Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.10.2013, 20:35   #1
Schrumpfhirn
 
Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Standard

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router



Sehr geehrte Community,

ich habe seit einiger Zeit von IP 183.60.48.25 tunnelungen durch meinen Router.
Die IP befindet sich laut google in China.

Angefangen hat es Sonntags vor ca. drei Wochen als mein Teledat 530 Router spontane Resets ausführte und ein Zugriff auf Router und Internet nicht mehr möglich war obwohl die Online Led leuchtete.
Nach ein paar Minuten war der Zugriff auf den Router wieder möglich und ich sah eine Routeroption plötzlich in englischer Sprache,Internetzugriff war nicht möglich obwohl verbunden.
Nach mehreren Hardwareresets und neu aufspielen der neuesten Routerfirmware (von 2003) und Eingabe meiner Zugangsdaten funktionierte alles wieder einwandfrei,
bis sich das ganze Spiel wenige Minuten später wiederholte.
Das ging den ganzen Sonntag so und mir ist einmal ein Tunnel aufgefallen, im Routerlog stand 183.60.48.25 creates tunnel sucessfully
und eine Min.später 183.60.48.25 destroy tunnel sucessfully und weg war der Router wieder.
Die Woche über tunnelte es jede Nacht zwischen ein und zwei Uhr,jeweils für ca. eine Minute,der Router war in dieser Zeit auch nicht ansprechbar,Internetzugang nicht möglich.
Ich hatte mit einen anderen PC das Routerpasswort geändert und so blieb der Router unverändert was die englische Option angeht.
Die Woche über hatte ich mich dann von den anderen Rechnern eingeloggt und hier wurde dann wohl das Routerpasswort abgegriffen,denn
am nächsten Wochenende ging das Router-Reset-Nicht-Zugangsproblem wieder los,jedoch nach dem zweiten neuaufspielen der Firmware hörte es dann auf.
Die Woche über wieder das Tunneln im Router,immer dieselbe IP,immer ca. eine Minute.
Ich habe inzwischen meine drei PC jeweils immer einzeln am Router getestet und bei jedem wird getunnelt.

Einmal vielen mir zwei Tunnel auf:

10/16/2013 01:54:23 183.60.48.25 destroy tunnel sucessfully
10/16/2013 01:53:40 183.60.48.25 destroy tunnel sucessfully
10/16/2013 01:52:33 183.60.48.25 creates tunnel sucessfully
10/16/2013 01:52:26 183.60.48.25 creates tunnel sucessfully

Zu diesem Zeitpunkt hatte ich zwei Browser offen- IE 10 (64bit) und Firefox 24.


Meine PC sind mit Norton InternetSecurity abgesichert,diverse Vierenscans auch von Boot-cd fanden nichts direkt auf c:
Einige Dateien die ich schon seit Jahren nutze wurden erkannt u.a. Railworks.exe und PhoenixRc.Wurden gelöscht jedoch ohne den tunnler zu stoppen.
Auch mein EeePc wurde getunnelt hier ist die Comodo Freeware drauf,auch ohne etwas zu bemerken.

Einen PC habe ich nur zum Spielen (Steam),Einkaufen und Banking,sonst keine surfereien- (Win7 64bit)
Einen nur zum surfen, auch auf Sexseiten . (Win7 64bit)
Den EeePc nur zum emailen und wenige verlässliche sites.(Win7Starter 32bit)

Die drei Pc's sind über einen LevelOne Switch am Router angeschlossen.

Wie kann ein Aussenstehender einen Tunnel durch den Router einrichten ?
Von keiner Firewall wurde etwas bemerkt.
Ich hatte online via remote einen Symantec Mitarbeiter eingeloggt,welcher jedoch auch nichts fand.
Von der Telekom bekam ich nur eine nichtssagende Standardantwort.

Hat jemand von Ihnen etwas von IP 183.60.48.25 gehört ?
Ist ein Sicherheitsleck im Teledat 530 Router bekannt ?


Ich bin jetzt völlig Ratlos.

Über Ihre Hilfe würde ich mich sehr freuen.

Und gerade wieder :

10/19/2013 01:48:43 183.60.48.25 destroy tunnel sucessfully
10/19/2013 01:47:43 183.60.48.25 creates tunnel sucessfully jedoch ohne router reset

Hatte sicherheitshalber von einem neu hergestelltem Pc das Routerpasswort nochmals geändert.

Als ich heute abend nach hause kam ( mein Bruder war online, über einen anderen Lan-port des Routers) konnte ich mich nicht in den Router einloggen.
Habe alle Passwortvarianten durchgespielt-kein Zugang.
Internetzugang funktionierte einwandfrei !

Habe mein Bruder niemals die Routerpasswörter mitgeteilt,entweder hat er denselben Schadcode auf seinem PC oder
der Teledat Router 530 kann neuerdings von aussen übernommen werden,obwohl Vernverwalten ausgeschaltet ist,auch hatte ich die genannte IP zur Sperrliste hinzugefügt.
Scheint alles nicht zu greifen.

Habe den Router jetzt wieder mit einen neuen Passwort versehen,wird aber nichts nützen.

Hier die Logfiles:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:28 on 19/10/2013 (****** *****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2013
Ran by ****** ***** at 2013-10-19 20:30:53
Running from E:\aa-XP-DownLoad\trojaner board soft s\FRST64
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

3DMark 11 (x32 Version: 1.0.2)
3GX (x32 Version: 3.03.2101)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 4.57 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
aerosoft's - Im Koeblitzer Bergland (x32 Version: 1.10)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000)
AIO_CDB_Software (x32 Version: 130.0.365.000)
AIO_Scan (x32 Version: 130.0.421.000)
Apache: Air Assault 1.0.2.1 (x32 Version: 1.0.2.1)
Ashampoo Burning Studio 10 v.10.0.15 (x32 Version: 10.0.15)
Ashampoo Burning Studio 12 v.12.0.5 (x32 Version: 12.0.5)
AudioGenie (x32)
Batman: Arkham City GOTY (x32)
BioShock Infinite (x32)
Blur (x32)
BOSS (x32 Version: 2.0.0)
BufferChm (x32 Version: 130.0.331.000)
Call of Juarez: Bound in Blood (x32)
Canon Easy-PhotoPrint EX (x32 Version: 4.1.6)
Canon Inkjet Printer Driver Add-On Module
Canon My Printer (x32 Version: 3.1.0)
Carrier Command: Gaea Mission (x32)
CCleaner (Version: 4.06)
CD-LabelPrint (x32)
Choplifter HD (x32)
Class 20 Collection Patch (x32 Version: 1.00.0000)
CLICKBIOSII (x32 Version: 1.0.021)
Colin McRae Rally 2005 (x32 Version: 1.00.000)
ControlCenter (x32 Version: 2.2.036)
Copy (x32 Version: 130.0.428.000)
CPUID CPU-Z 1.58
Creation Kit (x32)
CrystalDiskInfo 5.3.1 (x32 Version: 5.3.1)
CVE-2013-3893
CyberLink BD_3D Advisor 2.0 (x32 Version: 2.0.5425)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5311)
CyberLink Media Suite 10 (x32 Version: 10.0)
CyberLink Media Suite 10 (x32 Version: 10.2021)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3019_44673)
CyberLink MediaShow 6 (x32 Version: 6.0.4312)
CyberLink Power2Go 7 (x32 Version: 7.0.0.1827)
CyberLink PowerDVD 10 (x32 Version: 10.0.4125.52)
CyberLink PowerProducer 5.5 (x32 Version: 5.5.3.4118)
D3DX10 (x32 Version: 15.4.2368.0902)
Daniusoft Media Converter(Build 2.6.2.1) (x32)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.465.000)
DHTML Editing Component (x32 Version: 6.02.0001)
DiRT 3 (x32 Version: 1.0.0000.130)
DiRT 3 (x32 Version: 1.0.0003.130)
Diskeeper 2010  (Version: 14.0.915.64)
DocProc (x32 Version: 13.0.0.0)
Download Updater (AOL Inc.) (x32)
DSL-Manager (x32)
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
dutchpack 2.00 (x32)
EPSON Attach To Email (x32 Version: 1.01.0000)
Epson Easy Photo Print 2 (x32 Version: 2.2.3.1)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
EPSON File Manager (x32 Version: 1.3.2.0)
EPSON Scan Assistant (x32 Version: 1.10.00)
ErosLink (x32 Version: 1.0.0.0)
EVGA Precision X 3.0.4 (x32 Version: 3.0.4)
F300 (x32 Version: 130.0.365.000)
F300_Help (x32 Version: 82.0.242.000)
F300Trb (x32 Version: 82.0.242.000)
Fax (x32 Version: 130.0.418.000)
Free Download Manager 3.9.2 (x32)
Free Studio version 2013 (x32 Version: 6.1.10.812)
Freightliner Heavy Haul  Class 66 (x32)
Freightliner Heavy Haul Class 66V2.0 (x32)
FUJIFILM USB Driver (x32)
Futuremark SystemInfo (x32 Version: 4.2.0)
GameShadow (x32 Version: 2.03.0000)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth (x32 Version: 7.1.1.1871)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 130.0.371.000)
GRID (x32 Version: 1.30.0000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Solution Center 13.0 (Version: 13.0)
HP Update (x32 Version: 5.005.000.001)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2401)
IrfanView (remove only) (x32 Version: 4.36)
IsoBuster 2.8.5 (x32 Version: 2.8.5)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JMicron JMB36X Driver (x32 Version: 1.17.59.0)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Just Trains - Class 67 Advanced & Car Carriers (x32 Version: 1.00.0000)
Just Trains - Rail Simulator Official Expansion Pack: Isle of Wight & Class 66 (x32 Version: 1.00.0000)
Just Trains - Rebuilt Bulleid Light Pacific (x32 Version: 1.00.0000)
Just Trains - Scottish East Coast Main Line (x32 Version: 1.00.0000)
Just Trains - Streamlined Princess Coronation Class for RailWorks (x32 Version: 1.00.0000)
Just Trains - Streamlined Princess Coronation Class for TRS 2013 (x32 Version: 1.00.0000)
Just Trains - Three Country Corner Route (x32 Version: 1.00.0000)
Just Trains - Voyager (x32 Version: 1.00.0000)
Just Trains A4 Pacific Class British Rail Add-on Pack for RailWorks (x32 Version: 1.00.0000)
Just Trains A4 Pacific Class British Rail Add-on Pack for Train Simulator 2013 (x32 Version: 1.00.0000)
Just Trains A4 Pacific Class for RailWorks (x32 Version: 1.00.0000)
Just Trains A4 Pacific Class for Train Simulator 2013 (x32 Version: 1.00.0000)
Just Trains A4 Pacific Class LNER Add-on Pack for RailWorks (x32 Version: 1.00.0000)
Just Trains Cargowaggon Flat IGA for RailWorks (x32 Version: 2.00.0000)
Just Trains Class 20 Collection for RailWorks (x32 Version: 1.00.0000)
Just Trains Class 67 Free Livery (x32 Version: 1.00.0000)
Just Trains JJA Autoballaster for RailWorks (x32 Version: 1.00.0000)
Just Trains Seacow for RailWorks (x32 Version: 1.00.0000)
K-Lite Mega Codec Pack 10.0.0 (x32 Version: 10.0.0)
KRS pak Delete (x32)
Link Shell Extension
Live Aquarium HD (x32 Version: 3)
Logitech Harmony Remote Software (x86) (x32 Version: 2.0)
MarketResearch (x32 Version: 130.0.374.000)
marvell 91xx driver (x32 Version: 1.1.0.6)
MAXA Cookie Manager Pro 5.3 (x32)
MegaStore Game Controller (Ver. 3.0) (x32 Version: 3.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Baseline Security Analyzer 2.2 (Version: 2.2.2170)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Train Simulator (x32)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1)
Need for Speed™ Most Wanted (x32)
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
Netzmanager (Version: 1.07)
Netzmanager (x32 Version: 1.07)
Nexus Mod Manager (Version: 0.45.6)
Norton Internet Security (x32 Version: 21.1.0.18)
NVIDIA 3D Vision Controller-Treiber 296.10 (Version: 296.10)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23)
NVIDIA Alien vs. Triangles demo (x32 Version: 1.0)
NVIDIA Endless City demo (x32 Version: 1.0)
NVIDIA Grafiktreiber 327.23 (Version: 327.23)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
NVIDIA Systemsteuerung 327.23 (Version: 327.23)
NVIDIA Update 1.14.17 (Version: 1.14.17)
NVIDIA Update Components (Version: 1.14.17)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OpenAL (x32)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Opera 12.16 (x32 Version: 12.16.1860)
Paint.NET v3.5.11 (Version: 3.61.0)
Personal Backup 5.4 (x32 Version: 5.3)
PhoenixRC (x32 Version: 2.00.10)
PlayMemories Home (x32 Version: 7.0.03.04240)
Primo (x32 Version: 1.00.0000)
Python 2.7.3 (64-bit) (Version: 2.7.3150)
RAGE (x32)
Railworks Community Asset Project (x32 Version: v1.12.24.12)
Rainlendar2 (remove only) (x32)
Rapture3D 2.4.8 Game (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.53.216.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6586)
Recuva (Version: 1.47)
REFLEX Modellflugsimulator (x32 Version: 5.04.2)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Ridge Racer™ Unbounded (x32)
Roadkil's Unstoppable Copier Version 5.2 (x32)
Runtime (x32 Version: 1.00.0000)
Rural Landscapes (x32 Version: 1.06.22.09 - Freeware Edition)
Rural Landscapes (x32 Version: v1.06.22.09 HR Edition)
RW_Tools V2 (HKCU)
RW_Tools V3 (HKCU)
RW_Tools V4 (HKCU)
Saints Row: The Third (x32)
SARDU 2.0.6.5 (x32 Version: 2.0.6.5)
Scan (x32 Version: 13.0.0.0)
Secunia PSI (3.0.0.7009) (x32 Version: 3.0.0.7009)
Shop for HP Supplies (Version: 13.0)
Silent Hunter 4 Wolves of the Pacific (x32 Version: 1.04.0000)
Silent Hunter III (x32 Version: 1.00.0000)
SimpleScreenshot 1.40 (x32)
Simtrain's - SBB Route 1 (x32 Version: 1.00)
SiSoftware Sandra Lite 2011.SP5 (Version: 17.80.2011.10)
Skyrim NPC Editor (x32 Version: 0.75.1)
SL-6640 Black Widow Flightstick (x32 Version: 3.1)
SolutionCenter (x32 Version: 130.0.373.000)
Sophos Virus Removal Tool (x32 Version: 2.4)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Spybot - Search & Destroy (x32 Version: 2.1.19)
Status (x32 Version: 130.0.469.000)
Steam (x32 Version: 1.0.0.0)
Suoni Italiani per RailWorks v 1.0 (x32)
Take On Helicopters (x32)
Test Drive Unlimited (x32 Version: 1.00.0000)
The Donner Pass freeware scenario set by TaD (HKCU)
The Elder Scrolls V: Skyrim (x32)
the Mother of Tears - Cleaner Part 1 (x32)
The Walking Dead (x32)
The Witcher 2: Assassins of Kings Enhanced Edition (x32)
Tomb Raider (x32)
T-Online 6.0 (x32)
T-Online WLAN-Access Finder (x32)
Toolbox (x32 Version: 130.0.648.000)
Torino Genova Rel. 1.0 per RailWorks (x32)
Torino Genova Rel. 3.0 per RailWorks (x32)
Train Simulator 2014 (x32)
Train Store (German Language Pack) (x32)
Train Store V3.2 (x32)
TrayApp (x32 Version: 130.0.422.000)
TreeSize Free V2.5 (x32 Version: 2.5)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0)
UKTS Freeware Pack - Blocks-Lofts-Bridges #1 (x32 Version: 1.0.9)
UKTS Freeware Pack - Clutter #1 (x32 Version: 1.0.6)
UKTS Freeware Pack - CN Rolling Stock Pack #1 (x32 Version: 1.0.1)
UKTS Freeware Pack - Commercial #1 (x32 Version: 1.0.3)
UKTS Freeware Pack - Foliage #1 (x32 Version: 1.0.2)
UKTS Freeware Pack - Great Central Railway Loco Pack (x32 Version: 1.0.3)
UKTS Freeware Pack - Great Scenario Challenge #1 (x32 Version: 1.0.5)
UKTS Freeware Pack - Housing #1 (x32 Version: 1.1.1)
UKTS Freeware Pack - Industrial #1 (x32 Version: 1.0.3)
UKTS Freeware Pack - Railway Buildings #1 (x32 Version: 1.0.4)
UKTS Freeware Pack - Terrain Textures #1 (x32 Version: 1.0.1)
UKTS Freeware Pack - UK Carriages #1 (x32 Version: 1.1.2)
UKTS Freeware Pack - UK Classic Diesel and Electric #1 (x32 Version: 1.1.2)
UKTS Freeware Pack - UK DMUs-EMUs-Trams #1 (x32 Version: 1.1.5)
UKTS Freeware Pack - UK Modern Diesel and Electric #1 (x32 Version: 1.1.1)
UKTS Freeware Pack - UK Steam #1 (x32 Version: 1.1.1)
UKTS Freeware Pack - UK Wagons #1 (x32 Version: 1.1.3)
UKTS Freeware Route Pack - Candlewick (x32 Version: 1.0.3)
UKTS Freeware Route Pack - Coniston Branch (x32 Version: 1.0.7)
UKTS Freeware Route Pack - Lavender Line (x32 Version: 1.0.2)
UKTS Freeware Route Pack - QiLian Mountain Line (x32 Version: 1.0.3)
UKTS Freeware Route Pack - The Mayflower Line (x32 Version: 2.0.0)
UnloadSupport (x32 Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
USB game controller (x32 Version: 1.00.0000)
USBFast (x32 Version: 1.3.0.30)
VLC media player 2.1.0 (Version: 2.1.0)
WebReg (x32 Version: 130.0.132.017)
Winamp (x32 Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Winamp Toolbar (HKCU)
Winamp Toolbar (x32)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00) (Version: 10/22/2009 2.06.00)
WinMend File Copy 1.4.2 (x32)
WinPatrol (Version: 28.6.2013.0)
WinZip 17.0 (Version: 17.0.10283)
Wrye Bash (x32 Version: 2.9.5.5)
wxPython 2.8.12.1 (unicode) for Python 2.7 (x32 Version: 2.8.12.1-unicode)
xp-AntiSpy 3.98-2 (x32)
yuPlay client 0.7.24 (x32)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2013-10-17 14:48 - 2013-10-17 14:48 - 00000820 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {05D1B427-D0BB-48D7-A508-1F393DF24BBA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {36A54EC4-8180-4965-B8C0-63F2F1F873C1} - System32\Tasks\{3B784E41-45C0-4D89-A68D-24BEA08A5353} => E:\aa-XP-DownLoad\Astra2100u\Diese nehmen-vs XP treiber375-ok\vs375u\DISK1\VSSETUP.EXE [2000-12-29] (UMAX)
Task: {4A117BF9-3199-4A10-911A-0FBDCD466A98} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {4BCECC93-9375-4073-AED4-068540C11A3D} - System32\Tasks\{FAD0A392-B7E5-4400-AC7C-2B67A8717BBB} => E:\aa-XP-DownLoad\Astra2100u\Diese nehmen-vs XP treiber375-ok\vs375u\DISK1\VSSETUP.EXE [2000-12-29] (UMAX)
Task: {5980EAB9-6A99-4E9B-8370-42CB732C53D4} - System32\Tasks\{ED79AC1A-045B-434A-ADC0-3D5E1C21D9E5} => E:\aa-XP-DownLoad\Astra2100u\Diese nehmen-vs XP treiber375-ok\vs375u\DISK1\VSSETUP.EXE [2000-12-29] (UMAX)
Task: {628558D4-1C82-4556-8535-E1165F1254D7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {682EEDCE-6BD4-424F-BD2B-1FE4F2E6E144} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11] (Google Inc.)
Task: {7744A862-84E6-4B2A-B506-D473C515C6F5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {7C9B285F-E884-4566-B5AF-4DD3B23C1E04} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {81A1039B-E733-4F55-8CBC-E33DC0AC9916} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {9854CCB4-05A0-497C-95A4-950F3515CD23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11] (Google Inc.)
Task: {B6E25857-E898-4869-816D-7476E11AF46A} - System32\Tasks\{FACA1B3B-F890-46CB-A6BA-09DC24E2D8B4} => E:\aa-XP-DownLoad\Astra2100u\Diese nehmen-vs XP treiber375-ok\vs375u\DISK1\VSSETUP.EXE [2000-12-29] (UMAX)
Task: {B7FF4B9B-4303-45E5-B3A2-EAB986312D79} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {D6C79FB4-DC7A-4B82-B6F3-DD9F7C38FC0C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {ED796295-EB93-47DB-A668-88791676976E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-05-23 19:30 - 2010-05-23 19:30 - 00160768 _____ () C:\Program Files\Rainlendar2\lua51.dll
2011-08-12 07:47 - 2011-08-12 07:47 - 00312832 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2010-05-23 19:30 - 2010-05-23 19:30 - 00013824 _____ () C:\Program Files\Rainlendar2\lfs.dll
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2011-10-09 07:03 - 2010-12-19 21:16 - 00338944 _____ () C:\Program Files (x86)\MAXA Cookie Manager\sqlite36_engine.dll
2011-10-09 07:03 - 2010-12-19 21:19 - 00023552 _____ () C:\Program Files (x86)\MAXA Cookie Manager\DirectCOM.dll
2011-10-09 07:08 - 2013-07-15 19:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2013-07-11 13:33 - 2013-07-11 13:33 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2013-06-26 23:57 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-06-26 23:57 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-06-26 23:57 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2011-03-09 14:21 - 2011-03-09 14:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-06-26 23:57 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-06-26 23:57 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-10-09 02:40 - 2013-01-11 04:22 - 03547136 _____ () C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\****** *****\Documents\Der erhaltene Artikel entspricht nicht der Beschreibung_ ******** hat eine Nachricht zu Fleischmann piccolo 8599 Artikelnummer ******** gesendet_.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2013 07:41:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc015000f
Fehleroffset: 0x000000000006f7ba
ID des fehlerhaften Prozesses: 0x878
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (10/19/2013 07:41:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18222, Zeitstempel: 0x51f1ddfa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005055a
ID des fehlerhaften Prozesses: 0x878
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (10/19/2013 07:26:34 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (10/19/2013 00:01:08 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: RailWorks.exe, Version: 0.0.0.0, Zeitstempel: 0x525eb96d
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce753
ID des fehlerhaften Prozesses: 0x1120
Startzeit der fehlerhaften Anwendung: 0xRailWorks.exe0
Pfad der fehlerhaften Anwendung: RailWorks.exe1
Pfad des fehlerhaften Moduls: RailWorks.exe2
Berichtskennung: RailWorks.exe3

Error: (10/18/2013 11:05:58 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (10/18/2013 07:29:45 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (10/18/2013 06:13:05 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (10/18/2013 11:19:50 AM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (10/17/2013 08:36:24 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (10/17/2013 08:10:07 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.


System errors:
=============
Error: (10/19/2013 08:18:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/19/2013 08:18:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/19/2013 08:18:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/19/2013 08:18:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/19/2013 08:18:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/19/2013 08:18:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/19/2013 08:18:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/19/2013 08:18:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/19/2013 08:18:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/19/2013 08:18:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058


Microsoft Office Sessions:
=========================
Error: (10/19/2013 07:41:29 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c015000f000000000006f7ba87801ceccf04092de34C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dllaee60deb-38e5-11e3-81ed-8c89a55a2bc5

Error: (10/19/2013 07:41:23 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.1822251f1ddfac0000005000000000005055a87801ceccf04092de34C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dllab72ef65-38e5-11e3-81ed-8c89a55a2bc5

Error: (10/19/2013 07:26:34 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 00:01:08 AM) (Source: Application Error)(User: )
Description: RailWorks.exe0.0.0.0525eb96dntdll.dll6.1.7601.18247521ea8e7c0000374000ce753112001cecc4d04c3f890N:\! Steam-Arbeitsordner !\steamapps\common\RailWorks\RailWorks.exeC:\Windows\SysWOW64\ntdll.dllca46e54f-3840-11e3-a6b3-8c89a55a2bc5

Error: (10/18/2013 11:05:58 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2013 07:29:45 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2013 06:13:05 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2013 11:19:50 AM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2013 08:36:24 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2013 08:10:07 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 12267.6 MB
Available physical RAM: 8837.29 MB
Total Pagefile: 24533.38 MB
Available Pagefile: 21416.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Win 7) (Fixed) (Total:209.86 GB) (Free:97.82 GB) NTFS
Drive d: (Eisenbahn) (Fixed) (Total:93.75 GB) (Free:74.22 GB) NTFS
Drive e: (Data) (Fixed) (Total:224.61 GB) (Free:135.42 GB) NTFS
Drive f: (Big Data) (Fixed) (Total:372.46 GB) (Free:207.59 GB) NTFS
Drive g: (klein bei c) (Fixed) (Total:4.88 GB) (Free:4.79 GB) NTFS
Drive h: (Traini+Data) (Fixed) (Total:698.64 GB) (Free:173.02 GB) NTFS
Drive i: (Mini 1) (Fixed) (Total:3.91 GB) (Free:3.49 GB) NTFS
Drive j: (Cache+temp) (Fixed) (Total:107.42 GB) (Free:92.36 GB) NTFS
Drive k: (Mini 2) (Fixed) (Total:3.91 GB) (Free:3.68 GB) NTFS
Drive l: (L Backups) (Fixed) (Total:716.67 GB) (Free:144.93 GB) NTFS
Drive m: (100g) (Fixed) (Total:107.42 GB) (Free:92.13 GB) NTFS
Drive n: (Emulatoren + Steam) (Fixed) (Total:1648.17 GB) (Free:779.94 GB) NTFS
Drive o: (Big Data 2) (Fixed) (Total:698.64 GB) (Free:89.76 GB) NTFS
Drive p: (BiigFäädData) (Fixed) (Total:931.51 GB) (Free:329.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: E9DE3773)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 4E6B547D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=210 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=717 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 0E6DB056)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 53F586F0)
Partition 1: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-429314277376) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 699 GB) (Disk ID: 09376CBC)
Partition 1: (Not Active) - (Size=4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=94 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=376 GB) - (Type=OF Extended)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: 7B8D17E8)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2013
Ran by ****** ***** (administrator) on ***********-PC on 19-10-2013 20:30:33
Running from E:\aa-XP-DownLoad\trojaner board soft s\FRST64
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(MAXA Research Int'l Inc.) C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(T-Systems Enterprise Services GmbH) C:\Program Files (x86)\DSL-Manager\DslMgr.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(T-Systems Enterprise Services GmbH) C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-06] (Realtek Semiconductor)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar2\Rainlendar2.exe [3820032 2011-08-12] ()
HKCU\...\Run: [MSCS] - C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe [1138688 2012-05-20] (MAXA Research Int'l Inc.)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 1
MountPoints2: {d364454e-f4d8-11e0-a01b-806e6f6e6963} - S:\setup.exe
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [REGSHAVE] - C:\Program Files (x86)\REGSHAVE\REGSHAVE.EXE /AUTORUN
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78312 2012-05-09] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [223096 2012-04-17] (CyberLink Corp.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.0.0.lnk
ShortcutTarget: OpenOffice 4.0.0.lnk -> C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe ()
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)

==================== Internet (Whitelisted) ====================

ProxyServer: http=warmal%20localhost:2;https=warmal%20localhost:2;ftp=warmal%20localhost:2
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
SearchScopes: HKCU - DefaultScope {68ADF79E-E403-43EA-8AAB-57DC2C811EA0} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {68ADF79E-E403-43EA-8AAB-57DC2C811EA0} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -  No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\****** *****\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default
FF user.js: detected! => C:\Users\****** *****\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default\user.js
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\****** *****\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Winamp Toolbar - C:\Users\****** *****\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF Extension: fdm_ffext - C:\Users\****** *****\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default\Extensions\fdm_ffext@freedownloadmanager.org
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFF
FF HKCU\...\Firefox\Extensions: [maxacookie@maxatools.com] - C:\Program Files (x86)\MAXA Cookie Manager\extension
FF Extension: MAXA Cookie Manager - C:\Program Files (x86)\MAXA Cookie Manager\extension

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.1.10_0\npcoplgn.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (TubeSaver-1) - C:\Users\RAINER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0
CHR Extension: (Norton Identity Protection) - C:\Users\RAINER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.5.1.4_0
CHR Extension: (DVDVideoSoft) - C:\Users\RAINER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\RAINER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\RAINER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf\1.2.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx

==================== Services (Whitelisted) =================

S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [242664 2012-05-09] (CyberLink)
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2435960 2012-07-28] (Diskeeper Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2565632 2011-10-24] (Deutsche Telekom AG)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [93848 2008-09-18] (SiSoftware)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
R3 TDslMgrService; C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [294912 2007-11-26] (T-Systems Enterprise Services GmbH)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-10-02] (Symantec Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-10-02] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52144 2010-03-10] (Diskeeper Corporation)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-23] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-23] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-23] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131018.001\IDSvia64.sys [521816 2013-10-17] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131018.001\IDSvia64.sys [521816 2013-10-17] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131018.018\ENG64.SYS [126040 2013-09-23] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131018.018\ENG64.SYS [126040 2013-09-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131018.018\EX64.SYS [2099288 2013-09-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131018.018\EX64.SYS [2099288 2013-09-23] (Symantec Corporation)
S3 NTIOLib_1_0_1; C:\Program Files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [14136 2009-10-06] (MSI)
S3 NTIOLib_1_0_1; C:\Program Files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [14136 2009-10-06] (MSI)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-06-22] (Acronis)
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-19 20:28 - 2013-10-19 20:29 - 00000000 ___SH C:\DkHyperbootSync
2013-10-18 18:59 - 2013-10-18 18:59 - 00000000 ____D C:\Users\****** *****\AppData\Local\{7E1320E5-2B4E-43D6-9BC3-09FBDC9F203E}
2013-10-18 11:25 - 2013-10-18 11:25 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-10-18 01:44 - 2013-10-18 01:44 - 00000000 ____D C:\Users\****** *****\AppData\Local\{A1BE8A4A-7841-4646-AE4E-8D8F67804204}
2013-10-17 23:28 - 2013-10-17 23:28 - 00000000 ____D C:\FRST
2013-10-17 23:27 - 2013-10-17 23:27 - 00000000 _____ C:\Users\****** *****\defogger_reenable
2013-10-17 14:55 - 2013-10-17 14:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-17 14:54 - 2013-10-17 14:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-17 14:54 - 2013-10-17 14:54 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-17 14:54 - 2013-10-17 14:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-17 14:54 - 2013-10-17 14:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-17 14:45 - 2013-10-17 14:56 - 00000000 ____D C:\ProgramData\Oracle
2013-10-17 14:45 - 2013-10-17 14:45 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-17 14:45 - 2013-10-17 14:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-17 14:45 - 2013-10-17 14:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-17 14:45 - 2013-10-17 14:45 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-17 14:45 - 2013-10-17 14:45 - 00000000 ____D C:\Program Files\Java
2013-10-17 13:03 - 2013-10-17 13:03 - 00000000 ____D C:\Users\****** *****\AppData\Local\{6C3460A9-E407-4C74-8F44-0B32226C25D6}
2013-10-16 21:41 - 2013-10-16 21:41 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy
2013-10-16 21:41 - 2013-10-16 21:41 - 00000000 ____D C:\Program Files (x86)\xp-AntiSpy
2013-10-16 17:35 - 2013-10-16 17:35 - 00000000 ____D C:\Users\****** *****\AppData\Local\{C898F052-B602-419E-88E0-1B0500AC5D09}
2013-10-15 23:37 - 2013-10-15 23:37 - 00000000 ____D C:\Users\****** *****\AppData\Local\{5000FFE7-1E9C-4F4B-A3B6-F394334182FE}
2013-10-15 21:32 - 2013-10-19 19:25 - 00001344 _____ C:\Windows\setupact.log
2013-10-15 21:32 - 2013-10-15 21:32 - 00000320 _____ C:\Windows\PFRO.log
2013-10-15 21:32 - 2013-10-15 21:32 - 00000000 _____ C:\Windows\setuperr.log
2013-10-15 21:26 - 2013-10-15 21:26 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-15 10:52 - 2013-10-15 10:52 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DEC0E3FF-4F15-4812-8678-326B0B64F381}
2013-10-15 02:55 - 2013-10-15 03:00 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\HpUpdate
2013-10-15 02:54 - 2013-10-15 02:54 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-10-15 00:57 - 2013-10-15 00:57 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\HP
2013-10-15 00:56 - 2013-10-15 00:56 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-10-15 00:56 - 2013-10-15 00:56 - 00000000 ____D C:\Users\****** *****\AppData\Local\HP
2013-10-15 00:52 - 2013-10-15 00:52 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Yahoo!
2013-10-15 00:50 - 2013-10-15 00:50 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-10-15 00:50 - 2013-10-15 00:50 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-10-15 00:48 - 2013-10-15 02:55 - 00000000 ____D C:\Program Files (x86)\HP
2013-10-15 00:47 - 2013-10-15 01:00 - 00002890 _____ C:\ProgramData\hpzinstall.log
2013-10-15 00:47 - 2013-10-15 00:57 - 00245575 _____ C:\Windows\hpoins19.dat
2013-10-15 00:47 - 2009-10-20 06:30 - 00013898 ____N C:\Windows\hpomdl19.dat
2013-10-15 00:46 - 2013-10-15 00:57 - 00000000 ____D C:\ProgramData\HP
2013-10-15 00:46 - 2009-07-08 12:51 - 00861184 _____ (Hewlett-Packard) C:\Windows\system32\hpowiav1.dll
2013-10-15 00:46 - 2009-07-08 12:51 - 00730624 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpotscl1.dll
2013-10-15 00:46 - 2009-07-08 12:51 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2013-10-15 00:46 - 2009-07-08 12:51 - 00498176 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpovst01.dll
2013-10-14 20:25 - 2013-10-14 20:25 - 00000000 ____D C:\Users\****** *****\AppData\Local\{CDE09849-B4DE-4ECA-823E-A68F9C83D6E9}
2013-10-14 14:10 - 2013-10-14 14:10 - 00000000 ____D C:\Users\****** *****\AppData\Local\{C3631065-3D37-4A12-8E9C-27204417DDE5}
2013-10-14 12:50 - 2013-10-15 01:05 - 00000000 ____D C:\Users\****** *****\AppData\Local\LogMeIn Rescue Applet
2013-10-14 02:07 - 2013-10-14 02:07 - 00000122 _____ C:\Users\****** *****\Documents\hacking.txt
2013-10-13 23:19 - 2013-10-13 23:19 - 00000000 ____D C:\Users\****** *****\AppData\Local\{FFBCAEE7-0DA3-4A06-86DA-95A17E228322}
2013-10-13 23:14 - 2013-10-13 23:14 - 00000000 ____D C:\Users\****** *****\AppData\Local\{9A170223-FA64-4D3E-9B09-1FA302242C83}
2013-10-13 22:19 - 2013-10-19 20:24 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-13 22:19 - 2013-10-13 22:19 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-11 02:31 - 2013-10-11 02:53 - 00000000 ____D C:\cce_linux
2013-10-09 13:48 - 2013-10-09 13:48 - 00000000 ____D C:\Users\****** *****\AppData\Local\{7ECFDF27-357F-42F4-A177-A1BA429B7E9B}
2013-10-09 12:43 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 12:43 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 12:43 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 12:43 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 12:43 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 12:43 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 12:43 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 12:43 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 12:43 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 12:43 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 12:37 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 12:37 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 12:37 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 12:37 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 12:37 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 12:37 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 12:37 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 12:37 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 12:37 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 12:37 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 12:37 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 12:37 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 12:37 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 12:37 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 12:37 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 12:37 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 12:37 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 12:37 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 12:37 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 12:37 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 12:37 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 12:37 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 12:37 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 12:37 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 12:37 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 12:37 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 12:37 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 12:37 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 12:37 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 12:37 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 12:37 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 12:37 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 12:37 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 12:37 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 12:37 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 12:37 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 12:37 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 12:37 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 12:37 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 12:37 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 12:37 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 12:37 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 12:37 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 12:37 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 12:37 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 12:37 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 12:37 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 12:35 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 12:35 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 12:35 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 12:35 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 12:35 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 12:35 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 12:35 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 12:19 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-06 11:46 - 2013-10-06 11:46 - 00000968 _____ C:\Users\UpdatusUser\Desktop\SARDU.lnk
2013-10-06 11:46 - 2013-10-06 11:46 - 00000968 _____ C:\Users\****** *****\Desktop\SARDU.lnk
2013-10-06 11:46 - 2013-10-06 11:46 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SARDU
2013-10-06 11:45 - 2013-10-09 15:04 - 00000000 ____D C:\Program Files (x86)\Sardu
2013-10-06 00:02 - 2013-10-06 00:02 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DAB50AB6-4151-4886-AD94-F42BB18EE8C6}
2013-10-02 18:52 - 2013-10-02 18:52 - 00000000 ____D C:\Users\****** *****\AppData\Local\{C711E6A1-7767-4047-92C8-F4DC1A0DE6D2}
2013-10-02 16:06 - 2013-10-02 18:42 - 00000000 ____D C:\Program Files\stinger
2013-10-01 00:52 - 2013-10-01 00:52 - 00000000 ____D C:\Users\****** *****\AppData\Local\{A356D73A-F7C7-4369-99E8-0F31732EF222}
2013-09-30 09:37 - 2013-09-30 09:38 - 00000000 ____D C:\Users\****** *****\AppData\Local\{96C6997F-2436-4A7E-B634-90C8A5CEB224}
2013-09-29 23:56 - 2013-09-29 23:56 - 00000000 ____D C:\Users\****** *****\AppData\Local\{6EA1E980-19CB-44AC-8EA4-1CF4A0F54162}
2013-09-29 18:59 - 2013-09-29 18:59 - 00000000 ____D C:\Users\****** *****\AppData\Local\{281EA1AF-27FC-4F2A-9CBD-F0DA2EE1ED8A}
2013-09-29 16:49 - 2013-09-29 16:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-29 15:45 - 2013-10-02 16:04 - 00000000 ____D C:\Program Files (x86)\stinger
2013-09-29 15:42 - 2013-09-29 16:15 - 00000000 ____D C:\ProgramData\Sophos
2013-09-29 15:42 - 2013-09-29 15:42 - 00003237 _____ C:\Users\****** *****\Desktop\Sophos Virus Removal Tool.lnk
2013-09-29 15:42 - 2013-09-29 15:42 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-09-29 15:42 - 2013-09-29 15:42 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-09-29 01:26 - 2013-09-29 01:26 - 00000824 _____ C:\Users\****** *****\Documents\hosts.txt
2013-09-28 20:37 - 2013-09-28 20:37 - 00000000 ____D C:\Users\****** *****\AppData\Local\{5827D97C-99EE-40C4-961A-D1FB2E4F974D}
2013-09-28 18:26 - 2013-10-17 00:54 - 00000000 ____D C:\Users\****** *****\AppData\Local\NPE
2013-09-28 01:46 - 2013-09-28 01:46 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DFA1807B-88C4-4D06-8ED7-0196F7B88A8D}
2013-09-27 11:35 - 2013-09-27 11:36 - 00000000 ____D C:\Users\****** *****\AppData\Local\{8FF40C79-9902-4D3A-BC1C-2CE1D808353F}
2013-09-26 23:35 - 2013-09-26 23:35 - 00000000 ____D C:\Users\****** *****\AppData\Local\{599810B8-DFC5-4BC5-95AD-F7A44C608196}
2013-09-25 12:25 - 2013-09-25 12:25 - 00000000 ____D C:\Users\****** *****\AppData\Local\{1260FAE7-5BA4-4008-B419-91583BA2FBEE}
2013-09-24 16:58 - 2013-09-24 16:58 - 00000000 ____D C:\Users\****** *****\AppData\Local\{ED5AC33A-9910-4D05-8FBF-A1BB1768FA0A}
2013-09-23 23:49 - 2013-09-23 23:49 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DB0C1B8D-869A-42A2-972F-2DE070D13514}
2013-09-23 11:10 - 2013-09-23 11:10 - 00000000 ____D C:\Users\****** *****\AppData\Local\{8C36E97C-FA8D-4A74-B724-D7359846A947}
2013-09-22 16:18 - 2013-10-15 21:20 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Media Player Classic
2013-09-22 16:08 - 2013-09-22 16:08 - 00000000 ____D C:\Users\****** *****\AppData\Local\{76786FB8-0C90-4325-BE61-9B79DCB35957}
2013-09-22 03:53 - 2013-09-22 03:53 - 00000000 ____D C:\Users\****** *****\AppData\Local\{1055BF5B-BB2B-4B3E-89F8-C65AB2632E33}
2013-09-20 20:08 - 2013-09-20 20:08 - 00000000 ____D C:\Users\****** *****\AppData\Local\{C0D5DEDD-C359-449D-9E9C-ED5D6EA06211}

==================== One Month Modified Files and Folders =======

2013-10-19 20:29 - 2013-10-19 20:28 - 00000000 ___SH C:\DkHyperbootSync
2013-10-19 20:26 - 2012-03-30 23:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-19 20:24 - 2013-10-13 22:19 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-19 20:18 - 2011-10-08 22:28 - 01447239 _____ C:\Windows\WindowsUpdate.log
2013-10-19 19:44 - 2011-04-12 09:43 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-10-19 19:44 - 2011-04-12 09:43 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-10-19 19:44 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-19 19:41 - 2011-10-09 02:18 - 00000000 ____D C:\Users\****** *****\AppData\Local\CrashDumps
2013-10-19 19:33 - 2009-07-14 06:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-19 19:33 - 2009-07-14 06:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-19 19:29 - 2012-06-29 13:36 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1C6C1C2F-D891-4AC6-B935-A56BE995074F}
2013-10-19 19:26 - 2013-01-11 22:10 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-19 19:26 - 2011-10-09 04:45 - 00000000 ____D C:\Users\****** *****\.rainlendar2
2013-10-19 19:25 - 2013-10-15 21:32 - 00001344 _____ C:\Windows\setupact.log
2013-10-19 19:25 - 2011-10-12 14:13 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-19 19:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-18 18:59 - 2013-10-18 18:59 - 00000000 ____D C:\Users\****** *****\AppData\Local\{7E1320E5-2B4E-43D6-9BC3-09FBDC9F203E}
2013-10-18 11:25 - 2013-10-18 11:25 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-10-18 11:20 - 2012-03-07 14:04 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-10-18 11:19 - 2011-10-09 01:55 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-10-18 01:44 - 2013-10-18 01:44 - 00000000 ____D C:\Users\****** *****\AppData\Local\{A1BE8A4A-7841-4646-AE4E-8D8F67804204}
2013-10-17 23:28 - 2013-10-17 23:28 - 00000000 ____D C:\FRST
2013-10-17 23:27 - 2013-10-17 23:27 - 00000000 _____ C:\Users\****** *****\defogger_reenable
2013-10-17 23:27 - 2011-10-08 22:53 - 00000000 ____D C:\Users\****** *****
2013-10-17 22:00 - 2008-02-23 23:54 - 00000000 ____D C:\Users\****** *****\Documents\Eigene Dokumente+wichtiges
2013-10-17 14:56 - 2013-10-17 14:45 - 00000000 ____D C:\ProgramData\Oracle
2013-10-17 14:54 - 2013-10-17 14:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-17 14:54 - 2013-10-17 14:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-17 14:54 - 2013-10-17 14:54 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-17 14:54 - 2013-10-17 14:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-17 14:54 - 2013-10-17 14:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-17 14:45 - 2013-10-17 14:45 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-17 14:45 - 2013-10-17 14:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-17 14:45 - 2013-10-17 14:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-17 14:45 - 2013-10-17 14:45 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-17 14:45 - 2013-10-17 14:45 - 00000000 ____D C:\Program Files\Java
2013-10-17 13:03 - 2013-10-17 13:03 - 00000000 ____D C:\Users\****** *****\AppData\Local\{6C3460A9-E407-4C74-8F44-0B32226C25D6}
2013-10-17 01:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-17 00:54 - 2013-09-28 18:26 - 00000000 ____D C:\Users\****** *****\AppData\Local\NPE
2013-10-16 22:09 - 2012-12-10 15:18 - 06709518 _____ C:\Users\****** *****\AppData\Local\census.cache
2013-10-16 22:09 - 2012-12-10 15:17 - 00147058 _____ C:\Users\****** *****\AppData\Local\ars.cache
2013-10-16 21:41 - 2013-10-16 21:41 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy
2013-10-16 21:41 - 2013-10-16 21:41 - 00000000 ____D C:\Program Files (x86)\xp-AntiSpy
2013-10-16 17:35 - 2013-10-16 17:35 - 00000000 ____D C:\Users\****** *****\AppData\Local\{C898F052-B602-419E-88E0-1B0500AC5D09}
2013-10-15 23:37 - 2013-10-15 23:37 - 00000000 ____D C:\Users\****** *****\AppData\Local\{5000FFE7-1E9C-4F4B-A3B6-F394334182FE}
2013-10-15 21:32 - 2013-10-15 21:32 - 00000320 _____ C:\Windows\PFRO.log
2013-10-15 21:32 - 2013-10-15 21:32 - 00000000 _____ C:\Windows\setuperr.log
2013-10-15 21:26 - 2013-10-15 21:26 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-15 21:26 - 2012-02-02 04:04 - 00000000 ____D C:\Program Files\CCleaner
2013-10-15 21:25 - 2011-10-09 02:40 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Free Download Manager
2013-10-15 21:20 - 2013-09-22 16:18 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Media Player Classic
2013-10-15 21:20 - 2011-10-09 04:25 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Winamp
2013-10-15 21:20 - 2011-10-09 01:08 - 00000000 ___DC C:\Users\****** *****\AppData\Local\MigWiz
2013-10-15 21:20 - 2011-10-08 23:23 - 00000000 ____D C:\Windows\Panther
2013-10-15 20:57 - 2011-12-07 01:43 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-10-15 20:27 - 2013-01-11 22:14 - 00002188 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-15 10:52 - 2013-10-15 10:52 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DEC0E3FF-4F15-4812-8678-326B0B64F381}
2013-10-15 03:00 - 2013-10-15 02:55 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\HpUpdate
2013-10-15 02:55 - 2013-10-15 00:48 - 00000000 ____D C:\Program Files (x86)\HP
2013-10-15 02:54 - 2013-10-15 02:54 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-10-15 01:05 - 2013-10-14 12:50 - 00000000 ____D C:\Users\****** *****\AppData\Local\LogMeIn Rescue Applet
2013-10-15 01:03 - 2009-07-14 06:45 - 00315312 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-15 01:00 - 2013-10-15 00:47 - 00002890 _____ C:\ProgramData\hpzinstall.log
2013-10-15 00:58 - 2011-10-09 00:47 - 00072232 _____ C:\Users\****** *****\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-15 00:57 - 2013-10-15 00:57 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\HP
2013-10-15 00:57 - 2013-10-15 00:47 - 00245575 _____ C:\Windows\hpoins19.dat
2013-10-15 00:57 - 2013-10-15 00:46 - 00000000 ____D C:\ProgramData\HP
2013-10-15 00:57 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-10-15 00:56 - 2013-10-15 00:56 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-10-15 00:56 - 2013-10-15 00:56 - 00000000 ____D C:\Users\****** *****\AppData\Local\HP
2013-10-15 00:52 - 2013-10-15 00:52 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Yahoo!
2013-10-15 00:50 - 2013-10-15 00:50 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-10-15 00:50 - 2013-10-15 00:50 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-10-14 21:01 - 2013-06-22 21:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-14 20:25 - 2013-10-14 20:25 - 00000000 ____D C:\Users\****** *****\AppData\Local\{CDE09849-B4DE-4ECA-823E-A68F9C83D6E9}
2013-10-14 14:10 - 2013-10-14 14:10 - 00000000 ____D C:\Users\****** *****\AppData\Local\{C3631065-3D37-4A12-8E9C-27204417DDE5}
2013-10-14 02:07 - 2013-10-14 02:07 - 00000122 _____ C:\Users\****** *****\Documents\hacking.txt
2013-10-13 23:19 - 2013-10-13 23:19 - 00000000 ____D C:\Users\****** *****\AppData\Local\{FFBCAEE7-0DA3-4A06-86DA-95A17E228322}
2013-10-13 23:14 - 2013-10-13 23:14 - 00000000 ____D C:\Users\****** *****\AppData\Local\{9A170223-FA64-4D3E-9B09-1FA302242C83}
2013-10-13 22:19 - 2013-10-13 22:19 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-13 22:19 - 2013-01-11 22:10 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-11 02:53 - 2013-10-11 02:31 - 00000000 ____D C:\cce_linux
2013-10-09 15:04 - 2013-10-06 11:45 - 00000000 ____D C:\Program Files (x86)\Sardu
2013-10-09 13:48 - 2013-10-09 13:48 - 00000000 ____D C:\Users\****** *****\AppData\Local\{7ECFDF27-357F-42F4-A177-A1BA429B7E9B}
2013-10-09 13:30 - 2012-03-30 23:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 13:30 - 2012-03-30 23:46 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 13:30 - 2011-10-09 04:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 12:47 - 2012-05-10 00:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 12:47 - 2012-05-10 00:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 12:33 - 2011-10-09 14:54 - 01589442 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 12:32 - 2013-07-17 20:23 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 12:29 - 2011-10-09 02:12 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-07 03:04 - 2013-06-21 01:02 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\CyberLink
2013-10-06 11:46 - 2013-10-06 11:46 - 00000968 _____ C:\Users\UpdatusUser\Desktop\SARDU.lnk
2013-10-06 11:46 - 2013-10-06 11:46 - 00000968 _____ C:\Users\****** *****\Desktop\SARDU.lnk
2013-10-06 11:46 - 2013-10-06 11:46 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SARDU
2013-10-06 00:02 - 2013-10-06 00:02 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DAB50AB6-4151-4886-AD94-F42BB18EE8C6}
2013-10-04 18:20 - 2011-10-12 14:13 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-02 18:52 - 2013-10-02 18:52 - 00000000 ____D C:\Users\****** *****\AppData\Local\{C711E6A1-7767-4047-92C8-F4DC1A0DE6D2}
2013-10-02 18:42 - 2013-10-02 16:06 - 00000000 ____D C:\Program Files\stinger
2013-10-02 16:22 - 2011-10-09 02:25 - 00000000 ____D C:\Program Files (x86)\DSL-Manager
2013-10-02 16:04 - 2013-09-29 15:45 - 00000000 ____D C:\Program Files (x86)\stinger
2013-10-02 01:31 - 2013-05-23 14:32 - 00451816 _____ C:\Windows\system32\Drivers\etc\hosts.ccebak
2013-10-02 01:30 - 2013-05-23 14:32 - 00451816 ____R C:\Windows\system32\Drivers\etc\hosts.20131002-013149.backup
2013-10-01 00:52 - 2013-10-01 00:52 - 00000000 ____D C:\Users\****** *****\AppData\Local\{A356D73A-F7C7-4369-99E8-0F31732EF222}
2013-09-30 09:38 - 2013-09-30 09:37 - 00000000 ____D C:\Users\****** *****\AppData\Local\{96C6997F-2436-4A7E-B634-90C8A5CEB224}
2013-09-29 23:56 - 2013-09-29 23:56 - 00000000 ____D C:\Users\****** *****\AppData\Local\{6EA1E980-19CB-44AC-8EA4-1CF4A0F54162}
2013-09-29 18:59 - 2013-09-29 18:59 - 00000000 ____D C:\Users\****** *****\AppData\Local\{281EA1AF-27FC-4F2A-9CBD-F0DA2EE1ED8A}
2013-09-29 16:50 - 2012-04-26 23:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-29 16:50 - 2011-10-09 03:06 - 00000000 ____D C:\Users\****** *****\AppData\Local\Mozilla
2013-09-29 16:49 - 2013-09-29 16:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-29 16:15 - 2013-09-29 15:42 - 00000000 ____D C:\ProgramData\Sophos
2013-09-29 15:42 - 2013-09-29 15:42 - 00003237 _____ C:\Users\****** *****\Desktop\Sophos Virus Removal Tool.lnk
2013-09-29 15:42 - 2013-09-29 15:42 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-09-29 15:42 - 2013-09-29 15:42 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-09-29 01:26 - 2013-09-29 01:26 - 00000824 _____ C:\Users\****** *****\Documents\hosts.txt
2013-09-28 22:39 - 2013-05-23 14:32 - 00451816 ____R C:\Windows\system32\Drivers\etc\hosts.20131002-013037.backup
2013-09-28 20:37 - 2013-09-28 20:37 - 00000000 ____D C:\Users\****** *****\AppData\Local\{5827D97C-99EE-40C4-961A-D1FB2E4F974D}
2013-09-28 18:27 - 2011-10-09 01:30 - 00000000 ____D C:\ProgramData\Norton
2013-09-28 01:46 - 2013-09-28 01:46 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DFA1807B-88C4-4D06-8ED7-0196F7B88A8D}
2013-09-27 11:36 - 2013-09-27 11:35 - 00000000 ____D C:\Users\****** *****\AppData\Local\{8FF40C79-9902-4D3A-BC1C-2CE1D808353F}
2013-09-27 09:38 - 2009-02-22 04:16 - 00000000 ____D C:\Users\****** *****\Documents\PersBackup
2013-09-26 23:35 - 2013-09-26 23:35 - 00000000 ____D C:\Users\****** *****\AppData\Local\{599810B8-DFC5-4BC5-95AD-F7A44C608196}
2013-09-26 20:02 - 2011-10-09 03:04 - 00000000 ____D C:\Program Files (x86)\Personal Backup 5
2013-09-25 12:25 - 2013-09-25 12:25 - 00000000 ____D C:\Users\****** *****\AppData\Local\{1260FAE7-5BA4-4008-B419-91583BA2FBEE}
2013-09-24 16:58 - 2013-09-24 16:58 - 00000000 ____D C:\Users\****** *****\AppData\Local\{ED5AC33A-9910-4D05-8FBF-A1BB1768FA0A}
2013-09-23 23:49 - 2013-09-23 23:49 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DB0C1B8D-869A-42A2-972F-2DE070D13514}
2013-09-23 23:27 - 2012-10-13 21:11 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2013-09-23 23:23 - 2012-03-07 14:04 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-09-23 23:23 - 2011-10-09 01:33 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-09-23 23:23 - 2011-10-09 01:33 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-09-23 22:20 - 2011-10-09 01:35 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-09-23 11:10 - 2013-09-23 11:10 - 00000000 ____D C:\Users\****** *****\AppData\Local\{8C36E97C-FA8D-4A74-B724-D7359846A947}
2013-09-23 01:28 - 2013-10-09 12:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-09 12:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 00:55 - 2013-10-09 12:43 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-09 12:43 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-09 12:43 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-09 12:43 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-22 16:12 - 2011-10-08 23:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-22 16:08 - 2013-09-22 16:08 - 00000000 ____D C:\Users\****** *****\AppData\Local\{76786FB8-0C90-4325-BE61-9B79DCB35957}
2013-09-22 03:53 - 2013-09-22 03:53 - 00000000 ____D C:\Users\****** *****\AppData\Local\{1055BF5B-BB2B-4B3E-89F8-C65AB2632E33}
2013-09-21 05:38 - 2013-10-09 12:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-09 12:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-09 12:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-09 12:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-20 20:08 - 2013-09-20 20:08 - 00000000 ____D C:\Users\****** *****\AppData\Local\{C0D5DEDD-C359-449D-9E9C-ED5D6EA06211}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-06 16:02

==================== End Of Log ============================
         
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-19 20:55:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1002FAEX-00Y9A0 rev.05.01D05 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\******~1\AppData\Local\Temp\kxlyiaod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                       fffff80003609000 63 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592                                                                       fffff80003609040 1 byte [10]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe[2816] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 322                             00000000726c1a22 2 bytes [6C, 72]
.text     C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe[2816] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 496                             00000000726c1ad0 2 bytes [6C, 72]
.text     C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe[2816] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 552                             00000000726c1b08 2 bytes [6C, 72]
.text     C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe[2816] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 730                             00000000726c1bba 2 bytes [6C, 72]
.text     C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe[2816] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 762                             00000000726c1bda 2 bytes [6C, 72]
.text     C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000771d1465 2 bytes [1D, 77]
.text     C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000771d14bb 2 bytes [1D, 77]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69               00000000771d1465 2 bytes [1D, 77]
.text     C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              00000000771d14bb 2 bytes [1D, 77]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            00000000771d1465 2 bytes [1D, 77]
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000771d14bb 2 bytes [1D, 77]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\DSL-Manager\DslMgr.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              00000000771d1465 2 bytes [1D, 77]
.text     C:\Program Files (x86)\DSL-Manager\DslMgr.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000771d14bb 2 bytes [1D, 77]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                00000000771d1465 2 bytes [1D, 77]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000771d14bb 2 bytes [1D, 77]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\OpenOffice 4\program\soffice.bin[1160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    00000000771d1465 2 bytes [1D, 77]
.text     C:\Program Files (x86)\OpenOffice 4\program\soffice.bin[1160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   00000000771d14bb 2 bytes [1D, 77]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2708] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69              00000000771d1465 2 bytes [1D, 77]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2708] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155             00000000771d14bb 2 bytes [1D, 77]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           00000000771d1465 2 bytes [1D, 77]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000771d14bb 2 bytes [1D, 77]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            00000000771d1465 2 bytes [1D, 77]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           00000000771d14bb 2 bytes [1D, 77]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[4088] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69             00000000771d1465 2 bytes [1D, 77]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[4088] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155            00000000771d14bb 2 bytes [1D, 77]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           00000000771d1465 2 bytes [1D, 77]
.text     C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000771d14bb 2 bytes [1D, 77]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000771d1465 2 bytes [1D, 77]
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000771d14bb 2 bytes [1D, 77]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\Free Download Manager\fdm.exe[6848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       00000000771d1465 2 bytes [1D, 77]
.text     C:\Program Files (x86)\Free Download Manager\fdm.exe[6848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000771d14bb 2 bytes [1D, 77]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                        0000000077dbfb28 5 bytes JMP 00000001036e0676
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\kernel32.dll!CreateEventW + 19                           00000000772e1821 7 bytes JMP 00000001036e02ee
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW + 257                      00000000772e42fa 7 bytes JMP 00000001036e03d0
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\kernel32.dll!LoadLibraryA + 81                           00000000772e49c8 7 bytes JMP 00000001036e04b2
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\kernel32.dll!VirtualFreeEx + 19                          00000000772fd973 7 bytes JMP 00000001036e012a
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\kernel32.dll!ExpandEnvironmentStringsA + 92              00000000772feb2d 7 bytes JMP 00000001036e020c
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx                      0000000075ab3e6b 5 bytes JMP 00000001036e0594
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\ole32.DLL!CoCreateInstance + 62                          00000000758e9d49 7 bytes JMP 00000001036e083a
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                          0000000076bf3c22 4 bytes JMP 0000000162e54710
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                             0000000076bf7646 4 bytes JMP 0000000162e54770
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\WININET.dll!InternetReadFile                             0000000076c090cf 4 bytes JMP 0000000162e546c0
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                             0000000076cc350a 4 bytes JMP 0000000162e54730
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\urlmon.dll!CreateURLMonikerEx + 895                      000000007776a8ac 12 bytes [00, 20, E3, 62, A0, 20, E3, ...]
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\urlmon.dll!URLOpenStreamA + 170                          00000000777d4abf 7 bytes JMP 00000001036e0ca4
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileA + 331                 00000000777d4c0f 7 bytes JMP 00000001036e0e68
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\WS2_32.dll!closesocket                                   0000000075af3918 5 bytes JMP 0000000162e546a0
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\WS2_32.dll!WSASend                                       0000000075af4406 5 bytes JMP 0000000162e543c0
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\WS2_32.dll!recv                                          0000000075af6b0e 5 bytes JMP 0000000162e544e0
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\WS2_32.dll!send                                          0000000075af6f01 5 bytes JMP 0000000162e54320
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\WS2_32.dll!WSARecv                                       0000000075af7089 5 bytes JMP 0000000162e54580
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult                        0000000075af7489 5 bytes JMP 0000000162e55740
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000771d1465 2 bytes [1D, 77]
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000771d14bb 2 bytes [1D, 77]
.text     ...                                                                                                                                      * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\SysWOW64\ntdll.dll [1516:1512]                                                                                                0000000000361c94
Thread    C:\Windows\SysWOW64\ntdll.dll [1516:2448]                                                                                                000000007173e767
Thread    C:\Windows\SysWOW64\ntdll.dll [1516:3888]                                                                                                000000006de10eb8
Thread    C:\Windows\SysWOW64\ntdll.dll [1516:3892]                                                                                                000000006de10eb8
Thread    C:\Windows\SysWOW64\ntdll.dll [1516:3896]                                                                                                000000006de10eb8
Thread    C:\Windows\SysWOW64\ntdll.dll [1516:4236]                                                                                                0000000073233189
Thread    C:\Windows\SysWOW64\ntdll.dll [1516:4240]                                                                                                0000000073578949
Thread    C:\Windows\SysWOW64\ntdll.dll [4116:4120]                                                                                                0000000000361c94
Thread    C:\Windows\SysWOW64\ntdll.dll [4116:2104]                                                                                                000000007238a3e0

---- EOF - GMER 2.1 ----
         

Alt 20.10.2013, 06:47   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Standard

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 20.10.2013, 13:13   #3
Schrumpfhirn
 
Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Standard

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router



Hallo,
Danke für die schnelle Hilfe,hier das log:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.20.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
****** ***** :: ***********-PC [administrator]

20.10.2013 13:29:11
mbar-log-2013-10-20 (13-29-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 327214
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Nach Neustart -Keine Funde mehr.

Letzte Nacht baute der Router selbst einen Tunnel auf,zu diesen Zeitpunkt waren wohl keine Pc's eingeschaltet.
Habe die Firmware neu heruntergeladen und mehrfach auf den Router geschrieben und neues Passwort.
Werde heute Nacht beobachten was um 1.40 geschieht
__________________

Alt 20.10.2013, 17:50   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Standard

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.10.2013, 20:40   #5
Schrumpfhirn
 
Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Standard

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router



Hallo,

hier das log:
Code:
ATTFilter
ComboFix 13-10-19.02 - ****** ***** 20.10.2013  21:16:30.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.12268.9237 [GMT 2:00]
ausgeführt von:: c:\users\****** *****\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-20 bis 2013-10-20  ))))))))))))))))))))))))))))))
.
.
2013-10-20 19:19 . 2013-10-20 19:19	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-10-20 19:19 . 2013-10-20 19:19	--------	d-----w-	c:\users\Surfer\AppData\Local\temp
2013-10-20 19:19 . 2013-10-20 19:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-10-20 11:29 . 2013-10-20 11:29	--------	d-----w-	c:\programdata\Malwarebytes
2013-10-20 11:29 . 2013-10-20 19:04	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-20 11:29 . 2013-10-20 18:55	116440	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-20 11:26 . 2013-10-20 18:55	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2013-10-17 21:28 . 2013-10-17 21:28	--------	d-----w-	C:\FRST
2013-10-17 12:55 . 2013-10-17 12:55	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-10-17 12:54 . 2013-10-17 12:54	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-17 12:54 . 2013-10-17 12:54	--------	d-----w-	c:\program files (x86)\Java
2013-10-17 12:45 . 2013-10-17 12:56	--------	d-----w-	c:\programdata\Oracle
2013-10-17 12:45 . 2013-10-17 12:45	312744	----a-w-	c:\windows\system32\javaws.exe
2013-10-17 12:45 . 2013-10-17 12:45	189352	----a-w-	c:\windows\system32\javaw.exe
2013-10-17 12:45 . 2013-10-17 12:45	189352	----a-w-	c:\windows\system32\java.exe
2013-10-17 12:45 . 2013-10-17 12:45	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-10-17 12:45 . 2013-10-17 12:45	--------	d-----w-	c:\program files\Java
2013-10-15 00:55 . 2013-10-15 01:00	--------	d-----w-	c:\users\****** *****\AppData\Roaming\HpUpdate
2013-10-15 00:54 . 2013-10-15 00:54	--------	d-----w-	c:\windows\Hewlett-Packard
2013-10-14 22:57 . 2013-10-14 22:57	--------	d-----w-	c:\users\****** *****\AppData\Roaming\HP
2013-10-14 22:56 . 2013-10-14 22:56	--------	d-----w-	c:\users\****** *****\AppData\Local\HP
2013-10-14 22:56 . 2009-07-14 01:41	101376	----a-w-	c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2013-10-14 22:52 . 2013-10-14 22:52	--------	d-----w-	c:\users\****** *****\AppData\Roaming\Yahoo!
2013-10-14 22:50 . 2013-10-14 22:50	--------	d-----w-	c:\programdata\HP Product Assistant
2013-10-14 22:50 . 2013-10-14 22:50	--------	d-----w-	c:\windows\SysWow64\spool
2013-10-14 22:49 . 2013-10-14 22:49	--------	d-----w-	c:\program files (x86)\Common Files\Hewlett-Packard
2013-10-14 22:49 . 2013-10-14 22:49	--------	d-----w-	c:\program files (x86)\Common Files\HP
2013-10-14 22:48 . 2013-10-15 00:55	--------	d-----w-	c:\program files (x86)\HP
2013-10-14 22:46 . 2013-10-14 22:57	--------	d-----w-	c:\programdata\HP
2013-10-14 22:46 . 2009-07-08 10:51	861184	----a-w-	c:\windows\system32\hpowiav1.dll
2013-10-14 22:46 . 2009-07-08 10:51	730624	----a-w-	c:\windows\system32\hpotscl1.dll
2013-10-14 22:46 . 2009-07-08 10:51	642360	----a-w-	c:\windows\system32\hpzids40.dll
2013-10-14 22:46 . 2009-07-08 10:51	498176	----a-w-	c:\windows\system32\hpovst01.dll
2013-10-14 10:50 . 2013-10-14 23:05	--------	d-----w-	c:\users\****** *****\AppData\Local\LogMeIn Rescue Applet
2013-10-14 10:20 . 2013-10-18 09:17	--------	d-----w-	c:\windows\system32\drivers\NISx64\1501000.012
2013-10-12 11:59 . 2013-10-12 11:59	--------	d-----w-	c:\windows\Microsoft Antimalware
2013-10-11 00:31 . 2013-10-11 00:53	--------	d---a-w-	C:\cce_linux
2013-10-09 10:37 . 2013-08-28 01:21	3155968	----a-w-	c:\windows\system32\win32k.sys
2013-10-09 10:35 . 2013-09-04 12:12	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-10-09 10:35 . 2013-09-04 12:11	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-10-09 10:35 . 2013-09-04 12:11	99840	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-10-09 10:35 . 2013-09-04 12:11	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-10-09 10:35 . 2013-09-04 12:11	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-10-09 10:35 . 2013-09-04 12:11	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-10-09 10:35 . 2013-09-04 12:11	7808	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-10-09 10:19 . 2013-08-28 01:12	461312	----a-w-	c:\windows\system32\scavengeui.dll
2013-10-06 09:45 . 2013-10-09 13:04	--------	d-----w-	c:\program files (x86)\Sardu
2013-10-02 14:06 . 2013-10-02 16:42	--------	d-----w-	c:\program files\stinger
2013-09-29 13:45 . 2013-10-02 14:04	--------	d-----w-	c:\program files (x86)\stinger
2013-09-29 13:42 . 2013-09-29 14:15	--------	d-----w-	c:\programdata\Sophos
2013-09-29 13:42 . 2013-09-29 13:42	73728	----a-r-	c:\users\****** *****\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-09-29 13:42 . 2013-09-29 13:42	73728	----a-r-	c:\users\****** *****\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-09-29 13:42 . 2013-09-29 13:42	73728	----a-r-	c:\users\****** *****\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-09-29 13:42 . 2013-09-29 13:42	--------	d-----w-	c:\program files (x86)\Sophos
2013-09-28 16:26 . 2013-10-16 22:54	--------	d-----w-	c:\users\****** *****\AppData\Local\NPE
2013-09-22 14:18 . 2013-10-15 19:20	--------	d-----w-	c:\users\****** *****\AppData\Roaming\Media Player Classic
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 11:30 . 2012-03-30 21:46	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 11:30 . 2011-10-09 02:32	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 10:29 . 2011-10-09 00:12	80541720	----a-w-	c:\windows\system32\MRT.exe
2013-09-23 21:23 . 2011-10-08 23:33	177752	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-09-17 20:22 . 2013-09-17 20:22	13628208	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-09-17 20:22 . 2011-10-12 12:09	15901448	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-09-17 20:22 . 2013-09-17 20:22	1222824	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-09-17 20:22 . 2012-02-24 01:38	1412832	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-09-17 20:22 . 2013-09-17 20:22	7648000	----a-w-	c:\windows\system32\nvopencl.dll
2013-09-17 20:22 . 2013-09-17 20:22	6329552	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-09-17 20:22 . 2013-09-17 20:22	29337376	----a-w-	c:\windows\system32\nvoglv64.dll
2013-09-17 20:22 . 2013-09-17 20:22	317472	----a-w-	c:\windows\system32\nvoglshim64.dll
2013-09-17 20:22 . 2013-09-17 20:22	266984	----a-w-	c:\windows\SysWow64\nvoglshim32.dll
2013-09-17 20:22 . 2013-09-17 20:22	22102304	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-09-17 20:22 . 2013-09-17 20:22	11274528	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-09-17 20:22 . 2013-09-17 20:22	603424	----a-w-	c:\windows\system32\NvIFR64.dll
2013-09-17 20:22 . 2013-09-17 20:22	515360	----a-w-	c:\windows\SysWow64\NvIFR.dll
2013-09-17 20:22 . 2013-09-17 20:22	168616	----a-w-	c:\windows\system32\nvinitx.dll
2013-09-17 20:22 . 2013-09-17 20:22	141336	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-09-17 20:22 . 2013-09-17 20:22	681760	----a-w-	c:\windows\system32\NvFBC64.dll
2013-09-17 20:22 . 2013-09-17 20:22	586016	----a-w-	c:\windows\SysWow64\NvFBC.dll
2013-09-17 20:22 . 2013-09-17 20:22	31520	----a-w-	c:\windows\system32\nvhdap64.dll
2013-09-17 20:22 . 2013-09-17 20:22	196384	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2013-09-17 20:22 . 2013-09-17 20:22	1884448	----a-w-	c:\windows\system32\nvdispco6432723.dll
2013-09-17 20:22 . 2013-09-17 20:22	1511712	----a-w-	c:\windows\system32\nvdispgenco6432723.dll
2013-09-17 20:22 . 2013-09-17 20:22	1510176	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2013-09-17 20:22 . 2012-10-10 19:23	15703688	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-09-17 20:22 . 2013-09-17 20:22	2970400	----a-w-	c:\windows\system32\nvcuvid.dll
2013-09-17 20:22 . 2013-09-17 20:22	2789152	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-09-17 20:22 . 2013-02-25 22:32	12947360	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-09-17 20:22 . 2013-09-17 20:22	9281032	----a-w-	c:\windows\system32\nvcuda.dll
2013-09-17 20:22 . 2013-09-17 20:22	7720576	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-09-17 20:22 . 2013-09-17 20:22	2367264	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-09-17 20:22 . 2013-09-17 20:22	2007328	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-09-17 20:22 . 2013-09-17 20:22	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-09-17 20:22 . 2013-09-17 20:22	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-09-17 20:22 . 2013-02-25 22:32	2630304	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-09-17 20:22 . 2011-10-12 12:09	2986672	----a-w-	c:\windows\system32\nvapi64.dll
2013-09-12 07:25 . 2011-10-12 12:12	6599968	----a-w-	c:\windows\system32\nvcpl.dll
2013-09-12 07:25 . 2011-10-12 12:12	3452192	----a-w-	c:\windows\system32\nvsvc64.dll
2013-09-12 07:25 . 2011-10-12 12:12	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-09-12 07:25 . 2011-10-12 12:12	920864	----a-w-	c:\windows\system32\nvvsvc.exe
2013-09-12 07:25 . 2011-10-12 12:12	2559776	----a-w-	c:\windows\system32\nvsvcr.dll
2013-09-12 07:25 . 2011-10-12 12:12	219424	----a-w-	c:\windows\system32\nvmctray.dll
2013-09-11 23:17 . 2013-09-11 23:17	571168	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-09-11 22:06 . 2012-02-24 01:39	3361114	----a-w-	c:\windows\system32\nvcoproc.bin
2013-08-29 01:48 . 2013-10-09 10:37	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-08-14 18:00 . 2013-09-13 11:30	127488	----a-w-	c:\windows\system32\ff_vfw.dll
2013-08-14 18:00 . 2013-09-13 11:30	112640	----a-w-	c:\windows\SysWow64\ff_vfw.dll
2013-08-05 02:25 . 2013-09-10 21:40	155584	----a-w-	c:\windows\system32\drivers\ataport.sys
2013-08-02 17:29 . 2013-09-13 11:30	256088	----a-w-	c:\windows\system32\unrar64.dll
2013-08-02 17:29 . 2013-09-13 11:30	217176	----a-w-	c:\windows\SysWow64\unrar.dll
2013-08-02 02:14 . 2013-09-10 21:40	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-10 21:40	424448	----a-w-	c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-10 21:40	1161216	----a-w-	c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-10 21:40	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-10 21:40	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	6656	----a-w-	c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-10 21:40	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-10 21:40	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-10 21:40	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-08-15 15:53	277560	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-08-12 3820032]
"MSCS"="c:\program files (x86)\MAXA Cookie Manager\Cookie.exe" [2012-05-20 1138688]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-08-13 439360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-09 78312]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2012-04-17 223096]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2013-04-24 740888]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice 4.0.0.lnk - c:\program files (x86)\OpenOffice 4\program\quickstart.exe [2013-7-11 117248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-4-18 563224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/06/21 01:06;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NTIOLib_1_0_1;NTIOLib_1_0_1;c:\program files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys;c:\program files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt53.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]
S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys;c:\windows\SYSNATIVE\DRIVERS\dslmnlwf.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131018.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131018.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501000.012\SYMNETS.SYS [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe ;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe  [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TDslMgrService;DSL-Manager;c:\program files (x86)\DSL-Manager\DslMgrSvc.exe;c:\program files (x86)\DSL-Manager\DslMgrSvc.exe [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
*Deregistered* - PROCEXP141
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-15 18:25	1185744	----a-w-	c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:30]
.
2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11 20:10]
.
2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11 20:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-08-15 15:53	336952	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2011-06-24 06:03	456704	----a-w-	c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2011-06-24 06:03	456704	----a-w-	c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2011-06-24 06:03	456704	----a-w-	c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-25 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-25 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-25 416024]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-06 6469736]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.t-online.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=warmal%20localhost:2;https=warmal%20localhost:2;ftp=warmal%20localhost:2
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: postbank.de\banking
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\****** *****\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2827013225-816584614-4054786126-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2827013225-816584614-4054786126-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2827013225-816584614-4054786126-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2827013225-816584614-4054786126-1000\Software\SecuROM\License information*]
"datasecu"=hex:69,83,ef,25,e7,16,b8,bb,c9,68,27,83,f6,ac,74,f0,f9,e0,25,3f,2b,
   b8,5d,f6,b3,e8,89,77,88,46,d3,5c,51,2c,1c,87,c7,07,58,54,32,23,f3,ae,fa,5e,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-20  21:21:17
ComboFix-quarantined-files.txt  2013-10-20 19:21
ComboFix2.txt  2013-10-20 19:13
.
Vor Suchlauf: 22 Verzeichnis(se), 97.691.377.664 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 97.597.452.288 Bytes frei
.
- - End Of File - - 301F6AB1B776A18F2BB36518D87E0EF0
A36C5E4F47E84449FF07ED3517B43A31
         
habe mit mbar.exe auf den anderen PC's nichts gefunden


Alt 21.10.2013, 11:07   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Standard

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router



C:\Qoobox\Combofix2.txt

bitte posten.
__________________
--> Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router

Alt 21.10.2013, 12:07   #7
Schrumpfhirn
 
Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Standard

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router



Hallo,
letzte Nacht blieb der Router standby,kein tunnel im Log - es waren keine PC's eingeschaltet.

Hier das Log:
Code:
ATTFilter
ComboFix 13-10-19.02 - ****** ***** 20.10.2013  21:06:07.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.12268.9565 [GMT 2:00]
ausgeführt von:: c:\users\****** *****\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DSL-Manager\DslMgr.exe
c:\program files (x86)\sss
c:\program files (x86)\sss\licence.txt
c:\program files (x86)\sss\ReadMe.txt
c:\program files (x86)\sss\SimpleScreenshot.exe
c:\program files (x86)\sss\upload.php
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kenjjinakdkeiddddjnjpfcopdohlfem_0
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kenjjinakdkeiddddjnjpfcopdohlfem_0\1
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\background.html
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\crossriderManifest.json
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\manifest.xml
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins.json
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\1_base.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\101_cortica_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\102_dealply_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\103_intext_5_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\104_jollywallet_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\105_corticas_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\107_coupish_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\108_icm_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\116_ads_only_5_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\119_similar_web_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\120_luck_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\123_intext_adv_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\125_arcadi2_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\127_revizer_p_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\129_widdit_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\135_arcadi3_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\138_getdeal_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\142_intext_fa_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\17_jQuery.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\21_debug.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\22_resources.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\28_initializer.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\47_resources_background.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\64_appApiMessage.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\72_appApiValidation.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\92_superfish_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\userCode\background.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\userCode\extension.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\icons\actions\1.png
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\icons\icon128.png
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\icons\icon16.png
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\icons\icon48.png
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\api\chrome.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\api\cookie.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\api\message.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\api\pageAction.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\api\pageActionBG.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\background.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\app_api.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\bg_app_api.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\consts.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\cookie_store.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\crossriderAPI.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\delegate.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\events.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\extensionDataStore.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\installer.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\logFile.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\logging.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\onBGDocumentLoad.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\popupResource\newPopup.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\popupResource\popup.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\reports.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\storageWrapper.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\updateManager.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\util.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\xhr.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\main.js
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\manifest.json
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\popup.html
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kenjjinakdkeiddddjnjpfcopdohlfem
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kenjjinakdkeiddddjnjpfcopdohlfem\000024.log
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kenjjinakdkeiddddjnjpfcopdohlfem\000025.sst
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kenjjinakdkeiddddjnjpfcopdohlfem\CURRENT
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kenjjinakdkeiddddjnjpfcopdohlfem\LOCK
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kenjjinakdkeiddddjnjpfcopdohlfem\LOG
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kenjjinakdkeiddddjnjpfcopdohlfem\LOG.old
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kenjjinakdkeiddddjnjpfcopdohlfem\MANIFEST-000022
c:\users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kenjjinakdkeiddddjnjpfcopdohlfem_0.localstorage
c:\windows\SysWow64\tmp5199.tmp
c:\windows\SysWow64\tmp519A.tmp
c:\windows\SysWow64\tmp5B6F.tmp
c:\windows\SysWow64\tmp5B70.tmp
c:\windows\wininit.ini
N:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-20 bis 2013-10-20  ))))))))))))))))))))))))))))))
.
.
2013-10-20 19:11 . 2013-10-20 19:11	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-10-20 19:11 . 2013-10-20 19:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-10-20 11:29 . 2013-10-20 18:55	116440	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-20 11:26 . 2013-10-20 18:55	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2013-10-17 21:28 . 2013-10-17 21:28	--------	d-----w-	C:\FRST
2013-10-17 12:55 . 2013-10-17 12:55	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-10-17 12:54 . 2013-10-17 12:54	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-17 12:54 . 2013-10-17 12:54	--------	d-----w-	c:\program files (x86)\Java
2013-10-17 12:45 . 2013-10-17 12:56	--------	d-----w-	c:\programdata\Oracle
2013-10-17 12:45 . 2013-10-17 12:45	312744	----a-w-	c:\windows\system32\javaws.exe
2013-10-17 12:45 . 2013-10-17 12:45	189352	----a-w-	c:\windows\system32\javaw.exe
2013-10-17 12:45 . 2013-10-17 12:45	189352	----a-w-	c:\windows\system32\java.exe
2013-10-17 12:45 . 2013-10-17 12:45	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-10-17 12:45 . 2013-10-17 12:45	--------	d-----w-	c:\program files\Java
2013-10-15 00:55 . 2013-10-15 01:00	--------	d-----w-	c:\users\****** *****\AppData\Roaming\HpUpdate
2013-10-15 00:54 . 2013-10-15 00:54	--------	d-----w-	c:\windows\Hewlett-Packard
2013-10-14 22:57 . 2013-10-14 22:57	--------	d-----w-	c:\users\****** *****\AppData\Roaming\HP
2013-10-14 22:56 . 2013-10-14 22:56	--------	d-----w-	c:\users\****** *****\AppData\Local\HP
2013-10-14 22:56 . 2009-07-14 01:41	101376	----a-w-	c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2013-10-14 22:52 . 2013-10-14 22:52	--------	d-----w-	c:\users\****** *****\AppData\Roaming\Yahoo!
2013-10-14 22:50 . 2013-10-14 22:50	--------	d-----w-	c:\programdata\HP Product Assistant
2013-10-14 22:50 . 2013-10-14 22:50	--------	d-----w-	c:\windows\SysWow64\spool
2013-10-14 22:49 . 2013-10-14 22:49	--------	d-----w-	c:\program files (x86)\Common Files\Hewlett-Packard
2013-10-14 22:49 . 2013-10-14 22:49	--------	d-----w-	c:\program files (x86)\Common Files\HP
2013-10-14 22:48 . 2013-10-15 00:55	--------	d-----w-	c:\program files (x86)\HP
2013-10-14 22:46 . 2013-10-14 22:57	--------	d-----w-	c:\programdata\HP
2013-10-14 22:46 . 2009-07-08 10:51	861184	----a-w-	c:\windows\system32\hpowiav1.dll
2013-10-14 22:46 . 2009-07-08 10:51	730624	----a-w-	c:\windows\system32\hpotscl1.dll
2013-10-14 22:46 . 2009-07-08 10:51	642360	----a-w-	c:\windows\system32\hpzids40.dll
2013-10-14 22:46 . 2009-07-08 10:51	498176	----a-w-	c:\windows\system32\hpovst01.dll
2013-10-14 10:50 . 2013-10-14 23:05	--------	d-----w-	c:\users\****** *****\AppData\Local\LogMeIn Rescue Applet
2013-10-14 10:20 . 2013-10-18 09:17	--------	d-----w-	c:\windows\system32\drivers\NISx64\1501000.012
2013-10-12 11:59 . 2013-10-12 11:59	--------	d-----w-	c:\windows\Microsoft Antimalware
2013-10-11 00:31 . 2013-10-11 00:53	--------	d---a-w-	C:\cce_linux
2013-10-09 10:37 . 2013-08-28 01:21	3155968	----a-w-	c:\windows\system32\win32k.sys
2013-10-09 10:35 . 2013-09-04 12:12	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-10-09 10:35 . 2013-09-04 12:11	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-10-09 10:35 . 2013-09-04 12:11	99840	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-10-09 10:35 . 2013-09-04 12:11	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-10-09 10:35 . 2013-09-04 12:11	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-10-09 10:35 . 2013-09-04 12:11	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-10-09 10:35 . 2013-09-04 12:11	7808	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-10-09 10:19 . 2013-08-28 01:12	461312	----a-w-	c:\windows\system32\scavengeui.dll
2013-10-06 09:45 . 2013-10-09 13:04	--------	d-----w-	c:\program files (x86)\Sardu
2013-10-02 14:06 . 2013-10-02 16:42	--------	d-----w-	c:\program files\stinger
2013-09-29 13:45 . 2013-10-02 14:04	--------	d-----w-	c:\program files (x86)\stinger
2013-09-29 13:42 . 2013-09-29 14:15	--------	d-----w-	c:\programdata\Sophos
2013-09-29 13:42 . 2013-09-29 13:42	73728	----a-r-	c:\users\****** *****\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-09-29 13:42 . 2013-09-29 13:42	73728	----a-r-	c:\users\****** *****\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-09-29 13:42 . 2013-09-29 13:42	73728	----a-r-	c:\users\****** *****\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-09-29 13:42 . 2013-09-29 13:42	--------	d-----w-	c:\program files (x86)\Sophos
2013-09-28 16:26 . 2013-10-16 22:54	--------	d-----w-	c:\users\****** *****\AppData\Local\NPE
2013-09-22 14:18 . 2013-10-15 19:20	--------	d-----w-	c:\users\****** *****\AppData\Roaming\Media Player Classic
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 11:30 . 2012-03-30 21:46	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 11:30 . 2011-10-09 02:32	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 10:29 . 2011-10-09 00:12	80541720	----a-w-	c:\windows\system32\MRT.exe
2013-09-23 21:23 . 2011-10-08 23:33	177752	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-09-17 20:22 . 2013-09-17 20:22	13628208	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-09-17 20:22 . 2011-10-12 12:09	15901448	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-09-17 20:22 . 2013-09-17 20:22	1222824	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-09-17 20:22 . 2012-02-24 01:38	1412832	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-09-17 20:22 . 2013-09-17 20:22	7648000	----a-w-	c:\windows\system32\nvopencl.dll
2013-09-17 20:22 . 2013-09-17 20:22	6329552	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-09-17 20:22 . 2013-09-17 20:22	29337376	----a-w-	c:\windows\system32\nvoglv64.dll
2013-09-17 20:22 . 2013-09-17 20:22	317472	----a-w-	c:\windows\system32\nvoglshim64.dll
2013-09-17 20:22 . 2013-09-17 20:22	266984	----a-w-	c:\windows\SysWow64\nvoglshim32.dll
2013-09-17 20:22 . 2013-09-17 20:22	22102304	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-09-17 20:22 . 2013-09-17 20:22	11274528	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-09-17 20:22 . 2013-09-17 20:22	603424	----a-w-	c:\windows\system32\NvIFR64.dll
2013-09-17 20:22 . 2013-09-17 20:22	515360	----a-w-	c:\windows\SysWow64\NvIFR.dll
2013-09-17 20:22 . 2013-09-17 20:22	168616	----a-w-	c:\windows\system32\nvinitx.dll
2013-09-17 20:22 . 2013-09-17 20:22	141336	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-09-17 20:22 . 2013-09-17 20:22	681760	----a-w-	c:\windows\system32\NvFBC64.dll
2013-09-17 20:22 . 2013-09-17 20:22	586016	----a-w-	c:\windows\SysWow64\NvFBC.dll
2013-09-17 20:22 . 2013-09-17 20:22	31520	----a-w-	c:\windows\system32\nvhdap64.dll
2013-09-17 20:22 . 2013-09-17 20:22	196384	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2013-09-17 20:22 . 2013-09-17 20:22	1884448	----a-w-	c:\windows\system32\nvdispco6432723.dll
2013-09-17 20:22 . 2013-09-17 20:22	1511712	----a-w-	c:\windows\system32\nvdispgenco6432723.dll
2013-09-17 20:22 . 2013-09-17 20:22	1510176	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2013-09-17 20:22 . 2012-10-10 19:23	15703688	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-09-17 20:22 . 2013-09-17 20:22	2970400	----a-w-	c:\windows\system32\nvcuvid.dll
2013-09-17 20:22 . 2013-09-17 20:22	2789152	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-09-17 20:22 . 2013-02-25 22:32	12947360	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-09-17 20:22 . 2013-09-17 20:22	9281032	----a-w-	c:\windows\system32\nvcuda.dll
2013-09-17 20:22 . 2013-09-17 20:22	7720576	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-09-17 20:22 . 2013-09-17 20:22	2367264	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-09-17 20:22 . 2013-09-17 20:22	2007328	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-09-17 20:22 . 2013-09-17 20:22	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-09-17 20:22 . 2013-09-17 20:22	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-09-17 20:22 . 2013-02-25 22:32	2630304	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-09-17 20:22 . 2011-10-12 12:09	2986672	----a-w-	c:\windows\system32\nvapi64.dll
2013-09-12 07:25 . 2011-10-12 12:12	6599968	----a-w-	c:\windows\system32\nvcpl.dll
2013-09-12 07:25 . 2011-10-12 12:12	3452192	----a-w-	c:\windows\system32\nvsvc64.dll
2013-09-12 07:25 . 2011-10-12 12:12	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-09-12 07:25 . 2011-10-12 12:12	920864	----a-w-	c:\windows\system32\nvvsvc.exe
2013-09-12 07:25 . 2011-10-12 12:12	2559776	----a-w-	c:\windows\system32\nvsvcr.dll
2013-09-12 07:25 . 2011-10-12 12:12	219424	----a-w-	c:\windows\system32\nvmctray.dll
2013-09-11 23:17 . 2013-09-11 23:17	571168	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-09-11 22:06 . 2012-02-24 01:39	3361114	----a-w-	c:\windows\system32\nvcoproc.bin
2013-08-29 01:48 . 2013-10-09 10:37	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-08-14 18:00 . 2013-09-13 11:30	127488	----a-w-	c:\windows\system32\ff_vfw.dll
2013-08-14 18:00 . 2013-09-13 11:30	112640	----a-w-	c:\windows\SysWow64\ff_vfw.dll
2013-08-05 02:25 . 2013-09-10 21:40	155584	----a-w-	c:\windows\system32\drivers\ataport.sys
2013-08-02 17:29 . 2013-09-13 11:30	256088	----a-w-	c:\windows\system32\unrar64.dll
2013-08-02 17:29 . 2013-09-13 11:30	217176	----a-w-	c:\windows\SysWow64\unrar.dll
2013-08-02 02:14 . 2013-09-10 21:40	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-10 21:40	424448	----a-w-	c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-10 21:40	1161216	----a-w-	c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-10 21:40	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-10 21:40	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	6656	----a-w-	c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-10 21:40	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-10 21:40	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-10 21:40	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 21:40	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-08-15 15:53	277560	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-08-12 3820032]
"MSCS"="c:\program files (x86)\MAXA Cookie Manager\Cookie.exe" [2012-05-20 1138688]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-08-13 439360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-09 78312]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2012-04-17 223096]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2013-04-24 740888]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice 4.0.0.lnk - c:\program files (x86)\OpenOffice 4\program\quickstart.exe [2013-7-11 117248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-4-18 563224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/06/21 01:06;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NTIOLib_1_0_1;NTIOLib_1_0_1;c:\program files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys;c:\program files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt53.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]
S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys;c:\windows\SYSNATIVE\DRIVERS\dslmnlwf.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131018.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131018.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501000.012\SYMNETS.SYS [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe ;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe  [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TDslMgrService;DSL-Manager;c:\program files (x86)\DSL-Manager\DslMgrSvc.exe;c:\program files (x86)\DSL-Manager\DslMgrSvc.exe [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-15 18:25	1185744	----a-w-	c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:30]
.
2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11 20:10]
.
2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11 20:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-08-15 15:53	336952	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2011-06-24 06:03	456704	----a-w-	c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2011-06-24 06:03	456704	----a-w-	c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2011-06-24 06:03	456704	----a-w-	c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-25 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-25 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-25 416024]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-06 6469736]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.t-online.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=warmal%20localhost:2;https=warmal%20localhost:2;ftp=warmal%20localhost:2
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: postbank.de\banking
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\****** *****\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-REGSHAVE - c:\program files (x86)\REGSHAVE\REGSHAVE.EXE
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe
c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
AddRemove-RW_Tools V2 - n:\! steam-arbeitsordner !\RW-Tools\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2827013225-816584614-4054786126-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2827013225-816584614-4054786126-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2827013225-816584614-4054786126-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2827013225-816584614-4054786126-1000\Software\SecuROM\License information*]
"datasecu"=hex:69,83,ef,25,e7,16,b8,bb,c9,68,27,83,f6,ac,74,f0,f9,e0,25,3f,2b,
   b8,5d,f6,b3,e8,89,77,88,46,d3,5c,51,2c,1c,87,c7,07,58,54,32,23,f3,ae,fa,5e,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-20  21:13:06
ComboFix-quarantined-files.txt  2013-10-20 19:13
.
Vor Suchlauf: 18 Verzeichnis(se), 97.776.885.760 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 97.597.132.800 Bytes frei
.
- - End Of File - - 98B36092DC0A55FC5851C2526B154F75
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 22.10.2013, 06:44   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Standard

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router



Frische FRST Logs bitte. Problem noch da?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.10.2013, 21:16   #9
Schrumpfhirn
 
Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Standard

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router



Hallo und danke für Ihre Hilfe.
Letzte Nacht waren keine tunnelungen und die sonst massiven Smoof und Syn floods sind auf ein paar wenige zurückgegangen.
Online war nur der "Infizierte" auch hatte ich im Router zusätzlich alle PPTP und L2TP geblockt.
Die Routerfirmware scheint auch noch original zu sein,ich hatte mich jedoch vorsichtshalber nicht mehr mit dem "Infizierten" eingeloggt,könnte ja mal testen was passiert.

Hier die neuen Logs:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2013
Ran by ****** ***** (administrator) on ***********-PC on 22-10-2013 21:17:31
Running from C:\Users\****** *****\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(MAXA Research Int'l Inc.) C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(T-Systems Enterprise Services GmbH) C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-06] (Realtek Semiconductor)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar2\Rainlendar2.exe [3820032 2011-08-12] ()
HKCU\...\Run: [MSCS] - C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe [1138688 2012-05-20] (MAXA Research Int'l Inc.)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78312 2012-05-09] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [223096 2012-04-17] (CyberLink Corp.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.0.0.lnk
ShortcutTarget: OpenOffice 4.0.0.lnk -> C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: http=warmal%20localhost:2;https=warmal%20localhost:2;ftp=warmal%20localhost:2
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {68ADF79E-E403-43EA-8AAB-57DC2C811EA0} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {68ADF79E-E403-43EA-8AAB-57DC2C811EA0} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\****** *****\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default
FF user.js: detected! => C:\Users\****** *****\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default\user.js
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\****** *****\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Winamp Toolbar - C:\Users\****** *****\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF Extension: fdm_ffext - C:\Users\****** *****\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default\Extensions\fdm_ffext@freedownloadmanager.org
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFF
FF HKCU\...\Firefox\Extensions: [maxacookie@maxatools.com] - C:\Program Files (x86)\MAXA Cookie Manager\extension
FF Extension: MAXA Cookie Manager - C:\Program Files (x86)\MAXA Cookie Manager\extension

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\****** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.1.10_0\npcoplgn.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Norton Identity Protection) - C:\Users\******~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.5.1.4_0
CHR Extension: (DVDVideoSoft) - C:\Users\******~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\******~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\******~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf\1.2.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx

==================== Services (Whitelisted) =================

S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [242664 2012-05-09] (CyberLink)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2435960 2012-07-28] (Diskeeper Corporation)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-21] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2565632 2011-10-24] (Deutsche Telekom AG)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [93848 2008-09-18] (SiSoftware)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
R3 TDslMgrService; C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [294912 2007-11-26] (T-Systems Enterprise Services GmbH)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-10-02] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52144 2010-03-10] (Diskeeper Corporation)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-23] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-23] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131018.001\IDSvia64.sys [521816 2013-10-17] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131022.001\ENG64.SYS [126040 2013-09-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131022.001\EX64.SYS [2099288 2013-09-23] (Symantec Corporation)
S3 NTIOLib_1_0_1; C:\Program Files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [14136 2009-10-06] (MSI)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-06-22] (Acronis)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-22 21:15 - 2013-10-22 21:15 - 01954682 _____ (Farbar) C:\Users\****** *****\Desktop\FRST64.exe
2013-10-22 21:12 - 2013-10-22 21:12 - 00000000 ____D C:\Users\****** *****\AppData\Local\{9B84E222-3C6F-420F-9F11-D428F98DBD9C}
2013-10-21 13:24 - 2013-10-21 13:24 - 00000000 ____D C:\Users\****** *****\AppData\Local\{0934E55D-B1A8-4CE9-B321-8FC0514860CA}
2013-10-20 20:49 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-20 20:49 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-20 20:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-20 20:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-20 20:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-20 20:49 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-20 20:49 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-20 20:49 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-20 20:37 - 2013-10-20 20:37 - 00000000 ____D C:\Users\****** *****\Documents\ProcAlyzer Dumps
2013-10-20 20:30 - 2013-10-21 12:58 - 00000000 ____D C:\Qoobox
2013-10-20 20:29 - 2013-10-20 21:11 - 00000000 ____D C:\Windows\erdnt
2013-10-20 20:25 - 2013-10-20 20:24 - 05135479 ____R (Swearware) C:\Users\****** *****\Desktop\ComboFix.exe
2013-10-20 13:29 - 2013-10-20 21:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-20 13:29 - 2013-10-20 20:55 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-20 13:29 - 2013-10-20 13:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-20 13:26 - 2013-10-20 21:04 - 00000000 ____D C:\Users\****** *****\Desktop\mbar
2013-10-20 13:26 - 2013-10-20 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-20 13:24 - 2013-10-20 13:24 - 00000000 ____D C:\Users\****** *****\AppData\Local\{689ECCD3-B49A-408B-9520-EF7876EF5A66}
2013-10-19 22:12 - 2013-10-19 22:12 - 00000000 ____D C:\Users\****** *****\AppData\Local\{44679D2F-3EAD-4564-A5E3-2635401A595A}
2013-10-18 18:59 - 2013-10-18 18:59 - 00000000 ____D C:\Users\****** *****\AppData\Local\{7E1320E5-2B4E-43D6-9BC3-09FBDC9F203E}
2013-10-18 11:25 - 2013-10-18 11:25 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-10-18 01:44 - 2013-10-18 01:44 - 00000000 ____D C:\Users\****** *****\AppData\Local\{A1BE8A4A-7841-4646-AE4E-8D8F67804204}
2013-10-17 23:28 - 2013-10-17 23:28 - 00000000 ____D C:\FRST
2013-10-17 23:27 - 2013-10-17 23:27 - 00000000 _____ C:\Users\****** *****\defogger_reenable
2013-10-17 14:55 - 2013-10-17 14:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-17 14:54 - 2013-10-17 14:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-17 14:54 - 2013-10-17 14:54 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-17 14:54 - 2013-10-17 14:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-17 14:54 - 2013-10-17 14:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-17 14:45 - 2013-10-17 14:56 - 00000000 ____D C:\ProgramData\Oracle
2013-10-17 14:45 - 2013-10-17 14:45 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-17 14:45 - 2013-10-17 14:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-17 14:45 - 2013-10-17 14:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-17 14:45 - 2013-10-17 14:45 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-17 14:45 - 2013-10-17 14:45 - 00000000 ____D C:\Program Files\Java
2013-10-17 13:03 - 2013-10-17 13:03 - 00000000 ____D C:\Users\****** *****\AppData\Local\{6C3460A9-E407-4C74-8F44-0B32226C25D6}
2013-10-16 21:41 - 2013-10-16 21:41 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy
2013-10-16 17:35 - 2013-10-16 17:35 - 00000000 ____D C:\Users\****** *****\AppData\Local\{C898F052-B602-419E-88E0-1B0500AC5D09}
2013-10-15 23:37 - 2013-10-15 23:37 - 00000000 ____D C:\Users\****** *****\AppData\Local\{5000FFE7-1E9C-4F4B-A3B6-F394334182FE}
2013-10-15 21:32 - 2013-10-22 21:06 - 00002016 _____ C:\Windows\setupact.log
2013-10-15 21:32 - 2013-10-20 21:30 - 00001328 _____ C:\Windows\PFRO.log
2013-10-15 21:32 - 2013-10-15 21:32 - 00000000 _____ C:\Windows\setuperr.log
2013-10-15 21:26 - 2013-10-15 21:26 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-15 10:52 - 2013-10-15 10:52 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DEC0E3FF-4F15-4812-8678-326B0B64F381}
2013-10-15 02:55 - 2013-10-22 01:19 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\HpUpdate
2013-10-15 02:54 - 2013-10-15 02:54 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-10-15 00:57 - 2013-10-15 00:57 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\HP
2013-10-15 00:56 - 2013-10-15 00:56 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-10-15 00:56 - 2013-10-15 00:56 - 00000000 ____D C:\Users\****** *****\AppData\Local\HP
2013-10-15 00:52 - 2013-10-15 00:52 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Yahoo!
2013-10-15 00:50 - 2013-10-15 00:50 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-10-15 00:50 - 2013-10-15 00:50 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-10-15 00:48 - 2013-10-15 02:55 - 00000000 ____D C:\Program Files (x86)\HP
2013-10-15 00:47 - 2013-10-15 01:00 - 00002890 _____ C:\ProgramData\hpzinstall.log
2013-10-15 00:47 - 2013-10-15 00:57 - 00245575 _____ C:\Windows\hpoins19.dat
2013-10-15 00:47 - 2009-10-20 06:30 - 00013898 ____N C:\Windows\hpomdl19.dat
2013-10-15 00:46 - 2013-10-15 00:57 - 00000000 ____D C:\ProgramData\HP
2013-10-15 00:46 - 2009-07-08 12:51 - 00861184 _____ (Hewlett-Packard) C:\Windows\system32\hpowiav1.dll
2013-10-15 00:46 - 2009-07-08 12:51 - 00730624 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpotscl1.dll
2013-10-15 00:46 - 2009-07-08 12:51 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2013-10-15 00:46 - 2009-07-08 12:51 - 00498176 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpovst01.dll
2013-10-14 20:25 - 2013-10-14 20:25 - 00000000 ____D C:\Users\****** *****\AppData\Local\{CDE09849-B4DE-4ECA-823E-A68F9C83D6E9}
2013-10-14 14:10 - 2013-10-14 14:10 - 00000000 ____D C:\Users\****** *****\AppData\Local\{C3631065-3D37-4A12-8E9C-27204417DDE5}
2013-10-14 12:50 - 2013-10-15 01:05 - 00000000 ____D C:\Users\****** *****\AppData\Local\LogMeIn Rescue Applet
2013-10-14 02:07 - 2013-10-14 02:07 - 00000122 _____ C:\Users\****** *****\Documents\hacking.txt
2013-10-13 23:19 - 2013-10-13 23:19 - 00000000 ____D C:\Users\****** *****\AppData\Local\{FFBCAEE7-0DA3-4A06-86DA-95A17E228322}
2013-10-13 23:14 - 2013-10-13 23:14 - 00000000 ____D C:\Users\****** *****\AppData\Local\{9A170223-FA64-4D3E-9B09-1FA302242C83}
2013-10-13 22:19 - 2013-10-22 01:24 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-13 22:19 - 2013-10-13 22:19 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-11 02:31 - 2013-10-11 02:53 - 00000000 ____D C:\cce_linux
2013-10-09 13:48 - 2013-10-09 13:48 - 00000000 ____D C:\Users\****** *****\AppData\Local\{7ECFDF27-357F-42F4-A177-A1BA429B7E9B}
2013-10-09 12:43 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 12:43 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 12:43 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 12:43 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 12:43 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 12:43 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 12:43 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 12:43 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 12:43 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 12:43 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 12:43 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 12:43 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 12:37 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 12:37 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 12:37 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 12:37 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 12:37 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 12:37 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 12:37 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 12:37 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 12:37 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 12:37 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 12:37 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 12:37 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 12:37 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 12:37 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 12:37 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 12:37 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 12:37 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 12:37 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 12:37 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 12:37 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 12:37 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 12:37 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 12:37 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 12:37 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 12:37 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 12:37 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 12:37 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 12:37 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 12:37 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 12:37 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 12:37 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 12:37 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 12:37 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 12:37 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 12:37 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 12:37 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 12:37 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 12:37 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 12:37 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 12:37 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 12:37 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 12:37 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 12:37 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 12:37 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 12:37 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 12:37 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 12:37 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 12:35 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 12:35 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 12:35 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 12:35 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 12:35 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 12:35 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 12:35 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 12:19 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-06 11:46 - 2013-10-06 11:46 - 00000968 _____ C:\Users\UpdatusUser\Desktop\SARDU.lnk
2013-10-06 11:46 - 2013-10-06 11:46 - 00000968 _____ C:\Users\****** *****\Desktop\SARDU.lnk
2013-10-06 11:46 - 2013-10-06 11:46 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SARDU
2013-10-06 11:45 - 2013-10-09 15:04 - 00000000 ____D C:\Program Files (x86)\Sardu
2013-10-06 00:02 - 2013-10-06 00:02 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DAB50AB6-4151-4886-AD94-F42BB18EE8C6}
2013-10-02 18:52 - 2013-10-02 18:52 - 00000000 ____D C:\Users\****** *****\AppData\Local\{C711E6A1-7767-4047-92C8-F4DC1A0DE6D2}
2013-10-02 16:06 - 2013-10-02 18:42 - 00000000 ____D C:\Program Files\stinger
2013-10-01 00:52 - 2013-10-01 00:52 - 00000000 ____D C:\Users\****** *****\AppData\Local\{A356D73A-F7C7-4369-99E8-0F31732EF222}
2013-09-30 09:37 - 2013-09-30 09:38 - 00000000 ____D C:\Users\****** *****\AppData\Local\{96C6997F-2436-4A7E-B634-90C8A5CEB224}
2013-09-29 23:56 - 2013-09-29 23:56 - 00000000 ____D C:\Users\****** *****\AppData\Local\{6EA1E980-19CB-44AC-8EA4-1CF4A0F54162}
2013-09-29 18:59 - 2013-09-29 18:59 - 00000000 ____D C:\Users\****** *****\AppData\Local\{281EA1AF-27FC-4F2A-9CBD-F0DA2EE1ED8A}
2013-09-29 16:49 - 2013-09-29 16:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-29 15:45 - 2013-10-02 16:04 - 00000000 ____D C:\Program Files (x86)\stinger
2013-09-29 15:42 - 2013-09-29 16:15 - 00000000 ____D C:\ProgramData\Sophos
2013-09-29 15:42 - 2013-09-29 15:42 - 00003237 _____ C:\Users\****** *****\Desktop\Sophos Virus Removal Tool.lnk
2013-09-29 15:42 - 2013-09-29 15:42 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-09-29 15:42 - 2013-09-29 15:42 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-09-29 01:26 - 2013-09-29 01:26 - 00000824 _____ C:\Users\****** *****\Documents\hosts.txt
2013-09-28 20:37 - 2013-09-28 20:37 - 00000000 ____D C:\Users\****** *****\AppData\Local\{5827D97C-99EE-40C4-961A-D1FB2E4F974D}
2013-09-28 18:26 - 2013-10-17 00:54 - 00000000 ____D C:\Users\****** *****\AppData\Local\NPE
2013-09-28 01:46 - 2013-09-28 01:46 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DFA1807B-88C4-4D06-8ED7-0196F7B88A8D}
2013-09-27 11:35 - 2013-09-27 11:36 - 00000000 ____D C:\Users\****** *****\AppData\Local\{8FF40C79-9902-4D3A-BC1C-2CE1D808353F}
2013-09-26 23:35 - 2013-09-26 23:35 - 00000000 ____D C:\Users\****** *****\AppData\Local\{599810B8-DFC5-4BC5-95AD-F7A44C608196}
2013-09-25 12:25 - 2013-09-25 12:25 - 00000000 ____D C:\Users\****** *****\AppData\Local\{1260FAE7-5BA4-4008-B419-91583BA2FBEE}
2013-09-24 16:58 - 2013-09-24 16:58 - 00000000 ____D C:\Users\****** *****\AppData\Local\{ED5AC33A-9910-4D05-8FBF-A1BB1768FA0A}
2013-09-23 23:49 - 2013-09-23 23:49 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DB0C1B8D-869A-42A2-972F-2DE070D13514}
2013-09-23 11:10 - 2013-09-23 11:10 - 00000000 ____D C:\Users\****** *****\AppData\Local\{8C36E97C-FA8D-4A74-B724-D7359846A947}
2013-09-22 16:18 - 2013-10-15 21:20 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Media Player Classic
2013-09-22 16:08 - 2013-09-22 16:08 - 00000000 ____D C:\Users\****** *****\AppData\Local\{76786FB8-0C90-4325-BE61-9B79DCB35957}
2013-09-22 03:53 - 2013-09-22 03:53 - 00000000 ____D C:\Users\****** *****\AppData\Local\{1055BF5B-BB2B-4B3E-89F8-C65AB2632E33}

==================== One Month Modified Files and Folders =======

2013-10-22 21:15 - 2013-10-22 21:15 - 01954682 _____ (Farbar) C:\Users\****** *****\Desktop\FRST64.exe
2013-10-22 21:13 - 2009-07-14 06:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-22 21:13 - 2009-07-14 06:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-22 21:12 - 2013-10-22 21:12 - 00000000 ____D C:\Users\****** *****\AppData\Local\{9B84E222-3C6F-420F-9F11-D428F98DBD9C}
2013-10-22 21:09 - 2011-10-08 22:28 - 01515531 _____ C:\Windows\WindowsUpdate.log
2013-10-22 21:07 - 2013-01-11 22:10 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-22 21:07 - 2011-10-09 04:45 - 00000000 ____D C:\Users\****** *****\.rainlendar2
2013-10-22 21:06 - 2013-10-15 21:32 - 00002016 _____ C:\Windows\setupact.log
2013-10-22 21:06 - 2011-10-12 14:13 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-22 21:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-22 01:26 - 2012-03-30 23:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-22 01:24 - 2013-10-13 22:19 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-22 01:19 - 2013-10-15 02:55 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\HpUpdate
2013-10-22 01:18 - 2012-06-29 13:36 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1C6C1C2F-D891-4AC6-B935-A56BE995074F}
2013-10-21 13:24 - 2013-10-21 13:24 - 00000000 ____D C:\Users\****** *****\AppData\Local\{0934E55D-B1A8-4CE9-B321-8FC0514860CA}
2013-10-21 12:58 - 2013-10-20 20:30 - 00000000 ____D C:\Qoobox
2013-10-21 00:10 - 2011-10-09 02:18 - 00000000 ____D C:\Users\****** *****\AppData\Local\CrashDumps
2013-10-20 21:30 - 2013-10-15 21:32 - 00001328 _____ C:\Windows\PFRO.log
2013-10-20 21:19 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-20 21:15 - 2011-10-09 00:03 - 00000000 ____D C:\Program Files (x86)\Process Explorer 15.05
2013-10-20 21:13 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-20 21:12 - 2012-02-24 03:39 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-20 21:12 - 2011-10-09 02:25 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-20 21:12 - 2011-10-09 02:25 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-20 21:12 - 2011-10-08 22:53 - 00000000 ___RD C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-20 21:11 - 2013-10-20 20:29 - 00000000 ____D C:\Windows\erdnt
2013-10-20 21:11 - 2011-10-09 02:25 - 00000000 ____D C:\Program Files (x86)\DSL-Manager
2013-10-20 21:04 - 2013-10-20 13:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-20 21:04 - 2013-10-20 13:26 - 00000000 ____D C:\Users\****** *****\Desktop\mbar
2013-10-20 20:55 - 2013-10-20 13:29 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-20 20:55 - 2013-10-20 13:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-20 20:37 - 2013-10-20 20:37 - 00000000 ____D C:\Users\****** *****\Documents\ProcAlyzer Dumps
2013-10-20 20:36 - 2013-06-22 21:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-20 20:24 - 2013-10-20 20:25 - 05135479 ____R (Swearware) C:\Users\****** *****\Desktop\ComboFix.exe
2013-10-20 13:29 - 2013-10-20 13:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-20 13:24 - 2013-10-20 13:24 - 00000000 ____D C:\Users\****** *****\AppData\Local\{689ECCD3-B49A-408B-9520-EF7876EF5A66}
2013-10-19 22:12 - 2013-10-19 22:12 - 00000000 ____D C:\Users\****** *****\AppData\Local\{44679D2F-3EAD-4564-A5E3-2635401A595A}
2013-10-19 20:46 - 2008-02-23 23:54 - 00000000 ____D C:\Users\****** *****\Documents\Eigene Dokumente+wichtiges
2013-10-19 19:44 - 2011-04-12 09:43 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-10-19 19:44 - 2011-04-12 09:43 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-10-19 19:44 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-18 18:59 - 2013-10-18 18:59 - 00000000 ____D C:\Users\****** *****\AppData\Local\{7E1320E5-2B4E-43D6-9BC3-09FBDC9F203E}
2013-10-18 11:25 - 2013-10-18 11:25 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-10-18 11:20 - 2012-03-07 14:04 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-10-18 11:19 - 2011-10-09 01:55 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-10-18 01:44 - 2013-10-18 01:44 - 00000000 ____D C:\Users\****** *****\AppData\Local\{A1BE8A4A-7841-4646-AE4E-8D8F67804204}
2013-10-17 23:28 - 2013-10-17 23:28 - 00000000 ____D C:\FRST
2013-10-17 23:27 - 2013-10-17 23:27 - 00000000 _____ C:\Users\****** *****\defogger_reenable
2013-10-17 23:27 - 2011-10-08 22:53 - 00000000 ____D C:\Users\****** *****
2013-10-17 14:56 - 2013-10-17 14:45 - 00000000 ____D C:\ProgramData\Oracle
2013-10-17 14:54 - 2013-10-17 14:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-17 14:54 - 2013-10-17 14:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-17 14:54 - 2013-10-17 14:54 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-17 14:54 - 2013-10-17 14:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-17 14:54 - 2013-10-17 14:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-17 14:45 - 2013-10-17 14:45 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-17 14:45 - 2013-10-17 14:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-17 14:45 - 2013-10-17 14:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-17 14:45 - 2013-10-17 14:45 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-17 14:45 - 2013-10-17 14:45 - 00000000 ____D C:\Program Files\Java
2013-10-17 13:03 - 2013-10-17 13:03 - 00000000 ____D C:\Users\****** *****\AppData\Local\{6C3460A9-E407-4C74-8F44-0B32226C25D6}
2013-10-17 01:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-17 00:54 - 2013-09-28 18:26 - 00000000 ____D C:\Users\****** *****\AppData\Local\NPE
2013-10-16 22:09 - 2012-12-10 15:18 - 06709518 _____ C:\Users\****** *****\AppData\Local\census.cache
2013-10-16 22:09 - 2012-12-10 15:17 - 00147058 _____ C:\Users\****** *****\AppData\Local\ars.cache
2013-10-16 21:41 - 2013-10-16 21:41 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy
2013-10-16 17:35 - 2013-10-16 17:35 - 00000000 ____D C:\Users\****** *****\AppData\Local\{C898F052-B602-419E-88E0-1B0500AC5D09}
2013-10-15 23:37 - 2013-10-15 23:37 - 00000000 ____D C:\Users\****** *****\AppData\Local\{5000FFE7-1E9C-4F4B-A3B6-F394334182FE}
2013-10-15 21:32 - 2013-10-15 21:32 - 00000000 _____ C:\Windows\setuperr.log
2013-10-15 21:26 - 2013-10-15 21:26 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-15 21:26 - 2012-02-02 04:04 - 00000000 ____D C:\Program Files\CCleaner
2013-10-15 21:25 - 2011-10-09 02:40 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Free Download Manager
2013-10-15 21:20 - 2013-09-22 16:18 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Media Player Classic
2013-10-15 21:20 - 2011-10-09 04:25 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Winamp
2013-10-15 21:20 - 2011-10-09 01:08 - 00000000 ___DC C:\Users\****** *****\AppData\Local\MigWiz
2013-10-15 21:20 - 2011-10-08 23:23 - 00000000 ____D C:\Windows\Panther
2013-10-15 20:57 - 2011-12-07 01:43 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-10-15 20:27 - 2013-01-11 22:14 - 00002188 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-15 10:52 - 2013-10-15 10:52 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DEC0E3FF-4F15-4812-8678-326B0B64F381}
2013-10-15 02:55 - 2013-10-15 00:48 - 00000000 ____D C:\Program Files (x86)\HP
2013-10-15 02:54 - 2013-10-15 02:54 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-10-15 01:05 - 2013-10-14 12:50 - 00000000 ____D C:\Users\****** *****\AppData\Local\LogMeIn Rescue Applet
2013-10-15 01:03 - 2009-07-14 06:45 - 00315312 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-15 01:00 - 2013-10-15 00:47 - 00002890 _____ C:\ProgramData\hpzinstall.log
2013-10-15 00:58 - 2011-10-09 00:47 - 00072232 _____ C:\Users\****** *****\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-15 00:57 - 2013-10-15 00:57 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\HP
2013-10-15 00:57 - 2013-10-15 00:47 - 00245575 _____ C:\Windows\hpoins19.dat
2013-10-15 00:57 - 2013-10-15 00:46 - 00000000 ____D C:\ProgramData\HP
2013-10-15 00:57 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-10-15 00:56 - 2013-10-15 00:56 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-10-15 00:56 - 2013-10-15 00:56 - 00000000 ____D C:\Users\****** *****\AppData\Local\HP
2013-10-15 00:52 - 2013-10-15 00:52 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Yahoo!
2013-10-15 00:50 - 2013-10-15 00:50 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-10-15 00:50 - 2013-10-15 00:50 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-10-14 21:01 - 2013-06-22 21:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-14 20:25 - 2013-10-14 20:25 - 00000000 ____D C:\Users\****** *****\AppData\Local\{CDE09849-B4DE-4ECA-823E-A68F9C83D6E9}
2013-10-14 14:10 - 2013-10-14 14:10 - 00000000 ____D C:\Users\****** *****\AppData\Local\{C3631065-3D37-4A12-8E9C-27204417DDE5}
2013-10-14 02:07 - 2013-10-14 02:07 - 00000122 _____ C:\Users\****** *****\Documents\hacking.txt
2013-10-13 23:19 - 2013-10-13 23:19 - 00000000 ____D C:\Users\****** *****\AppData\Local\{FFBCAEE7-0DA3-4A06-86DA-95A17E228322}
2013-10-13 23:14 - 2013-10-13 23:14 - 00000000 ____D C:\Users\****** *****\AppData\Local\{9A170223-FA64-4D3E-9B09-1FA302242C83}
2013-10-13 22:19 - 2013-10-13 22:19 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-13 22:19 - 2013-01-11 22:10 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-11 02:53 - 2013-10-11 02:31 - 00000000 ____D C:\cce_linux
2013-10-09 15:04 - 2013-10-06 11:45 - 00000000 ____D C:\Program Files (x86)\Sardu
2013-10-09 13:48 - 2013-10-09 13:48 - 00000000 ____D C:\Users\****** *****\AppData\Local\{7ECFDF27-357F-42F4-A177-A1BA429B7E9B}
2013-10-09 13:30 - 2012-03-30 23:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 13:30 - 2012-03-30 23:46 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 13:30 - 2011-10-09 04:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 12:47 - 2012-05-10 00:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 12:47 - 2012-05-10 00:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 12:33 - 2011-10-09 14:54 - 01589442 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 12:32 - 2013-07-17 20:23 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 12:29 - 2011-10-09 02:12 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-07 03:04 - 2013-06-21 01:02 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\CyberLink
2013-10-06 11:46 - 2013-10-06 11:46 - 00000968 _____ C:\Users\UpdatusUser\Desktop\SARDU.lnk
2013-10-06 11:46 - 2013-10-06 11:46 - 00000968 _____ C:\Users\****** *****\Desktop\SARDU.lnk
2013-10-06 11:46 - 2013-10-06 11:46 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SARDU
2013-10-06 00:02 - 2013-10-06 00:02 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DAB50AB6-4151-4886-AD94-F42BB18EE8C6}
2013-10-04 18:20 - 2011-10-12 14:13 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-02 18:52 - 2013-10-02 18:52 - 00000000 ____D C:\Users\****** *****\AppData\Local\{C711E6A1-7767-4047-92C8-F4DC1A0DE6D2}
2013-10-02 18:42 - 2013-10-02 16:06 - 00000000 ____D C:\Program Files\stinger
2013-10-02 16:04 - 2013-09-29 15:45 - 00000000 ____D C:\Program Files (x86)\stinger
2013-10-02 01:31 - 2013-05-23 14:32 - 00451816 _____ C:\Windows\system32\Drivers\etc\hosts.ccebak
2013-10-02 01:30 - 2013-05-23 14:32 - 00451816 ____R C:\Windows\system32\Drivers\etc\hosts.20131002-013149.backup
2013-10-01 00:52 - 2013-10-01 00:52 - 00000000 ____D C:\Users\****** *****\AppData\Local\{A356D73A-F7C7-4369-99E8-0F31732EF222}
2013-09-30 09:38 - 2013-09-30 09:37 - 00000000 ____D C:\Users\****** *****\AppData\Local\{96C6997F-2436-4A7E-B634-90C8A5CEB224}
2013-09-29 23:56 - 2013-09-29 23:56 - 00000000 ____D C:\Users\****** *****\AppData\Local\{6EA1E980-19CB-44AC-8EA4-1CF4A0F54162}
2013-09-29 18:59 - 2013-09-29 18:59 - 00000000 ____D C:\Users\****** *****\AppData\Local\{281EA1AF-27FC-4F2A-9CBD-F0DA2EE1ED8A}
2013-09-29 16:50 - 2012-04-26 23:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-29 16:50 - 2011-10-09 03:06 - 00000000 ____D C:\Users\****** *****\AppData\Local\Mozilla
2013-09-29 16:49 - 2013-09-29 16:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-29 16:15 - 2013-09-29 15:42 - 00000000 ____D C:\ProgramData\Sophos
2013-09-29 15:42 - 2013-09-29 15:42 - 00003237 _____ C:\Users\****** *****\Desktop\Sophos Virus Removal Tool.lnk
2013-09-29 15:42 - 2013-09-29 15:42 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-09-29 15:42 - 2013-09-29 15:42 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-09-29 01:26 - 2013-09-29 01:26 - 00000824 _____ C:\Users\****** *****\Documents\hosts.txt
2013-09-28 22:39 - 2013-05-23 14:32 - 00451816 ____R C:\Windows\system32\Drivers\etc\hosts.20131002-013037.backup
2013-09-28 20:37 - 2013-09-28 20:37 - 00000000 ____D C:\Users\****** *****\AppData\Local\{5827D97C-99EE-40C4-961A-D1FB2E4F974D}
2013-09-28 18:27 - 2011-10-09 01:30 - 00000000 ____D C:\ProgramData\Norton
2013-09-28 01:46 - 2013-09-28 01:46 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DFA1807B-88C4-4D06-8ED7-0196F7B88A8D}
2013-09-27 11:36 - 2013-09-27 11:35 - 00000000 ____D C:\Users\****** *****\AppData\Local\{8FF40C79-9902-4D3A-BC1C-2CE1D808353F}
2013-09-27 09:38 - 2009-02-22 04:16 - 00000000 ____D C:\Users\****** *****\Documents\PersBackup
2013-09-26 23:35 - 2013-09-26 23:35 - 00000000 ____D C:\Users\****** *****\AppData\Local\{599810B8-DFC5-4BC5-95AD-F7A44C608196}
2013-09-26 20:02 - 2011-10-09 03:04 - 00000000 ____D C:\Program Files (x86)\Personal Backup 5
2013-09-25 12:25 - 2013-09-25 12:25 - 00000000 ____D C:\Users\****** *****\AppData\Local\{1260FAE7-5BA4-4008-B419-91583BA2FBEE}
2013-09-24 16:58 - 2013-09-24 16:58 - 00000000 ____D C:\Users\****** *****\AppData\Local\{ED5AC33A-9910-4D05-8FBF-A1BB1768FA0A}
2013-09-23 23:49 - 2013-09-23 23:49 - 00000000 ____D C:\Users\****** *****\AppData\Local\{DB0C1B8D-869A-42A2-972F-2DE070D13514}
2013-09-23 23:27 - 2012-10-13 21:11 - 00000000 ____D C:\Users\****** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2013-09-23 23:23 - 2012-03-07 14:04 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-09-23 23:23 - 2011-10-09 01:33 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-09-23 23:23 - 2011-10-09 01:33 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-09-23 22:20 - 2011-10-09 01:35 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-09-23 11:10 - 2013-09-23 11:10 - 00000000 ____D C:\Users\****** *****\AppData\Local\{8C36E97C-FA8D-4A74-B724-D7359846A947}
2013-09-23 01:28 - 2013-10-09 12:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-09 12:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 01:27 - 2013-10-09 12:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 00:55 - 2013-10-09 12:43 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-09 12:43 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-09 12:43 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-09 12:43 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 00:54 - 2013-10-09 12:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-22 16:12 - 2011-10-08 23:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-22 16:08 - 2013-09-22 16:08 - 00000000 ____D C:\Users\****** *****\AppData\Local\{76786FB8-0C90-4325-BE61-9B79DCB35957}
2013-09-22 03:53 - 2013-09-22 03:53 - 00000000 ____D C:\Users\****** *****\AppData\Local\{1055BF5B-BB2B-4B3E-89F8-C65AB2632E33}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-06 16:02

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2013
Ran by ****** ***** at 2013-10-22 21:17:52
Running from C:\Users\****** *****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

3DMark 11 (x32 Version: 1.0.2)
3GX (x32 Version: 3.03.2101)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 4.57 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
aerosoft's - Im Koeblitzer Bergland (x32 Version: 1.10)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000)
AIO_CDB_Software (x32 Version: 130.0.365.000)
AIO_Scan (x32 Version: 130.0.421.000)
Apache: Air Assault 1.0.2.1 (x32 Version: 1.0.2.1)
Ashampoo Burning Studio 10 v.10.0.15 (x32 Version: 10.0.15)
Ashampoo Burning Studio 12 v.12.0.5 (x32 Version: 12.0.5)
AudioGenie (x32)
Batman: Arkham City GOTY (x32)
BioShock Infinite (x32)
Blur (x32)
BOSS (x32 Version: 2.0.0)
BufferChm (x32 Version: 130.0.331.000)
Call of Juarez: Bound in Blood (x32)
Canon Easy-PhotoPrint EX (x32 Version: 4.1.6)
Canon Inkjet Printer Driver Add-On Module
Canon My Printer (x32 Version: 3.1.0)
Carrier Command: Gaea Mission (x32)
CCleaner (Version: 4.06)
CD-LabelPrint (x32)
Choplifter HD (x32)
Class 20 Collection Patch (x32 Version: 1.00.0000)
CLICKBIOSII (x32 Version: 1.0.021)
Colin McRae Rally 2005 (x32 Version: 1.00.000)
ControlCenter (x32 Version: 2.2.036)
Copy (x32 Version: 130.0.428.000)
CPUID CPU-Z 1.58
Creation Kit (x32)
CrystalDiskInfo 5.3.1 (x32 Version: 5.3.1)
CVE-2013-3893
CyberLink BD_3D Advisor 2.0 (x32 Version: 2.0.5425)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5311)
CyberLink Media Suite 10 (x32 Version: 10.0)
CyberLink Media Suite 10 (x32 Version: 10.2021)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3019_44673)
CyberLink MediaShow 6 (x32 Version: 6.0.4312)
CyberLink Power2Go 7 (x32 Version: 7.0.0.1827)
CyberLink PowerDVD 10 (x32 Version: 10.0.4125.52)
CyberLink PowerProducer 5.5 (x32 Version: 5.5.3.4118)
D3DX10 (x32 Version: 15.4.2368.0902)
Daniusoft Media Converter(Build 2.6.2.1) (x32)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.465.000)
DHTML Editing Component (x32 Version: 6.02.0001)
DiRT 3 (x32 Version: 1.0.0000.130)
DiRT 3 (x32 Version: 1.0.0003.130)
Diskeeper 2010  (Version: 14.0.915.64)
DocProc (x32 Version: 13.0.0.0)
Download Updater (AOL Inc.) (x32)
DSL-Manager (x32)
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
dutchpack 2.00 (x32)
EPSON Attach To Email (x32 Version: 1.01.0000)
Epson Easy Photo Print 2 (x32 Version: 2.2.3.1)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
EPSON File Manager (x32 Version: 1.3.2.0)
EPSON Scan Assistant (x32 Version: 1.10.00)
ErosLink (x32 Version: 1.0.0.0)
EVGA Precision X 3.0.4 (x32 Version: 3.0.4)
F300 (x32 Version: 130.0.365.000)
F300_Help (x32 Version: 82.0.242.000)
F300Trb (x32 Version: 82.0.242.000)
Fax (x32 Version: 130.0.418.000)
Free Download Manager 3.9.2 (x32)
Free Studio version 2013 (x32 Version: 6.1.10.812)
Freightliner Heavy Haul  Class 66 (x32)
Freightliner Heavy Haul Class 66V2.0 (x32)
FUJIFILM USB Driver (x32)
Futuremark SystemInfo (x32 Version: 4.2.0)
GameShadow (x32 Version: 2.03.0000)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth (x32 Version: 7.1.1.1871)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 130.0.371.000)
GRID (x32 Version: 1.30.0000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Solution Center 13.0 (Version: 13.0)
HP Update (x32 Version: 5.005.000.001)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2401)
IrfanView (remove only) (x32 Version: 4.36)
IsoBuster 2.8.5 (x32 Version: 2.8.5)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JMicron JMB36X Driver (x32 Version: 1.17.59.0)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Just Trains - Class 67 Advanced & Car Carriers (x32 Version: 1.00.0000)
Just Trains - Rail Simulator Official Expansion Pack: Isle of Wight & Class 66 (x32 Version: 1.00.0000)
Just Trains - Rebuilt Bulleid Light Pacific (x32 Version: 1.00.0000)
Just Trains - Scottish East Coast Main Line (x32 Version: 1.00.0000)
Just Trains - Streamlined Princess Coronation Class for RailWorks (x32 Version: 1.00.0000)
Just Trains - Streamlined Princess Coronation Class for TRS 2013 (x32 Version: 1.00.0000)
Just Trains - Three Country Corner Route (x32 Version: 1.00.0000)
Just Trains - Voyager (x32 Version: 1.00.0000)
Just Trains A4 Pacific Class British Rail Add-on Pack for RailWorks (x32 Version: 1.00.0000)
Just Trains A4 Pacific Class British Rail Add-on Pack for Train Simulator 2013 (x32 Version: 1.00.0000)
Just Trains A4 Pacific Class for RailWorks (x32 Version: 1.00.0000)
Just Trains A4 Pacific Class for Train Simulator 2013 (x32 Version: 1.00.0000)
Just Trains A4 Pacific Class LNER Add-on Pack for RailWorks (x32 Version: 1.00.0000)
Just Trains Cargowaggon Flat IGA for RailWorks (x32 Version: 2.00.0000)
Just Trains Class 20 Collection for RailWorks (x32 Version: 1.00.0000)
Just Trains Class 67 Free Livery (x32 Version: 1.00.0000)
Just Trains JJA Autoballaster for RailWorks (x32 Version: 1.00.0000)
Just Trains Seacow for RailWorks (x32 Version: 1.00.0000)
K-Lite Mega Codec Pack 10.0.0 (x32 Version: 10.0.0)
KRS pak Delete (x32)
Link Shell Extension
Live Aquarium HD (x32 Version: 3)
Logitech Harmony Remote Software (x86) (x32 Version: 2.0)
MarketResearch (x32 Version: 130.0.374.000)
marvell 91xx driver (x32 Version: 1.1.0.6)
MAXA Cookie Manager Pro 5.3 (x32)
MegaStore Game Controller (Ver. 3.0) (x32 Version: 3.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Baseline Security Analyzer 2.2 (Version: 2.2.2170)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Train Simulator (x32)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1)
Need for Speed™ Most Wanted (x32)
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
Netzmanager (Version: 1.07)
Netzmanager (x32 Version: 1.07)
Nexus Mod Manager (Version: 0.45.6)
Norton Internet Security (x32 Version: 21.1.0.18)
NVIDIA 3D Vision Controller-Treiber 296.10 (Version: 296.10)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23)
NVIDIA Alien vs. Triangles demo (x32 Version: 1.0)
NVIDIA Endless City demo (x32 Version: 1.0)
NVIDIA Grafiktreiber 327.23 (Version: 327.23)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
NVIDIA Systemsteuerung 327.23 (Version: 327.23)
NVIDIA Update 1.14.17 (Version: 1.14.17)
NVIDIA Update Components (Version: 1.14.17)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OpenAL (x32)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Opera 12.16 (x32 Version: 12.16.1860)
Paint.NET v3.5.11 (Version: 3.61.0)
Personal Backup 5.4 (x32 Version: 5.3)
PhoenixRC (x32 Version: 2.00.10)
PlayMemories Home (x32 Version: 7.0.03.04240)
Primo (x32 Version: 1.00.0000)
Python 2.7.3 (64-bit) (Version: 2.7.3150)
RAGE (x32)
Railworks Community Asset Project (x32 Version: v1.12.24.12)
Rainlendar2 (remove only) (x32)
Rapture3D 2.4.8 Game (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.53.216.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6586)
Recuva (Version: 1.47)
REFLEX Modellflugsimulator (x32 Version: 5.04.2)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Ridge Racer™ Unbounded (x32)
Roadkil's Unstoppable Copier Version 5.2 (x32)
Runtime (x32 Version: 1.00.0000)
Rural Landscapes (x32 Version: 1.06.22.09 - Freeware Edition)
Rural Landscapes (x32 Version: v1.06.22.09 HR Edition)
RW_Tools V3 (HKCU)
RW_Tools V4 (HKCU)
Saints Row: The Third (x32)
SARDU 2.0.6.5 (x32 Version: 2.0.6.5)
Scan (x32 Version: 13.0.0.0)
Secunia PSI (3.0.0.7009) (x32 Version: 3.0.0.7009)
Shop for HP Supplies (Version: 13.0)
Silent Hunter 4 Wolves of the Pacific (x32 Version: 1.04.0000)
Silent Hunter III (x32 Version: 1.00.0000)
SimpleScreenshot 1.40 (x32)
Simtrain's - SBB Route 1 (x32 Version: 1.00)
SiSoftware Sandra Lite 2011.SP5 (Version: 17.80.2011.10)
Skyrim NPC Editor (x32 Version: 0.75.1)
SL-6640 Black Widow Flightstick (x32 Version: 3.1)
SolutionCenter (x32 Version: 130.0.373.000)
Sophos Virus Removal Tool (x32 Version: 2.4)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Spybot - Search & Destroy (x32 Version: 2.1.19)
Status (x32 Version: 130.0.469.000)
Steam (x32 Version: 1.0.0.0)
Suoni Italiani per RailWorks v 1.0 (x32)
Take On Helicopters (x32)
Test Drive Unlimited (x32 Version: 1.00.0000)
The Donner Pass freeware scenario set by TaD (HKCU)
The Elder Scrolls V: Skyrim (x32)
the Mother of Tears - Cleaner Part 1 (x32)
The Walking Dead (x32)
The Witcher 2: Assassins of Kings Enhanced Edition (x32)
Tomb Raider (x32)
T-Online 6.0 (x32)
T-Online WLAN-Access Finder (x32)
Toolbox (x32 Version: 130.0.648.000)
Torino Genova Rel. 1.0 per RailWorks (x32)
Torino Genova Rel. 3.0 per RailWorks (x32)
Train Simulator 2014 (x32)
Train Store (German Language Pack) (x32)
Train Store V3.2 (x32)
TrayApp (x32 Version: 130.0.422.000)
TreeSize Free V2.5 (x32 Version: 2.5)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0)
UKTS Freeware Pack - Blocks-Lofts-Bridges #1 (x32 Version: 1.0.9)
UKTS Freeware Pack - Clutter #1 (x32 Version: 1.0.6)
UKTS Freeware Pack - CN Rolling Stock Pack #1 (x32 Version: 1.0.1)
UKTS Freeware Pack - Commercial #1 (x32 Version: 1.0.3)
UKTS Freeware Pack - Foliage #1 (x32 Version: 1.0.2)
UKTS Freeware Pack - Great Central Railway Loco Pack (x32 Version: 1.0.3)
UKTS Freeware Pack - Great Scenario Challenge #1 (x32 Version: 1.0.5)
UKTS Freeware Pack - Housing #1 (x32 Version: 1.1.1)
UKTS Freeware Pack - Industrial #1 (x32 Version: 1.0.3)
UKTS Freeware Pack - Railway Buildings #1 (x32 Version: 1.0.4)
UKTS Freeware Pack - Terrain Textures #1 (x32 Version: 1.0.1)
UKTS Freeware Pack - UK Carriages #1 (x32 Version: 1.1.2)
UKTS Freeware Pack - UK Classic Diesel and Electric #1 (x32 Version: 1.1.2)
UKTS Freeware Pack - UK DMUs-EMUs-Trams #1 (x32 Version: 1.1.5)
UKTS Freeware Pack - UK Modern Diesel and Electric #1 (x32 Version: 1.1.1)
UKTS Freeware Pack - UK Steam #1 (x32 Version: 1.1.1)
UKTS Freeware Pack - UK Wagons #1 (x32 Version: 1.1.3)
UKTS Freeware Route Pack - Candlewick (x32 Version: 1.0.3)
UKTS Freeware Route Pack - Coniston Branch (x32 Version: 1.0.7)
UKTS Freeware Route Pack - Lavender Line (x32 Version: 1.0.2)
UKTS Freeware Route Pack - QiLian Mountain Line (x32 Version: 1.0.3)
UKTS Freeware Route Pack - The Mayflower Line (x32 Version: 2.0.0)
UnloadSupport (x32 Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
USB game controller (x32 Version: 1.00.0000)
USBFast (x32 Version: 1.3.0.30)
VLC media player 2.1.0 (Version: 2.1.0)
WebReg (x32 Version: 130.0.132.017)
Winamp (x32 Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Winamp Toolbar (HKCU)
Winamp Toolbar (x32)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00) (Version: 10/22/2009 2.06.00)
WinMend File Copy 1.4.2 (x32)
WinPatrol (Version: 28.6.2013.0)
WinZip 17.0 (Version: 17.0.10283)
Wrye Bash (x32 Version: 2.9.5.5)
wxPython 2.8.12.1 (unicode) for Python 2.7 (x32 Version: 2.8.12.1-unicode)
xp-AntiSpy 3.98-2 (x32)
yuPlay client 0.7.24 (x32)

==================== Restore Points  =========================

20-10-2013 11:36:13 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2013-10-17 14:48 - 2013-10-20 21:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {05D1B427-D0BB-48D7-A508-1F393DF24BBA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {36A54EC4-8180-4965-B8C0-63F2F1F873C1} - System32\Tasks\{3B784E41-45C0-4D89-A68D-24BEA08A5353} => E:\aa-XP-DownLoad\Astra2100u\Diese nehmen-vs XP treiber375-ok\vs375u\DISK1\VSSETUP.EXE [2000-12-29] (UMAX)
Task: {4A117BF9-3199-4A10-911A-0FBDCD466A98} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {4BCECC93-9375-4073-AED4-068540C11A3D} - System32\Tasks\{FAD0A392-B7E5-4400-AC7C-2B67A8717BBB} => E:\aa-XP-DownLoad\Astra2100u\Diese nehmen-vs XP treiber375-ok\vs375u\DISK1\VSSETUP.EXE [2000-12-29] (UMAX)
Task: {5980EAB9-6A99-4E9B-8370-42CB732C53D4} - System32\Tasks\{ED79AC1A-045B-434A-ADC0-3D5E1C21D9E5} => E:\aa-XP-DownLoad\Astra2100u\Diese nehmen-vs XP treiber375-ok\vs375u\DISK1\VSSETUP.EXE [2000-12-29] (UMAX)
Task: {628558D4-1C82-4556-8535-E1165F1254D7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {682EEDCE-6BD4-424F-BD2B-1FE4F2E6E144} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11] (Google Inc.)
Task: {7744A862-84E6-4B2A-B506-D473C515C6F5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {7C9B285F-E884-4566-B5AF-4DD3B23C1E04} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {81A1039B-E733-4F55-8CBC-E33DC0AC9916} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {9854CCB4-05A0-497C-95A4-950F3515CD23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11] (Google Inc.)
Task: {B6E25857-E898-4869-816D-7476E11AF46A} - System32\Tasks\{FACA1B3B-F890-46CB-A6BA-09DC24E2D8B4} => E:\aa-XP-DownLoad\Astra2100u\Diese nehmen-vs XP treiber375-ok\vs375u\DISK1\VSSETUP.EXE [2000-12-29] (UMAX)
Task: {B7FF4B9B-4303-45E5-B3A2-EAB986312D79} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {D6C79FB4-DC7A-4B82-B6F3-DD9F7C38FC0C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {ED796295-EB93-47DB-A668-88791676976E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-10-12 14:12 - 2013-09-12 09:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2010-05-23 19:30 - 2010-05-23 19:30 - 00160768 _____ () C:\Program Files\Rainlendar2\lua51.dll
2011-08-12 07:47 - 2011-08-12 07:47 - 00312832 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2010-05-23 19:30 - 2010-05-23 19:30 - 00013824 _____ () C:\Program Files\Rainlendar2\lfs.dll
2011-10-09 07:03 - 2010-12-19 21:16 - 00338944 _____ () C:\Program Files (x86)\MAXA Cookie Manager\sqlite36_engine.dll
2011-10-09 07:03 - 2010-12-19 21:19 - 00023552 _____ () C:\Program Files (x86)\MAXA Cookie Manager\DirectCOM.dll
2011-10-09 07:08 - 2013-07-15 19:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2013-06-26 23:57 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-06-26 23:57 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-06-26 23:57 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2011-03-09 14:21 - 2011-03-09 14:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-07-11 13:33 - 2013-07-11 13:33 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\****** *****\Documents\Der erhaltene Artikel entspricht nicht der Beschreibung_ ************* hat eine Nachricht zu Fleischmann piccolo 8599 Artikelnummer 230842947883 gesendet_.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2013 09:07:30 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (10/22/2013 01:15:36 AM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (10/21/2013 00:41:18 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (10/21/2013 00:10:21 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: RailWorks.exe, Version: 0.0.0.0, Zeitstempel: 0x525eb96d
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce753
ID des fehlerhaften Prozesses: 0x1408
Startzeit der fehlerhaften Anwendung: 0xRailWorks.exe0
Pfad der fehlerhaften Anwendung: RailWorks.exe1
Pfad des fehlerhaften Moduls: RailWorks.exe2
Berichtskennung: RailWorks.exe3

Error: (10/20/2013 11:49:58 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (10/20/2013 09:31:58 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (10/20/2013 08:54:33 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (10/20/2013 08:40:29 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (10/20/2013 08:13:57 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (10/20/2013 03:02:18 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.


System errors:
=============
Error: (10/22/2013 09:08:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/22/2013 09:08:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/22/2013 09:06:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/22/2013 09:06:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/22/2013 09:06:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" ist vom Dienst "RAS-Verbindungsverwaltung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/22/2013 09:06:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/22/2013 09:06:15 PM) (Source: NetBT) (User: )
Description: Der Name "**************-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.10
registriert werden. Der Computer mit IP-Adresse 192.168.1.9 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/22/2013 01:16:39 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/22/2013 01:16:39 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/22/2013 01:15:09 AM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.10
registriert werden. Der Computer mit IP-Adresse 192.168.1.9 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================
Error: (10/22/2013 09:07:30 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2013 01:15:36 AM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2013 00:41:18 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2013 00:10:21 AM) (Source: Application Error)(User: )
Description: RailWorks.exe0.0.0.0525eb96dntdll.dll6.1.7601.18247521ea8e7c0000374000ce753140801cecde0ce0cf5a0N:\! Steam-Arbeitsordner !\steamapps\common\RailWorks\RailWorks.exeC:\Windows\SysWOW64\ntdll.dll68f763f7-39d4-11e3-bdc0-8c89a55a2bc5

Error: (10/20/2013 11:49:58 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 09:31:58 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 08:54:33 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 08:40:29 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 08:13:57 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 03:02:18 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-10-20 21:11:16.930
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-20 21:11:16.883
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 25%
Total physical RAM: 12267.6 MB
Available physical RAM: 9080.15 MB
Total Pagefile: 24533.38 MB
Available Pagefile: 21744.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Win 7) (Fixed) (Total:209.86 GB) (Free:90.75 GB) NTFS
Drive d: (Eisenbahn) (Fixed) (Total:93.75 GB) (Free:74.22 GB) NTFS
Drive e: (Data) (Fixed) (Total:224.61 GB) (Free:135.4 GB) NTFS
Drive f: (Big Data) (Fixed) (Total:372.46 GB) (Free:221.7 GB) NTFS
Drive g: (klein bei c) (Fixed) (Total:4.88 GB) (Free:4.79 GB) NTFS
Drive h: (Traini+Data) (Fixed) (Total:698.64 GB) (Free:173.02 GB) NTFS
Drive i: (Mini 1) (Fixed) (Total:3.91 GB) (Free:3.49 GB) NTFS
Drive j: (Cache+temp) (Fixed) (Total:107.42 GB) (Free:92.36 GB) NTFS
Drive k: (Mini 2) (Fixed) (Total:3.91 GB) (Free:3.69 GB) NTFS
Drive l: (L Backups) (Fixed) (Total:716.67 GB) (Free:144.93 GB) NTFS
Drive m: (100g) (Fixed) (Total:107.42 GB) (Free:92.13 GB) NTFS
Drive n: (Emulatoren + Steam) (Fixed) (Total:1648.17 GB) (Free:797.69 GB) NTFS
Drive o: (Big Data 2) (Fixed) (Total:698.64 GB) (Free:85.72 GB) NTFS
Drive p: (BiigFäädData) (Fixed) (Total:931.51 GB) (Free:330.9 GB) NTFS
Drive r: (BLAAAH) (Removable) (Total:14.99 GB) (Free:14.3 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: E9DE3773)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 4E6B547D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=210 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=717 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 0E6DB056)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 53F586F0)
Partition 1: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-429314277376) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 699 GB) (Disk ID: 09376CBC)
Partition 1: (Not Active) - (Size=4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=94 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=376 GB) - (Type=OF Extended)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: 7B8D17E8)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 15 GB) (Disk ID: 55CB0CF9)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================
         

Alt 23.10.2013, 14:23   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Standard

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router



Ja, bitte testen und berichten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.10.2013, 13:16   #11
Schrumpfhirn
 
Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Standard

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router



Hallo,
heute Nacht gabs keine tunnelung,einige SYN Flood to Host und
UDP Loop sonst keine Auffälligkeiten.
Der "Infizierte" war im Router eingeloggt und online,ein anderer PC war auch online.
Hoffentlich bleibt es so.
Heute Nacht werde ich noch den EeePc testen.

Alt 25.10.2013, 06:54   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Standard

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router



ok.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.10.2013, 23:04   #13
Schrumpfhirn
 
Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Standard

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router



Hallo,
war mittlerweile mit allen PC's mal im Router eingeloggt,die Tunnel und das sonntägliche
Routerproblem blieben glücklicherweise aus.

Was kann ich noch testen ?

Alt 28.10.2013, 11:34   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Standard

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.10.2013, 01:09   #15
Schrumpfhirn
 
Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Standard

Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router



Hallo,
die Scans sind eben erst fertig geworden.

Die letzten Nächte blieb es ruhig,jedoch wurde heute morgen getunnelt:
Routerlog :
10/30/2013 09:13:12 183.60.48.25 destroy tunnel sucessfully
10/30/2013 09:12:11 183.60.48.25 creates tunnel sucessfully

Der "Infizierte" PC war nicht ,mit dem Lan verbunden (laufende Scans),ein anderer Pc war eingeschaltet (gerade eben neue mbar Suche,jedoch keine Funde).
Meines Bruders PC war wohl auch online.
Der Router scheint unangetastet zu sein,bis jetzt.

Die Logs
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bb64c2000bebd54dbbd4b15c2661b8b5
# engine=15664
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-30 09:55:14
# local_time=2013-10-30 10:55:14 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 88 155592 145723499 0 0
# compatibility_mode=5893 16776574 100 94 9642422 134756764 0 0
# scanned=4794244
# found=0
# cleaned=0
# scan_time=66791
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 xp-AntiSpy 3.98-2    
 Spybot - Search & Destroy 
 Secunia PSI (3.0.0.7009)   
 the Mother of Tears - Cleaner Part 1 
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 9 Adobe Reader out of Date! 
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (24.0) 
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe 
 Spybot Teatimer.exe is disabled! 
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Soll mein Bruder mal mit mbar scannen ?

Hier die neuen frst Logs:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by ******* ****** (administrator) on ************-PC on 30-10-2013 13:41:05
Running from C:\Users\******* ******\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(MAXA Research Int'l Inc.) C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(T-Systems Enterprise Services GmbH) C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Malwarebytes Corporation) C:\Users\******* ******\Desktop\mbar\mbar.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-06] (Realtek Semiconductor)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar2\Rainlendar2.exe [3820032 2011-08-12] ()
HKCU\...\Run: [MSCS] - C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe [1138688 2012-05-20] (MAXA Research Int'l Inc.)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [439360 2013-08-13] (BillP Studios)
HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [78312 2012-05-09] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [223096 2012-04-17] (CyberLink Corp.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\******* ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.0.0.lnk
ShortcutTarget: OpenOffice 4.0.0.lnk -> C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: http=warmal%20localhost:2;https=warmal%20localhost:2;ftp=warmal%20localhost:2
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {68ADF79E-E403-43EA-8AAB-57DC2C811EA0} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {68ADF79E-E403-43EA-8AAB-57DC2C811EA0} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\******* ******\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default
FF user.js: detected! => C:\Users\******* ******\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default\user.js
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\******* ******\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Winamp Toolbar - C:\Users\******* ******\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF Extension: fdm_ffext - C:\Users\******* ******\AppData\Roaming\Mozilla\Firefox\Profiles\x270n2xu.default\Extensions\fdm_ffext@freedownloadmanager.org
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFF
FF HKCU\...\Firefox\Extensions: [maxacookie@maxatools.com] - C:\Program Files (x86)\MAXA Cookie Manager\extension
FF Extension: MAXA Cookie Manager - C:\Program Files (x86)\MAXA Cookie Manager\extension

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\******* ******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.1.10_0\npcoplgn.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Norton Identity Protection) - C:\Users\******~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.5.1.4_0
CHR Extension: (DVDVideoSoft) - C:\Users\******~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\******~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\******~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf\1.2.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx

==================== Services (Whitelisted) =================

S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [242664 2012-05-09] (CyberLink)
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2435960 2012-07-28] (Diskeeper Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2565632 2011-10-24] (Deutsche Telekom AG)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [93848 2008-09-18] (SiSoftware)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
R3 TDslMgrService; C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [294912 2007-11-26] (T-Systems Enterprise Services GmbH)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52144 2010-03-10] (Diskeeper Corporation)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-10-23] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-23] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131029.002\IDSvia64.sys [521816 2013-10-30] (Symantec Corporation)
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2013-10-30] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [116440 2013-10-30] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131029.039\ENG64.SYS [126040 2013-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131029.039\EX64.SYS [2099288 2013-10-27] (Symantec Corporation)
S3 NTIOLib_1_0_1; C:\Program Files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [14136 2009-10-05] (MSI)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-06-22] (Acronis)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-30 12:02 - 2013-10-30 12:02 - 00001284 _____ C:\Users\******* ******\Desktop\Security Check.txt
2013-10-30 02:20 - 2013-10-30 02:21 - 00000000 ____D C:\Users\******* ******\AppData\Local\{88C69132-862D-4A9D-920C-16EDF69C3E29}
2013-10-29 19:35 - 2013-10-29 19:35 - 00000000 ____D C:\Users\******* ******\AppData\Local\{F26F74E8-6477-4E61-96E3-F151EE20E61D}
2013-10-29 19:31 - 2013-10-29 19:31 - 00000000 ____D C:\Users\******* ******\AppData\Local\{8D35DF84-B964-4643-A789-8CF312D34D73}
2013-10-29 19:14 - 2013-10-29 19:14 - 00000000 ____D C:\Users\******* ******\AppData\Local\{0A2233CD-D7A4-4496-AE3C-5A808E23FFB8}
2013-10-29 19:10 - 2013-10-29 19:10 - 00000000 ____D C:\Users\******* ******\AppData\Local\{885DC60B-B610-40ED-96C9-F83047C2CA0B}
2013-10-28 15:35 - 2013-10-28 15:35 - 00000000 ____D C:\Users\******* ******\AppData\Local\{AB10A984-3E40-4F4A-B207-C38CABF091B4}
2013-10-28 01:52 - 2013-10-28 01:52 - 00000000 ____D C:\Users\******* ******\AppData\Local\{37E41250-0520-434B-A7E3-2B2AB83C22B5}
2013-10-27 14:14 - 2013-10-20 20:11 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20131027-141425.backup
2013-10-27 13:40 - 2013-10-27 13:40 - 00000000 ____D C:\Users\******* ******\AppData\Local\{D3E850A6-B6BC-4F7B-B9A5-D1C0B539921A}
2013-10-26 22:40 - 2013-10-26 22:40 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-10-26 22:40 - 2013-10-26 22:40 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-10-26 21:39 - 2013-10-26 21:39 - 00000000 ____D C:\Users\******* ******\AppData\Local\{20528F57-CB5D-4EF8-B82D-424FD5180EF6}
2013-10-25 18:35 - 2013-10-25 18:36 - 00000000 ____D C:\Users\******* ******\AppData\Local\{D4F4C415-7C7B-43BC-9F77-8652F68A11DD}
2013-10-24 13:06 - 2013-10-24 13:07 - 00000000 ____D C:\Users\******* ******\AppData\Local\{41B16E82-CA4F-4F4E-BBB6-8CBA47AC5CBD}
2013-10-23 15:49 - 2013-10-23 15:50 - 00000000 ____D C:\Users\******* ******\AppData\Local\{23DCFD51-BC9A-483A-92B4-94E75CE1358B}
2013-10-22 20:47 - 2013-10-22 20:47 - 00000000 ____D C:\Users\******* ******\AppData\Local\{A4195384-66E5-4289-8903-8E9F34A2F3DD}
2013-10-22 20:15 - 2013-10-30 13:40 - 01956614 _____ (Farbar) C:\Users\******* ******\Desktop\FRST64.exe
2013-10-22 20:12 - 2013-10-22 20:12 - 00000000 ____D C:\Users\******* ******\AppData\Local\{9B84E222-3C6F-420F-9F11-D428F98DBD9C}
2013-10-21 12:24 - 2013-10-21 12:24 - 00000000 ____D C:\Users\******* ******\AppData\Local\{0934E55D-B1A8-4CE9-B321-8FC0514860CA}
2013-10-20 19:49 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-20 19:49 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-20 19:49 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-20 19:49 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-20 19:49 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-20 19:49 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-20 19:49 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-20 19:49 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-20 19:37 - 2013-10-20 19:37 - 00000000 ____D C:\Users\******* ******\Documents\ProcAlyzer Dumps
2013-10-20 19:30 - 2013-10-21 11:58 - 00000000 ____D C:\Qoobox
2013-10-20 19:29 - 2013-10-20 20:11 - 00000000 ____D C:\Windows\erdnt
2013-10-20 19:25 - 2013-10-20 19:24 - 05135479 ____R (Swearware) C:\Users\******* ******\Desktop\ComboFix.exe
2013-10-20 12:29 - 2013-10-30 13:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-20 12:29 - 2013-10-30 13:22 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-20 12:29 - 2013-10-20 12:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-20 12:26 - 2013-10-30 13:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-20 12:26 - 2013-10-30 13:21 - 00000000 ____D C:\Users\******* ******\Desktop\mbar
2013-10-20 12:24 - 2013-10-20 12:24 - 00000000 ____D C:\Users\******* ******\AppData\Local\{689ECCD3-B49A-408B-9520-EF7876EF5A66}
2013-10-19 21:12 - 2013-10-19 21:12 - 00000000 ____D C:\Users\******* ******\AppData\Local\{44679D2F-3EAD-4564-A5E3-2635401A595A}
2013-10-18 17:59 - 2013-10-18 17:59 - 00000000 ____D C:\Users\******* ******\AppData\Local\{7E1320E5-2B4E-43D6-9BC3-09FBDC9F203E}
2013-10-18 10:25 - 2013-10-18 10:25 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-10-18 00:44 - 2013-10-18 00:44 - 00000000 ____D C:\Users\******* ******\AppData\Local\{A1BE8A4A-7841-4646-AE4E-8D8F67804204}
2013-10-17 22:28 - 2013-10-17 22:28 - 00000000 ____D C:\FRST
2013-10-17 22:27 - 2013-10-17 22:27 - 00000000 _____ C:\Users\******* ******\defogger_reenable
2013-10-17 13:55 - 2013-10-17 13:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-17 13:54 - 2013-10-17 13:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-17 13:54 - 2013-10-17 13:54 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-17 13:54 - 2013-10-17 13:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-17 13:54 - 2013-10-17 13:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-17 13:45 - 2013-10-17 13:56 - 00000000 ____D C:\ProgramData\Oracle
2013-10-17 13:45 - 2013-10-17 13:45 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-17 13:45 - 2013-10-17 13:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-17 13:45 - 2013-10-17 13:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-17 13:45 - 2013-10-17 13:45 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-17 13:45 - 2013-10-17 13:45 - 00000000 ____D C:\Program Files\Java
2013-10-17 12:03 - 2013-10-17 12:03 - 00000000 ____D C:\Users\******* ******\AppData\Local\{6C3460A9-E407-4C74-8F44-0B32226C25D6}
2013-10-16 20:41 - 2013-10-16 20:41 - 00000000 ____D C:\Users\******* ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy
2013-10-16 16:35 - 2013-10-16 16:35 - 00000000 ____D C:\Users\******* ******\AppData\Local\{C898F052-B602-419E-88E0-1B0500AC5D09}
2013-10-15 22:37 - 2013-10-15 22:37 - 00000000 ____D C:\Users\******* ******\AppData\Local\{5000FFE7-1E9C-4F4B-A3B6-F394334182FE}
2013-10-15 20:32 - 2013-10-30 12:06 - 00005635 _____ C:\Windows\setupact.log
2013-10-15 20:32 - 2013-10-30 12:05 - 00002504 _____ C:\Windows\PFRO.log
2013-10-15 20:32 - 2013-10-15 20:32 - 00000000 _____ C:\Windows\setuperr.log
2013-10-15 20:26 - 2013-10-15 20:26 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-15 09:52 - 2013-10-15 09:52 - 00000000 ____D C:\Users\******* ******\AppData\Local\{DEC0E3FF-4F15-4812-8678-326B0B64F381}
2013-10-15 01:55 - 2013-10-22 00:19 - 00000000 ____D C:\Users\******* ******\AppData\Roaming\HpUpdate
2013-10-15 01:54 - 2013-10-15 01:54 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-10-14 23:57 - 2013-10-14 23:57 - 00000000 ____D C:\Users\******* ******\AppData\Roaming\HP
2013-10-14 23:56 - 2013-10-14 23:56 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-10-14 23:56 - 2013-10-14 23:56 - 00000000 ____D C:\Users\******* ******\AppData\Local\HP
2013-10-14 23:52 - 2013-10-14 23:52 - 00000000 ____D C:\Users\******* ******\AppData\Roaming\Yahoo!
2013-10-14 23:50 - 2013-10-14 23:50 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-10-14 23:50 - 2013-10-14 23:50 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-10-14 23:48 - 2013-10-15 01:55 - 00000000 ____D C:\Program Files (x86)\HP
2013-10-14 23:47 - 2013-10-15 00:00 - 00002890 _____ C:\ProgramData\hpzinstall.log
2013-10-14 23:47 - 2013-10-14 23:57 - 00245575 _____ C:\Windows\hpoins19.dat
2013-10-14 23:47 - 2009-10-20 05:30 - 00013898 ____N C:\Windows\hpomdl19.dat
2013-10-14 23:46 - 2013-10-14 23:57 - 00000000 ____D C:\ProgramData\HP
2013-10-14 23:46 - 2009-07-08 11:51 - 00861184 _____ (Hewlett-Packard) C:\Windows\system32\hpowiav1.dll
2013-10-14 23:46 - 2009-07-08 11:51 - 00730624 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpotscl1.dll
2013-10-14 23:46 - 2009-07-08 11:51 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2013-10-14 23:46 - 2009-07-08 11:51 - 00498176 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpovst01.dll
2013-10-14 19:25 - 2013-10-14 19:25 - 00000000 ____D C:\Users\******* ******\AppData\Local\{CDE09849-B4DE-4ECA-823E-A68F9C83D6E9}
2013-10-14 13:10 - 2013-10-14 13:10 - 00000000 ____D C:\Users\******* ******\AppData\Local\{C3631065-3D37-4A12-8E9C-27204417DDE5}
2013-10-14 11:50 - 2013-10-15 00:05 - 00000000 ____D C:\Users\******* ******\AppData\Local\LogMeIn Rescue Applet
2013-10-14 01:07 - 2013-10-14 01:07 - 00000122 _____ C:\Users\******* ******\Documents\hacking.txt
2013-10-13 22:19 - 2013-10-13 22:19 - 00000000 ____D C:\Users\******* ******\AppData\Local\{FFBCAEE7-0DA3-4A06-86DA-95A17E228322}
2013-10-13 22:14 - 2013-10-13 22:14 - 00000000 ____D C:\Users\******* ******\AppData\Local\{9A170223-FA64-4D3E-9B09-1FA302242C83}
2013-10-13 21:19 - 2013-10-30 13:24 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-13 21:19 - 2013-10-13 21:19 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-12 12:59 - 2013-10-12 12:59 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-11 01:31 - 2013-10-11 01:53 - 00000000 ____D C:\cce_linux
2013-10-09 12:48 - 2013-10-09 12:48 - 00000000 ____D C:\Users\******* ******\AppData\Local\{7ECFDF27-357F-42F4-A177-A1BA429B7E9B}
2013-10-09 11:43 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 11:43 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 11:43 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 11:43 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 11:43 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 11:43 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 11:43 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 11:43 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 11:43 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 11:43 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 11:43 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 11:43 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 11:43 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 11:43 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 11:43 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 11:43 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 11:43 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 11:43 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 11:43 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 11:43 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 11:43 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 11:43 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 11:43 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 11:43 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 11:43 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 11:43 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 11:43 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 11:43 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 11:43 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 11:43 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 11:43 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 11:37 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 11:37 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 11:37 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 11:37 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 11:37 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 11:37 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 11:37 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 11:37 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 11:37 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 11:37 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 11:37 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 11:37 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 11:37 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 11:37 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 11:37 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 11:37 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 11:37 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 11:37 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 11:37 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 11:37 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 11:37 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 11:37 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 11:37 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 11:37 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 11:37 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 11:37 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 11:37 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 11:37 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 11:37 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 11:37 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 11:37 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 11:37 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 11:37 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 11:37 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 11:37 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 11:37 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 11:37 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 11:37 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 11:37 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 11:37 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 11:37 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 11:37 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 11:37 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 11:37 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 11:37 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 11:37 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 11:37 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 11:35 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 11:35 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 11:35 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 11:35 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 11:35 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 11:35 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 11:35 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 11:19 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-06 10:46 - 2013-10-06 10:46 - 00000968 _____ C:\Users\UpdatusUser\Desktop\SARDU.lnk
2013-10-06 10:46 - 2013-10-06 10:46 - 00000968 _____ C:\Users\******* ******\Desktop\SARDU.lnk
2013-10-06 10:46 - 2013-10-06 10:46 - 00000000 ____D C:\Users\******* ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SARDU
2013-10-06 10:45 - 2013-10-09 14:04 - 00000000 ____D C:\Program Files (x86)\Sardu
2013-10-05 23:02 - 2013-10-05 23:02 - 00000000 ____D C:\Users\******* ******\AppData\Local\{DAB50AB6-4151-4886-AD94-F42BB18EE8C6}
2013-10-02 17:52 - 2013-10-02 17:52 - 00000000 ____D C:\Users\******* ******\AppData\Local\{C711E6A1-7767-4047-92C8-F4DC1A0DE6D2}
2013-10-02 15:06 - 2013-10-02 17:42 - 00000000 ____D C:\Program Files\stinger
2013-09-30 23:52 - 2013-09-30 23:52 - 00000000 ____D C:\Users\******* ******\AppData\Local\{A356D73A-F7C7-4369-99E8-0F31732EF222}
2013-09-30 08:37 - 2013-09-30 08:38 - 00000000 ____D C:\Users\******* ******\AppData\Local\{96C6997F-2436-4A7E-B634-90C8A5CEB224}

==================== One Month Modified Files and Folders =======

2013-10-30 13:40 - 2013-10-22 20:15 - 01956614 _____ (Farbar) C:\Users\******* ******\Desktop\FRST64.exe
2013-10-30 13:26 - 2012-03-30 22:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-30 13:24 - 2013-10-13 21:19 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-30 13:23 - 2013-10-20 12:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-30 13:22 - 2013-10-20 12:29 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-30 13:21 - 2013-10-20 12:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-30 13:21 - 2013-10-20 12:26 - 00000000 ____D C:\Users\******* ******\Desktop\mbar
2013-10-30 13:00 - 2011-10-08 21:28 - 01685088 _____ C:\Windows\WindowsUpdate.log
2013-10-30 12:39 - 2013-01-11 21:10 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-30 12:39 - 2011-10-09 03:45 - 00000000 ____D C:\Users\******* ******\.rainlendar2
2013-10-30 12:13 - 2009-07-14 05:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-30 12:13 - 2009-07-14 05:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-30 12:10 - 2011-04-12 08:43 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-10-30 12:10 - 2011-04-12 08:43 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-10-30 12:10 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-30 12:06 - 2013-10-15 20:32 - 00005635 _____ C:\Windows\setupact.log
2013-10-30 12:06 - 2011-10-12 13:13 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-30 12:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-30 12:05 - 2013-10-15 20:32 - 00002504 _____ C:\Windows\PFRO.log
2013-10-30 12:02 - 2013-10-30 12:02 - 00001284 _____ C:\Users\******* ******\Desktop\Security Check.txt
2013-10-30 11:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-30 02:21 - 2013-10-30 02:20 - 00000000 ____D C:\Users\******* ******\AppData\Local\{88C69132-862D-4A9D-920C-16EDF69C3E29}
2013-10-29 19:35 - 2013-10-29 19:35 - 00000000 ____D C:\Users\******* ******\AppData\Local\{F26F74E8-6477-4E61-96E3-F151EE20E61D}
2013-10-29 19:31 - 2013-10-29 19:31 - 00000000 ____D C:\Users\******* ******\AppData\Local\{8D35DF84-B964-4643-A789-8CF312D34D73}
2013-10-29 19:21 - 2011-10-11 09:52 - 00000000 ____D C:\Users\******* ******\AppData\Local\Paint.NET
2013-10-29 19:14 - 2013-10-29 19:14 - 00000000 ____D C:\Users\******* ******\AppData\Local\{0A2233CD-D7A4-4496-AE3C-5A808E23FFB8}
2013-10-29 19:10 - 2013-10-29 19:10 - 00000000 ____D C:\Users\******* ******\AppData\Local\{885DC60B-B610-40ED-96C9-F83047C2CA0B}
2013-10-28 15:35 - 2013-10-28 15:35 - 00000000 ____D C:\Users\******* ******\AppData\Local\{AB10A984-3E40-4F4A-B207-C38CABF091B4}
2013-10-28 01:52 - 2013-10-28 01:52 - 00000000 ____D C:\Users\******* ******\AppData\Local\{37E41250-0520-434B-A7E3-2B2AB83C22B5}
2013-10-27 23:47 - 2012-06-29 12:36 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1C6C1C2F-D891-4AC6-B935-A56BE995074F}
2013-10-27 13:40 - 2013-10-27 13:40 - 00000000 ____D C:\Users\******* ******\AppData\Local\{D3E850A6-B6BC-4F7B-B9A5-D1C0B539921A}
2013-10-27 02:56 - 2011-10-09 01:18 - 00000000 ____D C:\Users\******* ******\AppData\Local\CrashDumps
2013-10-26 22:40 - 2013-10-26 22:40 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-10-26 22:40 - 2013-10-26 22:40 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-10-26 22:40 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-10-26 21:39 - 2013-10-26 21:39 - 00000000 ____D C:\Users\******* ******\AppData\Local\{20528F57-CB5D-4EF8-B82D-424FD5180EF6}
2013-10-25 18:36 - 2013-10-25 18:35 - 00000000 ____D C:\Users\******* ******\AppData\Local\{D4F4C415-7C7B-43BC-9F77-8652F68A11DD}
2013-10-24 13:07 - 2013-10-24 13:06 - 00000000 ____D C:\Users\******* ******\AppData\Local\{41B16E82-CA4F-4F4E-BBB6-8CBA47AC5CBD}
2013-10-23 15:50 - 2013-10-23 15:49 - 00000000 ____D C:\Users\******* ******\AppData\Local\{23DCFD51-BC9A-483A-92B4-94E75CE1358B}
2013-10-22 20:47 - 2013-10-22 20:47 - 00000000 ____D C:\Users\******* ******\AppData\Local\{A4195384-66E5-4289-8903-8E9F34A2F3DD}
2013-10-22 20:12 - 2013-10-22 20:12 - 00000000 ____D C:\Users\******* ******\AppData\Local\{9B84E222-3C6F-420F-9F11-D428F98DBD9C}
2013-10-22 00:19 - 2013-10-15 01:55 - 00000000 ____D C:\Users\******* ******\AppData\Roaming\HpUpdate
2013-10-21 12:24 - 2013-10-21 12:24 - 00000000 ____D C:\Users\******* ******\AppData\Local\{0934E55D-B1A8-4CE9-B321-8FC0514860CA}
2013-10-21 11:58 - 2013-10-20 19:30 - 00000000 ____D C:\Qoobox
2013-10-20 20:19 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-10-20 20:15 - 2011-10-08 23:03 - 00000000 ____D C:\Program Files (x86)\Process Explorer 15.05
2013-10-20 20:13 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-10-20 20:12 - 2012-02-24 02:39 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-20 20:12 - 2011-10-09 01:25 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-20 20:12 - 2011-10-09 01:25 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-20 20:12 - 2011-10-08 21:53 - 00000000 ___RD C:\Users\******* ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-20 20:11 - 2013-10-27 14:14 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20131027-141425.backup
2013-10-20 20:11 - 2013-10-20 19:29 - 00000000 ____D C:\Windows\erdnt
2013-10-20 20:11 - 2011-10-09 01:25 - 00000000 ____D C:\Program Files (x86)\DSL-Manager
2013-10-20 19:37 - 2013-10-20 19:37 - 00000000 ____D C:\Users\******* ******\Documents\ProcAlyzer Dumps
2013-10-20 19:36 - 2013-06-22 20:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-20 19:24 - 2013-10-20 19:25 - 05135479 ____R (Swearware) C:\Users\******* ******\Desktop\ComboFix.exe
2013-10-20 12:29 - 2013-10-20 12:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-20 12:24 - 2013-10-20 12:24 - 00000000 ____D C:\Users\******* ******\AppData\Local\{689ECCD3-B49A-408B-9520-EF7876EF5A66}
2013-10-19 21:12 - 2013-10-19 21:12 - 00000000 ____D C:\Users\******* ******\AppData\Local\{44679D2F-3EAD-4564-A5E3-2635401A595A}
2013-10-19 19:46 - 2008-02-23 22:54 - 00000000 ____D C:\Users\******* ******\Documents\Eigene Dokumente+wichtiges
2013-10-18 17:59 - 2013-10-18 17:59 - 00000000 ____D C:\Users\******* ******\AppData\Local\{7E1320E5-2B4E-43D6-9BC3-09FBDC9F203E}
2013-10-18 10:25 - 2013-10-18 10:25 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-10-18 10:20 - 2012-03-07 13:04 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-10-18 10:19 - 2011-10-09 00:55 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-10-18 00:44 - 2013-10-18 00:44 - 00000000 ____D C:\Users\******* ******\AppData\Local\{A1BE8A4A-7841-4646-AE4E-8D8F67804204}
2013-10-17 22:28 - 2013-10-17 22:28 - 00000000 ____D C:\FRST
2013-10-17 22:27 - 2013-10-17 22:27 - 00000000 _____ C:\Users\******* ******\defogger_reenable
2013-10-17 22:27 - 2011-10-08 21:53 - 00000000 ____D C:\Users\******* ******
2013-10-17 13:56 - 2013-10-17 13:45 - 00000000 ____D C:\ProgramData\Oracle
2013-10-17 13:54 - 2013-10-17 13:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-17 13:54 - 2013-10-17 13:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-17 13:54 - 2013-10-17 13:54 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-17 13:54 - 2013-10-17 13:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-17 13:54 - 2013-10-17 13:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-17 13:45 - 2013-10-17 13:45 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-17 13:45 - 2013-10-17 13:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-17 13:45 - 2013-10-17 13:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-17 13:45 - 2013-10-17 13:45 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-17 13:45 - 2013-10-17 13:45 - 00000000 ____D C:\Program Files\Java
2013-10-17 12:03 - 2013-10-17 12:03 - 00000000 ____D C:\Users\******* ******\AppData\Local\{6C3460A9-E407-4C74-8F44-0B32226C25D6}
2013-10-17 00:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-16 23:54 - 2013-09-28 17:26 - 00000000 ____D C:\Users\******* ******\AppData\Local\NPE
2013-10-16 21:09 - 2012-12-10 14:18 - 06709518 _____ C:\Users\******* ******\AppData\Local\census.cache
2013-10-16 21:09 - 2012-12-10 14:17 - 00147058 _____ C:\Users\******* ******\AppData\Local\ars.cache
2013-10-16 20:41 - 2013-10-16 20:41 - 00000000 ____D C:\Users\******* ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy
2013-10-16 16:35 - 2013-10-16 16:35 - 00000000 ____D C:\Users\******* ******\AppData\Local\{C898F052-B602-419E-88E0-1B0500AC5D09}
2013-10-15 22:37 - 2013-10-15 22:37 - 00000000 ____D C:\Users\******* ******\AppData\Local\{5000FFE7-1E9C-4F4B-A3B6-F394334182FE}
2013-10-15 20:32 - 2013-10-15 20:32 - 00000000 _____ C:\Windows\setuperr.log
2013-10-15 20:26 - 2013-10-15 20:26 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-15 20:26 - 2012-02-02 03:04 - 00000000 ____D C:\Program Files\CCleaner
2013-10-15 20:25 - 2011-10-09 01:40 - 00000000 ____D C:\Users\******* ******\AppData\Roaming\Free Download Manager
2013-10-15 20:20 - 2013-09-22 15:18 - 00000000 ____D C:\Users\******* ******\AppData\Roaming\Media Player Classic
2013-10-15 20:20 - 2011-10-09 03:25 - 00000000 ____D C:\Users\******* ******\AppData\Roaming\Winamp
2013-10-15 20:20 - 2011-10-09 00:08 - 00000000 ___DC C:\Users\******* ******\AppData\Local\MigWiz
2013-10-15 20:20 - 2011-10-08 22:23 - 00000000 ____D C:\Windows\Panther
2013-10-15 19:57 - 2011-12-07 00:43 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-10-15 19:27 - 2013-01-11 21:14 - 00002188 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-15 09:52 - 2013-10-15 09:52 - 00000000 ____D C:\Users\******* ******\AppData\Local\{DEC0E3FF-4F15-4812-8678-326B0B64F381}
2013-10-15 01:55 - 2013-10-14 23:48 - 00000000 ____D C:\Program Files (x86)\HP
2013-10-15 01:54 - 2013-10-15 01:54 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-10-15 00:05 - 2013-10-14 11:50 - 00000000 ____D C:\Users\******* ******\AppData\Local\LogMeIn Rescue Applet
2013-10-15 00:03 - 2009-07-14 05:45 - 00315312 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-15 00:00 - 2013-10-14 23:47 - 00002890 _____ C:\ProgramData\hpzinstall.log
2013-10-14 23:58 - 2011-10-08 23:47 - 00072232 _____ C:\Users\******* ******\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-14 23:57 - 2013-10-14 23:57 - 00000000 ____D C:\Users\******* ******\AppData\Roaming\HP
2013-10-14 23:57 - 2013-10-14 23:47 - 00245575 _____ C:\Windows\hpoins19.dat
2013-10-14 23:57 - 2013-10-14 23:46 - 00000000 ____D C:\ProgramData\HP
2013-10-14 23:57 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2013-10-14 23:56 - 2013-10-14 23:56 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-10-14 23:56 - 2013-10-14 23:56 - 00000000 ____D C:\Users\******* ******\AppData\Local\HP
2013-10-14 23:52 - 2013-10-14 23:52 - 00000000 ____D C:\Users\******* ******\AppData\Roaming\Yahoo!
2013-10-14 23:50 - 2013-10-14 23:50 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-10-14 23:50 - 2013-10-14 23:50 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-10-14 20:01 - 2013-06-22 20:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-14 19:25 - 2013-10-14 19:25 - 00000000 ____D C:\Users\******* ******\AppData\Local\{CDE09849-B4DE-4ECA-823E-A68F9C83D6E9}
2013-10-14 13:10 - 2013-10-14 13:10 - 00000000 ____D C:\Users\******* ******\AppData\Local\{C3631065-3D37-4A12-8E9C-27204417DDE5}
2013-10-14 01:07 - 2013-10-14 01:07 - 00000122 _____ C:\Users\******* ******\Documents\hacking.txt
2013-10-13 22:19 - 2013-10-13 22:19 - 00000000 ____D C:\Users\******* ******\AppData\Local\{FFBCAEE7-0DA3-4A06-86DA-95A17E228322}
2013-10-13 22:14 - 2013-10-13 22:14 - 00000000 ____D C:\Users\******* ******\AppData\Local\{9A170223-FA64-4D3E-9B09-1FA302242C83}
2013-10-13 21:19 - 2013-10-13 21:19 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-13 21:19 - 2013-01-11 21:10 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-12 12:59 - 2013-10-12 12:59 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-11 01:53 - 2013-10-11 01:31 - 00000000 ____D C:\cce_linux
2013-10-09 14:04 - 2013-10-06 10:45 - 00000000 ____D C:\Program Files (x86)\Sardu
2013-10-09 12:48 - 2013-10-09 12:48 - 00000000 ____D C:\Users\******* ******\AppData\Local\{7ECFDF27-357F-42F4-A177-A1BA429B7E9B}
2013-10-09 12:30 - 2012-03-30 22:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 12:30 - 2012-03-30 22:46 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 12:30 - 2011-10-09 03:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 11:47 - 2012-05-09 23:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 11:47 - 2012-05-09 23:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 11:33 - 2011-10-09 13:54 - 01589442 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 11:32 - 2013-07-17 19:23 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 11:29 - 2011-10-09 01:12 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-07 02:04 - 2013-06-21 00:02 - 00000000 ____D C:\Users\******* ******\AppData\Roaming\CyberLink
2013-10-06 10:46 - 2013-10-06 10:46 - 00000968 _____ C:\Users\UpdatusUser\Desktop\SARDU.lnk
2013-10-06 10:46 - 2013-10-06 10:46 - 00000968 _____ C:\Users\******* ******\Desktop\SARDU.lnk
2013-10-06 10:46 - 2013-10-06 10:46 - 00000000 ____D C:\Users\******* ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SARDU
2013-10-05 23:02 - 2013-10-05 23:02 - 00000000 ____D C:\Users\******* ******\AppData\Local\{DAB50AB6-4151-4886-AD94-F42BB18EE8C6}
2013-10-04 17:20 - 2011-10-12 13:13 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-02 17:52 - 2013-10-02 17:52 - 00000000 ____D C:\Users\******* ******\AppData\Local\{C711E6A1-7767-4047-92C8-F4DC1A0DE6D2}
2013-10-02 17:42 - 2013-10-02 15:06 - 00000000 ____D C:\Program Files\stinger
2013-10-02 15:04 - 2013-09-29 14:45 - 00000000 ____D C:\Program Files (x86)\stinger
2013-10-02 00:31 - 2013-05-23 13:32 - 00451816 _____ C:\Windows\system32\Drivers\etc\hosts.ccebak
2013-10-02 00:30 - 2013-05-23 13:32 - 00451816 ____R C:\Windows\system32\Drivers\etc\hosts.20131002-013149.backup
2013-09-30 23:52 - 2013-09-30 23:52 - 00000000 ____D C:\Users\******* ******\AppData\Local\{A356D73A-F7C7-4369-99E8-0F31732EF222}
2013-09-30 08:38 - 2013-09-30 08:37 - 00000000 ____D C:\Users\******* ******\AppData\Local\{96C6997F-2436-4A7E-B634-90C8A5CEB224}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-06 15:02

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2013
Ran by ****** ****** at 2013-10-30 13:41:29
Running from C:\Users\****** ******\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

3DMark 11 (x32 Version: 1.0.2)
3GX (x32 Version: 3.03.2101)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 4.57 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
aerosoft's - Im Koeblitzer Bergland (x32 Version: 1.10)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000)
AIO_CDB_Software (x32 Version: 130.0.365.000)
AIO_Scan (x32 Version: 130.0.421.000)
Apache: Air Assault 1.0.2.1 (x32 Version: 1.0.2.1)
Ashampoo Burning Studio 10 v.10.0.15 (x32 Version: 10.0.15)
Ashampoo Burning Studio 12 v.12.0.5 (x32 Version: 12.0.5)
AudioGenie (x32)
Batman: Arkham City GOTY (x32)
BioShock Infinite (x32)
Blur (x32)
BOSS (x32 Version: 2.0.0)
BufferChm (x32 Version: 130.0.331.000)
Call of Juarez: Bound in Blood (x32)
Canon Easy-PhotoPrint EX (x32 Version: 4.1.6)
Canon Inkjet Printer Driver Add-On Module
Canon My Printer (x32 Version: 3.1.0)
Carrier Command: Gaea Mission (x32)
CCleaner (Version: 4.06)
CD-LabelPrint (x32)
Choplifter HD (x32)
Class 20 Collection Patch (x32 Version: 1.00.0000)
CLICKBIOSII (x32 Version: 1.0.021)
Colin McRae Rally 2005 (x32 Version: 1.00.000)
ControlCenter (x32 Version: 2.2.036)
Copy (x32 Version: 130.0.428.000)
CPUID CPU-Z 1.58
Creation Kit (x32)
CrystalDiskInfo 5.3.1 (x32 Version: 5.3.1)
CVE-2013-3893
CyberLink BD_3D Advisor 2.0 (x32 Version: 2.0.5425)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5311)
CyberLink Media Suite 10 (x32 Version: 10.0)
CyberLink Media Suite 10 (x32 Version: 10.2021)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3019_44673)
CyberLink MediaShow 6 (x32 Version: 6.0.4312)
CyberLink Power2Go 7 (x32 Version: 7.0.0.1827)
CyberLink PowerDVD 10 (x32 Version: 10.0.4125.52)
CyberLink PowerProducer 5.5 (x32 Version: 5.5.3.4118)
D3DX10 (x32 Version: 15.4.2368.0902)
Daniusoft Media Converter(Build 2.6.2.1) (x32)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.465.000)
DHTML Editing Component (x32 Version: 6.02.0001)
DiRT 3 (x32 Version: 1.0.0000.130)
DiRT 3 (x32 Version: 1.0.0003.130)
Diskeeper 2010  (Version: 14.0.915.64)
DocProc (x32 Version: 13.0.0.0)
Download Updater (AOL Inc.) (x32)
DSL-Manager (x32)
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
dutchpack 2.00 (x32)
EPSON Attach To Email (x32 Version: 1.01.0000)
Epson Easy Photo Print 2 (x32 Version: 2.2.3.1)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
EPSON File Manager (x32 Version: 1.3.2.0)
EPSON Scan Assistant (x32 Version: 1.10.00)
ErosLink (x32 Version: 1.0.0.0)
EVGA Precision X 3.0.4 (x32 Version: 3.0.4)
F300 (x32 Version: 130.0.365.000)
F300_Help (x32 Version: 82.0.242.000)
F300Trb (x32 Version: 82.0.242.000)
Fax (x32 Version: 130.0.418.000)
Free Download Manager 3.9.2 (x32)
Free Studio version 2013 (x32 Version: 6.1.10.812)
Freightliner Heavy Haul  Class 66 (x32)
Freightliner Heavy Haul Class 66V2.0 (x32)
FUJIFILM USB Driver (x32)
Futuremark SystemInfo (x32 Version: 4.2.0)
GameShadow (x32 Version: 2.03.0000)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth (x32 Version: 7.1.1.1871)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 130.0.371.000)
GRID (x32 Version: 1.30.0000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Solution Center 13.0 (Version: 13.0)
HP Update (x32 Version: 5.005.000.001)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2401)
IrfanView (remove only) (x32 Version: 4.36)
IsoBuster 2.8.5 (x32 Version: 2.8.5)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JMicron JMB36X Driver (x32 Version: 1.17.59.0)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Just Trains - Class 67 Advanced & Car Carriers (x32 Version: 1.00.0000)
Just Trains - Rail Simulator Official Expansion Pack: Isle of Wight & Class 66 (x32 Version: 1.00.0000)
Just Trains - Rebuilt Bulleid Light Pacific (x32 Version: 1.00.0000)
Just Trains - Scottish East Coast Main Line (x32 Version: 1.00.0000)
Just Trains - Streamlined Princess Coronation Class for RailWorks (x32 Version: 1.00.0000)
Just Trains - Streamlined Princess Coronation Class for TRS 2013 (x32 Version: 1.00.0000)
Just Trains - Three Country Corner Route (x32 Version: 1.00.0000)
Just Trains - Voyager (x32 Version: 1.00.0000)
Just Trains A4 Pacific Class British Rail Add-on Pack for RailWorks (x32 Version: 1.00.0000)
Just Trains A4 Pacific Class British Rail Add-on Pack for Train Simulator 2013 (x32 Version: 1.00.0000)
Just Trains A4 Pacific Class for RailWorks (x32 Version: 1.00.0000)
Just Trains A4 Pacific Class for Train Simulator 2013 (x32 Version: 1.00.0000)
Just Trains A4 Pacific Class LNER Add-on Pack for RailWorks (x32 Version: 1.00.0000)
Just Trains Cargowaggon Flat IGA for RailWorks (x32 Version: 2.00.0000)
Just Trains Class 20 Collection for RailWorks (x32 Version: 1.00.0000)
Just Trains Class 67 Free Livery (x32 Version: 1.00.0000)
Just Trains JJA Autoballaster for RailWorks (x32 Version: 1.00.0000)
Just Trains Seacow for RailWorks (x32 Version: 1.00.0000)
K-Lite Mega Codec Pack 10.0.0 (x32 Version: 10.0.0)
KRS pak Delete (x32)
Link Shell Extension
Live Aquarium HD (x32 Version: 3)
Logitech Harmony Remote Software (x86) (x32 Version: 2.0)
MarketResearch (x32 Version: 130.0.374.000)
marvell 91xx driver (x32 Version: 1.1.0.6)
MAXA Cookie Manager Pro 5.3 (x32)
MegaStore Game Controller (Ver. 3.0) (x32 Version: 3.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Baseline Security Analyzer 2.2 (Version: 2.2.2170)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Train Simulator (x32)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1)
Need for Speed™ Most Wanted (x32)
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
Netzmanager (Version: 1.07)
Netzmanager (x32 Version: 1.07)
Nexus Mod Manager (Version: 0.45.6)
Norton Internet Security (x32 Version: 21.1.0.18)
NVIDIA 3D Vision Controller-Treiber 296.10 (Version: 296.10)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23)
NVIDIA Alien vs. Triangles demo (x32 Version: 1.0)
NVIDIA Endless City demo (x32 Version: 1.0)
NVIDIA Grafiktreiber 327.23 (Version: 327.23)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
NVIDIA Systemsteuerung 327.23 (Version: 327.23)
NVIDIA Update 1.14.17 (Version: 1.14.17)
NVIDIA Update Components (Version: 1.14.17)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OpenAL (x32)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Opera 12.16 (x32 Version: 12.16.1860)
Paint.NET v3.5.11 (Version: 3.61.0)
Personal Backup 5.4 (x32 Version: 5.3)
PhoenixRC (x32 Version: 2.00.10)
PlayMemories Home (x32 Version: 7.0.03.04240)
Primo (x32 Version: 1.00.0000)
Python 2.7.3 (64-bit) (Version: 2.7.3150)
RAGE (x32)
Railworks Community Asset Project (x32 Version: v1.12.24.12)
Rainlendar2 (remove only) (x32)
Rapture3D 2.4.8 Game (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.53.216.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6586)
Recuva (Version: 1.47)
REFLEX Modellflugsimulator (x32 Version: 5.04.2)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Ridge Racer™ Unbounded (x32)
Roadkil's Unstoppable Copier Version 5.2 (x32)
Runtime (x32 Version: 1.00.0000)
Rural Landscapes (x32 Version: 1.06.22.09 - Freeware Edition)
Rural Landscapes (x32 Version: v1.06.22.09 HR Edition)
RW_Tools V3 (HKCU)
RW_Tools V4 (HKCU)
Saints Row: The Third (x32)
SARDU 2.0.6.5 (x32 Version: 2.0.6.5)
Scan (x32 Version: 13.0.0.0)
Secunia PSI (3.0.0.7009) (x32 Version: 3.0.0.7009)
Shop for HP Supplies (Version: 13.0)
Silent Hunter 4 Wolves of the Pacific (x32 Version: 1.04.0000)
Silent Hunter III (x32 Version: 1.00.0000)
SimpleScreenshot 1.40 (x32)
Simtrain's - SBB Route 1 (x32 Version: 1.00)
SiSoftware Sandra Lite 2011.SP5 (Version: 17.80.2011.10)
Skyrim NPC Editor (x32 Version: 0.75.1)
SL-6640 Black Widow Flightstick (x32 Version: 3.1)
SolutionCenter (x32 Version: 130.0.373.000)
Sophos Virus Removal Tool (x32 Version: 2.4)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Spybot - Search & Destroy (x32 Version: 2.1.19)
Status (x32 Version: 130.0.469.000)
Steam (x32 Version: 1.0.0.0)
Suoni Italiani per RailWorks v 1.0 (x32)
Take On Helicopters (x32)
Test Drive Unlimited (x32 Version: 1.00.0000)
The Donner Pass freeware scenario set by TaD (HKCU)
The Elder Scrolls V: Skyrim (x32)
the Mother of Tears - Cleaner Part 1 (x32)
The Walking Dead (x32)
The Witcher 2: Assassins of Kings Enhanced Edition (x32)
Tomb Raider (x32)
T-Online 6.0 (x32)
T-Online WLAN-Access Finder (x32)
Toolbox (x32 Version: 130.0.648.000)
Torino Genova Rel. 1.0 per RailWorks (x32)
Torino Genova Rel. 3.0 per RailWorks (x32)
Train Simulator 2014 (x32)
Train Store (German Language Pack) (x32)
Train Store V3.2 (x32)
TrayApp (x32 Version: 130.0.422.000)
TreeSize Free V2.5 (x32 Version: 2.5)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0)
UKTS Freeware Pack - Blocks-Lofts-Bridges #1 (x32 Version: 1.0.9)
UKTS Freeware Pack - Clutter #1 (x32 Version: 1.0.6)
UKTS Freeware Pack - CN Rolling Stock Pack #1 (x32 Version: 1.0.1)
UKTS Freeware Pack - Commercial #1 (x32 Version: 1.0.3)
UKTS Freeware Pack - Foliage #1 (x32 Version: 1.0.2)
UKTS Freeware Pack - Great Central Railway Loco Pack (x32 Version: 1.0.3)
UKTS Freeware Pack - Great Scenario Challenge #1 (x32 Version: 1.0.5)
UKTS Freeware Pack - Housing #1 (x32 Version: 1.1.1)
UKTS Freeware Pack - Industrial #1 (x32 Version: 1.0.3)
UKTS Freeware Pack - Railway Buildings #1 (x32 Version: 1.0.4)
UKTS Freeware Pack - Terrain Textures #1 (x32 Version: 1.0.1)
UKTS Freeware Pack - UK Carriages #1 (x32 Version: 1.1.2)
UKTS Freeware Pack - UK Classic Diesel and Electric #1 (x32 Version: 1.1.2)
UKTS Freeware Pack - UK DMUs-EMUs-Trams #1 (x32 Version: 1.1.5)
UKTS Freeware Pack - UK Modern Diesel and Electric #1 (x32 Version: 1.1.1)
UKTS Freeware Pack - UK Steam #1 (x32 Version: 1.1.1)
UKTS Freeware Pack - UK Wagons #1 (x32 Version: 1.1.3)
UKTS Freeware Route Pack - Candlewick (x32 Version: 1.0.3)
UKTS Freeware Route Pack - Coniston Branch (x32 Version: 1.0.7)
UKTS Freeware Route Pack - Lavender Line (x32 Version: 1.0.2)
UKTS Freeware Route Pack - QiLian Mountain Line (x32 Version: 1.0.3)
UKTS Freeware Route Pack - The Mayflower Line (x32 Version: 2.0.0)
UnloadSupport (x32 Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
USB game controller (x32 Version: 1.00.0000)
USBFast (x32 Version: 1.3.0.30)
VLC media player 2.1.0 (Version: 2.1.0)
WebReg (x32 Version: 130.0.132.017)
Winamp (x32 Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Winamp Toolbar (HKCU)
Winamp Toolbar (x32)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00) (Version: 10/22/2009 2.06.00)
WinMend File Copy 1.4.2 (x32)
WinPatrol (Version: 28.6.2013.0)
WinZip 17.0 (Version: 17.0.10283)
Wrye Bash (x32 Version: 2.9.5.5)
wxPython 2.8.12.1 (unicode) for Python 2.7 (x32 Version: 2.8.12.1-unicode)
xp-AntiSpy 3.98-2 (x32)
yuPlay client 0.7.24 (x32)

==================== Restore Points  =========================

30-10-2013 10:19:19 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2013-10-28 15:53 - 2013-10-28 15:53 - 00449862 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {05D1B427-D0BB-48D7-A508-1F393DF24BBA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {36A54EC4-8180-4965-B8C0-63F2F1F873C1} - System32\Tasks\{3B784E41-45C0-4D89-A68D-24BEA08A5353} => E:\aa-XP-DownLoad\Astra2100u\Diese nehmen-vs XP treiber375-ok\vs375u\DISK1\VSSETUP.EXE [2000-12-29] (UMAX)
Task: {4A117BF9-3199-4A10-911A-0FBDCD466A98} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {4BCECC93-9375-4073-AED4-068540C11A3D} - System32\Tasks\{FAD0A392-B7E5-4400-AC7C-2B67A8717BBB} => E:\aa-XP-DownLoad\Astra2100u\Diese nehmen-vs XP treiber375-ok\vs375u\DISK1\VSSETUP.EXE [2000-12-29] (UMAX)
Task: {5980EAB9-6A99-4E9B-8370-42CB732C53D4} - System32\Tasks\{ED79AC1A-045B-434A-ADC0-3D5E1C21D9E5} => E:\aa-XP-DownLoad\Astra2100u\Diese nehmen-vs XP treiber375-ok\vs375u\DISK1\VSSETUP.EXE [2000-12-29] (UMAX)
Task: {628558D4-1C82-4556-8535-E1165F1254D7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {682EEDCE-6BD4-424F-BD2B-1FE4F2E6E144} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11] (Google Inc.)
Task: {7744A862-84E6-4B2A-B506-D473C515C6F5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\wscstub.exe [2013-10-08] (Symantec Corporation)
Task: {7C9B285F-E884-4566-B5AF-4DD3B23C1E04} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {81A1039B-E733-4F55-8CBC-E33DC0AC9916} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {9854CCB4-05A0-497C-95A4-950F3515CD23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11] (Google Inc.)
Task: {B6E25857-E898-4869-816D-7476E11AF46A} - System32\Tasks\{FACA1B3B-F890-46CB-A6BA-09DC24E2D8B4} => E:\aa-XP-DownLoad\Astra2100u\Diese nehmen-vs XP treiber375-ok\vs375u\DISK1\VSSETUP.EXE [2000-12-29] (UMAX)
Task: {B7FF4B9B-4303-45E5-B3A2-EAB986312D79} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {D6C79FB4-DC7A-4B82-B6F3-DD9F7C38FC0C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {ED796295-EB93-47DB-A668-88791676976E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2004-09-30 19:15 - 2004-09-30 19:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2010-05-23 18:30 - 2010-05-23 18:30 - 00160768 _____ () C:\Program Files\Rainlendar2\lua51.dll
2011-08-12 06:47 - 2011-08-12 06:47 - 00312832 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2010-05-23 18:30 - 2010-05-23 18:30 - 00013824 _____ () C:\Program Files\Rainlendar2\lfs.dll
2011-10-09 06:03 - 2010-12-19 20:16 - 00338944 _____ () C:\Program Files (x86)\MAXA Cookie Manager\sqlite36_engine.dll
2011-10-09 06:03 - 2010-12-19 20:19 - 00023552 _____ () C:\Program Files (x86)\MAXA Cookie Manager\DirectCOM.dll
2011-10-09 06:08 - 2013-07-15 18:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2013-07-11 12:33 - 2013-07-11 12:33 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2013-06-26 22:57 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-06-26 22:57 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-06-26 22:57 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2011-03-09 13:21 - 2011-03-09 13:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 13:21 - 2011-03-09 13:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-02-07 23:11 - 2013-01-11 03:17 - 00105984 _____ () C:\Program Files (x86)\Free Download Manager\fdmumsp.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\****** ******\Documents\Der erhaltene Artikel entspricht nicht der Beschreibung_ ****** hat eine Nachricht zu Fleischmann piccolo 8599 Artikelnummer 230842947883 gesendet_.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2013 00:06:55 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (10/30/2013 11:43:52 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/30/2013 11:13:52 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/30/2013 11:12:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (10/28/2013 04:14:40 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/28/2013 04:14:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/28/2013 04:14:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/28/2013 04:14:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/28/2013 03:38:11 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/28/2013 03:32:22 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.


System errors:
=============
Error: (10/30/2013 01:41:54 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\21.1.0.18\NIS.EXE

Error: (10/30/2013 01:41:53 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\21.1.0.18\NIS.EXE

Error: (10/30/2013 01:41:29 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (10/30/2013 01:41:29 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (10/30/2013 01:41:29 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (10/30/2013 01:41:29 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (10/30/2013 01:41:29 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (10/30/2013 01:41:29 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (10/30/2013 01:41:29 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (10/30/2013 01:41:29 PM) (Source: mbamchameleon) (User: )
Description: C0000022


Microsoft Office Sessions:
=========================
Error: (10/30/2013 00:06:55 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2013 11:43:52 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (10/30/2013 11:13:52 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (10/30/2013 11:12:26 AM) (Source: SideBySide)(User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (10/28/2013 04:14:40 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\aa-XP-DownLoad\trojaner board soft s\eset\esetsmartinstaller_enu.exe

Error: (10/28/2013 04:14:37 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\aa-XP-DownLoad\trojaner board soft s\eset\esetsmartinstaller_enu.exe

Error: (10/28/2013 04:14:37 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\aa-XP-DownLoad\trojaner board soft s\eset\esetsmartinstaller_enu.exe

Error: (10/28/2013 04:14:36 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\aa-XP-DownLoad\trojaner board soft s\eset\esetsmartinstaller_enu.exe

Error: (10/28/2013 03:38:11 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\aa-XP-DownLoad\trojaner board soft s\eset\esetsmartinstaller_enu.exe

Error: (10/28/2013 03:32:22 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-10-20 21:11:16.930
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-20 21:11:16.883
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 12267.6 MB
Available physical RAM: 8291.85 MB
Total Pagefile: 24533.38 MB
Available Pagefile: 20720.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Win 7) (Fixed) (Total:209.86 GB) (Free:89.78 GB) NTFS
Drive d: (Eisenbahn) (Fixed) (Total:93.75 GB) (Free:74.22 GB) NTFS
Drive e: (Data) (Fixed) (Total:224.61 GB) (Free:144.44 GB) NTFS
Drive f: (Big Data) (Fixed) (Total:372.46 GB) (Free:222.58 GB) NTFS
Drive g: (klein bei c) (Fixed) (Total:4.88 GB) (Free:4.79 GB) NTFS
Drive h: (Traini+Data) (Fixed) (Total:698.64 GB) (Free:174.32 GB) NTFS
Drive i: (Mini 1) (Fixed) (Total:3.91 GB) (Free:3.79 GB) NTFS
Drive j: (Cache+temp) (Fixed) (Total:107.42 GB) (Free:92.36 GB) NTFS
Drive k: (Mini 2) (Fixed) (Total:3.91 GB) (Free:3.81 GB) NTFS
Drive l: (L Backups) (Fixed) (Total:716.67 GB) (Free:507.15 GB) NTFS
Drive m: (100g) (Fixed) (Total:107.42 GB) (Free:107.12 GB) NTFS
Drive n: (Emulatoren + Steam) (Fixed) (Total:1648.17 GB) (Free:798.3 GB) NTFS
Drive o: (Big Data 2) (Fixed) (Total:698.64 GB) (Free:83.47 GB) NTFS
Drive p: (BiigFäädData) (Fixed) (Total:931.51 GB) (Free:330.9 GB) NTFS
Drive r: () (Removable) (Total:7.43 GB) (Free:7.43 GB) FAT32
Drive s: (16G STICK 2) (Removable) (Total:14.92 GB) (Free:14.92 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 4E6B547D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=210 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=717 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 0E6DB056)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: E9DE3773)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 53F586F0)
Partition 1: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-429314277376) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 699 GB) (Disk ID: 09376CBC)
Partition 1: (Not Active) - (Size=4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=94 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=376 GB) - (Type=OF Extended)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: 7B8D17E8)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 7 GB) (Disk ID: 6E652072)
No partition Table on disk 6.

========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: EA610609)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================
         
Hallo,
hatte gerade wieder eine tunnelung:

10/31/2013 00:56:52 183.60.48.25 destroy tunnel sucessfully
10/31/2013 00:55:51 183.60.48.25 creates tunnel sucessfully

Diesmal waren der ex"infizierte" und der PC der auch heute morgen um 9 Uhr eingeschaltet war online.
Auf beiden hat mbar nichts gefunden.

Soll ich die Rechner mit einem ca. 6 Monate altem C:Image zurücksetzen ?

Wie kann ich vor dem Image Wiederherstellung sicherstellen das der MBR vierenfrei ist,ohne
die weiteren Partitionen auf der Festplatte zu killen ?

Im Voraus besten Dank

Antwort

Themen zu Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router
browser, converter, cpu-z, desktop, dvdvideosoft ltd., error, farbar, farbar recovery scan tool, firefox, flash player, google, help, helper, home, homepage, ie 10, iexplore.exe, installation, nicht möglich, ntdll.dll, officejet, refresh, registry, security, software, stick, symantec, trojaner, trojaner board, tunnel, updates, usb, virus, windows, windows xp



Ähnliche Themen: Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router


  1. Win7 - WLAN Verbindungsabbrüche, Router flutet PC mit Anfragen über ARP Protokoll, Unbekannte Geräte im WLAN Repeater
    Plagegeister aller Art und deren Bekämpfung - 23.08.2015 (5)
  2. Anonymous kapert Twitter-Konten des Ku-Klux-Klans
    Nachrichten - 17.11.2014 (0)
  3. Jede Menge Probleme, jede Menge Logs
    Plagegeister aller Art und deren Bekämpfung - 15.03.2014 (7)
  4. Syrian Electronic Army kapert Skypes Blog und Twitter-Account
    Nachrichten - 02.01.2014 (0)
  5. USB-Tastatur kapert Linux-Kern
    Nachrichten - 03.09.2013 (0)
  6. Pinkie Pie kapert ChromeOS
    Nachrichten - 20.03.2013 (0)
  7. Festplatte über Nacht voll (Win7)
    Alles rund um Windows - 28.01.2013 (2)
  8. Grafikeinstellungen ueber Nacht veraendert...
    Netzwerk und Hardware - 02.06.2012 (3)
  9. TROJ_RANSOM.AQB kapert den MBR
    Nachrichten - 14.04.2012 (0)
  10. Windows 7 über nacht defekt?
    Alles rund um Windows - 07.09.2010 (1)
  11. Router <-> Windows (OK) / Router <-> Linux (nicht OK)
    Netzwerk und Hardware - 23.04.2007 (13)
  12. die ganze nacht...
    Log-Analyse und Auswertung - 05.07.2005 (0)
  13. Wenn die NACHT hereinbricht und ich SCHREIE!!!!
    Plagegeister aller Art und deren Bekämpfung - 01.05.2005 (20)
  14. Teledat 300 pci
    Netzwerk und Hardware - 21.11.2003 (2)
  15. Teledat 150 XP Treiber
    Netzwerk und Hardware - 19.01.2003 (2)

Zum Thema Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router - Sehr geehrte Community, ich habe seit einiger Zeit von IP 183.60.48.25 tunnelungen durch meinen Router. Die IP befindet sich laut google in China. Angefangen hat es Sonntags vor ca. drei - Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router...
Archiv
Du betrachtest: Win7 IP 183.60.48.25 tunnelt mich jede Nacht und kapert Teledat 530 Router auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.