Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Paysafe-Trojaner eingefangen - was kann ich tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.12.2013, 17:38   #1
Meinersein
 
Paysafe-Trojaner eingefangen - was kann ich tun? - Standard

Paysafe-Trojaner eingefangen - was kann ich tun?



Vor einer knappen Stunde bekam ich beim Surfen die Meldung, dass mein Browser aus "den unten aufgelisteten Gründen" gesperrt wird.
Rechts ist ein Fenster, in dem die Zeit von 48h an rückwärts läuft.

Gegen eine Zahlung von 100,- € über paysafe wird der Browser wieder freigeschaltet.
Nochkann ich ins Internet gehen und meinen Laptop nutzen.

Habe hier schon so einiges gelesen dazu und mir auch das Prog OTL heruntergeladen, es aber noch nicht ausgeführt.

Was kann ich machen wegen des Trojaners?. ...oder was auch immer das ist...
Kann mir bitte jemand helfen?

Danke im Voraus.

Alt 13.12.2013, 17:42   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Paysafe-Trojaner eingefangen - was kann ich tun? - Standard

Paysafe-Trojaner eingefangen - was kann ich tun?



Hi,

welches Betriebssystem?
__________________

__________________

Alt 13.12.2013, 18:48   #3
Meinersein
 
Paysafe-Trojaner eingefangen - was kann ich tun? - Standard

Paysafe-Trojaner eingefangen - was kann ich tun?



Win7 ultimate, 64 Bit.

- Browser: Mozilla Firefox
- Norton Internet Security

Ach ja, falls es wichtig ist:

Ich nutze mobiles Internet und habe die Verbindung sofort getrennt, nachdem die Meldung kam. Hatte vorher noch einen screenshot gemacht von dieserMeldung.

Norton hat keinen Virus gefunden.
__________________

Geändert von Meinersein (13.12.2013 um 19:36 Uhr)

Alt 14.12.2013, 06:40   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Paysafe-Trojaner eingefangen - was kann ich tun? - Standard

Paysafe-Trojaner eingefangen - was kann ich tun?



hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.12.2013, 16:35   #5
Meinersein
 
Paysafe-Trojaner eingefangen - was kann ich tun? - Standard

Paysafe-Trojaner eingefangen - was kann ich tun?



Hier die Datei (leider hatte ich nicht die Möglichkeit, das Programm von einem "sauberen" System aus auf meinen Stick zu laden, hab also meinen evtl. infizierten Lapi benutzt):


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013
Ran by SYSTEM on MININT-DCSHUVO on 14-12-2013 14:53:14
Running from L:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-07] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [661400 2012-11-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-01-20] ()
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-02-22] (Dritek System Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Komsa_Germany Silverstone ModemListener] - C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe [109120 2012-03-14] ()
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\MeinerSein\...\Run: [Steam] - D:\Spiele\JA Back in Action\Steam.exe [1823656 2013-12-03] (Valve Corporation)
HKU\MeinerSein\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\MeinerSein\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\UpdatusUser.MeinerSein-PC\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
Startup: C:\Users\MeinerSein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Services (Whitelisted) =================

S2 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2007-03-09] ()
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S2 CLKMSVC10_80CF330A; C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\NavFilter\kmsvc.exe [240112 2011-11-23] (CyberLink)
S3 DCDhcpService; C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe [111776 2012-02-09] (Atheros Communication Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation)
S2 Komsa_Germany Silverstone Modem Device Helper; C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-11-02] ()

==================== Drivers (Whitelisted) ====================

S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [190024 2010-10-23] ()
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-03] (Qualcomm Atheros Co., Ltd.)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131213.018\ENG64.SYS [126040 2013-11-15] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131213.018\EX64.SYS [2099288 2013-11-15] (Symantec Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [30456 2012-05-04] (XOSLAB.COM)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\acedrv11.sys A3769020F7E8A70FD3E824C050F33306
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys 808820DEF092FA0A6D93BAE3E5D069CD
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\Apfiltr.sys 968A4A0FD5BF07717F4E869875A4B149
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btath_flt.sys BCC09E0B0362741D0C084828A1B950F3
C:\Windows\System32\DRIVERS\athrx.sys 6B2B5E3C47C7B576A05384FA738FCB06
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys 613883A3BAC6920149C83ED751589433
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\drivers\btath_a2dp.sys C05ED3246C06EC56F10D85B0304CD09E
C:\Windows\System32\drivers\btath_avdt.sys 2D27F7A831657D63AFC78E5E78DCA83F
C:\Windows\System32\DRIVERS\btath_bus.sys E6B734A37ADE36FE1A77035F4E484C8C
C:\Windows\System32\DRIVERS\btath_hcrp.sys FB3833E63FF602B69C2FF085846DCF43
C:\Windows\System32\DRIVERS\btath_lwflt.sys 371A11C1333BA526263A987A93ACDE3D
C:\Windows\System32\DRIVERS\btath_rcp.sys ABCD3C16CA850A7594CEB9AD5D966810
C:\Windows\System32\DRIVERS\btfilter.sys 13BDB661991ACF40ADCB09BD64A8CBEF
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys 0510396A957E9FD7205BA62D3CAE4528
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\drivers\dcrypt.sys 8C93092E61AABECA655590A239DDA392
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 1B7AA375F711F66D5FF2B855F9EC987F
C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 7230C8B80DDE1F0524C353240B78CC0E
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_jubusenum.sys BAFE6B0B92BE69144D59907550A07678
C:\Windows\System32\DRIVERS\ewusbmdm.sys D969D0E26C5B1E813B17066A8318D5D4
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys C224331A54571C8C9162F7714400BBBD
C:\Windows\System32\DRIVERS\iaStorA.sys FA4C48E36F0B24E7E33D3E7E1844B9C9
C:\Windows\System32\DRIVERS\iaStorF.sys 05E24E2CA39C0D2FAADE8FC603345A7D
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys D7CB14B41DA52DF2EC143768E02F0E97
C:\Windows\System32\DRIVERS\igdkmd64.sys 54FB3B4847B6CD8CE1B448471ADFE02A
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys E83BB47C3446F0497019DE7FD6C6A86F
C:\Windows\System32\DRIVERS\IntcDAud.sys 0E0B99617ED3FDB6C5F0E2D62709B5DF
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iusb3hcs.sys 7A4D015FF432645C55C162DADAEA143E
C:\Windows\System32\DRIVERS\iusb3hub.sys 5D6164479F6F900ACD287FDC6935532E
C:\Windows\System32\DRIVERS\iusb3xhc.sys 9F5687C7EFA906E4F33586D393F7C257
C:\Windows\System32\DRIVERS\jrdusbser.sys 5678EC677028221EC5C815BCD07AB697
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys C669E616F41060C37F868B2BBAD92632
C:\Windows\System32\DRIVERS\LHidFilt.Sys 77D5786C6A7765503884E38706C9FD5E
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys F84023FB2E3DEA06103501974A2EDB44
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 2BB3EAE2EA641515D4B205CAB29E1624
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mwlPSDFilter.sys C009123B206C56854F4E88596035231D
C:\Windows\System32\DRIVERS\mwlPSDNServ.sys BF3739EEB9F008B1DEBAC115089A53F8
C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys 38DD143D95E7A01B86F219DDA9C28779
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131213.018\ENG64.SYS 702E07EC32F96ACDB873E9A5465D4401
C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131213.018\EX64.SYS 302EA314A1AF0D7CEF0A3D0195F79561
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\system32\drivers\NTIDrvr.sys EE3BA1024594D5D09E314F206B94069E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys F554291C0A11F5B713B54C5886D4AA31
C:\Windows\System32\DRIVERS\nvpciflt.sys 3F403A74349FCE04DF8D7BE24E6A02BD
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\drivers\nvvad64v.sys 31B16657118E439B77B0A527F7EA66CB
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\RtsPStor.sys 6E5C3D18C3BCC72AA527DBC5FA61AB8F
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys B84440E7554FC85E900EEF0A7AABA228
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS 8BFD1752AAA15BF47D668E9AC5AF96FB
C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS B18CE01B9C09C59422BA7C7064248B35
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS 5C9EE2303CA7F267665D75237862B39C
C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS 08AF51153E441687130B759A8F6892ED
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 97E11C50CE52277B377396EA8838E539
C:\Windows\System32\DRIVERS\SymIMv.sys 6DE89F4CDF0B31A5BAF2855F9D80F8BA
C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS 48C2934683CBD06F662B088EEF49EF6A
C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS 78A2F073AD9EA5EBC04A70931EA36C9A
C:\Windows\System32\DRIVERS\tap0901.sys F9BE29D5E097F03F81D3CD12B794CB66
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TurboB.sys 20155CF5FB9F7902178D7D5CDC7C0F90
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\system32\drivers\UBHelper.sys A17D5E1A6DF4EAB0A480F2C490DE4C9D
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xlkfs.sys 2AAAEC16CCEAD338EC101723C9EED8F8

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST
2013-12-13 14:07 - 2013-12-13 14:07 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs
2013-12-13 14:07 - 2013-04-04 05:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-12-13 10:56 - 2013-12-13 10:56 - 00000009 _____ C:\END
2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL
2013-12-13 08:40 - 2013-12-13 08:40 - 00000000 ___SD C:\ComboFix
2013-12-13 08:36 - 2013-12-13 15:18 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit
2013-12-13 08:33 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-13 08:33 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-13 08:33 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-13 08:31 - 2013-12-13 08:40 - 00000000 ____D C:\Qoobox
2013-12-13 08:31 - 2013-12-13 08:37 - 00000000 ____D C:\Windows\erdnt
2013-12-13 08:25 - 2013-12-13 08:26 - 05154339 ____R (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe
2013-12-11 10:21 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-12-11 10:21 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-12-11 10:21 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 10:21 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 10:20 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-11 10:20 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-11 10:20 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-11 10:20 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 10:20 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-11 10:20 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-11 10:20 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-11 10:20 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-11 10:20 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-11 10:20 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 10:20 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-11 10:20 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-11 10:20 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-11 10:20 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-11 10:20 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-11 10:20 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 10:20 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 10:20 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-11 10:20 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 10:20 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 10:20 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 10:20 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-11 10:20 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-11 10:20 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 10:20 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 10:20 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-11 10:20 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-11 10:20 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-11 10:20 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 10:20 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 10:20 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 10:14 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-12-11 10:14 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 10:13 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 10:13 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-12-11 10:13 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2013-12-11 10:13 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 10:13 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-11 10:13 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-11 10:13 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 10:13 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2013-12-11 10:13 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-11 10:13 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 10:13 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 10:13 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2013-12-11 10:13 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2013-12-11 10:13 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 10:13 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 10:13 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-12-11 10:13 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-12-10 07:56 - 2013-12-14 04:57 - 00006690 _____ C:\Windows\PFRO.log
2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA
2013-11-30 01:12 - 2013-12-14 05:42 - 00530578 _____ C:\Windows\WindowsUpdate.log
2013-11-30 01:10 - 2013-12-11 10:34 - 00326280 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-29 15:00 - 2013-11-29 15:00 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-29 14:11 - 2013-12-14 05:40 - 00007931 _____ C:\Windows\setupact.log
2013-11-29 14:11 - 2013-11-29 14:11 - 00000000 _____ C:\Windows\setuperr.log
2013-11-25 08:54 - 2013-11-25 08:54 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\{03C89020-8369-4757-82C6-FE65595F01D0}
2013-11-23 03:48 - 2013-11-23 03:48 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\{E45465FB-609F-48F6-845B-B09FDFA8307C}
2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV
2013-11-20 12:36 - 2013-11-11 07:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-11-20 12:36 - 2013-11-11 07:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 03467927 _____ C:\Windows\System32\nvcoproc.bin
2013-11-20 12:36 - 2013-11-11 07:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 01065248 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-11-20 12:36 - 2013-11-11 07:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 00067072 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 30361888 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 18293608 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 18208624 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 12613408 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-11-20 12:32 - 2013-11-14 03:58 - 11600432 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 11514624 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 03132704 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 03125024 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 03069608 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433182.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433182.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01436528 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00707360 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00657184 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00479520 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00357152 _____ C:\Windows\System32\NvIFROpenGL.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00032544 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
2013-11-20 12:32 - 2013-11-14 03:58 - 00023754 _____ C:\Windows\System32\nvinfo.pb
2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation
2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-11-16 01:05 - 2013-11-16 01:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 08:50 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-15 08:50 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-15 08:50 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-15 08:50 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-15 08:50 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-15 08:50 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-15 08:50 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-15 08:50 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-15 08:50 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-15 08:50 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-15 08:50 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-15 08:50 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-15 08:50 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-15 08:50 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-15 08:50 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-15 08:50 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-15 08:50 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-15 08:50 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-15 08:50 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-15 08:50 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-15 08:50 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-15 08:50 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-15 08:50 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-15 08:50 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-15 08:50 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-15 08:50 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-15 08:50 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-15 08:50 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-15 08:50 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-15 08:50 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST
2013-12-14 05:42 - 2013-11-30 01:12 - 00530578 _____ C:\Windows\WindowsUpdate.log
2013-12-14 05:40 - 2013-11-29 14:11 - 00007931 _____ C:\Windows\setupact.log
2013-12-14 05:39 - 2012-10-06 09:36 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\Skype
2013-12-14 05:36 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-14 05:36 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-14 05:33 - 2012-04-06 11:09 - 00700720 _____ C:\Windows\System32\perfh007.dat
2013-12-14 05:33 - 2012-04-06 11:09 - 00150326 _____ C:\Windows\System32\perfc007.dat
2013-12-14 05:33 - 2009-07-13 21:13 - 01624106 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-14 05:29 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-14 05:05 - 2013-06-29 00:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-14 04:57 - 2013-12-10 07:56 - 00006690 _____ C:\Windows\PFRO.log
2013-12-13 15:18 - 2013-12-13 08:36 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit
2013-12-13 14:07 - 2013-12-13 14:07 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs
2013-12-13 10:56 - 2013-12-13 10:56 - 00000009 _____ C:\END
2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL
2013-12-13 08:40 - 2013-12-13 08:40 - 00000000 ___SD C:\ComboFix
2013-12-13 08:40 - 2013-12-13 08:31 - 00000000 ____D C:\Qoobox
2013-12-13 08:38 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-12-13 08:37 - 2013-12-13 08:31 - 00000000 ____D C:\Windows\erdnt
2013-12-13 08:37 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-12-13 08:26 - 2013-12-13 08:25 - 05154339 ____R (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe
2013-12-12 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-11 11:07 - 2013-06-29 00:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 11:06 - 2013-04-26 02:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 11:06 - 2013-04-26 02:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 10:34 - 2013-11-30 01:10 - 00326280 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-11 10:34 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 10:21 - 2012-06-24 23:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 10:20 - 2013-07-11 11:33 - 00000000 ____D C:\Windows\System32\MRT
2013-12-11 10:19 - 2012-06-22 05:14 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA
2013-11-29 15:00 - 2013-11-29 15:00 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-29 14:11 - 2013-11-29 14:11 - 00000000 _____ C:\Windows\setuperr.log
2013-11-28 08:11 - 2012-11-17 05:39 - 01598386 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-26 23:31 - 2013-08-28 08:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-26 23:31 - 2012-02-24 04:59 - 00000000 ____D C:\ProgramData\Skype
2013-11-26 03:54 - 2013-12-11 10:20 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-26 02:19 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-26 02:18 - 2013-12-11 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 02:11 - 2013-12-11 10:20 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 01:48 - 2013-12-11 10:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-26 01:46 - 2013-12-11 10:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-11-26 01:41 - 2013-12-11 10:20 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-26 01:29 - 2013-12-11 10:20 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-26 01:27 - 2013-12-11 10:20 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-26 01:23 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 01:21 - 2013-12-11 10:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-26 01:18 - 2013-12-11 10:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-26 01:18 - 2013-12-11 10:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-11-26 01:16 - 2013-12-11 10:20 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-11-26 00:57 - 2013-12-11 10:20 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-26 00:38 - 2013-12-11 10:20 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 00:38 - 2013-12-11 10:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 00:35 - 2013-12-11 10:20 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-26 00:32 - 2013-12-11 10:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 00:28 - 2013-12-11 10:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 00:16 - 2013-12-11 10:20 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 00:02 - 2013-12-11 10:20 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-25 23:48 - 2013-12-11 10:20 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-25 23:32 - 2013-12-11 10:20 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-25 23:26 - 2013-12-11 10:20 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-25 23:07 - 2013-12-11 10:20 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-25 22:40 - 2013-12-11 10:20 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-25 22:34 - 2013-12-11 10:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-25 22:34 - 2013-12-11 10:20 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-25 22:33 - 2013-12-11 10:20 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-25 22:27 - 2013-12-11 10:20 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-25 09:37 - 2012-12-08 01:22 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\vlc
2013-11-25 08:54 - 2013-11-25 08:54 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\{03C89020-8369-4757-82C6-FE65595F01D0}
2013-11-23 10:26 - 2013-12-11 10:13 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 09:47 - 2013-12-11 10:13 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-11-23 03:48 - 2013-11-23 03:48 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\{E45465FB-609F-48F6-845B-B09FDFA8307C}
2013-11-23 03:48 - 2012-06-25 01:25 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\Windows Live
2013-11-23 03:26 - 2012-08-13 06:38 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\CrashDumps
2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV
2013-11-20 21:43 - 2013-10-13 05:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-20 12:36 - 2012-04-06 01:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-20 12:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2013-11-20 12:35 - 2013-10-13 05:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-11-20 12:35 - 2012-04-06 01:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation
2013-11-17 05:11 - 2012-06-22 04:49 - 00000000 ____D C:\ProgramData\Norton
2013-11-17 05:09 - 2012-12-05 10:22 - 00001310 _____ C:\Users\MeinerSein\Desktop\Norton-Installationsdateien.lnk
2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-11-17 04:59 - 2012-06-22 05:11 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-11-17 04:59 - 2012-06-22 04:59 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-11-17 04:58 - 2012-06-22 05:00 - 00177752 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-11-17 04:58 - 2012-06-22 05:00 - 00008222 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-11-17 04:58 - 2012-06-22 04:59 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-11-17 04:21 - 2012-06-22 05:06 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-16 13:24 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2013-11-16 13:02 - 2013-09-02 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 01:05 - 2013-11-16 01:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 08:58 - 2012-06-25 00:51 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\Adobe
2013-11-14 03:58 - 2013-11-20 12:32 - 30361888 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 18293608 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 18208624 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 12613408 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-11-14 03:58 - 2013-11-20 12:32 - 11600432 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 11514624 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 03132704 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 03125024 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 03069608 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433182.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433182.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 01436528 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 00707360 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 00657184 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 00479520 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 00357152 _____ C:\Windows\System32\NvIFROpenGL.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-11-14 03:58 - 2013-11-20 12:32 - 00032544 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
2013-11-14 03:58 - 2013-11-20 12:32 - 00023754 _____ C:\Windows\System32\nvinfo.pb

Some content of TEMP:
====================
C:\Users\MeinerSein\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\MeinerSein\AppData\Local\Temp\ResetDevice.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

4
Restore point made on: 2013-12-06 07:21:36
Restore point made on: 2013-12-11 10:19:04
Restore point made on: 2013-12-13 08:33:06
Restore point made on: 2013-12-13 09:44:43

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {9cc03a13-801b-11e1-90c1-e792024502da}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 10

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {9cc03a13-801b-11e1-90c1-e792024502da}
nx                      OptIn
bootlog                 No

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\9cc03a15-801b-11e1-90c1-e792024502da\Winre.wim,{9cc03a16-801b-11e1-90c1-e792024502da}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\9cc03a15-801b-11e1-90c1-e792024502da\Winre.wim,{9cc03a16-801b-11e1-90c1-e792024502da}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {9cc03a13-801b-11e1-90c1-e792024502da}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {9cc03a16-801b-11e1-90c1-e792024502da}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\9cc03a15-801b-11e1-90c1-e792024502da\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 7%
Total physical RAM: 16222.36 MB
Available physical RAM: 14928.65 MB
Total Pagefile: 16220.55 MB
Available Pagefile: 14936.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:96.19 GB) (Free:10.73 GB) NTFS
Drive d: (DATA) (Fixed) (Total:465.68 GB) (Free:286.21 GB) NTFS
Drive f: (Linux) (Fixed) (Total:100.01 GB) (Free:99.91 GB) NTFS
Drive g: (home) (Fixed) (Total:365.82 GB) (Free:365.72 GB) NTFS
Drive h: (PQSERVICE) (Fixed) (Total:15.5 GB) (Free:0.74 GB) NTFS
Drive j: (o_tel_o) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
Drive l: (8GBVODAFONE) (Removable) (Total:7.66 GB) (Free:7.66 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3194C7A0)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=96 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3194C74E)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=366 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 8 GB) (Disk ID: E06FCDEC)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)


LastRegBack: 2013-12-11 12:10

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Ich muss aber auch dazu sagen, dass ich bereits gestern Abend mit Malwarebytes mein System gescannt hatte. Die gefundenen Dateien bezogen sich auf das Makwarebytes-Programm. Die hatte ich dann gelöscht.

Ach ja, OTL hatte ich auch versucht. Die entsprechenden Dateien hab ich mir gespeichert.


Alt 15.12.2013, 06:50   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Paysafe-Trojaner eingefangen - was kann ich tun? - Standard

Paysafe-Trojaner eingefangen - was kann ich tun?



Der Rechner sollte ganz normal booten. Ist das so? Wenn ja:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Paysafe-Trojaner eingefangen - was kann ich tun?

Alt 15.12.2013, 12:31   #7
Meinersein
 
Paysafe-Trojaner eingefangen - was kann ich tun? - Standard

Paysafe-Trojaner eingefangen - was kann ich tun?



Code:
ATTFilter
ComboFix 13-12-13.01 - MeinerSein 15.12.2013  12:20:52.3.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.16222.14005 [GMT 1:00]
ausgeführt von:: c:\users\MeinerSein\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-15 bis 2013-12-15  ))))))))))))))))))))))))))))))
.
.
2013-12-15 11:24 . 2013-12-15 11:24	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-12-15 11:24 . 2013-12-15 11:24	--------	d-----w-	c:\users\UpdatusUser.MeinerSein-PC\AppData\Local\temp
2013-12-15 11:24 . 2013-12-15 11:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-12-14 22:52 . 2013-12-14 22:52	--------	d-----w-	C:\FRST
2013-12-13 22:07 . 2013-12-13 22:07	--------	d-----w-	C:\Progs
2013-12-13 22:07 . 2013-04-04 13:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-12-11 18:21 . 2013-05-10 05:56	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2013-12-11 18:21 . 2013-05-10 04:56	12625408	----a-w-	c:\windows\SysWow64\wmploc.DLL
2013-12-11 18:21 . 2013-05-10 04:30	167424	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 18:21 . 2013-05-10 03:48	164864	----a-w-	c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 18:21 . 2013-05-10 05:56	14631424	----a-w-	c:\windows\system32\wmp.dll
2013-12-11 18:14 . 2013-11-12 02:23	2048	----a-w-	c:\windows\system32\tzres.dll
2013-12-11 18:14 . 2013-11-12 02:07	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-12-06 14:09 . 2013-12-06 14:09	--------	d-----w-	c:\users\MeinerSein\AppData\Roaming\NVIDIA
2013-11-27 16:21 . 2013-11-27 16:21	--------	d-----w-	c:\windows\Migration
2013-11-23 10:13 . 2013-11-23 10:13	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-23 10:13 . 2013-11-23 10:13	--------	d-----w-	c:\program files\iTunes
2013-11-23 10:13 . 2013-11-23 10:13	--------	d-----w-	c:\program files\iPod
2013-11-21 05:43 . 2013-11-21 05:43	--------	d-----w-	c:\windows\SysWow64\NV
2013-11-21 05:43 . 2013-11-21 05:43	--------	d-----w-	c:\windows\system32\NV
2013-11-20 20:36 . 2013-11-11 15:02	6674208	----a-w-	c:\windows\system32\nvcpl.dll
2013-11-20 20:36 . 2013-11-11 15:02	3490080	----a-w-	c:\windows\system32\nvsvc64.dll
2013-11-20 20:36 . 2013-11-11 15:01	922912	----a-w-	c:\windows\system32\nvvsvc.exe
2013-11-20 20:36 . 2013-11-11 15:01	67072	----a-w-	c:\windows\system32\nv3dappshextr.dll
2013-11-20 20:36 . 2013-11-11 15:01	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-11-20 20:36 . 2013-11-11 15:01	2559776	----a-w-	c:\windows\system32\nvsvcr.dll
2013-11-20 20:36 . 2013-11-11 15:01	219424	----a-w-	c:\windows\system32\nvmctray.dll
2013-11-20 20:36 . 2013-11-11 15:01	1065248	----a-w-	c:\windows\system32\nv3dappshext.dll
2013-11-20 20:36 . 2013-11-11 15:01	3467927	----a-w-	c:\windows\system32\nvcoproc.bin
2013-11-19 18:13 . 2013-11-19 18:13	--------	d-----w-	c:\users\MeinerSein\AppData\Local\NVIDIA Corporation
2013-11-17 12:58 . 2013-11-27 07:53	--------	d-----w-	c:\windows\system32\drivers\NISx64\1501000.012
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 19:06 . 2013-04-26 10:34	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 19:06 . 2013-04-26 10:34	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 18:19 . 2012-06-22 13:14	90708896	----a-w-	c:\windows\system32\MRT.exe
2013-11-17 12:58 . 2012-06-22 13:00	177752	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-11-12 14:45 . 2013-11-12 14:45	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-12 14:45 . 2013-11-12 14:45	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-11-12 14:45 . 2013-11-12 14:45	942592	----a-w-	c:\windows\system32\jsIntl.dll
2013-11-12 14:45 . 2013-11-12 14:45	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-11-12 14:45 . 2013-11-12 14:45	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-11-12 14:45 . 2013-11-12 14:45	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-11-12 14:45 . 2013-11-12 14:45	84992	----a-w-	c:\windows\system32\mshtmled.dll
2013-11-12 14:45 . 2013-11-12 14:45	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2013-11-12 14:45 . 2013-11-12 14:45	81408	----a-w-	c:\windows\system32\icardie.dll
2013-11-12 14:45 . 2013-11-12 14:45	774144	----a-w-	c:\windows\system32\jscript.dll
2013-11-12 14:45 . 2013-11-12 14:45	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-11-12 14:45 . 2013-11-12 14:45	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-12 14:45 . 2013-11-12 14:45	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-12 14:45 . 2013-11-12 14:45	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2013-11-12 14:45 . 2013-11-12 14:45	626176	----a-w-	c:\windows\system32\msfeeds.dll
2013-11-12 14:45 . 2013-11-12 14:45	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-11-12 14:45 . 2013-11-12 14:45	62464	----a-w-	c:\windows\system32\pngfilt.dll
2013-11-12 14:45 . 2013-11-12 14:45	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2013-11-12 14:45 . 2013-11-12 14:45	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-11-12 14:45 . 2013-11-12 14:45	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2013-11-12 14:45 . 2013-11-12 14:45	548352	----a-w-	c:\windows\system32\vbscript.dll
2013-11-12 14:45 . 2013-11-12 14:45	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-11-12 14:45 . 2013-11-12 14:45	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2013-11-12 14:45 . 2013-11-12 14:45	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-11-12 14:45 . 2013-11-12 14:45	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-11-12 14:45 . 2013-11-12 14:45	48128	----a-w-	c:\windows\system32\imgutil.dll
2013-11-12 14:45 . 2013-11-12 14:45	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-11-12 14:45 . 2013-11-12 14:45	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2013-11-12 14:45 . 2013-11-12 14:45	413696	----a-w-	c:\windows\system32\html.iec
2013-11-12 14:45 . 2013-11-12 14:45	40448	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 14:45 . 2013-11-12 14:45	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-11-12 14:45 . 2013-11-12 14:45	34816	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-12 14:45 . 2013-11-12 14:45	337408	----a-w-	c:\windows\SysWow64\html.iec
2013-11-12 14:45 . 2013-11-12 14:45	30208	----a-w-	c:\windows\system32\licmgr10.dll
2013-11-12 14:45 . 2013-11-12 14:45	296960	----a-w-	c:\windows\system32\dxtrans.dll
2013-11-12 14:45 . 2013-11-12 14:45	263376	----a-w-	c:\windows\system32\iedkcs32.dll
2013-11-12 14:45 . 2013-11-12 14:45	247808	----a-w-	c:\windows\system32\msls31.dll
2013-11-12 14:45 . 2013-11-12 14:45	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-11-12 14:45 . 2013-11-12 14:45	243200	----a-w-	c:\windows\system32\webcheck.dll
2013-11-12 14:45 . 2013-11-12 14:45	235520	----a-w-	c:\windows\system32\url.dll
2013-11-12 14:45 . 2013-11-12 14:45	235008	----a-w-	c:\windows\system32\elshyph.dll
2013-11-12 14:45 . 2013-11-12 14:45	195584	----a-w-	c:\windows\system32\msrating.dll
2013-11-12 14:45 . 2013-11-12 14:45	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2013-11-12 14:45 . 2013-11-12 14:45	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-11-12 14:45 . 2013-11-12 14:45	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-11-12 14:45 . 2013-11-12 14:45	147968	----a-w-	c:\windows\system32\occache.dll
2013-11-12 14:45 . 2013-11-12 14:45	143872	----a-w-	c:\windows\system32\wextract.exe
2013-11-12 14:45 . 2013-11-12 14:45	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2013-11-12 14:45 . 2013-11-12 14:45	13824	----a-w-	c:\windows\system32\mshta.exe
2013-11-12 14:45 . 2013-11-12 14:45	135680	----a-w-	c:\windows\system32\iepeers.dll
2013-11-12 14:45 . 2013-11-12 14:45	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2013-11-12 14:45 . 2013-11-12 14:45	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2013-11-12 14:45 . 2013-11-12 14:45	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-11-12 14:45 . 2013-11-12 14:45	1228800	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-11-12 14:45 . 2013-11-12 14:45	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-11-12 14:45 . 2013-11-12 14:45	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-11-12 14:45 . 2013-11-12 14:45	105984	----a-w-	c:\windows\system32\iesysprep.dll
2013-11-12 14:45 . 2013-11-12 14:45	1051136	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-11-12 14:45 . 2013-11-12 14:45	101376	----a-w-	c:\windows\system32\inseng.dll
2013-11-08 20:47 . 2013-11-01 11:18	1064224	----a-w-	c:\windows\system32\nvspcap64.dll
2013-11-08 20:47 . 2013-11-01 11:18	955168	----a-w-	c:\windows\SysWow64\nvspcap.dll
2013-11-07 08:32 . 2013-03-29 23:27	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2013-11-03 19:06 . 2013-11-03 19:06	53248	----a-r-	c:\users\MeinerSein\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-11-02 12:59 . 2012-12-08 23:18	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-11-02 12:59 . 2012-12-08 23:44	281392	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-11-02 12:59 . 2012-12-08 23:18	281392	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-11-02 12:33 . 2012-12-08 23:18	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-11-02 12:30 . 2013-11-02 12:33	3123272	----a-w-	c:\windows\SysWow64\pbsvc.exe
2013-10-14 17:00 . 2013-11-12 14:48	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
2013-09-27 23:01 . 2013-11-01 11:18	39200	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2013-09-27 23:01 . 2013-11-01 11:18	28960	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2013-09-27 23:01 . 2013-10-13 12:58	29984	----a-w-	c:\windows\system32\nvaudcap64v.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\spiele\JA Back in Action\Steam.exe" [2013-12-04 1823656]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-02-22 1105488]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-12-04 291648]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Komsa_Germany Silverstone ModemListener"="c:\program files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe" [2012-03-14 109120]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\MeinerSein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=DEU /_WFM="." [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TraXEx PC-Putzer.lnk - d:\programme\Schutz\TraXEx\TraXEx.exe [2013-7-1 4586512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_80CF330A;CyberLink Product - 2012/04/06 11:45;c:\program files (x86)\Acer\clear.fi SDK20\Movie\NavFilter\kmsvc.exe;c:\program files (x86)\Acer\clear.fi SDK20\Movie\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AlcatelOTnet;AlcatelOT USB-NDIS miniport;c:\windows\system32\DRIVERS\AlcatelOTUsbnet.sys;c:\windows\SYSNATIVE\DRIVERS\AlcatelOTUsbnet.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
R3 DCDhcpService;DCDhcpService;c:\program files (x86)\Acer\WDAgent\DCDhcpService.exe;c:\program files (x86)\Acer\WDAgent\DCDhcpService.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 dcrypt;dcrypt;c:\windows\system32\drivers\dcrypt.sys;c:\windows\SYSNATIVE\drivers\dcrypt.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501000.012\SYMNETS.SYS [x]
S1 xlkfs;xlkfs;c:\windows\system32\DRIVERS\xlkfs.sys;c:\windows\SYSNATIVE\DRIVERS\xlkfs.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Komsa_Germany Silverstone Modem Device Helper;Komsa_Germany Silverstone Modem Device Helper;c:\program files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe;c:\program files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_80CF330A
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-26 19:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-14 12448872]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2012-11-09 661400]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-13 1020064]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-13 800416]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-07 1829768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-14 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-14 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-14 441840]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-08 1064224]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=15996&gct=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - d:\programme\Schutz\TraXEx\Integration\TraXEx Internet Explorer.lnk
IE: {{8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - d:\programme\Schutz\TraXEx\Integration\TraXEx Löschautomat.lnk
FF - ProfilePath - c:\users\MeinerSein\AppData\Roaming\Mozilla\Firefox\Profiles\drd72qol.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2682599&SearchSource=2&CUI=UN52482017372861189&UM=1&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{6457FB0A-5C02-4393-909C-2139A5D5571F} - (no file)
ShellIconOverlayIdentifiers-{871FE18B-B68D-4437-BC76-6634996CDB97} - (no file)
ShellIconOverlayIdentifiers-{1F03249C-6AB2-4E31-8C10-86F7E31E3B4E} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
   7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{311BA51F-64F2-439D-9A4A-772373D77312}"=hex:51,66,7a,6c,4c,1d,38,12,71,a6,08,
   35,c0,2a,f3,06,e5,5c,34,63,76,89,37,06
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
   64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,38,12,aa,f5,03,
   89,33,40,ba,0e,f9,17,52,ec,1a,81,c5,32
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:00,2a,72,0b,cb,a6,cd,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-12-15  12:25:21
ComboFix-quarantined-files.txt  2013-12-15 11:25
ComboFix2.txt  2013-12-15 11:10
ComboFix3.txt  2013-12-13 16:38
.
Vor Suchlauf: 20 Verzeichnis(se), 11.649.429.504 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 11.576.078.336 Bytes frei
.
- - End Of File - - F4A42120719A5D63F5722FCD8B7CADA1
A36C5E4F47E84449FF07ED3517B43A31
         
Der Rechner bootete bisher ganz normal. Auch nach dem Scan.
....die 48h sind auch noch nicht vorüber, erst heute Abend.

Alt 16.12.2013, 08:19   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Paysafe-Trojaner eingefangen - was kann ich tun? - Standard

Paysafe-Trojaner eingefangen - was kann ich tun?



ist das Fenster denn noch da?

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.12.2013, 10:41   #9
Meinersein
 
Paysafe-Trojaner eingefangen - was kann ich tun? - Standard

Paysafe-Trojaner eingefangen - was kann ich tun?



Da ich mobiles Internet nutze hatte ich sofort die Verbindung gekappt und das Fenster ließ sich nur über den Taskmanager schließen. Es ist bisher nicht wieder aufgetaucht. Da ich aber Null Ahnung habe weiss ich nicht, ob der rechner nicht doch irgendwann gesperrt wird und das Fenster wieder auftaucht...
Ich lade mir jetzt die Progs runter und poste später.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.16.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
MeinerSein :: MEINERSEIN-PC [Administrator]

16.12.2013 10:14:39
mbam-log-2013-12-16 (10-14-39).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 263469
Laufzeit: 2 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Nachdem mir AdwCleaner nach dem Suchlauf nichts angezeigt hatte habe ich auf "Löschen" geklickt. Nach dem Neustart des Rechners erschien folgende Datei:

Code:
ATTFilter
# AdwCleaner v3.015 - Bericht erstellt am 16/12/2013 um 10:31:21
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : MeinerSein - MEINERSEIN-PC
# Gestartet von : C:\Users\MeinerSein\Desktop\Sicherheit\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\driver-soft
Ordner Gelöscht : C:\Users\MeinerSein\AppData\LocalLow\AskToolbar
Datei Gelöscht : C:\Users\MeinerSein\AppData\Roaming\Mozilla\Firefox\Profiles\drd72qol.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\MeinerSein\AppData\Roaming\Mozilla\Firefox\Profiles\drd72qol.default\searchplugins\ask-web-search.xml
Datei Gelöscht : C:\Users\MeinerSein\AppData\Roaming\Mozilla\Firefox\Profiles\drd72qol.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\MeinerSein\AppData\Roaming\Mozilla\Firefox\Profiles\drd72qol.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\FLEXnet
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\MeinerSein\AppData\Roaming\Mozilla\Firefox\Profiles\drd72qol.default\prefs.js ]

Zeile gelöscht : user_pref("CT2682599_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386961132610,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFSB16&ctid=CT2682599&SearchSource=13");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "InnoGames Customized Web Search");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB16&ctid=CT2682599&SearchSource=2&q=");
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB16&ctid=CT2682599&SearchSource=2&q=");
Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
Zeile gelöscht : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2682599&SearchSource=2&CUI=UN52482017372861189&UM=1&q=");
Zeile gelöscht : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Zeile gelöscht : user_pref("smartbar.machineId", "A52HC7C0WUTEAVM3FLQSYEYSPMAPOSGXEWENPIMGAQYWVQQ2IXTK3SEPEO4MN9H45RT0SUF2+6RRG2E36PHYRA");
Zeile gelöscht : user_pref("tfp.abs.CT2682599", true);

*************************

AdwCleaner[R0].txt - [4811 octets] - [16/12/2013 10:28:53]
AdwCleaner[S0].txt - [4468 octets] - [16/12/2013 10:31:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4528 octets] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by MeinerSein on 16.12.2013 at 10:40:14,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smarttweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5B8E9723-7B85-4B5C-8624-B82D6CF0AF69}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\smarttweak"
Successfully deleted: [Folder] "C:\Users\MeinerSein\AppData\Roaming\microsoft\windows\start menu\programs\smarttweak software"
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{0121A14E-A78E-4ECD-A242-EF06EB286192}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{03C89020-8369-4757-82C6-FE65595F01D0}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{0C6C2047-A2D4-441E-984E-BE61E8A8406A}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{2754F9DD-E214-4A5F-9EFE-11904CA65FE4}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{450656B2-C873-40D5-9A21-84D664E83AB6}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{5458DDBC-E225-4CD2-A619-52F9F14F32D8}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{60A20C7F-E757-40A0-A5F5-E59C8474C7BE}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{67AEE722-95A5-4AF3-8290-C82EC84072EC}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{75DFF2F9-D31B-4A77-AB02-FDA21A39F647}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{88B1A8B8-71E0-4FAF-9725-4AAAD7186262}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{97AF30EA-FAFF-4695-9C3E-050E67E82A63}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{9F844249-A337-4BEB-9F4A-E7A26FA29EAD}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{9FF89DA7-15AF-4503-9277-09C0C71FD807}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{A7951F1B-384C-4A7E-939B-EE8362A05070}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{DFEBECC4-61A8-4E39-B30F-7DA0829D1D2C}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{E45465FB-609F-48F6-845B-B09FDFA8307C}
Successfully deleted: [Empty Folder] C:\Users\MeinerSein\appdata\local\{F1A16BAB-06F0-4B2D-8EF8-7E1C0590AE9B}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.12.2013 at 10:46:28,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
"frisches" FSRT


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013
Ran by SYSTEM on MININT-4EQL4FU on 16-12-2013 11:15:47
Running from L:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-07] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [661400 2012-11-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-01-20] ()
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-02-22] (Dritek System Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Komsa_Germany Silverstone ModemListener] - C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe [109120 2012-03-14] ()
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\MeinerSein\...\Run: [Steam] - D:\Spiele\JA Back in Action\Steam.exe [1823656 2013-12-03] (Valve Corporation)
HKU\MeinerSein\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\MeinerSein\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\UpdatusUser.MeinerSein-PC\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
Startup: C:\Users\MeinerSein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Services (Whitelisted) =================

S2 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2007-03-09] ()
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S2 CLKMSVC10_80CF330A; C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\NavFilter\kmsvc.exe [240112 2011-11-23] (CyberLink)
S3 DCDhcpService; C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe [111776 2012-02-09] (Atheros Communication Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation)
S2 Komsa_Germany Silverstone Modem Device Helper; C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
S2 MBAMScheduler; C:\Progs\Sicherheit\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Progs\Sicherheit\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-11-02] ()

==================== Drivers (Whitelisted) ====================

S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [190024 2010-10-23] ()
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-03] (Qualcomm Atheros Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\ENG64.SYS [126040 2013-11-15] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\EX64.SYS [2099288 2013-11-15] (Symantec Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [30456 2012-05-04] (XOSLAB.COM)
S3 catchme; \??\C:\ComboFix1\catchme.sys [x]
S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\acedrv11.sys A3769020F7E8A70FD3E824C050F33306
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys 808820DEF092FA0A6D93BAE3E5D069CD
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\Apfiltr.sys 968A4A0FD5BF07717F4E869875A4B149
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btath_flt.sys BCC09E0B0362741D0C084828A1B950F3
C:\Windows\System32\DRIVERS\athrx.sys 6B2B5E3C47C7B576A05384FA738FCB06
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys 613883A3BAC6920149C83ED751589433
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\drivers\btath_a2dp.sys C05ED3246C06EC56F10D85B0304CD09E
C:\Windows\System32\drivers\btath_avdt.sys 2D27F7A831657D63AFC78E5E78DCA83F
C:\Windows\System32\DRIVERS\btath_bus.sys E6B734A37ADE36FE1A77035F4E484C8C
C:\Windows\System32\DRIVERS\btath_hcrp.sys FB3833E63FF602B69C2FF085846DCF43
C:\Windows\System32\DRIVERS\btath_lwflt.sys 371A11C1333BA526263A987A93ACDE3D
C:\Windows\System32\DRIVERS\btath_rcp.sys ABCD3C16CA850A7594CEB9AD5D966810
C:\Windows\System32\DRIVERS\btfilter.sys 13BDB661991ACF40ADCB09BD64A8CBEF
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys 0510396A957E9FD7205BA62D3CAE4528
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\drivers\dcrypt.sys 8C93092E61AABECA655590A239DDA392
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 1B7AA375F711F66D5FF2B855F9EC987F
C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 7230C8B80DDE1F0524C353240B78CC0E
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_jubusenum.sys BAFE6B0B92BE69144D59907550A07678
C:\Windows\System32\DRIVERS\ewusbmdm.sys D969D0E26C5B1E813B17066A8318D5D4
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys C224331A54571C8C9162F7714400BBBD
C:\Windows\System32\DRIVERS\iaStorA.sys FA4C48E36F0B24E7E33D3E7E1844B9C9
C:\Windows\System32\DRIVERS\iaStorF.sys 05E24E2CA39C0D2FAADE8FC603345A7D
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys D7CB14B41DA52DF2EC143768E02F0E97
C:\Windows\System32\DRIVERS\igdkmd64.sys 54FB3B4847B6CD8CE1B448471ADFE02A
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys E83BB47C3446F0497019DE7FD6C6A86F
C:\Windows\System32\DRIVERS\IntcDAud.sys 0E0B99617ED3FDB6C5F0E2D62709B5DF
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iusb3hcs.sys 7A4D015FF432645C55C162DADAEA143E
C:\Windows\System32\DRIVERS\iusb3hub.sys 5D6164479F6F900ACD287FDC6935532E
C:\Windows\System32\DRIVERS\iusb3xhc.sys 9F5687C7EFA906E4F33586D393F7C257
C:\Windows\System32\DRIVERS\jrdusbser.sys 5678EC677028221EC5C815BCD07AB697
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys C669E616F41060C37F868B2BBAD92632
C:\Windows\System32\DRIVERS\LHidFilt.Sys 77D5786C6A7765503884E38706C9FD5E
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys F84023FB2E3DEA06103501974A2EDB44
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 2BB3EAE2EA641515D4B205CAB29E1624
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mwlPSDFilter.sys C009123B206C56854F4E88596035231D
C:\Windows\System32\DRIVERS\mwlPSDNServ.sys BF3739EEB9F008B1DEBAC115089A53F8
C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys 38DD143D95E7A01B86F219DDA9C28779
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\ENG64.SYS 702E07EC32F96ACDB873E9A5465D4401
C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\EX64.SYS 302EA314A1AF0D7CEF0A3D0195F79561
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\system32\drivers\NTIDrvr.sys EE3BA1024594D5D09E314F206B94069E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys F554291C0A11F5B713B54C5886D4AA31
C:\Windows\System32\DRIVERS\nvpciflt.sys 3F403A74349FCE04DF8D7BE24E6A02BD
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\drivers\nvvad64v.sys 31B16657118E439B77B0A527F7EA66CB
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\RtsPStor.sys 6E5C3D18C3BCC72AA527DBC5FA61AB8F
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys B84440E7554FC85E900EEF0A7AABA228
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS 8BFD1752AAA15BF47D668E9AC5AF96FB
C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS B18CE01B9C09C59422BA7C7064248B35
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS 5C9EE2303CA7F267665D75237862B39C
C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS 08AF51153E441687130B759A8F6892ED
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 97E11C50CE52277B377396EA8838E539
C:\Windows\System32\DRIVERS\SymIMv.sys 6DE89F4CDF0B31A5BAF2855F9D80F8BA
C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS 48C2934683CBD06F662B088EEF49EF6A
C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS 78A2F073AD9EA5EBC04A70931EA36C9A
C:\Windows\System32\DRIVERS\tap0901.sys F9BE29D5E097F03F81D3CD12B794CB66
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TurboB.sys 20155CF5FB9F7902178D7D5CDC7C0F90
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\system32\drivers\UBHelper.sys A17D5E1A6DF4EAB0A480F2C490DE4C9D
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xlkfs.sys 2AAAEC16CCEAD338EC101723C9EED8F8

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-16 01:56 - 2013-12-16 01:56 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-16 01:46 - 2013-12-16 01:46 - 00002934 _____ C:\Users\MeinerSein\Desktop\JRT.txt
2013-12-16 01:40 - 2013-12-16 01:40 - 00000000 ____D C:\Windows\ERUNT
2013-12-16 01:28 - 2013-12-16 01:31 - 00000000 ____D C:\AdwCleaner
2013-12-16 01:11 - 2013-12-16 01:11 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-15 12:07 - 2013-12-15 12:08 - 05154339 _____ (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe
2013-12-15 03:25 - 2013-12-15 03:25 - 00030721 _____ C:\ComboFix.txt
2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST
2013-12-14 09:31 - 2013-12-14 09:31 - 00007605 _____ C:\Users\MeinerSein\AppData\Local\Resmon.ResmonCfg
2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs
2013-12-13 14:07 - 2013-04-04 05:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL
2013-12-13 08:36 - 2013-12-16 01:38 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit
2013-12-13 08:33 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-13 08:33 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-13 08:33 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-13 08:31 - 2013-12-15 03:25 - 00000000 ____D C:\Qoobox
2013-12-13 08:31 - 2013-12-13 08:37 - 00000000 ____D C:\Windows\erdnt
2013-12-11 10:21 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-12-11 10:21 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-12-11 10:21 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 10:21 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 10:20 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-11 10:20 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-11 10:20 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-11 10:20 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 10:20 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-11 10:20 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-11 10:20 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-11 10:20 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-11 10:20 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-11 10:20 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 10:20 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-11 10:20 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-11 10:20 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-11 10:20 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-11 10:20 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-11 10:20 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 10:20 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 10:20 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-11 10:20 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 10:20 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 10:20 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 10:20 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-11 10:20 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-11 10:20 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 10:20 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 10:20 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-11 10:20 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-11 10:20 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-11 10:20 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 10:20 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 10:20 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 10:14 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-12-11 10:14 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 10:13 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 10:13 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-12-11 10:13 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2013-12-11 10:13 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 10:13 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-11 10:13 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-11 10:13 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 10:13 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2013-12-11 10:13 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-11 10:13 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 10:13 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 10:13 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2013-12-11 10:13 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2013-12-11 10:13 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 10:13 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 10:13 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-12-11 10:13 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA
2013-11-30 01:12 - 2013-12-16 02:00 - 00607293 _____ C:\Windows\WindowsUpdate.log
2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV
2013-11-20 12:36 - 2013-11-11 07:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-11-20 12:36 - 2013-11-11 07:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 03467927 _____ C:\Windows\System32\nvcoproc.bin
2013-11-20 12:36 - 2013-11-11 07:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 01065248 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-11-20 12:36 - 2013-11-11 07:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 00067072 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 30361888 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 18293608 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 18208624 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 12613408 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-11-20 12:32 - 2013-11-14 03:58 - 11600432 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 11514624 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 03132704 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 03125024 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 03069608 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433182.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433182.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01436528 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00707360 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00657184 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00479520 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00357152 _____ C:\Windows\System32\NvIFROpenGL.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00032544 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
2013-11-20 12:32 - 2013-11-14 03:58 - 00023754 _____ C:\Windows\System32\nvinfo.pb
2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation
2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-11-16 01:05 - 2013-12-15 05:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-12-16 02:00 - 2013-11-30 01:12 - 00607293 _____ C:\Windows\WindowsUpdate.log
2013-12-16 01:56 - 2013-12-16 01:56 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-16 01:46 - 2013-12-16 01:46 - 00002934 _____ C:\Users\MeinerSein\Desktop\JRT.txt
2013-12-16 01:40 - 2013-12-16 01:40 - 00000000 ____D C:\Windows\ERUNT
2013-12-16 01:39 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-16 01:39 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-16 01:38 - 2013-12-13 08:36 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit
2013-12-16 01:38 - 2012-04-06 11:09 - 00700720 _____ C:\Windows\System32\perfh007.dat
2013-12-16 01:38 - 2012-04-06 11:09 - 00150326 _____ C:\Windows\System32\perfc007.dat
2013-12-16 01:38 - 2009-07-13 21:13 - 01624106 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-16 01:34 - 2012-10-06 09:36 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\Skype
2013-12-16 01:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-16 01:31 - 2013-12-16 01:28 - 00000000 ____D C:\AdwCleaner
2013-12-16 01:11 - 2013-12-16 01:11 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-16 01:05 - 2013-06-29 00:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-15 12:08 - 2013-12-15 12:07 - 05154339 _____ (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe
2013-12-15 05:22 - 2013-11-16 01:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-15 03:25 - 2013-12-15 03:25 - 00030721 _____ C:\ComboFix.txt
2013-12-15 03:25 - 2013-12-13 08:31 - 00000000 ____D C:\Qoobox
2013-12-15 03:24 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST
2013-12-14 09:31 - 2013-12-14 09:31 - 00007605 _____ C:\Users\MeinerSein\AppData\Local\Resmon.ResmonCfg
2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs
2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL
2013-12-13 08:38 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-12-13 08:37 - 2013-12-13 08:31 - 00000000 ____D C:\Windows\erdnt
2013-12-12 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-11 11:07 - 2013-06-29 00:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 11:06 - 2013-04-26 02:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 11:06 - 2013-04-26 02:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 10:34 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 10:21 - 2012-06-24 23:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 10:20 - 2013-07-11 11:33 - 00000000 ____D C:\Windows\System32\MRT
2013-12-11 10:19 - 2012-06-22 05:14 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA
2013-11-28 08:11 - 2012-11-17 05:39 - 01598386 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-26 23:31 - 2013-08-28 08:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-26 23:31 - 2012-02-24 04:59 - 00000000 ____D C:\ProgramData\Skype
2013-11-26 03:54 - 2013-12-11 10:20 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-26 02:19 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-26 02:18 - 2013-12-11 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 02:11 - 2013-12-11 10:20 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 01:48 - 2013-12-11 10:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-26 01:46 - 2013-12-11 10:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-11-26 01:41 - 2013-12-11 10:20 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-26 01:29 - 2013-12-11 10:20 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-26 01:27 - 2013-12-11 10:20 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-26 01:23 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 01:21 - 2013-12-11 10:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-26 01:18 - 2013-12-11 10:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-26 01:18 - 2013-12-11 10:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-11-26 01:16 - 2013-12-11 10:20 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-11-26 00:57 - 2013-12-11 10:20 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-26 00:38 - 2013-12-11 10:20 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 00:38 - 2013-12-11 10:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 00:35 - 2013-12-11 10:20 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-26 00:32 - 2013-12-11 10:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 00:28 - 2013-12-11 10:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 00:16 - 2013-12-11 10:20 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 00:02 - 2013-12-11 10:20 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-25 23:48 - 2013-12-11 10:20 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-25 23:32 - 2013-12-11 10:20 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-25 23:26 - 2013-12-11 10:20 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-25 23:07 - 2013-12-11 10:20 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-25 22:40 - 2013-12-11 10:20 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-25 22:34 - 2013-12-11 10:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-25 22:34 - 2013-12-11 10:20 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-25 22:33 - 2013-12-11 10:20 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-25 22:27 - 2013-12-11 10:20 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-25 09:37 - 2012-12-08 01:22 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\vlc
2013-11-23 10:26 - 2013-12-11 10:13 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 09:47 - 2013-12-11 10:13 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-11-23 03:48 - 2012-06-25 01:25 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\Windows Live
2013-11-23 03:26 - 2012-08-13 06:38 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\CrashDumps
2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV
2013-11-20 21:43 - 2013-10-13 05:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-20 12:36 - 2012-04-06 01:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-20 12:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2013-11-20 12:35 - 2013-10-13 05:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-11-20 12:35 - 2012-04-06 01:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation
2013-11-17 05:11 - 2012-06-22 04:49 - 00000000 ____D C:\ProgramData\Norton
2013-11-17 05:09 - 2012-12-05 10:22 - 00001310 _____ C:\Users\MeinerSein\Desktop\Norton-Installationsdateien.lnk
2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-11-17 04:59 - 2012-06-22 05:11 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-11-17 04:59 - 2012-06-22 04:59 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-11-17 04:58 - 2012-06-22 05:00 - 00177752 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-11-17 04:58 - 2012-06-22 05:00 - 00008222 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-11-17 04:58 - 2012-06-22 04:59 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-11-17 04:21 - 2012-06-22 05:06 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-16 13:24 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2013-11-16 13:02 - 2013-09-02 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\MeinerSein\AppData\Local\Temp\Quarantine.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

3
Restore point made on: 2013-12-13 08:33:06
Restore point made on: 2013-12-13 09:44:43
Restore point made on: 2013-12-15 03:05:10

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {9cc03a13-801b-11e1-90c1-e792024502da}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 10

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {9cc03a13-801b-11e1-90c1-e792024502da}
nx                      OptIn
bootlog                 No

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\9cc03a15-801b-11e1-90c1-e792024502da\Winre.wim,{9cc03a16-801b-11e1-90c1-e792024502da}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\9cc03a15-801b-11e1-90c1-e792024502da\Winre.wim,{9cc03a16-801b-11e1-90c1-e792024502da}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {9cc03a13-801b-11e1-90c1-e792024502da}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {9cc03a16-801b-11e1-90c1-e792024502da}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\9cc03a15-801b-11e1-90c1-e792024502da\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 7%
Total physical RAM: 16222.36 MB
Available physical RAM: 14943.6 MB
Total Pagefile: 16220.55 MB
Available Pagefile: 14946.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:96.19 GB) (Free:9.93 GB) NTFS
Drive d: (DATA) (Fixed) (Total:465.68 GB) (Free:286.21 GB) NTFS
Drive f: (Linux) (Fixed) (Total:100.01 GB) (Free:99.91 GB) NTFS
Drive g: (home) (Fixed) (Total:365.82 GB) (Free:365.72 GB) NTFS
Drive h: (PQSERVICE) (Fixed) (Total:15.5 GB) (Free:0.74 GB) NTFS
Drive i: (DUNGEONS_GOTY) (CDROM) (Total:2.75 GB) (Free:0 GB) UDF
Drive j: (o_tel_o) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
Drive l: (8GBVODAFONE) (Removable) (Total:7.66 GB) (Free:7.66 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3194C7A0)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=96 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3194C74E)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=366 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 8 GB) (Disk ID: E06FCDEC)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)


LastRegBack: 2013-12-11 12:10

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 16.12.2013, 10:48   #10
Meinersein
 
Paysafe-Trojaner eingefangen - was kann ich tun? - Standard

Paysafe-Trojaner eingefangen - was kann ich tun?



"frisches" FSRT:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013
Ran by SYSTEM on MININT-4EQL4FU on 16-12-2013 11:15:47
Running from L:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-07] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [661400 2012-11-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-01-20] ()
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-02-22] (Dritek System Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Komsa_Germany Silverstone ModemListener] - C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe [109120 2012-03-14] ()
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\MeinerSein\...\Run: [Steam] - D:\Spiele\JA Back in Action\Steam.exe [1823656 2013-12-03] (Valve Corporation)
HKU\MeinerSein\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\MeinerSein\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\UpdatusUser.MeinerSein-PC\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
Startup: C:\Users\MeinerSein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Services (Whitelisted) =================

S2 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2007-03-09] ()
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S2 CLKMSVC10_80CF330A; C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\NavFilter\kmsvc.exe [240112 2011-11-23] (CyberLink)
S3 DCDhcpService; C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe [111776 2012-02-09] (Atheros Communication Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation)
S2 Komsa_Germany Silverstone Modem Device Helper; C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
S2 MBAMScheduler; C:\Progs\Sicherheit\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Progs\Sicherheit\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-11-02] ()

==================== Drivers (Whitelisted) ====================

S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [190024 2010-10-23] ()
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-03] (Qualcomm Atheros Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\ENG64.SYS [126040 2013-11-15] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\EX64.SYS [2099288 2013-11-15] (Symantec Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [30456 2012-05-04] (XOSLAB.COM)
S3 catchme; \??\C:\ComboFix1\catchme.sys [x]
S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\acedrv11.sys A3769020F7E8A70FD3E824C050F33306
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys 808820DEF092FA0A6D93BAE3E5D069CD
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\Apfiltr.sys 968A4A0FD5BF07717F4E869875A4B149
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btath_flt.sys BCC09E0B0362741D0C084828A1B950F3
C:\Windows\System32\DRIVERS\athrx.sys 6B2B5E3C47C7B576A05384FA738FCB06
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys 613883A3BAC6920149C83ED751589433
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\drivers\btath_a2dp.sys C05ED3246C06EC56F10D85B0304CD09E
C:\Windows\System32\drivers\btath_avdt.sys 2D27F7A831657D63AFC78E5E78DCA83F
C:\Windows\System32\DRIVERS\btath_bus.sys E6B734A37ADE36FE1A77035F4E484C8C
C:\Windows\System32\DRIVERS\btath_hcrp.sys FB3833E63FF602B69C2FF085846DCF43
C:\Windows\System32\DRIVERS\btath_lwflt.sys 371A11C1333BA526263A987A93ACDE3D
C:\Windows\System32\DRIVERS\btath_rcp.sys ABCD3C16CA850A7594CEB9AD5D966810
C:\Windows\System32\DRIVERS\btfilter.sys 13BDB661991ACF40ADCB09BD64A8CBEF
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys 0510396A957E9FD7205BA62D3CAE4528
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\drivers\dcrypt.sys 8C93092E61AABECA655590A239DDA392
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 1B7AA375F711F66D5FF2B855F9EC987F
C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 7230C8B80DDE1F0524C353240B78CC0E
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_jubusenum.sys BAFE6B0B92BE69144D59907550A07678
C:\Windows\System32\DRIVERS\ewusbmdm.sys D969D0E26C5B1E813B17066A8318D5D4
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys C224331A54571C8C9162F7714400BBBD
C:\Windows\System32\DRIVERS\iaStorA.sys FA4C48E36F0B24E7E33D3E7E1844B9C9
C:\Windows\System32\DRIVERS\iaStorF.sys 05E24E2CA39C0D2FAADE8FC603345A7D
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys D7CB14B41DA52DF2EC143768E02F0E97
C:\Windows\System32\DRIVERS\igdkmd64.sys 54FB3B4847B6CD8CE1B448471ADFE02A
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys E83BB47C3446F0497019DE7FD6C6A86F
C:\Windows\System32\DRIVERS\IntcDAud.sys 0E0B99617ED3FDB6C5F0E2D62709B5DF
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iusb3hcs.sys 7A4D015FF432645C55C162DADAEA143E
C:\Windows\System32\DRIVERS\iusb3hub.sys 5D6164479F6F900ACD287FDC6935532E
C:\Windows\System32\DRIVERS\iusb3xhc.sys 9F5687C7EFA906E4F33586D393F7C257
C:\Windows\System32\DRIVERS\jrdusbser.sys 5678EC677028221EC5C815BCD07AB697
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys C669E616F41060C37F868B2BBAD92632
C:\Windows\System32\DRIVERS\LHidFilt.Sys 77D5786C6A7765503884E38706C9FD5E
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys F84023FB2E3DEA06103501974A2EDB44
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 2BB3EAE2EA641515D4B205CAB29E1624
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mwlPSDFilter.sys C009123B206C56854F4E88596035231D
C:\Windows\System32\DRIVERS\mwlPSDNServ.sys BF3739EEB9F008B1DEBAC115089A53F8
C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys 38DD143D95E7A01B86F219DDA9C28779
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\ENG64.SYS 702E07EC32F96ACDB873E9A5465D4401
C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\EX64.SYS 302EA314A1AF0D7CEF0A3D0195F79561
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\system32\drivers\NTIDrvr.sys EE3BA1024594D5D09E314F206B94069E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys F554291C0A11F5B713B54C5886D4AA31
C:\Windows\System32\DRIVERS\nvpciflt.sys 3F403A74349FCE04DF8D7BE24E6A02BD
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\drivers\nvvad64v.sys 31B16657118E439B77B0A527F7EA66CB
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\RtsPStor.sys 6E5C3D18C3BCC72AA527DBC5FA61AB8F
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys B84440E7554FC85E900EEF0A7AABA228
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS 8BFD1752AAA15BF47D668E9AC5AF96FB
C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS B18CE01B9C09C59422BA7C7064248B35
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS 5C9EE2303CA7F267665D75237862B39C
C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS 08AF51153E441687130B759A8F6892ED
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 97E11C50CE52277B377396EA8838E539
C:\Windows\System32\DRIVERS\SymIMv.sys 6DE89F4CDF0B31A5BAF2855F9D80F8BA
C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS 48C2934683CBD06F662B088EEF49EF6A
C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS 78A2F073AD9EA5EBC04A70931EA36C9A
C:\Windows\System32\DRIVERS\tap0901.sys F9BE29D5E097F03F81D3CD12B794CB66
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TurboB.sys 20155CF5FB9F7902178D7D5CDC7C0F90
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\system32\drivers\UBHelper.sys A17D5E1A6DF4EAB0A480F2C490DE4C9D
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xlkfs.sys 2AAAEC16CCEAD338EC101723C9EED8F8

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-16 01:56 - 2013-12-16 01:56 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-16 01:46 - 2013-12-16 01:46 - 00002934 _____ C:\Users\MeinerSein\Desktop\JRT.txt
2013-12-16 01:40 - 2013-12-16 01:40 - 00000000 ____D C:\Windows\ERUNT
2013-12-16 01:28 - 2013-12-16 01:31 - 00000000 ____D C:\AdwCleaner
2013-12-16 01:11 - 2013-12-16 01:11 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-15 12:07 - 2013-12-15 12:08 - 05154339 _____ (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe
2013-12-15 03:25 - 2013-12-15 03:25 - 00030721 _____ C:\ComboFix.txt
2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST
2013-12-14 09:31 - 2013-12-14 09:31 - 00007605 _____ C:\Users\MeinerSein\AppData\Local\Resmon.ResmonCfg
2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs
2013-12-13 14:07 - 2013-04-04 05:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL
2013-12-13 08:36 - 2013-12-16 01:38 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit
2013-12-13 08:33 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-13 08:33 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-13 08:33 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-13 08:31 - 2013-12-15 03:25 - 00000000 ____D C:\Qoobox
2013-12-13 08:31 - 2013-12-13 08:37 - 00000000 ____D C:\Windows\erdnt
2013-12-11 10:21 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-12-11 10:21 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-12-11 10:21 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 10:21 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 10:20 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-11 10:20 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-11 10:20 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-11 10:20 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 10:20 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-11 10:20 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-11 10:20 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-11 10:20 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-11 10:20 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-11 10:20 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 10:20 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-11 10:20 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-11 10:20 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-11 10:20 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-11 10:20 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-11 10:20 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 10:20 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 10:20 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-11 10:20 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 10:20 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 10:20 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 10:20 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-11 10:20 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-11 10:20 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 10:20 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 10:20 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-11 10:20 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-11 10:20 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-11 10:20 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 10:20 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 10:20 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 10:14 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-12-11 10:14 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 10:13 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 10:13 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-12-11 10:13 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2013-12-11 10:13 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 10:13 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-11 10:13 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-11 10:13 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 10:13 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2013-12-11 10:13 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-11 10:13 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 10:13 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 10:13 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2013-12-11 10:13 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2013-12-11 10:13 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 10:13 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 10:13 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-12-11 10:13 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA
2013-11-30 01:12 - 2013-12-16 02:00 - 00607293 _____ C:\Windows\WindowsUpdate.log
2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV
2013-11-20 12:36 - 2013-11-11 07:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-11-20 12:36 - 2013-11-11 07:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 03467927 _____ C:\Windows\System32\nvcoproc.bin
2013-11-20 12:36 - 2013-11-11 07:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 01065248 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-11-20 12:36 - 2013-11-11 07:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 00067072 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 30361888 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 18293608 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 18208624 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 12613408 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-11-20 12:32 - 2013-11-14 03:58 - 11600432 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 11514624 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 03132704 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 03125024 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 03069608 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433182.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433182.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01436528 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00707360 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00657184 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00479520 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00357152 _____ C:\Windows\System32\NvIFROpenGL.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00032544 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
2013-11-20 12:32 - 2013-11-14 03:58 - 00023754 _____ C:\Windows\System32\nvinfo.pb
2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation
2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-11-16 01:05 - 2013-12-15 05:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-12-16 02:00 - 2013-11-30 01:12 - 00607293 _____ C:\Windows\WindowsUpdate.log
2013-12-16 01:56 - 2013-12-16 01:56 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-16 01:46 - 2013-12-16 01:46 - 00002934 _____ C:\Users\MeinerSein\Desktop\JRT.txt
2013-12-16 01:40 - 2013-12-16 01:40 - 00000000 ____D C:\Windows\ERUNT
2013-12-16 01:39 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-16 01:39 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-16 01:38 - 2013-12-13 08:36 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit
2013-12-16 01:38 - 2012-04-06 11:09 - 00700720 _____ C:\Windows\System32\perfh007.dat
2013-12-16 01:38 - 2012-04-06 11:09 - 00150326 _____ C:\Windows\System32\perfc007.dat
2013-12-16 01:38 - 2009-07-13 21:13 - 01624106 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-16 01:34 - 2012-10-06 09:36 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\Skype
2013-12-16 01:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-16 01:31 - 2013-12-16 01:28 - 00000000 ____D C:\AdwCleaner
2013-12-16 01:11 - 2013-12-16 01:11 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-16 01:05 - 2013-06-29 00:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-15 12:08 - 2013-12-15 12:07 - 05154339 _____ (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe
2013-12-15 05:22 - 2013-11-16 01:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-15 03:25 - 2013-12-15 03:25 - 00030721 _____ C:\ComboFix.txt
2013-12-15 03:25 - 2013-12-13 08:31 - 00000000 ____D C:\Qoobox
2013-12-15 03:24 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST
2013-12-14 09:31 - 2013-12-14 09:31 - 00007605 _____ C:\Users\MeinerSein\AppData\Local\Resmon.ResmonCfg
2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs
2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL
2013-12-13 08:38 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-12-13 08:37 - 2013-12-13 08:31 - 00000000 ____D C:\Windows\erdnt
2013-12-12 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-11 11:07 - 2013-06-29 00:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 11:06 - 2013-04-26 02:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 11:06 - 2013-04-26 02:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 10:34 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 10:21 - 2012-06-24 23:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 10:20 - 2013-07-11 11:33 - 00000000 ____D C:\Windows\System32\MRT
2013-12-11 10:19 - 2012-06-22 05:14 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA
2013-11-28 08:11 - 2012-11-17 05:39 - 01598386 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-26 23:31 - 2013-08-28 08:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-26 23:31 - 2012-02-24 04:59 - 00000000 ____D C:\ProgramData\Skype
2013-11-26 03:54 - 2013-12-11 10:20 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-26 02:19 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-26 02:18 - 2013-12-11 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 02:11 - 2013-12-11 10:20 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 01:48 - 2013-12-11 10:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-26 01:46 - 2013-12-11 10:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-11-26 01:41 - 2013-12-11 10:20 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-26 01:29 - 2013-12-11 10:20 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-26 01:27 - 2013-12-11 10:20 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-26 01:23 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 01:21 - 2013-12-11 10:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-26 01:18 - 2013-12-11 10:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-26 01:18 - 2013-12-11 10:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-11-26 01:16 - 2013-12-11 10:20 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-11-26 00:57 - 2013-12-11 10:20 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-26 00:38 - 2013-12-11 10:20 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 00:38 - 2013-12-11 10:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 00:35 - 2013-12-11 10:20 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-26 00:32 - 2013-12-11 10:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 00:28 - 2013-12-11 10:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 00:16 - 2013-12-11 10:20 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 00:02 - 2013-12-11 10:20 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-25 23:48 - 2013-12-11 10:20 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-25 23:32 - 2013-12-11 10:20 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-25 23:26 - 2013-12-11 10:20 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-25 23:07 - 2013-12-11 10:20 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-25 22:40 - 2013-12-11 10:20 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-25 22:34 - 2013-12-11 10:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-25 22:34 - 2013-12-11 10:20 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-25 22:33 - 2013-12-11 10:20 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-25 22:27 - 2013-12-11 10:20 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-25 09:37 - 2012-12-08 01:22 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\vlc
2013-11-23 10:26 - 2013-12-11 10:13 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 09:47 - 2013-12-11 10:13 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-11-23 03:48 - 2012-06-25 01:25 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\Windows Live
2013-11-23 03:26 - 2012-08-13 06:38 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\CrashDumps
2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV
2013-11-20 21:43 - 2013-10-13 05:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-20 12:36 - 2012-04-06 01:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-20 12:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2013-11-20 12:35 - 2013-10-13 05:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-11-20 12:35 - 2012-04-06 01:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation
2013-11-17 05:11 - 2012-06-22 04:49 - 00000000 ____D C:\ProgramData\Norton
2013-11-17 05:09 - 2012-12-05 10:22 - 00001310 _____ C:\Users\MeinerSein\Desktop\Norton-Installationsdateien.lnk
2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-11-17 04:59 - 2012-06-22 05:11 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-11-17 04:59 - 2012-06-22 04:59 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-11-17 04:58 - 2012-06-22 05:00 - 00177752 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-11-17 04:58 - 2012-06-22 05:00 - 00008222 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-11-17 04:58 - 2012-06-22 04:59 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-11-17 04:21 - 2012-06-22 05:06 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-16 13:24 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2013-11-16 13:02 - 2013-09-02 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\MeinerSein\AppData\Local\Temp\Quarantine.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

3
Restore point made on: 2013-12-13 08:33:06
Restore point made on: 2013-12-13 09:44:43
Restore point made on: 2013-12-15 03:05:10

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {9cc03a13-801b-11e1-90c1-e792024502da}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 10

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {9cc03a13-801b-11e1-90c1-e792024502da}
nx                      OptIn
bootlog                 No

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\9cc03a15-801b-11e1-90c1-e792024502da\Winre.wim,{9cc03a16-801b-11e1-90c1-e792024502da}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\9cc03a15-801b-11e1-90c1-e792024502da\Winre.wim,{9cc03a16-801b-11e1-90c1-e792024502da}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {9cc03a13-801b-11e1-90c1-e792024502da}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {9cc03a16-801b-11e1-90c1-e792024502da}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\9cc03a15-801b-11e1-90c1-e792024502da\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 7%
Total physical RAM: 16222.36 MB
Available physical RAM: 14943.6 MB
Total Pagefile: 16220.55 MB
Available Pagefile: 14946.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:96.19 GB) (Free:9.93 GB) NTFS
Drive d: (DATA) (Fixed) (Total:465.68 GB) (Free:286.21 GB) NTFS
Drive f: (Linux) (Fixed) (Total:100.01 GB) (Free:99.91 GB) NTFS
Drive g: (home) (Fixed) (Total:365.82 GB) (Free:365.72 GB) NTFS
Drive h: (PQSERVICE) (Fixed) (Total:15.5 GB) (Free:0.74 GB) NTFS
Drive i: (DUNGEONS_GOTY) (CDROM) (Total:2.75 GB) (Free:0 GB) UDF
Drive j: (o_tel_o) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
Drive l: (8GBVODAFONE) (Removable) (Total:7.66 GB) (Free:7.66 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3194C7A0)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=96 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3194C74E)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=366 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 8 GB) (Disk ID: E06FCDEC)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)


LastRegBack: 2013-12-11 12:10

==================== End Of Log ============================
         
--- --- ---

Alt 17.12.2013, 08:26   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Paysafe-Trojaner eingefangen - was kann ich tun? - Standard

Paysafe-Trojaner eingefangen - was kann ich tun?




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.12.2013, 20:06   #12
Meinersein
 
Paysafe-Trojaner eingefangen - was kann ich tun? - Standard

Paysafe-Trojaner eingefangen - was kann ich tun?



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9081f811714b164eb674fd7816715d4f
# engine=16301
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-17 07:42:39
# local_time=2013-12-17 08:42:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 88 11220 149905944 0 0
# compatibility_mode=5893 16776574 100 94 13902050 138939209 0 0
# scanned=238588
# found=0
# cleaned=0
# scan_time=7416
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 11.9.900.170  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (25.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Sicherheit Malwarebytes' Anti-Malware mbamscheduler.exe  
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013
Ran by SYSTEM on MININT-8368MPD on 17-12-2013 20:56:57
Running from L:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-07] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [661400 2012-11-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-01-20] ()
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-02-22] (Dritek System Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Komsa_Germany Silverstone ModemListener] - C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe [109120 2012-03-14] ()
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\MeinerSein\...\Run: [Steam] - D:\Spiele\JA Back in Action\Steam.exe [1823656 2013-12-03] (Valve Corporation)
HKU\MeinerSein\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\MeinerSein\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
HKU\UpdatusUser.MeinerSein-PC\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-12] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
Startup: C:\Users\MeinerSein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Services (Whitelisted) =================

S2 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2007-03-09] ()
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S2 CLKMSVC10_80CF330A; C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\NavFilter\kmsvc.exe [240112 2011-11-23] (CyberLink)
S3 DCDhcpService; C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe [111776 2012-02-09] (Atheros Communication Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation)
S2 Komsa_Germany Silverstone Modem Device Helper; C:\Program Files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
S2 MBAMScheduler; C:\Progs\Sicherheit\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Progs\Sicherheit\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-11-02] ()

==================== Drivers (Whitelisted) ====================

S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [190024 2010-10-23] ()
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131216.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-03] (Qualcomm Atheros Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131216.038\ENG64.SYS [126040 2013-11-15] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131216.038\EX64.SYS [2099288 2013-11-15] (Symantec Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [30456 2012-05-04] (XOSLAB.COM)
S3 catchme; \??\C:\ComboFix1\catchme.sys [x]
S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-16 02:34 - 2013-12-17 08:32 - 00000672 _____ C:\Windows\setupact.log
2013-12-16 02:34 - 2013-12-16 02:34 - 00326280 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-16 02:34 - 2013-12-16 02:34 - 00000000 _____ C:\Windows\setuperr.log
2013-12-16 01:56 - 2013-12-16 01:56 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-16 01:46 - 2013-12-16 01:46 - 00002934 _____ C:\Users\MeinerSein\Desktop\JRT.txt
2013-12-16 01:40 - 2013-12-16 01:40 - 00000000 ____D C:\Windows\ERUNT
2013-12-16 01:28 - 2013-12-16 01:31 - 00000000 ____D C:\AdwCleaner
2013-12-16 01:11 - 2013-12-16 01:11 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-15 12:07 - 2013-12-15 12:08 - 05154339 _____ (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe
2013-12-15 03:25 - 2013-12-15 03:25 - 00030721 _____ C:\ComboFix.txt
2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST
2013-12-14 09:31 - 2013-12-14 09:31 - 00007605 _____ C:\Users\MeinerSein\AppData\Local\Resmon.ResmonCfg
2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs
2013-12-13 14:07 - 2013-04-04 05:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL
2013-12-13 08:36 - 2013-12-17 09:16 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit
2013-12-13 08:33 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-13 08:33 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-13 08:33 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-13 08:33 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-13 08:31 - 2013-12-15 03:25 - 00000000 ____D C:\Qoobox
2013-12-13 08:31 - 2013-12-13 08:37 - 00000000 ____D C:\Windows\erdnt
2013-12-11 10:21 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-12-11 10:21 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-12-11 10:21 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 10:21 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 10:20 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-11 10:20 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-11 10:20 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-11 10:20 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 10:20 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-11 10:20 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-11 10:20 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-11 10:20 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-11 10:20 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-11 10:20 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 10:20 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-11 10:20 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-11 10:20 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-11 10:20 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-11 10:20 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-11 10:20 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 10:20 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 10:20 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-11 10:20 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 10:20 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 10:20 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 10:20 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-11 10:20 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-11 10:20 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 10:20 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 10:20 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-11 10:20 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-11 10:20 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-11 10:20 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 10:20 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 10:20 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 10:14 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-12-11 10:14 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 10:13 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 10:13 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-12-11 10:13 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2013-12-11 10:13 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 10:13 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-11 10:13 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-11 10:13 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 10:13 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2013-12-11 10:13 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-11 10:13 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 10:13 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 10:13 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2013-12-11 10:13 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2013-12-11 10:13 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 10:13 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 10:13 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-12-11 10:13 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA
2013-11-30 01:12 - 2013-12-17 11:53 - 00648112 _____ C:\Windows\WindowsUpdate.log
2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV
2013-11-20 12:36 - 2013-11-11 07:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-11-20 12:36 - 2013-11-11 07:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 03467927 _____ C:\Windows\System32\nvcoproc.bin
2013-11-20 12:36 - 2013-11-11 07:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 01065248 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-11-20 12:36 - 2013-11-11 07:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 00067072 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2013-11-20 12:36 - 2013-11-11 07:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 30361888 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 18293608 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 18208624 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 12613408 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-11-20 12:32 - 2013-11-14 03:58 - 11600432 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 11514624 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 03132704 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 03125024 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 03069608 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433182.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433182.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01436528 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00707360 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00657184 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00479520 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00357152 _____ C:\Windows\System32\NvIFROpenGL.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-11-20 12:32 - 2013-11-14 03:58 - 00032544 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
2013-11-20 12:32 - 2013-11-14 03:58 - 00023754 _____ C:\Windows\System32\nvinfo.pb
2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation
2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security

==================== One Month Modified Files and Folders =======

2013-12-17 11:53 - 2013-11-30 01:12 - 00648112 _____ C:\Windows\WindowsUpdate.log
2013-12-17 11:05 - 2013-06-29 00:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-17 09:35 - 2012-04-06 11:09 - 00700720 _____ C:\Windows\System32\perfh007.dat
2013-12-17 09:35 - 2012-04-06 11:09 - 00150326 _____ C:\Windows\System32\perfc007.dat
2013-12-17 09:35 - 2009-07-13 21:13 - 01624106 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-17 09:16 - 2013-12-13 08:36 - 00000000 ___RD C:\Users\MeinerSein\Desktop\Sicherheit
2013-12-17 08:39 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-17 08:39 - 2009-07-13 20:45 - 00022752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-17 08:33 - 2012-10-06 09:36 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\Skype
2013-12-17 08:32 - 2013-12-16 02:34 - 00000672 _____ C:\Windows\setupact.log
2013-12-17 08:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-16 02:34 - 2013-12-16 02:34 - 00326280 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-16 02:34 - 2013-12-16 02:34 - 00000000 _____ C:\Windows\setuperr.log
2013-12-16 01:56 - 2013-12-16 01:56 - 00070736 _____ C:\Users\MeinerSein\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-16 01:46 - 2013-12-16 01:46 - 00002934 _____ C:\Users\MeinerSein\Desktop\JRT.txt
2013-12-16 01:40 - 2013-12-16 01:40 - 00000000 ____D C:\Windows\ERUNT
2013-12-16 01:31 - 2013-12-16 01:28 - 00000000 ____D C:\AdwCleaner
2013-12-16 01:11 - 2013-12-16 01:11 - 00000963 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-15 12:08 - 2013-12-15 12:07 - 05154339 _____ (Swearware) C:\Users\MeinerSein\Desktop\ComboFix.exe
2013-12-15 05:22 - 2013-11-16 01:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-15 03:25 - 2013-12-15 03:25 - 00030721 _____ C:\ComboFix.txt
2013-12-15 03:25 - 2013-12-13 08:31 - 00000000 ____D C:\Qoobox
2013-12-15 03:24 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-12-14 14:52 - 2013-12-14 14:52 - 00000000 ____D C:\FRST
2013-12-14 09:31 - 2013-12-14 09:31 - 00007605 _____ C:\Users\MeinerSein\AppData\Local\Resmon.ResmonCfg
2013-12-13 14:07 - 2013-12-13 14:07 - 00000000 ____D C:\Progs
2013-12-13 10:45 - 2013-12-13 10:45 - 00000000 ____D C:\Users\MeinerSein\Desktop\OTL
2013-12-13 08:38 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-12-13 08:37 - 2013-12-13 08:31 - 00000000 ____D C:\Windows\erdnt
2013-12-12 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-11 11:07 - 2013-06-29 00:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 11:06 - 2013-04-26 02:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 11:06 - 2013-04-26 02:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 10:34 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 10:21 - 2012-06-24 23:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 10:20 - 2013-07-11 11:33 - 00000000 ____D C:\Windows\System32\MRT
2013-12-11 10:19 - 2012-06-22 05:14 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-06 06:09 - 2013-12-06 06:09 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\NVIDIA
2013-11-28 08:11 - 2012-11-17 05:39 - 01598386 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-26 23:31 - 2013-08-28 08:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-26 23:31 - 2012-02-24 04:59 - 00000000 ____D C:\ProgramData\Skype
2013-11-26 03:54 - 2013-12-11 10:20 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-26 02:19 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-26 02:18 - 2013-12-11 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 02:11 - 2013-12-11 10:20 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 01:48 - 2013-12-11 10:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-26 01:46 - 2013-12-11 10:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-11-26 01:41 - 2013-12-11 10:20 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-26 01:29 - 2013-12-11 10:20 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-26 01:27 - 2013-12-11 10:20 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-26 01:23 - 2013-12-11 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 01:21 - 2013-12-11 10:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-26 01:18 - 2013-12-11 10:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-26 01:18 - 2013-12-11 10:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-11-26 01:16 - 2013-12-11 10:20 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-11-26 00:57 - 2013-12-11 10:20 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-26 00:38 - 2013-12-11 10:20 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 00:38 - 2013-12-11 10:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 00:35 - 2013-12-11 10:20 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-26 00:32 - 2013-12-11 10:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 00:28 - 2013-12-11 10:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 00:16 - 2013-12-11 10:20 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 00:02 - 2013-12-11 10:20 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-25 23:48 - 2013-12-11 10:20 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-25 23:32 - 2013-12-11 10:20 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-25 23:26 - 2013-12-11 10:20 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-25 23:07 - 2013-12-11 10:20 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-25 22:40 - 2013-12-11 10:20 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-25 22:34 - 2013-12-11 10:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-25 22:34 - 2013-12-11 10:20 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-25 22:33 - 2013-12-11 10:20 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-25 22:27 - 2013-12-11 10:20 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-25 09:37 - 2012-12-08 01:22 - 00000000 ____D C:\Users\MeinerSein\AppData\Roaming\vlc
2013-11-23 10:26 - 2013-12-11 10:13 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 09:47 - 2013-12-11 10:13 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-11-23 03:48 - 2012-06-25 01:25 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\Windows Live
2013-11-23 03:26 - 2012-08-13 06:38 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\CrashDumps
2013-11-23 02:13 - 2013-11-23 02:13 - 00001542 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iTunes
2013-11-23 02:13 - 2013-11-23 02:13 - 00000000 ____D C:\Program Files\iPod
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-20 21:43 - 2013-11-20 21:43 - 00000000 ____D C:\Windows\System32\NV
2013-11-20 21:43 - 2013-10-13 05:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-20 12:36 - 2012-04-06 01:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-20 12:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2013-11-20 12:35 - 2013-10-13 05:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-11-20 12:35 - 2012-04-06 01:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-19 10:13 - 2013-11-19 10:13 - 00000000 ____D C:\Users\MeinerSein\AppData\Local\NVIDIA Corporation
2013-11-17 05:11 - 2012-06-22 04:49 - 00000000 ____D C:\ProgramData\Norton
2013-11-17 05:09 - 2012-12-05 10:22 - 00001310 _____ C:\Users\MeinerSein\Desktop\Norton-Installationsdateien.lnk
2013-11-17 04:59 - 2013-11-17 04:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-11-17 04:59 - 2012-06-22 05:11 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-11-17 04:59 - 2012-06-22 04:59 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-11-17 04:58 - 2012-06-22 05:00 - 00177752 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-11-17 04:58 - 2012-06-22 05:00 - 00008222 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-11-17 04:58 - 2012-06-22 04:59 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-11-17 04:21 - 2012-06-22 05:06 - 00000000 ____D C:\Users\Public\Downloads\Norton

Some content of TEMP:
====================
C:\Users\MeinerSein\AppData\Local\Temp\Quarantine.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

3
Restore point made on: 2013-12-13 08:33:06
Restore point made on: 2013-12-13 09:44:43
Restore point made on: 2013-12-15 03:05:10

==================== Memory info =========================== 

Percentage of memory in use: 7%
Total physical RAM: 16222.36 MB
Available physical RAM: 14934.34 MB
Total Pagefile: 16220.55 MB
Available Pagefile: 14929.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:96.19 GB) (Free:9.68 GB) NTFS
Drive d: (DATA) (Fixed) (Total:465.68 GB) (Free:286.21 GB) NTFS
Drive f: (Linux) (Fixed) (Total:100.01 GB) (Free:99.91 GB) NTFS
Drive g: (home) (Fixed) (Total:365.82 GB) (Free:365.72 GB) NTFS
Drive h: (PQSERVICE) (Fixed) (Total:15.5 GB) (Free:0.74 GB) NTFS
Drive i: (DUNGEONS_GOTY) (CDROM) (Total:2.75 GB) (Free:0 GB) UDF
Drive j: (o_tel_o) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
Drive l: (8GBVODAFONE) (Removable) (Total:7.66 GB) (Free:7.66 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3194C7A0)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=96 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3194C74E)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=366 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 8 GB) (Disk ID: E06FCDEC)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)


LastRegBack: 2013-12-11 12:10

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Übrigens ist mein Lapi bisher nicht gesperrt worden, die 48h sind bereits seit 1 Tag vorüber. Ich weiss nur nicht, ob die die Malware (oder was auch immer) eingenistet hat und "schlummert" oder ob es sich durch das Schließen des Fensters per Taskmanagers erst gar nicht auf den Lapi installieren konnte.

Alt 18.12.2013, 09:41   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Paysafe-Trojaner eingefangen - was kann ich tun? - Standard

Paysafe-Trojaner eingefangen - was kann ich tun?



Das ist nur Panikmache, das Teil befindet sich nur um Browser, und ist entfernt.

Adobe updaten.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.12.2013, 14:16   #14
Meinersein
 
Paysafe-Trojaner eingefangen - was kann ich tun? - Standard

Paysafe-Trojaner eingefangen - was kann ich tun?



Alles klar. Ich werde das jetzt alles mal Schritt für Schritt "abarbeiten" und dann hier posten.
Und natürlich bin ich super zufrieden mit deiner "Patenschaft". Werde auch sofort dem Link folgen und mich äußern :-)

"Beißt" sich Secunia Personal Software Inspector mit Norton Internet Security?

Alt 19.12.2013, 09:46   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Paysafe-Trojaner eingefangen - was kann ich tun? - Standard

Paysafe-Trojaner eingefangen - was kann ich tun?



Nö, Secunia checkt ja nur nach Updates

Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Paysafe-Trojaner eingefangen - was kann ich tun?
browser, eingefangen, fenster, gefangen, gen, gesperrt, gründe, gründen, inter, interne, internet, laptop, meldung, nutze, paysafe, rückwärts, stunde, surfe, surfen, troja, trojaners, zahlung



Ähnliche Themen: Paysafe-Trojaner eingefangen - was kann ich tun?


  1. Hilfe... awsomehp-Trojaner eingefangen... was kann ich tun
    Log-Analyse und Auswertung - 23.03.2014 (13)
  2. Paysafe GVU - Virus ? eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (11)
  3. Paysafe-Trojaner eingefangen
    Mülltonne - 13.12.2013 (0)
  4. GVU Trojaner eingefangen-kann nicht mehr auf den Desktop zugreifen
    Plagegeister aller Art und deren Bekämpfung - 30.07.2013 (11)
  5. GVU Trojaner (Paysafe)
    Plagegeister aller Art und deren Bekämpfung - 16.01.2013 (20)
  6. AKM 50€ PaySafe Trojaner
    Log-Analyse und Auswertung - 13.11.2012 (10)
  7. AKM/BMI €50 Paysafe-trojaner Problem
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (2)
  8. 100 eur Trojaner eingefangen...kann offline aber nicht online arbeiten...
    Plagegeister aller Art und deren Bekämpfung - 08.09.2012 (1)
  9. Trojaner BMI AKM Paysafe
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (26)
  10. AKM/BM.I Paysafe Trojaner (Einzahlung 100€)
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  11. Hilfe! Paysafe-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.06.2012 (4)
  12. 100€ ukash paysafe Trojaner eingefangen
    Log-Analyse und Auswertung - 30.05.2012 (21)
  13. BKA Trojaner/Virus eingefangen, kann außer abgesichertem Modus nix mehr machen
    Plagegeister aller Art und deren Bekämpfung - 08.11.2011 (15)
  14. Trojaner eingefangen, Trojan.win32.buzus.dajg, Kaspersky kann es nicht beseitigen
    Log-Analyse und Auswertung - 03.10.2010 (1)
  15. Trojaner eingefangen - Norton kann nichts tun
    Plagegeister aller Art und deren Bekämpfung - 23.06.2005 (2)
  16. Kann mir jmd. helfen? Trojaner eingefangen!
    Log-Analyse und Auswertung - 28.05.2005 (15)
  17. Virus/Trojaner eingefangen: Wer kann helfen?
    Plagegeister aller Art und deren Bekämpfung - 10.08.2004 (9)

Zum Thema Paysafe-Trojaner eingefangen - was kann ich tun? - Vor einer knappen Stunde bekam ich beim Surfen die Meldung, dass mein Browser aus "den unten aufgelisteten Gründen" gesperrt wird. Rechts ist ein Fenster, in dem die Zeit von 48h - Paysafe-Trojaner eingefangen - was kann ich tun?...
Archiv
Du betrachtest: Paysafe-Trojaner eingefangen - was kann ich tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.