen des Trojaners nie benutzt habe ? Gespeichert sind sie lediglich in meinem Kopf.
Und meine eigenen Dateien sind und waren also zu jeder Zeit unbeeinträchtigt von der Schadsoftware ?
Zusätzlich würde mich noch interessieren, ob ich irgendwie prüfen kann (oder du es schon tust), ob auf meinem System noch irgendwelche Schadsoftware, unabhängig von dem GVU-Trojaner, vorhanden ist.

Hier nun die vier Logfiles.

AdwCleaner
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 21/07/2013 um 00:36:13 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : K - CARPEDIEM
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\K\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6esg80sw.default\extensions\webbooster@iminent.com.xpi
Datei Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ij9ke9cb.Test\extensions\webbooster@iminent.com.xpi
Datei Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ij9ke9cb.Test\searchplugins\delta.xml
Datei Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Schnitzel?\AppData\Roaming\Mozilla\Firefox\Profiles\dqrn137x.default\extensions\webbooster@iminent.com.xpi
Datei Gelöscht : C:\Users\Schnitzel?\AppData\Roaming\Mozilla\Firefox\Profiles\dqrn137x.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\LyricsContainer
Ordner Gelöscht : C:\Program Files (x86)\LyricsPal
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6esg80sw.default\extensions\staged
Ordner Gelöscht : C:\Users\K\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\K\AppData\Local\Temp\Iminent
Ordner Gelöscht : C:\Users\K\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\K\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\K\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\4xh1b7px.default\extensions\plugin@getwebcake.com
Ordner Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ij9ke9cb.Test\extensions\plugin@getwebcake.com
Ordner Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\extensions\plugin@getwebcake.com
Ordner Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zlh6tra1.default\extensions\plugin@getwebcake.com
Ordner Gelöscht : C:\Users\K\AppData\Roaming\WebCake
Ordner Gelöscht : C:\Users\Schnitzel?\AppData\Roaming\Mozilla\Firefox\Profiles\dqrn137x.default\CT3201318
Ordner Gelöscht : C:\Users\Schnitzel?\AppData\Roaming\Mozilla\Firefox\Profiles\dqrn137x.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}
Ordner Gelöscht : C:\Users\Schnitzel?\AppData\Roaming\Mozilla\Firefox\Profiles\dqrn137x.default\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Datei : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\4xh1b7px.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ij9ke9cb.Test\prefs.js

C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ij9ke9cb.Test\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

Datei : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\prefs.js

C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\user.js ... Gelöscht !

Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Datei : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zlh6tra1.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Schnitzel?\AppData\Roaming\Mozilla\Firefox\Profiles\dqrn137x.default\prefs.js

Gelöscht : user_pref("CT3201318.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT3201318.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT3201318.1000234.TWC_TMP_city", "DUSSELDORF");
Gelöscht : user_pref("CT3201318.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT3201318.1000515.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscroll=0,titlebar=1,closebut[...]
Gelöscht : user_pref("CT3201318.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3201318.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT3201318.Facebook_Mode", "2");
Gelöscht : user_pref("CT3201318.Facebook_User_Locale", "de");
Gelöscht : user_pref("CT3201318.FirstTime", "true");
Gelöscht : user_pref("CT3201318.FirstTimeFF3", "true");
Gelöscht : user_pref("CT3201318.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT320[...]
Gelöscht : user_pref("CT3201318.UserID", "UN86501314189890481");
Gelöscht : user_pref("CT3201318.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT3201318.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT3201318.embeddedsData", "[{\"appId\":\"129768733323172459\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT3201318.enableAlerts", "always");
Gelöscht : user_pref("CT3201318.event_data", "%5B%5D");
Gelöscht : user_pref("CT3201318.fired_events", "");
Gelöscht : user_pref("CT3201318.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT3201318.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT3201318.fixUrls", true);
Gelöscht : user_pref("CT3201318.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3201318.isNewTabEnabled", true);
Gelöscht : user_pref("CT3201318.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT3201318.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT3201318.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3201318.key_date", "15");
Gelöscht : user_pref("CT3201318.keyword", true);
Gelöscht : user_pref("CT3201318.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.google.de%2F[...]
Gelöscht : user_pref("CT3201318.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"][...]
Gelöscht : user_pref("CT3201318.search.searchAppId", "129768733323172459");
Gelöscht : user_pref("CT3201318.search.searchCount", "1");
Gelöscht : user_pref("CT3201318.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT3201318.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3201318.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT3201318.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT3201318.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT3201318.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344515931179");
Gelöscht : user_pref("CT3201318.serviceLayer_services_appTracking_lastUpdate", "1344515820161");
Gelöscht : user_pref("CT3201318.serviceLayer_services_appsMetadata_lastUpdate", "1344867869221");
Gelöscht : user_pref("CT3201318.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344860977021");
Gelöscht : user_pref("CT3201318.serviceLayer_services_login_10.10.20.14_lastUpdate", "1344860857046");
Gelöscht : user_pref("CT3201318.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13447[...]
Gelöscht : user_pref("CT3201318.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13447[...]
Gelöscht : user_pref("CT3201318.serviceLayer_services_optimizer_lastUpdate", "1344867870003");
Gelöscht : user_pref("CT3201318.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344860977047");
Gelöscht : user_pref("CT3201318.serviceLayer_services_searchAPI_lastUpdate", "1344860857030");
Gelöscht : user_pref("CT3201318.serviceLayer_services_serviceMap_lastUpdate", "1344860856736");
Gelöscht : user_pref("CT3201318.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344860976976");
Gelöscht : user_pref("CT3201318.serviceLayer_services_toolbarSettings_lastUpdate", "1344867869237");
Gelöscht : user_pref("CT3201318.serviceLayer_services_translation_lastUpdate", "1344860856868");
Gelöscht : user_pref("CT3201318.settingsINI", true);
Gelöscht : user_pref("CT3201318.smartbar.CTID", "CT3201318");
Gelöscht : user_pref("CT3201318.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT3201318.smartbar.homepage", true);
Gelöscht : user_pref("CT3201318.smartbar.toolbarName", "FLV Runner ");
Gelöscht : user_pref("CT3201318.toolbarBornServerTime", "10-7-2012");
Gelöscht : user_pref("CT3201318.toolbarCurrentServerTime", "13-8-2012");
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "FLV Runner Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318[...]
Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://de.search.yah[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3201318");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=13");
Gelöscht : user_pref("iminent.webbooster.scripts.minibar.SOFTONICREFRESHRATE", "140000");
Gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.SOFTONICREFRESHRATE", "140000");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&q=[...]

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6esg80sw.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [12488 octets] - [21/07/2013 00:36:13]

########## EOF - C:\AdwCleaner[S1].txt - [12549 octets] ##########
         

JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.7 (07.20.2013:1)
OS: Windows 7 Home Premium x64
Ran by K on 21.07.2013 at  0:43:39,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\K\appdata\local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.07.2013 at  0:48:56,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by K (administrator) on 21-07-2013 00:51:29
Running from C:\Users\K\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(LOL Replay) Z:\LOLReplay\LOLRecorder.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Acronis) R:\Acronis\TrueImageHome\TrueImageMonitor.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2-ui.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Mozilla Corporation) R:\Mozilla\firefox.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - R:\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [VIAAUD] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe [x]
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\K\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Skype] - R:\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
MountPoints2: {09595dbc-48d3-11e1-ab79-002522d5e445} - E:\SETUP.EXE
MountPoints2: {0cf3f0ef-484e-11e1-a8fb-806e6f6e6963} - G:\autorun.exe
MountPoints2: {14d72354-c938-11e2-b8d1-002522fa314a} - E:\pushinst.exe
MountPoints2: {c2be7f0f-5fd8-11e2-83a9-002522fa314a} - E:\Startme.exe
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - "R:\Acronis\TrueImageHome\TrueImageMonitor.exe" [5587832 2011-09-22] (Acronis)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "Z:\Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKU\Schnitzel♥\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Schnitzel♥\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe [x] <===== ATTENTION
HKU\Schnitzel♥\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Schnitzel♥\...\Command Processor: "C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe" <===== ATTENTION!
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [97280 2009-07-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> Z:\LOLReplay\LOLRecorder.exe (LOL Replay)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - R:\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Z:\Java\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - R:\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Java\bin\jp2ssv.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Path=Profiles\ij9ke9cb.Test
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - Z:\Java\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - R:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - Z:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - R:\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: No Name - C:\Users\K\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF StartMenuInternet: FIREFOX.EXE - R:\Mozilla\firefox.exe

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 Hamachi2Svc; Z:\Hamachi\hamachi-2.exe [2452912 2012-11-12] (LogMeIn Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; R:\Microsoft Office\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-11] ()
S2 SkypeUpdate; R:\Skype\Updater\Updater.exe [162408 2013-06-03] (Skype Technologies)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-02-22] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-11] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-06-25] (hxxp://libusb-win32.sourceforge.net)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-02-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130719.020\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130719.020\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130719.020\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130719.020\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-06-24] (Sony Ericsson Mobile Communications)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\K\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz130; \??\C:\Users\K\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 SANDRA; \??\R:\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\Sandra.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]
S3 X6va005; \??\C:\Users\K\AppData\Local\Temp\0055E90.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:50 - 2013-07-21 00:36 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:42 - 2013-07-21 00:39 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:35 - 2013-07-21 00:34 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 23:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-13 03:05 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 03:05 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 03:05 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 03:05 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 09:37 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 09:37 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 09:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 09:37 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 09:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 09:36 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 09:36 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 18:07 - 2013-04-11 16:12 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:34 - 2013-07-11 14:42 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:32 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 13:57 - 2013-07-10 14:13 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:51 - 2013-07-10 00:55 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-10 00:47 - 2013-07-10 14:19 - 00000000 ____D C:\ProgramData\Solidshield
2013-06-26 01:44 - 2013-05-30 15:11 - 06040792 _____ B:\Eigene Dokumente\com.android.vending-4.1.10.apk
2013-06-25 15:36 - 2013-06-25 15:35 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:38 - 2013-06-27 09:43 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-25 12:38 - 2013-06-25 12:39 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:38 - 2013-06-25 12:39 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:36 - 2011-08-05 16:44 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-24 23:47 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk

==================== One Month Modified Files and Folders =======

2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:50 - 2012-06-20 19:08 - 19115385 _____ C:\Windows\setupact.log
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:45 - 2012-04-03 10:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 00:45 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 00:45 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:43 - 2012-08-23 17:34 - 00000000 ____D C:\Users\K\AppData\Roaming\Skype
2013-07-21 00:43 - 2009-07-14 19:58 - 08935834 _____ C:\Windows\system32\perfh007.dat
2013-07-21 00:43 - 2009-07-14 19:58 - 02717866 _____ C:\Windows\system32\perfc007.dat
2013-07-21 00:43 - 2009-07-14 07:13 - 00006458 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 00:39 - 2013-07-21 00:42 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:38 - 2012-05-05 01:58 - 00000000 ____D C:\Users\K\AppData\Local\LogMeIn Hamachi
2013-07-21 00:37 - 2012-08-01 18:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-21 00:37 - 2012-01-26 20:05 - 01903477 _____ C:\Windows\WindowsUpdate.log
2013-07-21 00:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 00:36 - 2013-07-21 00:50 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:34 - 2013-07-21 00:35 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-20 18:41 - 2013-05-28 13:02 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-07-20 18:41 - 2013-05-28 13:02 - 00001552 _____ C:\Windows\LkmdfCoInst.log
2013-07-20 12:01 - 2012-02-09 21:17 - 00000000 ____D C:\Users\K\AppData\Local\Adobe
2013-07-20 00:07 - 2012-01-26 20:13 - 01526972 _____ C:\Windows\PFRO.log
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:18 - 2012-01-26 20:05 - 00000000 ____D C:\Users\K
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 22:35 - 2013-01-16 17:18 - 00451590 _____ C:\Windows\DPINST.LOG
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-17 22:51 - 2012-05-14 13:07 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\Skype
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-17 17:29 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\Adobe
2013-07-17 17:21 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\LogMeIn Hamachi
2013-07-14 20:22 - 2012-04-04 15:16 - 00000000 ____D C:\Users\K\AppData\Local\CrashDumps
2013-07-13 23:12 - 2012-03-20 21:42 - 00000000 ____D C:\Users\K\AppData\Roaming\TS3Client
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 03:26 - 2009-07-14 06:45 - 05035272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 03:25 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 03:06 - 2012-02-12 23:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-13 03:05 - 2012-02-10 15:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 14:42 - 2013-07-11 14:34 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:41 - 2013-07-11 14:32 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-11 14:38 - 2012-01-26 20:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-10 22:04 - 2012-01-30 19:01 - 00445492 _____ C:\Windows\DirectX.log
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 14:19 - 2013-07-10 00:47 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-10 14:19 - 2013-05-30 20:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-10 14:19 - 2012-05-13 13:23 - 00000000 ____D C:\Users\Gast
2013-07-10 14:19 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥
2013-07-10 14:19 - 2012-02-24 03:22 - 00000000 ____D C:\Users\K\AppData\Local\Akamai
2013-07-10 14:19 - 2012-01-26 20:18 - 00000000 ____D C:\ProgramData\Norton
2013-07-10 14:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-10 14:13 - 2013-07-10 13:57 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:55 - 2013-07-10 00:51 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-06 12:27 - 2012-02-07 01:28 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-06 00:46 - 2012-01-30 20:52 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-06 00:46 - 2012-01-30 19:02 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-06 00:45 - 2012-01-30 19:02 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-06 00:01 - 2012-10-17 20:44 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-07-04 12:24 - 2012-01-31 19:35 - 00000000 ____D C:\ProgramData\Skype
2013-06-27 09:43 - 2013-06-25 12:38 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-26 22:50 - 2012-12-22 18:36 - 00000000 ____D B:\Eigene Dokumente\Sonstiges
2013-06-25 15:35 - 2013-06-25 15:36 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:39 - 2013-06-25 12:38 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:39 - 2013-06-25 12:38 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:38 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-06-24 23:47 - 2013-06-23 18:56 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 14:21 - 2013-01-16 17:18 - 00000000 ____D C:\Program Files (x86)\Sony
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk

ZeroAccess:
C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}
C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L

ZeroAccess:
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\@
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\U

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 03:56

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2013
Ran by K at 2013-07-21 00:51:53
Running from C:\Users\K\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.20 (x32)
Acronis*True*Image*Home 2011 (x32 Version: 14.0.6942)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Download Assistant (x32 Version: 1.2.5)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
AMD Catalyst Install Manager (Version: 8.0.873.0)
AMP WinOFF 5.0.1 (x32 Version: 5.0.1)
ANNO 1404 - Königsedition (x32 Version: 3.10.0000)
ANNO 1602 (x32)
Bamboo (Version: 5.3.0-3)
Bamboo Dock (x32 Version: 4.1)
Bamboo Dock (x32 Version: 4.1.0)
Bandisoft MPEG-1 Decoder (x32)
Battlefield 3™ (x32 Version: 1.5.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Borderlands 2 (x32)
Catalyst Control Center InstallProxy (x32 Version: 2012.0405.2205.37728)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
DAEMON Tools Lite (x32 Version: 4.45.4.0315)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Disneys Donald Duck (x32)
Dota 2 (x32)
ESN Sonar (x32 Version: 0.70.4)
EVGA Precision X 3.0.4 (x32 Version: 3.0.4)
Firefall (x32)
Flashtool (x32 Version: 0.9.10.1)
Fraps (x32)
Free YouTube Download version 3.2.1.320 (x32 Version: 3.2.1.320)
Free YouTube to MP3 Converter version 3.12.2.430 (x32 Version: 3.12.2.430)
Geeks3D.com FurMark 1.9.2 (x32)
GUILD WARS (x32)
ID CPU-Z 1.59
Java 7 Update 15 (64-bit) (Version: 7.0.150)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
JavaFX 2.1.0 (x32 Version: 2.1.0)
League of Legends (x32 Version: 3.0.1)
Logitech Gaming Software (Version: 8.45.88)
Logitech Gaming Software 8.46 (Version: 8.46.27)
LogMeIn Hamachi (x32 Version: 2.1.0.215)
LOLReplay (x32 Version: 0.8.1.4)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mass Effect (x32 Version: 1.00)
Mass Effect 2 (x32 Version: 1.02)
Mass Effect™ 3 (x32 Version: 1.05.0.0)
Media Add-ons für Acronis True Image Home 2011 (x32 Version: 14.0.6942)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 15.0 (x86 de) (x32 Version: 15.0)
Mozilla Firefox 22.0 (x86 de) (HKCU Version: 22.0)
Mozilla Maintenance Service (x32 Version: 15.0)
Need for Speed™ Carbon (x32)
Norton Internet Security (x32 Version: 20.4.0.40)
Notepad++ (x32 Version: 5.9.8)
NVIDIA 3D Vision Controller-Treiber 314.22 (Version: 314.22)
NVIDIA 3D Vision Treiber 314.22 (Version: 314.22)
NVIDIA Grafiktreiber 314.22 (Version: 314.22)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.115.743)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422)
NVIDIA Systemsteuerung 314.22 (Version: 314.22)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OpenAL (x32)
Orcs Must Die! 2 (x32)
Origin (x32 Version: 8.5.0.4554)
Pando Media Booster (x32 Version: 2.6.0.7)
PDF Settings CS6 (x32 Version: 11.0)
Picasa 3 (x32 Version: 3.9)
Platform (x32 Version: 1.34)
PlayStation(R)Network Downloader (x32 Version: 2.07.00849)
PlayStation(R)Store (x32 Version: 4.12.6.14870)
Plus Pack für Acronis True Image Home 2011 (x32 Version: 14.0.6942)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14)
PunkBuster Services (x32 Version: 0.993)
RollerCoaster Tycoon 3 (x32)
SixaxisPairTool 0.2.3 (x32 Version: 0.2.3)
Skype™ 6.5 (x32 Version: 6.5.158)
Sony Ericsson Update Engine (x32 Version: 2.13.7.201306141231)
Sony Mobile Update Service (x32 Version: 2.13.6.201305161305)
Sony PC Companion 2.10.165 (x32 Version: 2.10.165)
SpeedFan (remove only) (x32)
StarCraft II (x32 Version: 2.0.7.25293)
Steam (x32 Version: 1.0.0.0)
SUPER © +Recorder.2013.55 (Mar 7, 2013) Version +Recorder.2013. (x32 Version: +Recorder.2013.55)
TeamSpeak 3 Client (HKCU Version: 3.0.10.1)
Torchlight II Demo (x32)
TP-LINK 150Mbps Mini Wireless N USB Adapter Driver (x32 Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VIA Plattform-Geräte-Manager (x32 Version: 1.34)
VLC media player 2.0.6 (Version: 2.0.6)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.2)
WebTablet FB Plugin 64 bit (Version: 2.1.0.2)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.11 (64-Bit) (Version: 4.11.0)
Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777)

==================== Restore Points  =========================

19-07-2013 20:34:52 Sony PC Companion

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0670E661-C097-4388-816D-46C992F7BA90} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2664304544-449774840-1103248043-1005 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {094D7195-7DE3-496E-9C98-B1C4B6A83013} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe No File
Task: {1B15D443-3D4D-4E06-B6ED-EF868E8E19ED} - System32\Tasks\Game_Booster_Startup => R:\Game Booster 3\gbtray.exe No File
Task: {1D007D67-8D5A-4483-933F-2A9F5BEC2074} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {2BEDCDB7-8F9F-4BDE-ABD3-D2C23EE840CF} - System32\Tasks\AdobeAAMUpdater-1.0-CARPEDIEM-Schnitzel♥ => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-12-15] (Adobe Systems Incorporated)
Task: {3DD1835D-861A-4E66-BB15-D0A6D20FA4CA} - System32\Tasks\{C6D9C50A-16D6-4997-93C9-FE54C193C7B0} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-06-12] (Microsoft Corporation)
Task: {3E531437-8CBD-441A-B1FB-7F89DC7B0DDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {5818F365-AA6D-4048-AFFD-6D0704D3C5A1} - System32\Tasks\AdobeAAMUpdater-1.0-K-PC-K => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-12-15] (Adobe Systems Incorporated)
Task: {6865DF86-42EF-442D-A893-C30025F750A1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {856F5262-AB09-413F-9DB3-6BD031C64CE3} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {86A1FA6C-348D-402D-B6C4-11C9D8B37DEC} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2664304544-449774840-1103248043-1012 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {91B92699-9AF9-4436-96C8-93437F446B2A} - System32\Tasks\{7F3B150B-D69E-49CA-8399-91DD90358105} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-06-12] (Microsoft Corporation)
Task: {AAB149BC-55B7-41CE-8813-1EC9C7B30C2A} - System32\Tasks\{0050A4A6-3E17-4269-A8D5-3862BA4F7594} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-06-12] (Microsoft Corporation)
Task: {CCCD86D9-90BF-4A4E-A6A1-6F4D8A637DE7} - System32\Tasks\AdobeAAMUpdater-1.0-K-PC-Besucher => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-12-15] (Adobe Systems Incorporated)
Task: {CF7FDD0B-D994-4FE6-963A-BCD603D0A81B} - System32\Tasks\{188C9377-25F9-4DFB-9462-33774CB33A4D} => r:\mozilla\firefox.exe [2013-07-06] (Mozilla Corporation)
Task: {D6C40FD2-BBDB-4F0A-9B51-53DEB8C60654} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {DBAB1E85-A40A-4359-B9F2-B48AB695D7F5} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {E32919B8-DD05-471C-9F78-4EE16C6B43C8} - System32\Tasks\{8A426A9D-E7DC-4D32-BD15-5F11AAD45987} => r:\mozilla\firefox.exe [2013-07-06] (Mozilla Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (07/21/2013 00:50:43 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-02-02 19:27:54.927
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\K\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-02-02 19:27:54.872
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\K\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-02-02 19:27:54.691
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-02-02 19:27:54.635
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 28%
Total physical RAM: 8191.3 MB
Available physical RAM: 5861.5 MB
Total Pagefile: 10237.49 MB
Available Pagefile: 7730.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive b: () (Fixed) (Total:232.28 GB) (Free:73.84 GB) NTFS
Drive c: () (Fixed) (Total:59.53 GB) (Free:3.69 GB) NTFS (Disk=1 Partition=2)
Drive g: (ANNO1602) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS
Drive r: () (Fixed) (Total:135.72 GB) (Free:1.35 GB) NTFS
Drive z: (Volume) (Fixed) (Total:97.75 GB) (Free:8.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4F802181)
Partition 1: (Not Active) - (Size=101 MB) - (Type=42)
Partition 2: (Active) - (Size=136 GB) - (Type=42)
Partition 3: (Not Active) - (Size=330 GB) - (Type=42)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 05687B5A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 21.07.2013, 14:51   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Von GVU-Trojaner befallen (Win7) - Standard

Von GVU-Trojaner befallen (Win7)



Zitat:
Zusätzlich würde mich noch interessieren, ob ich irgendwie prüfen kann (oder du es schon tust), ob auf meinem System noch irgendwelche Schadsoftware, unabhängig von dem GVU-Trojaner, vorhanden ist.
Ich prüfe das komplette System
Deine Daten wie Dokumente, Musik und Videos sind sicher, da es keine Infektion mit einem File Infector ist.

Noch nen Onlinescan, dann entfernen wir Reste und sollten durch sein


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.07.2013, 20:14   #8
HalloX1990
 
Von GVU-Trojaner befallen (Win7) - Standard

Von GVU-Trojaner befallen (Win7)



ESET Logfile

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3cfe97b91c190444b1377de9cb4fc612
# engine=14479
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-21 07:06:01
# local_time=2013-07-21 09:06:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 888031 137030146 0 0
# compatibility_mode=5893 16776574 100 94 0 126063411 0 0
# scanned=332444
# found=4
# cleaned=0
# scan_time=13124
sh=56CF3F22BFBD6F2AFE33780DDB4673BB0CB14A82 ft=0 fh=0000000000000000 vn="Win32/Virut.NBP virus" ac=I fn="B:\Eigene Dokumente\PSP+PC Sachen\PC\Spiele\Fallout 3\fallout3d.7z"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Virut.NBP virus" ac=I fn="B:\Eigene Dokumente\PSP+PC Sachen\PC\Spiele\Fallout 3\fallout3d.iso"
sh=F85ACC6D44ED37D5C487581495CD52F644911B2B ft=1 fh=b11cb89f3457cf6c vn="Win32/Virut.NBP virus" ac=I fn="B:\Eigene Dokumente\PSP+PC Sachen\PC\Spiele\Fallout 3\FalloutLauncher.exe"
sh=A484889565807F2EC957AC0C9D8DFA6639E34B7F ft=1 fh=63b662d5288806d9 vn="multiple threats" ac=I fn="C:\Windows\Temp\Optimizer_Pro.exe"
         
Security Check

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.70  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 JavaFX 2.1.0    
 Java 7 Update 17  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox 15.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by K (administrator) on 21-07-2013 21:11:53
Running from C:\Users\K\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) R:\Skype\Phone\Skype.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(LOL Replay) Z:\LOLReplay\LOLRecorder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Acronis) R:\Acronis\TrueImageHome\TrueImageMonitor.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2-ui.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Almico Software (www.almico.com)) R:\SpeedFan\speedfan.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Mozilla Corporation) R:\Mozilla\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - R:\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [VIAAUD] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe [x]
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\K\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Skype] - R:\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
MountPoints2: {09595dbc-48d3-11e1-ab79-002522d5e445} - E:\SETUP.EXE
MountPoints2: {0cf3f0ef-484e-11e1-a8fb-806e6f6e6963} - G:\autorun.exe
MountPoints2: {14d72354-c938-11e2-b8d1-002522fa314a} - E:\pushinst.exe
MountPoints2: {c2be7f0f-5fd8-11e2-83a9-002522fa314a} - E:\Startme.exe
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - "R:\Acronis\TrueImageHome\TrueImageMonitor.exe" [5587832 2011-09-22] (Acronis)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "Z:\Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKU\Schnitzel♥\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Schnitzel♥\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe [x] <===== ATTENTION
HKU\Schnitzel♥\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Schnitzel♥\...\Command Processor: "C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe" <===== ATTENTION!
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [97280 2009-07-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> Z:\LOLReplay\LOLRecorder.exe (LOL Replay)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - R:\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Z:\Java\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - R:\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Java\bin\jp2ssv.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Path=Profiles\ij9ke9cb.Test
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - Z:\Java\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - R:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - Z:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - R:\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: No Name - C:\Users\K\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF StartMenuInternet: FIREFOX.EXE - R:\Mozilla\firefox.exe

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 Hamachi2Svc; Z:\Hamachi\hamachi-2.exe [2452912 2012-11-12] (LogMeIn Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; R:\Microsoft Office\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-11] ()
S2 SkypeUpdate; R:\Skype\Updater\Updater.exe [162408 2013-06-03] (Skype Technologies)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-02-22] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-11] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-06-25] (hxxp://libusb-win32.sourceforge.net)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-02-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-06-24] (Sony Ericsson Mobile Communications)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\K\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz130; \??\C:\Users\K\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 SANDRA; \??\R:\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\Sandra.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]
S3 X6va005; \??\C:\Users\K\AppData\Local\Temp\0055E90.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-21 21:10 - 2013-07-21 21:09 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 17:25 - 2013-07-21 17:22 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:50 - 2013-07-21 00:36 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:42 - 2013-07-21 00:39 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:35 - 2013-07-21 00:34 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 23:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-13 03:05 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 03:05 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 03:05 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 03:05 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 09:37 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 09:37 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 09:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 09:37 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 09:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 09:36 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 09:36 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 18:07 - 2013-04-11 16:12 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:34 - 2013-07-11 14:42 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:32 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 13:57 - 2013-07-10 14:13 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:51 - 2013-07-10 00:55 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-10 00:47 - 2013-07-10 14:19 - 00000000 ____D C:\ProgramData\Solidshield
2013-06-26 01:44 - 2013-05-30 15:11 - 06040792 _____ B:\Eigene Dokumente\com.android.vending-4.1.10.apk
2013-06-25 15:36 - 2013-06-25 15:35 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:38 - 2013-06-27 09:43 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-25 12:38 - 2013-06-25 12:39 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:38 - 2013-06-25 12:39 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:36 - 2011-08-05 16:44 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-24 23:47 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk

==================== One Month Modified Files and Folders =======

2013-07-21 21:09 - 2013-07-21 21:10 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 21:07 - 2012-06-20 19:08 - 19116169 _____ C:\Windows\setupact.log
2013-07-21 20:45 - 2012-04-03 10:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 20:41 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 20:41 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 20:37 - 2012-01-26 20:05 - 01928814 _____ C:\Windows\WindowsUpdate.log
2013-07-21 17:31 - 2012-02-09 21:17 - 00000000 ____D C:\Users\K\AppData\Local\Adobe
2013-07-21 17:25 - 2009-07-14 19:58 - 08950544 _____ C:\Windows\system32\perfh007.dat
2013-07-21 17:25 - 2009-07-14 19:58 - 02722552 _____ C:\Windows\system32\perfc007.dat
2013-07-21 17:25 - 2009-07-14 07:13 - 00006458 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 17:22 - 2013-07-21 17:25 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 17:21 - 2012-08-01 18:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-21 17:21 - 2012-05-05 01:58 - 00000000 ____D C:\Users\K\AppData\Local\LogMeIn Hamachi
2013-07-21 17:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 12:24 - 2012-08-23 17:34 - 00000000 ____D C:\Users\K\AppData\Roaming\Skype
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:39 - 2013-07-21 00:42 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:50 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:34 - 2013-07-21 00:35 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-20 18:41 - 2013-05-28 13:02 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-07-20 18:41 - 2013-05-28 13:02 - 00001552 _____ C:\Windows\LkmdfCoInst.log
2013-07-20 00:07 - 2012-01-26 20:13 - 01526972 _____ C:\Windows\PFRO.log
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:18 - 2012-01-26 20:05 - 00000000 ____D C:\Users\K
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 22:35 - 2013-01-16 17:18 - 00451590 _____ C:\Windows\DPINST.LOG
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-17 22:51 - 2012-05-14 13:07 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\Skype
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-17 17:29 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\Adobe
2013-07-17 17:21 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\LogMeIn Hamachi
2013-07-14 20:22 - 2012-04-04 15:16 - 00000000 ____D C:\Users\K\AppData\Local\CrashDumps
2013-07-13 23:12 - 2012-03-20 21:42 - 00000000 ____D C:\Users\K\AppData\Roaming\TS3Client
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 03:26 - 2009-07-14 06:45 - 05035272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 03:25 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 03:06 - 2012-02-12 23:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-13 03:05 - 2012-02-10 15:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 14:42 - 2013-07-11 14:34 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:41 - 2013-07-11 14:32 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-11 14:38 - 2012-01-26 20:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-10 22:04 - 2012-01-30 19:01 - 00445492 _____ C:\Windows\DirectX.log
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 14:19 - 2013-07-10 00:47 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-10 14:19 - 2013-05-30 20:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-10 14:19 - 2012-05-13 13:23 - 00000000 ____D C:\Users\Gast
2013-07-10 14:19 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥
2013-07-10 14:19 - 2012-02-24 03:22 - 00000000 ____D C:\Users\K\AppData\Local\Akamai
2013-07-10 14:19 - 2012-01-26 20:18 - 00000000 ____D C:\ProgramData\Norton
2013-07-10 14:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-10 14:13 - 2013-07-10 13:57 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:55 - 2013-07-10 00:51 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-06 12:27 - 2012-02-07 01:28 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-06 00:46 - 2012-01-30 20:52 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-06 00:46 - 2012-01-30 19:02 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-06 00:45 - 2012-01-30 19:02 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-06 00:01 - 2012-10-17 20:44 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-07-04 12:24 - 2012-01-31 19:35 - 00000000 ____D C:\ProgramData\Skype
2013-06-27 09:43 - 2013-06-25 12:38 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-26 22:50 - 2012-12-22 18:36 - 00000000 ____D B:\Eigene Dokumente\Sonstiges
2013-06-25 15:35 - 2013-06-25 15:36 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:39 - 2013-06-25 12:38 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:39 - 2013-06-25 12:38 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:38 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-06-24 23:47 - 2013-06-23 18:56 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 14:21 - 2013-01-16 17:18 - 00000000 ____D C:\Program Files (x86)\Sony
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk

ZeroAccess:
C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}
C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L

ZeroAccess:
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\@
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\U

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 03:56

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Was hat denn dieses virut.NBP in den eigenen Dokumenten zu bedeuten ? (Ich erinnere mich diesen Ordner vor Monaten von der externen Festplatte eines Kumpels kopiert zu haben)
Hab mir grade das hier durchgelesen: hxxp://www.eset.com/us/threat-center/encyclopedia/threats/win32virutnbp/
Klingt garnicht gut ? Können wir meinen PC gleich rundum von jedweder Malware befreien ?

Geändert von HalloX1990 (21.07.2013 um 20:37 Uhr)

Alt 21.07.2013, 21:27   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Von GVU-Trojaner befallen (Win7) - Standard

Von GVU-Trojaner befallen (Win7)



Java, Adobe und Firefox updaten. Fallout löschen.

Zitat:
Können wir meinen PC gleich rundum von jedweder Malware befreien ?
Haben wir schon

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ZeroAccess:
C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}
C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L

ZeroAccess:
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\@
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\U
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



und ein frisches FRST log bitte. Noch probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.07.2013, 21:52   #10
HalloX1990
 
Von GVU-Trojaner befallen (Win7) - Standard

Von GVU-Trojaner befallen (Win7)



Also vor dem Durchführen der folgenden Schritte kann ich immer noch nicht auf den befallenen Benutzeraccount, dort kommt noch "...exe" konnte nicht ausgeführt werden (.. erneut irgendeine Kombination) auf schwarzem Hintergrund mit weißer Schrift.

Nun die zwei *.txt nach den ausgeführten Schritten:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2013
Ran by K at 2013-07-21 22:48:26 Run:1
Running from C:\Users\K\Desktop
Boot Mode: Normal
==============================================

C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93} => Moved successfully.
"C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L" => File/Directory not found.
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93} => Moved successfully.
"C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\@" => File/Directory not found.
"C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L" => File/Directory not found.
"C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\U" => File/Directory not found.

==== End of Fixlog ====
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by K (administrator) on 21-07-2013 22:48:58
Running from C:\Users\K\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) R:\Skype\Phone\Skype.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(LOL Replay) Z:\LOLReplay\LOLRecorder.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Acronis) R:\Acronis\TrueImageHome\TrueImageMonitor.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2-ui.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Mozilla Corporation) R:\Mozilla\firefox.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Almico Software (www.almico.com)) R:\SpeedFan\speedfan.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - R:\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [VIAAUD] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe [x]
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\K\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Skype] - R:\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
MountPoints2: {09595dbc-48d3-11e1-ab79-002522d5e445} - E:\SETUP.EXE
MountPoints2: {0cf3f0ef-484e-11e1-a8fb-806e6f6e6963} - G:\autorun.exe
MountPoints2: {14d72354-c938-11e2-b8d1-002522fa314a} - E:\pushinst.exe
MountPoints2: {c2be7f0f-5fd8-11e2-83a9-002522fa314a} - E:\Startme.exe
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - "R:\Acronis\TrueImageHome\TrueImageMonitor.exe" [5587832 2011-09-22] (Acronis)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "Z:\Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKU\Schnitzel♥\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Schnitzel♥\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe [x] <===== ATTENTION
HKU\Schnitzel♥\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Schnitzel♥\...\Command Processor: "C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe" <===== ATTENTION!
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [97280 2009-07-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> Z:\LOLReplay\LOLRecorder.exe (LOL Replay)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - R:\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Z:\Java\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - R:\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Java\bin\jp2ssv.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Path=Profiles\ij9ke9cb.Test
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - Z:\Java\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - R:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - Z:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - R:\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: No Name - C:\Users\K\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF StartMenuInternet: FIREFOX.EXE - R:\Mozilla\firefox.exe

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 Hamachi2Svc; Z:\Hamachi\hamachi-2.exe [2452912 2012-11-12] (LogMeIn Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; R:\Microsoft Office\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-11] ()
S2 SkypeUpdate; R:\Skype\Updater\Updater.exe [162408 2013-06-03] (Skype Technologies)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-02-22] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-11] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-06-25] (hxxp://libusb-win32.sourceforge.net)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-02-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-06-24] (Sony Ericsson Mobile Communications)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\K\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz130; \??\C:\Users\K\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 SANDRA; \??\R:\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\Sandra.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]
S3 X6va005; \??\C:\Users\K\AppData\Local\Temp\0055E90.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-21 21:10 - 2013-07-21 21:09 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 17:25 - 2013-07-21 17:22 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:50 - 2013-07-21 00:36 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:42 - 2013-07-21 00:39 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:35 - 2013-07-21 00:34 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 23:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-13 03:05 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 03:05 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 03:05 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 03:05 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 09:37 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 09:37 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 09:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 09:37 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 09:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 09:36 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 09:36 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 18:07 - 2013-04-11 16:12 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:34 - 2013-07-11 14:42 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:32 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 13:57 - 2013-07-10 14:13 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:51 - 2013-07-10 00:55 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-10 00:47 - 2013-07-10 14:19 - 00000000 ____D C:\ProgramData\Solidshield
2013-06-26 01:44 - 2013-05-30 15:11 - 06040792 _____ B:\Eigene Dokumente\com.android.vending-4.1.10.apk
2013-06-25 15:36 - 2013-06-25 15:35 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:38 - 2013-06-27 09:43 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-25 12:38 - 2013-06-25 12:39 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:38 - 2013-06-25 12:39 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:36 - 2011-08-05 16:44 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-24 23:47 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk

==================== One Month Modified Files and Folders =======

2013-07-21 22:45 - 2012-08-23 17:34 - 00000000 ____D C:\Users\K\AppData\Roaming\Skype
2013-07-21 22:45 - 2012-06-20 19:08 - 19116449 _____ C:\Windows\setupact.log
2013-07-21 22:45 - 2012-04-03 10:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 21:25 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 21:25 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 21:22 - 2009-07-14 19:58 - 08965254 _____ C:\Windows\system32\perfh007.dat
2013-07-21 21:22 - 2009-07-14 19:58 - 02727238 _____ C:\Windows\system32\perfc007.dat
2013-07-21 21:22 - 2009-07-14 07:13 - 00006458 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 21:18 - 2012-08-01 18:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-21 21:18 - 2012-05-05 01:58 - 00000000 ____D C:\Users\K\AppData\Local\LogMeIn Hamachi
2013-07-21 21:18 - 2012-01-26 20:13 - 01527806 _____ C:\Windows\PFRO.log
2013-07-21 21:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 21:09 - 2013-07-21 21:10 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 20:37 - 2012-01-26 20:05 - 01935021 _____ C:\Windows\WindowsUpdate.log
2013-07-21 17:31 - 2012-02-09 21:17 - 00000000 ____D C:\Users\K\AppData\Local\Adobe
2013-07-21 17:22 - 2013-07-21 17:25 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:39 - 2013-07-21 00:42 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:50 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:34 - 2013-07-21 00:35 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-20 18:41 - 2013-05-28 13:02 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-07-20 18:41 - 2013-05-28 13:02 - 00001552 _____ C:\Windows\LkmdfCoInst.log
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:18 - 2012-01-26 20:05 - 00000000 ____D C:\Users\K
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 22:35 - 2013-01-16 17:18 - 00451590 _____ C:\Windows\DPINST.LOG
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-17 22:51 - 2012-05-14 13:07 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\Skype
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-17 17:29 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\Adobe
2013-07-17 17:21 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\LogMeIn Hamachi
2013-07-14 20:22 - 2012-04-04 15:16 - 00000000 ____D C:\Users\K\AppData\Local\CrashDumps
2013-07-13 23:12 - 2012-03-20 21:42 - 00000000 ____D C:\Users\K\AppData\Roaming\TS3Client
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 03:26 - 2009-07-14 06:45 - 05035272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 03:25 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 03:06 - 2012-02-12 23:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-13 03:05 - 2012-02-10 15:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 14:42 - 2013-07-11 14:34 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:41 - 2013-07-11 14:32 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-11 14:38 - 2012-01-26 20:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-10 22:04 - 2012-01-30 19:01 - 00445492 _____ C:\Windows\DirectX.log
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 14:19 - 2013-07-10 00:47 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-10 14:19 - 2013-05-30 20:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-10 14:19 - 2012-05-13 13:23 - 00000000 ____D C:\Users\Gast
2013-07-10 14:19 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥
2013-07-10 14:19 - 2012-02-24 03:22 - 00000000 ____D C:\Users\K\AppData\Local\Akamai
2013-07-10 14:19 - 2012-01-26 20:18 - 00000000 ____D C:\ProgramData\Norton
2013-07-10 14:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-10 14:13 - 2013-07-10 13:57 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:55 - 2013-07-10 00:51 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-06 12:27 - 2012-02-07 01:28 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-06 00:46 - 2012-01-30 20:52 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-06 00:46 - 2012-01-30 19:02 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-06 00:45 - 2012-01-30 19:02 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-06 00:01 - 2012-10-17 20:44 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-07-04 12:24 - 2012-01-31 19:35 - 00000000 ____D C:\ProgramData\Skype
2013-06-27 09:43 - 2013-06-25 12:38 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-26 22:50 - 2012-12-22 18:36 - 00000000 ____D B:\Eigene Dokumente\Sonstiges
2013-06-25 15:35 - 2013-06-25 15:36 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:39 - 2013-06-25 12:38 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:39 - 2013-06-25 12:38 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:38 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-06-24 23:47 - 2013-06-23 18:56 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 14:21 - 2013-01-16 17:18 - 00000000 ____D C:\Program Files (x86)\Sony
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 03:56

==================== End Of Log ============================
         
--- --- ---



Ich habe nun nochmal nachgeschaut, es öffnet sich die cmd.exe, wenn ich mich in das Benutzerkonto einlogge.
Inhalt:

"...
Der Befehl ""C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe"" ist entweder falsch geschrieben oder konnte nicht gefunden werden.
C:\Windows\system32>
"

diese *.exe ist die Datei, welche ich wie beschrieben ganz am Anfang einfach gelöscht habe.


Edit:
Sry, vergessen Java, Adobe und Firefox zu updaten, mache ich grade noch.
Hier nochmal der FRST Log nach dem Updaten von Java, Adobe und Firefox.



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by K (administrator) on 21-07-2013 23:07:38
Running from C:\Users\K\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) R:\Skype\Phone\Skype.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(LOL Replay) Z:\LOLReplay\LOLRecorder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Acronis) R:\Acronis\TrueImageHome\TrueImageMonitor.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - R:\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [VIAAUD] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe [x]
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\K\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Skype] - R:\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Runonce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [x]
MountPoints2: {09595dbc-48d3-11e1-ab79-002522d5e445} - E:\SETUP.EXE
MountPoints2: {0cf3f0ef-484e-11e1-a8fb-806e6f6e6963} - G:\autorun.exe
MountPoints2: {14d72354-c938-11e2-b8d1-002522fa314a} - E:\pushinst.exe
MountPoints2: {c2be7f0f-5fd8-11e2-83a9-002522fa314a} - E:\Startme.exe
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - "R:\Acronis\TrueImageHome\TrueImageMonitor.exe" [5587832 2011-09-22] (Acronis)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "Z:\Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Schnitzel♥\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Schnitzel♥\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe [x] <===== ATTENTION
HKU\Schnitzel♥\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Schnitzel♥\...\Command Processor: "C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe" <===== ATTENTION!
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [97280 2009-07-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> Z:\LOLReplay\LOLRecorder.exe (LOL Replay)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - R:\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Z:\Java\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - R:\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Java\bin\jp2ssv.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Path=Profiles\ij9ke9cb.Test
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - Z:\Java\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - R:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - Z:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - R:\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: No Name - C:\Users\K\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF StartMenuInternet: FIREFOX.EXE - R:\Mozilla\firefox.exe

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 Hamachi2Svc; Z:\Hamachi\hamachi-2.exe [2452912 2012-11-12] (LogMeIn Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; R:\Microsoft Office\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-11] ()
S2 SkypeUpdate; R:\Skype\Updater\Updater.exe [162408 2013-06-03] (Skype Technologies)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-02-22] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-11] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-06-25] (hxxp://libusb-win32.sourceforge.net)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-02-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-06-24] (Sony Ericsson Mobile Communications)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\K\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz130; \??\C:\Users\K\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 SANDRA; \??\R:\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\Sandra.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]
S3 X6va005; \??\C:\Users\K\AppData\Local\Temp\0055E90.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-21 23:02 - 2013-07-21 23:02 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 23:02 - 2013-07-21 23:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 21:10 - 2013-07-21 21:09 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 17:25 - 2013-07-21 17:22 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:50 - 2013-07-21 00:36 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:42 - 2013-07-21 00:39 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:35 - 2013-07-21 00:34 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 23:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-13 03:05 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 03:05 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 03:05 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 03:05 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 09:37 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 09:37 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 09:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 09:37 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 09:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 09:36 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 09:36 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 18:07 - 2013-04-11 16:12 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:34 - 2013-07-11 14:42 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:32 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 13:57 - 2013-07-10 14:13 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:51 - 2013-07-10 00:55 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-10 00:47 - 2013-07-10 14:19 - 00000000 ____D C:\ProgramData\Solidshield
2013-06-26 01:44 - 2013-05-30 15:11 - 06040792 _____ B:\Eigene Dokumente\com.android.vending-4.1.10.apk
2013-06-25 15:36 - 2013-06-25 15:35 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:38 - 2013-06-27 09:43 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-25 12:38 - 2013-06-25 12:39 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:38 - 2013-06-25 12:39 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:36 - 2011-08-05 16:44 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-24 23:47 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk

==================== One Month Modified Files and Folders =======

2013-07-21 23:06 - 2012-04-03 10:32 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-21 23:06 - 2012-04-03 10:32 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-21 23:06 - 2012-04-03 10:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 23:06 - 2012-01-27 00:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-21 23:05 - 2012-02-09 21:17 - 00000000 ____D C:\Users\K\AppData\Local\Adobe
2013-07-21 23:04 - 2012-09-03 09:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-21 23:04 - 2012-01-27 00:28 - 00000602 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-21 23:02 - 2013-07-21 23:02 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 23:02 - 2013-07-21 23:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 23:02 - 2012-05-13 15:50 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-21 23:02 - 2012-05-13 15:50 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-21 23:01 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 23:01 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 22:59 - 2009-07-14 19:58 - 08979964 _____ C:\Windows\system32\perfh007.dat
2013-07-21 22:59 - 2009-07-14 19:58 - 02731924 _____ C:\Windows\system32\perfc007.dat
2013-07-21 22:59 - 2009-07-14 07:13 - 00006458 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 22:54 - 2012-08-01 18:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-21 22:54 - 2012-06-20 19:08 - 19116505 _____ C:\Windows\setupact.log
2013-07-21 22:54 - 2012-05-05 01:58 - 00000000 ____D C:\Users\K\AppData\Local\LogMeIn Hamachi
2013-07-21 22:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 22:53 - 2012-01-26 20:05 - 01942364 _____ C:\Windows\WindowsUpdate.log
2013-07-21 22:45 - 2012-08-23 17:34 - 00000000 ____D C:\Users\K\AppData\Roaming\Skype
2013-07-21 21:18 - 2012-01-26 20:13 - 01527806 _____ C:\Windows\PFRO.log
2013-07-21 21:09 - 2013-07-21 21:10 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 17:22 - 2013-07-21 17:25 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:39 - 2013-07-21 00:42 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:50 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:34 - 2013-07-21 00:35 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-20 18:41 - 2013-05-28 13:02 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-07-20 18:41 - 2013-05-28 13:02 - 00001552 _____ C:\Windows\LkmdfCoInst.log
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:18 - 2012-01-26 20:05 - 00000000 ____D C:\Users\K
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 22:35 - 2013-01-16 17:18 - 00451590 _____ C:\Windows\DPINST.LOG
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-17 22:51 - 2012-05-14 13:07 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\Skype
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-17 17:29 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\Adobe
2013-07-17 17:21 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\LogMeIn Hamachi
2013-07-14 20:22 - 2012-04-04 15:16 - 00000000 ____D C:\Users\K\AppData\Local\CrashDumps
2013-07-13 23:12 - 2012-03-20 21:42 - 00000000 ____D C:\Users\K\AppData\Roaming\TS3Client
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 03:26 - 2009-07-14 06:45 - 05035272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 03:25 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 03:06 - 2012-02-12 23:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-13 03:05 - 2012-02-10 15:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 14:42 - 2013-07-11 14:34 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:41 - 2013-07-11 14:32 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-11 14:38 - 2012-01-26 20:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-10 22:04 - 2012-01-30 19:01 - 00445492 _____ C:\Windows\DirectX.log
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 14:19 - 2013-07-10 00:47 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-10 14:19 - 2013-05-30 20:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-10 14:19 - 2012-05-13 13:23 - 00000000 ____D C:\Users\Gast
2013-07-10 14:19 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥
2013-07-10 14:19 - 2012-02-24 03:22 - 00000000 ____D C:\Users\K\AppData\Local\Akamai
2013-07-10 14:19 - 2012-01-26 20:18 - 00000000 ____D C:\ProgramData\Norton
2013-07-10 14:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-10 14:13 - 2013-07-10 13:57 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:55 - 2013-07-10 00:51 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-06 12:27 - 2012-02-07 01:28 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-06 00:46 - 2012-01-30 20:52 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-06 00:46 - 2012-01-30 19:02 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-06 00:45 - 2012-01-30 19:02 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-06 00:01 - 2012-10-17 20:44 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-07-04 12:24 - 2012-01-31 19:35 - 00000000 ____D C:\ProgramData\Skype
2013-06-27 09:43 - 2013-06-25 12:38 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-26 22:50 - 2012-12-22 18:36 - 00000000 ____D B:\Eigene Dokumente\Sonstiges
2013-06-25 15:35 - 2013-06-25 15:36 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:39 - 2013-06-25 12:38 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:39 - 2013-06-25 12:38 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:38 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-06-24 23:47 - 2013-06-23 18:56 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 14:21 - 2013-01-16 17:18 - 00000000 ____D C:\Program Files (x86)\Sony
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 03:56

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Geändert von HalloX1990 (21.07.2013 um 22:09 Uhr)

Alt 22.07.2013, 08:29   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Von GVU-Trojaner befallen (Win7) - Standard

Von GVU-Trojaner befallen (Win7)



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\Schnitzel♥\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe [x] <===== ATTENTION
HKU\Schnitzel♥\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Schnitzel♥\...\Command Processor: "C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe" <===== ATTENTION!
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [97280 2009-07-14] ()
S3 X6va005; \??\C:\Users\K\AppData\Local\Temp\0055E90.tmp [x]
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-10 13:57 - 2013-07-10 14:13 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Geht es jetzt?

Frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.07.2013, 11:16   #12
HalloX1990
 
Von GVU-Trojaner befallen (Win7) - Standard

Von GVU-Trojaner befallen (Win7)



Es ist wieder möglich sich auf dem befallenen Benutzerkonto anzumelden. Sind damit aber wirklich alle Malwares und Reste entfernt, oder sollte ich noch irgendwelche Schritte einleiten ?

Um ehrlich zu sein habe ich trotz allem ein mulmiges Gefühl und möchte den PC, wenn er sauber ist, formatieren und mein System neu installieren.
Zuvor möchte ich jedoch noch einige eigene Dokumente auf meine externe Festplatte sichern, allerdings diesmal nicht als Image, sondern einfach den Inhalt meiner vier Ordner (also Musik, Dokumente, Videos, Bilder).
Wie kann ich denn komplett sicher gehen, dass ich keine ungewollte Schadsoftware mitziehe und wie kann ich dann, sobald ich Win7 neu installiert habe, meine externe Festplatte + meinen USB erneut überprüfen um nochmal völlig sicher zu gehen ?
Das klingt jetzt vielleicht ein bisschen Paranoid, aber ich will einfach ein sauberes System ohne Probleme tief im System.


Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2013
Ran by K at 2013-07-22 12:14:30 Run:2
Running from C:\Users\K\Desktop
Boot Mode: Normal
==============================================

HKU\Schnitzel♥\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Schnitzel♥\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Schnitzel♥\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
X6va005 => Service deleted successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Schnitzel♥\AppData\Roaming\2433f433 => Moved successfully.
C:\Users\Schnitzel♥\AppData\Local\2433f433 => Moved successfully.
C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl => Moved successfully.
"C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe" => File/Directory not found.

==== End of Fixlog ====
         

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by K (administrator) on 22-07-2013 12:15:35
Running from C:\Users\K\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) R:\Skype\Phone\Skype.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(LOL Replay) Z:\LOLReplay\LOLRecorder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Acronis) R:\Acronis\TrueImageHome\TrueImageMonitor.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Almico Software (www.almico.com)) R:\SpeedFan\speedfan.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) R:\Mozilla\firefox.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - R:\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [VIAAUD] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe [x]
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\K\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Skype] - R:\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Runonce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [x]
MountPoints2: {09595dbc-48d3-11e1-ab79-002522d5e445} - E:\SETUP.EXE
MountPoints2: {0cf3f0ef-484e-11e1-a8fb-806e6f6e6963} - G:\autorun.exe
MountPoints2: {14d72354-c938-11e2-b8d1-002522fa314a} - E:\pushinst.exe
MountPoints2: {c2be7f0f-5fd8-11e2-83a9-002522fa314a} - E:\Startme.exe
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - "R:\Acronis\TrueImageHome\TrueImageMonitor.exe" [5587832 2011-09-22] (Acronis)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "Z:\Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Schnitzel♥\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> Z:\LOLReplay\LOLRecorder.exe (LOL Replay)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - R:\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Z:\Java\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - R:\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Java\bin\jp2ssv.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Path=Profiles\ij9ke9cb.Test
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - Z:\Java\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - R:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - Z:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - R:\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: No Name - C:\Users\K\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF StartMenuInternet: FIREFOX.EXE - R:\Mozilla\firefox.exe

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 Hamachi2Svc; Z:\Hamachi\hamachi-2.exe [2452912 2012-11-12] (LogMeIn Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; R:\Microsoft Office\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-11] ()
S2 SkypeUpdate; R:\Skype\Updater\Updater.exe [162408 2013-06-03] (Skype Technologies)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-02-22] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-11] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-06-25] (hxxp://libusb-win32.sourceforge.net)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-02-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130721.020\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130721.020\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130721.020\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130721.020\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-06-24] (Sony Ericsson Mobile Communications)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\K\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz130; \??\C:\Users\K\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 SANDRA; \??\R:\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\Sandra.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-21 23:02 - 2013-07-21 23:02 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 23:02 - 2013-07-21 23:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 21:10 - 2013-07-21 21:09 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 17:25 - 2013-07-21 17:22 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-22 12:13 - 01779363 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:50 - 2013-07-21 00:36 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:42 - 2013-07-21 00:39 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:35 - 2013-07-21 00:34 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 23:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-13 03:05 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 03:05 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 03:05 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 03:05 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 09:37 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 09:37 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 09:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 09:37 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 09:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 09:36 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 09:36 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 18:07 - 2013-04-11 16:12 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:34 - 2013-07-11 14:42 - 00001389 _____ C:\Users\Public\Desktop\LoL.lnk
2013-07-11 14:32 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:51 - 2013-07-10 00:55 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-10 00:47 - 2013-07-10 14:19 - 00000000 ____D C:\ProgramData\Solidshield
2013-06-26 01:44 - 2013-05-30 15:11 - 06040792 _____ B:\Eigene Dokumente\com.android.vending-4.1.10.apk
2013-06-25 15:36 - 2013-06-25 15:35 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:38 - 2013-06-27 09:43 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-25 12:38 - 2013-06-25 12:39 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:38 - 2013-06-25 12:39 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:36 - 2011-08-05 16:44 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-24 23:47 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk

==================== One Month Modified Files and Folders =======

2013-07-22 12:13 - 2013-07-21 00:50 - 01779363 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-22 12:00 - 2012-08-23 17:34 - 00000000 ____D C:\Users\K\AppData\Roaming\Skype
2013-07-22 12:00 - 2012-06-20 19:08 - 19117233 _____ C:\Windows\setupact.log
2013-07-22 12:00 - 2012-04-03 10:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 12:00 - 2012-02-09 21:17 - 00000000 ____D C:\Users\K\AppData\Local\Adobe
2013-07-21 23:45 - 2012-01-26 20:05 - 01946097 _____ C:\Windows\WindowsUpdate.log
2013-07-21 23:06 - 2012-04-03 10:32 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-21 23:06 - 2012-04-03 10:32 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-21 23:06 - 2012-01-27 00:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-21 23:04 - 2012-09-03 09:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-21 23:04 - 2012-01-27 00:28 - 00000602 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-21 23:02 - 2013-07-21 23:02 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 23:02 - 2013-07-21 23:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 23:02 - 2012-05-13 15:50 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-21 23:02 - 2012-05-13 15:50 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-21 23:01 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 23:01 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 22:59 - 2009-07-14 19:58 - 08979964 _____ C:\Windows\system32\perfh007.dat
2013-07-21 22:59 - 2009-07-14 19:58 - 02731924 _____ C:\Windows\system32\perfc007.dat
2013-07-21 22:59 - 2009-07-14 07:13 - 00006458 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 22:54 - 2012-08-01 18:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-21 22:54 - 2012-05-05 01:58 - 00000000 ____D C:\Users\K\AppData\Local\LogMeIn Hamachi
2013-07-21 22:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 21:18 - 2012-01-26 20:13 - 01527806 _____ C:\Windows\PFRO.log
2013-07-21 21:09 - 2013-07-21 21:10 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 17:22 - 2013-07-21 17:25 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:39 - 2013-07-21 00:42 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:50 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:34 - 2013-07-21 00:35 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-20 18:41 - 2013-05-28 13:02 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-07-20 18:41 - 2013-05-28 13:02 - 00001552 _____ C:\Windows\LkmdfCoInst.log
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:18 - 2012-01-26 20:05 - 00000000 ____D C:\Users\K
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 22:35 - 2013-01-16 17:18 - 00451590 _____ C:\Windows\DPINST.LOG
2013-07-17 22:51 - 2012-05-14 13:07 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\Skype
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-17 17:29 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\Adobe
2013-07-17 17:21 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\LogMeIn Hamachi
2013-07-14 20:22 - 2012-04-04 15:16 - 00000000 ____D C:\Users\K\AppData\Local\CrashDumps
2013-07-13 23:12 - 2012-03-20 21:42 - 00000000 ____D C:\Users\K\AppData\Roaming\TS3Client
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 03:26 - 2009-07-14 06:45 - 05035272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 03:25 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 03:06 - 2012-02-12 23:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-13 03:05 - 2012-02-10 15:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 14:42 - 2013-07-11 14:34 - 00001389 _____ C:\Users\Public\Desktop\LoL.lnk
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:41 - 2013-07-11 14:32 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-11 14:38 - 2012-01-26 20:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-10 22:04 - 2012-01-30 19:01 - 00445492 _____ C:\Windows\DirectX.log
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 14:19 - 2013-07-10 00:47 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-10 14:19 - 2013-05-30 20:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-10 14:19 - 2012-05-13 13:23 - 00000000 ____D C:\Users\Gast
2013-07-10 14:19 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥
2013-07-10 14:19 - 2012-02-24 03:22 - 00000000 ____D C:\Users\K\AppData\Local\Akamai
2013-07-10 14:19 - 2012-01-26 20:18 - 00000000 ____D C:\ProgramData\Norton
2013-07-10 14:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:55 - 2013-07-10 00:51 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-06 12:27 - 2012-02-07 01:28 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-06 00:46 - 2012-01-30 20:52 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-06 00:46 - 2012-01-30 19:02 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-06 00:45 - 2012-01-30 19:02 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-06 00:01 - 2012-10-17 20:44 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-07-04 12:24 - 2012-01-31 19:35 - 00000000 ____D C:\ProgramData\Skype
2013-06-27 09:43 - 2013-06-25 12:38 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-26 22:50 - 2012-12-22 18:36 - 00000000 ____D B:\Eigene Dokumente\Sonstiges
2013-06-25 15:35 - 2013-06-25 15:36 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:39 - 2013-06-25 12:38 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:39 - 2013-06-25 12:38 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:38 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-06-24 23:47 - 2013-06-23 18:56 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 14:21 - 2013-01-16 17:18 - 00000000 ____D C:\Program Files (x86)\Sony
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 03:56

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Geändert von HalloX1990 (22.07.2013 um 12:15 Uhr)

Alt 22.07.2013, 13:32   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Von GVU-Trojaner befallen (Win7) - Standard

Von GVU-Trojaner befallen (Win7)



Einfach rüberkopieren, die Dateien sollten in Ordnung sein. Vor dem Zurückspielen einmal mit deinem AV Programm scannen, evtl ESET Onlinescan.

Von den Treibern alle installieren die für das Betriebssystem angeboten werden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.07.2013, 13:58   #14
HalloX1990
 
Von GVU-Trojaner befallen (Win7) - Standard

Von GVU-Trojaner befallen (Win7)



Okay, danke.

Was sie scanns angeht, einfach mit Rechtsklick auf die angeschlossene Festplatte und Scan starten, oder was beachten ?

Alt 22.07.2013, 14:07   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Von GVU-Trojaner befallen (Win7) - Standard

Von GVU-Trojaner befallen (Win7)



Nö genau so einfach scannen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Von GVU-Trojaner befallen (Win7)
abgebrochen, adware.agent, befallen, bytes, einloggen, entfernen, faust, frage, gelöscht, hintergrund, malware bytes, malware.packer.rh1gen, nicht mehr, packer.modifiedupx, riskware.keygen, scanne, scannen, schwarzer, thread, vollständig, vollständig entfernen, weiße, win32/virut.nbp




Ähnliche Themen: Von GVU-Trojaner befallen (Win7)


  1. Win7 Home Premium mit PUP.OPTIONAL.RIDER.A befallen
    Log-Analyse und Auswertung - 04.07.2015 (11)
  2. Rechner mit dem GVU 2.12 Trojaner befallen!
    Plagegeister aller Art und deren Bekämpfung - 15.05.2014 (13)
  3. Computer ist von dem GVU Trojaner befallen
    Log-Analyse und Auswertung - 27.07.2013 (3)
  4. Laptop von System Doctor 2014 befallen (Win7 / 64bit)
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (24)
  5. Schädling auf SSD / komplett löschen - neuaufsetzen von Win7 ohne erfolg / MBR NICHT befallen
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (1)
  6. GVU-Trojaner befallen/Win7- System wiederhergestellt und nun?
    Plagegeister aller Art und deren Bekämpfung - 10.01.2013 (3)
  7. NETBOOK vom GVU Trojaner befallen
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (19)
  8. Websiten von Trojaner befallen !
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (0)
  9. Win XP - GVU Trojaner - Zweiter PC befallen
    Log-Analyse und Auswertung - 06.10.2012 (11)
  10. Bundespolizei Trojaner - PC befallen
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (28)
  11. vom Verschlüsselungs-Trojaner befallen
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (10)
  12. bundespolizei trojaner entfernen win7 standardbenutzer account befallen
    Log-Analyse und Auswertung - 12.01.2012 (48)
  13. Bundestrojaner entfernen Win7 64bit Standardbenutzer-Account befallen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2011 (22)
  14. Server von Trojaner befallen
    Log-Analyse und Auswertung - 19.11.2010 (5)
  15. EXE Datei von Trojaner befallen
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (1)
  16. PC von Trojaner befallen. Was tun? (TR/Dropper.Gen)
    Plagegeister aller Art und deren Bekämpfung - 04.10.2009 (1)
  17. System32 von Trojaner befallen
    Log-Analyse und Auswertung - 14.03.2007 (3)

Zum Thema Von GVU-Trojaner befallen (Win7) - Hallo, ich habe das Problem, dass am 17.07 beim Einloggen in ein Benutzer-Konto (nicht der Admin) der GVU-Trojaner erschien. Glücklicherweise konnte ich mich mit dem Admin normal einloggen. Ich habe - Von GVU-Trojaner befallen (Win7)...
Archiv
Du betrachtest: Von GVU-Trojaner befallen (Win7) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.