Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.01.2014, 22:17   #1
SirPatrick
 
Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner? - Standard

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?



Hallo!

Da ich leider nicht weiss, was alles wichtig sein könnte, schreibe ich eine kurze Vorgeschichte und komme zum Ist-Zustand.

Vorgeschichte: Vor ca. zwei Monaten hatte ich den GVU-Trojaner auf meinem Laptop. Ein Bekannter hat mir daraufhin geholfen mein Betriebssystem zu löschen und es neu aufzusetzen (Windows 8 Pro). Bislang hatte ich keinerlei Probleme.

Seit ungefähr zwei Wochen ist mir nun aufgefallen, dass meine erste Shift+Buchstabenkombination einen seltsamen Ton ergibt. Das seltsame für mich daran ist, dass dieser Ton danach nicht mehr auftritt. Zusätzlich ist dieser unter dem Soundschema von Windows nicht zu finden. Habe diesen Ton mit meinem Handy aufgenommen und in meine Dropbox gestellt, da es ein 3GPP-Format hat und im Anhang ungültig ist: https://www.dropbox.com/s/bg77ehl6e5hfblx/seltsamer%20Ton.3gpp
Konnte die Datei mit dem VLC-Player öffnen.

Zusätzlich zu dem "Sound Problem" hat meine Internetverbindung nur bedingt funktioniert. Facebook und Google konnten problemlos geöffnet und benutzt werden, jedoch wurden Bilder und Links unter Google nicht geladen und wenn nur sehr langsam. Am Router kann es nicht liegen, da alle anderen Geräte normal funktionieren. Das gleiche Problem bestand auch in der Uni.

Daraufhin habe ich vorgestern die "tollen" Wiederherstellungsfunktionen von Windows 8.1 Pro ausprobiert, bin jedoch an der Fehlermeldung hängen geblieben:"Medien einlegen. Einige Dateien fehlen. Die Dateien sind auf den Windows Installations- oder Wiederherstellungsmedien enthalten". Wahrscheinlich, da ich auf meinem USB-Stick die Version 8.0 habe und vom Store aus 8.1 installiert habe.

Ist-Zustand: Aus unerklärlichen Gründen hat sich das Problem mit der Internetverbindung von alleine gelöst, sodass eigl. nur noch das "Sound Problem" bleibt. Habe Angst, dass noch Reste vom GVU-Trojaner oder sonstiges damit zutun haben könnten.
Meine Freundin hat mich auf dieses Forum aufmerksam gemacht und ich dachte mir, dass mir vielleicht jemand helfen könnte.

Daher im Folgenden meine Log-Files:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:23 on 23/01/2014 (Paddy)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-01-2014 01
Ran by Paddy (administrator) on PADDYPC on 23-01-2014 20:28:56
Running from C:\Users\Paddy\Downloads
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dropbox, Inc.) C:\Users\Paddy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\nis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {905e865b-e7bf-11e2-be66-806e6f6e6963} - "E:\zdata\cobi.exe" 
MountPoints2: {b88e48e2-0c3e-11e3-be73-ac7289fa72b4} - "G:\SETUP.EXE" 
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL,C:\Windows\system32\nvinitx.dll,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Paddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x53DFF150197CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Paddy\AppData\Roaming\Mozilla\Firefox\Profiles\zrgttdu9.default
FF Homepage: www.google.de
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*'))%20%7B%20return%20'PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Paddy\AppData\Roaming\Mozilla\Firefox\Profiles\zrgttdu9.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-07-08]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Paddy\AppData\Roaming\Mozilla\Firefox\Profiles\zrgttdu9.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-02]
FF Extension: Adblock Plus - C:\Users\Paddy\AppData\Roaming\Mozilla\Firefox\Profiles\zrgttdu9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2014-01-20]

==================== Services (Whitelisted) =================

U2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
U2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-10] (Symantec Corporation)
U1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
U1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-20] (Symantec Corporation)
U3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-20] (Symantec Corporation)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U1 IDSVia64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\IPSDefs\20140122.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 NAVENG; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140123.002\ENG64.SYS [126040 2014-01-20] (Symantec Corporation)
U3 NAVEX15; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140123.002\EX64.SYS [2099288 2014-01-20] (Symantec Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300320 2013-09-05] (NVIDIA Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
U1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
U0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
U0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
U3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-20] (Symantec Corporation)
U1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
U1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-23 20:28 - 2014-01-23 20:29 - 00017785 _____ C:\Users\Paddy\Downloads\FRST.txt
2014-01-23 20:28 - 2014-01-23 20:28 - 00000000 ____D C:\FRST
2014-01-23 20:26 - 2014-01-23 20:27 - 02077696 _____ (Farbar) C:\Users\Paddy\Downloads\FRST64.exe
2014-01-23 20:23 - 2014-01-23 20:23 - 00000472 _____ C:\Users\Paddy\Downloads\defogger_disable.log
2014-01-23 20:23 - 2014-01-23 20:23 - 00000000 _____ C:\Users\Paddy\defogger_reenable
2014-01-23 20:22 - 2014-01-23 20:22 - 00050477 _____ C:\Users\Paddy\Downloads\Defogger.exe
2014-01-23 15:54 - 2014-01-23 15:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security CBE
2014-01-20 16:21 - 2014-01-20 16:21 - 00000000 ____D C:\Users\Paddy\Documents\Symantec
2014-01-20 16:20 - 2014-01-23 15:49 - 00003242 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-01-20 16:20 - 2014-01-23 15:49 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2014-01-20 16:20 - 2014-01-20 16:21 - 00000000 ____D C:\ProgramData\Norton
2014-01-20 16:20 - 2014-01-20 16:20 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-20 16:20 - 2014-01-20 16:20 - 00008222 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-20 16:20 - 2014-01-20 16:20 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-01-20 16:20 - 2014-01-20 16:20 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security CBE
2014-01-20 16:12 - 2014-01-23 15:48 - 00002490 _____ C:\WINDOWS\PFRO.log
2014-01-20 16:11 - 2014-01-19 08:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-20 16:06 - 2014-01-20 16:07 - 00000000 ____D C:\Users\Paddy\Documents\Neuer Ordner
2014-01-20 16:02 - 2014-01-20 16:02 - 00002772 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-01-20 16:02 - 2014-01-20 16:02 - 00000000 ____D C:\Program Files\CCleaner
2014-01-20 16:01 - 2014-01-20 16:01 - 03571656 _____ (Piriform Ltd) C:\Users\Paddy\Downloads\ccsetup409_slim.exe
2014-01-20 15:52 - 2014-01-20 16:03 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-20 14:57 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-20 14:57 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-20 14:57 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-20 14:57 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-20 14:57 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-20 14:57 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-20 14:57 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-20 14:57 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-20 14:57 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-20 14:57 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-20 14:57 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-20 14:54 - 2014-01-20 14:55 - 00000000 _____ C:\Recovery.txt
2013-12-28 00:23 - 2013-12-28 00:23 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\NVIDIA
2013-12-28 00:18 - 2013-12-28 00:19 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\DVDVideoSoft
2013-12-28 00:18 - 2013-12-28 00:19 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-12-28 00:15 - 2013-12-28 00:16 - 90664272 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Paddy\Downloads\FreeStudio.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll

==================== One Month Modified Files and Folders =======

2014-01-23 20:29 - 2014-01-23 20:28 - 00017785 _____ C:\Users\Paddy\Downloads\FRST.txt
2014-01-23 20:28 - 2014-01-23 20:28 - 00000000 ____D C:\FRST
2014-01-23 20:28 - 2013-11-12 12:05 - 01271425 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-23 20:27 - 2014-01-23 20:26 - 02077696 _____ (Farbar) C:\Users\Paddy\Downloads\FRST64.exe
2014-01-23 20:23 - 2014-01-23 20:23 - 00000472 _____ C:\Users\Paddy\Downloads\defogger_disable.log
2014-01-23 20:23 - 2014-01-23 20:23 - 00000000 _____ C:\Users\Paddy\defogger_reenable
2014-01-23 20:23 - 2013-11-12 11:53 - 00000000 ____D C:\Users\Paddy
2014-01-23 20:22 - 2014-01-23 20:22 - 00050477 _____ C:\Users\Paddy\Downloads\Defogger.exe
2014-01-23 20:18 - 2013-08-25 19:09 - 00000000 ____D C:\Users\Paddy\Documents\Outlook-Dateien
2014-01-23 20:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-23 19:52 - 2013-07-08 22:42 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-23 17:44 - 2013-07-08 21:32 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2654971770-2897044524-192207933-1001
2014-01-23 15:57 - 2013-07-08 21:51 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\Dropbox
2014-01-23 15:55 - 2013-07-08 21:54 - 00000000 ___RD C:\Users\Paddy\Dropbox
2014-01-23 15:55 - 2013-07-08 21:52 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-23 15:55 - 2013-07-08 12:26 - 00000000 ___RD C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-23 15:54 - 2014-01-23 15:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security CBE
2014-01-23 15:53 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-23 15:53 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-23 15:53 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-23 15:50 - 2013-12-18 20:45 - 00000000 __RDO C:\Users\Paddy\SkyDrive
2014-01-23 15:49 - 2014-01-20 16:20 - 00003242 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-01-23 15:49 - 2014-01-20 16:20 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2014-01-23 15:48 - 2014-01-20 16:12 - 00002490 _____ C:\WINDOWS\PFRO.log
2014-01-23 15:48 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-23 15:48 - 2013-07-08 21:31 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-23 15:48 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2014-01-23 15:47 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-23 15:47 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-22 01:04 - 2013-07-08 21:57 - 00000000 ___RD C:\Users\Paddy\Desktop\Programme
2014-01-21 21:50 - 2013-08-19 21:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-20 17:02 - 2013-07-23 19:59 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-20 16:27 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-20 16:21 - 2014-01-20 16:21 - 00000000 ____D C:\Users\Paddy\Documents\Symantec
2014-01-20 16:21 - 2014-01-20 16:20 - 00000000 ____D C:\ProgramData\Norton
2014-01-20 16:20 - 2014-01-20 16:20 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-20 16:20 - 2014-01-20 16:20 - 00008222 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-20 16:20 - 2014-01-20 16:20 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-01-20 16:20 - 2014-01-20 16:20 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security CBE
2014-01-20 16:07 - 2014-01-20 16:06 - 00000000 ____D C:\Users\Paddy\Documents\Neuer Ordner
2014-01-20 16:03 - 2014-01-20 15:52 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-20 16:03 - 2013-11-12 11:47 - 00000000 ___DC C:\WINDOWS\Panther
2014-01-20 16:03 - 2013-08-25 18:33 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\DAEMON Tools Lite
2014-01-20 16:02 - 2014-01-20 16:02 - 00002772 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-01-20 16:02 - 2014-01-20 16:02 - 00000000 ____D C:\Program Files\CCleaner
2014-01-20 16:01 - 2014-01-20 16:01 - 03571656 _____ (Piriform Ltd) C:\Users\Paddy\Downloads\ccsetup409_slim.exe
2014-01-20 14:55 - 2014-01-20 14:54 - 00000000 _____ C:\Recovery.txt
2014-01-20 14:09 - 2013-07-08 22:01 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\Skype
2014-01-19 08:38 - 2014-01-20 16:11 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-13 23:39 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2014-01-09 23:41 - 2013-07-08 22:44 - 00000000 ____D C:\Users\Paddy\Documents\Full Moon
2014-01-07 12:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-28 12:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-28 12:02 - 2013-07-08 12:25 - 00000000 ____D C:\Users\Paddy\AppData\Local\Packages
2013-12-28 00:47 - 2013-08-23 23:08 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\vlc
2013-12-28 00:23 - 2013-12-28 00:23 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\NVIDIA
2013-12-28 00:19 - 2013-12-28 00:18 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\DVDVideoSoft
2013-12-28 00:19 - 2013-12-28 00:18 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-12-28 00:16 - 2013-12-28 00:15 - 90664272 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Paddy\Downloads\FreeStudio.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2013-12-27 21:44 - 2013-07-08 22:44 - 00000000 ____D C:\Users\Paddy\Documents\Virat
2013-12-26 17:35 - 2013-10-30 21:14 - 00000000 ____D C:\Users\Paddy\.phase-6

Some content of TEMP:
====================
C:\Users\Paddy\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-23 17:12

==================== End Of Log ============================
         



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-01-2014 01
Ran by Paddy at 2014-01-23 20:29:16
Running from C:\Users\Paddy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security CBE (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security CBE (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security CBE (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Avira SearchFree Toolbar (x32 Version: 12.10.0.2948 - APN, LLC)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CCleaner (Version: 4.09 - Piriform)
CodeBlocks (HKCU Version: 12.11 - The Code::Blocks Team)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (Version:  - Microsoft)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Free Studio version 2013 (x32 Version: 6.2.3.1219 - DVDVideoSoft Ltd.)
Heroes of Newerth (x32 Version: 2.3.0 - S2 Games)
HitmanPro 3.7 (Version: 3.7.7.205 - SurfRight B.V.)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Norton Internet Security CBE (x32 Version: 21.1.0.18 - Symantec Corporation)
NVIDIA 3D Vision Treiber 306.97 (Version: 306.97 - NVIDIA Corporation)
NVIDIA Grafiktreiber 306.97 (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0697 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
phase-6 2.3.3 (x32 Version: 2.3.3 - phase-6)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.15.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (x32 Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.6 (x32 Version: 6.6.106 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (Version: 16.3.15.1 - Synaptics Incorporated)
TeamSpeak 3 Client (HKCU Version: 3.0.13 - TeamSpeak Systems GmbH)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (Version:  - Microsoft)
VLC media player 2.0.7 (Version: 2.0.7 - VideoLAN)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

07-01-2014 11:24:45 Geplanter Prüfpunkt
20-01-2014 16:01:18 Windows Update
21-01-2014 20:50:42 Windows Modules Installer

==================== Hosts content: ==========================

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {24D39DAE-8E44-4CA5-B695-8E8F6CDA8382} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {42FC2065-81C7-463B-9EF6-ABD7C6ABDA69} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4E9D1BF8-3F9A-4A8F-A100-D512B1A74E12} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {648474D9-9A2D-4C7C-BA01-9AAC5D0B803A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6FBE0DFB-EED7-4BE2-AAAE-C27BFE82551D} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {ACB01E90-7DA7-4BBC-8021-6CA56ED1AEFE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-20] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB278126-3B0A-4A01-92D1-9268D2FF7B56} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-15 03:36 - 2013-02-15 03:36 - 01554496 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Paddy\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-11 23:08 - 2013-12-11 23:08 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Paddy\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Paddy\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.


==================== Memory info =========================== 

Percentage of memory in use: 25%
Total physical RAM: 8086.16 MB
Available physical RAM: 6040.58 MB
Total Pagefile: 16278.16 MB
Available Pagefile: 14243.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:679 GB) (Free:605.41 GB) NTFS
Drive e: (CB2413CD) (CDROM) (Total:0.64 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


Vielen Dank für die Hilfe!
LG,
Patrick
Angehängte Dateien
Dateityp: pdf Gmer.text.pdf (196,8 KB, 290x aufgerufen)

Alt 23.01.2014, 23:16   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner? - Standard

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?



hi,

Zitat:
MountPoints2: {905e865b-e7bf-11e2-be66-806e6f6e6963} - "E:\zdata\cobi.exe"
Was ist Laufwerk E?
__________________

__________________

Alt 24.01.2014, 00:39   #3
SirPatrick
 
Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner? - Standard

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?



Hallo Schrauber,

im Laufwerk war noch eine vergessene CD aus der Computer Bild. Habe mir vor einigen Tagen Norton installiert.

LG,Patrick
__________________

Alt 24.01.2014, 14:42   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner? - Standard

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.01.2014, 21:45   #5
SirPatrick
 
Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner? - Standard

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?



Hi,

es wurde tatsächlich eine Malware gefunden. Beim 2. Durchlauf wurde nichts mehr gefunden. Poste vorsichtshalber beide Logfiles.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.01.25.09

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Paddy :: PADDYPC [administrator]

25.01.2014 21:09:05
mbar-log-2014-01-25 (21-09-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 265292
Time elapsed: 12 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.01.25.10

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Paddy :: PADDYPC [administrator]

25.01.2014 21:25:10
mbar-log-2014-01-25 (21-25-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 265082
Time elapsed: 12 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
LG,
Patrick


Alt 26.01.2014, 08:05   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner? - Standard

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?



Poste mal bitte ein frisches FRST Log. Was macht der Ton?
__________________
--> Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?

Alt 26.01.2014, 20:37   #7
SirPatrick
 
Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner? - Standard

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?



Hi,

der Ton kommt leider immer noch


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 02
Ran by Paddy (administrator) on PADDYPC on 26-01-2014 20:35:11
Running from C:\Users\Paddy\Downloads
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\nis.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\nis.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {b88e48e2-0c3e-11e3-be73-ac7289fa72b4} - "G:\SETUP.EXE" 
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL, => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [18856 2012-10-02] (NVIDIA Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll, => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Paddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x53DFF150197CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Paddy\AppData\Roaming\Mozilla\Firefox\Profiles\zrgttdu9.default
FF Homepage: www.google.de
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Paddy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Paddy\AppData\Roaming\Mozilla\Firefox\Profiles\zrgttdu9.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-07-08]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Paddy\AppData\Roaming\Mozilla\Firefox\Profiles\zrgttdu9.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-02]
FF Extension: Adblock Plus - C:\Users\Paddy\AppData\Roaming\Mozilla\Firefox\Profiles\zrgttdu9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2014-01-20]

==================== Services (Whitelisted) =================

U2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
U2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-10] (Symantec Corporation)
U1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
U1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-20] (Symantec Corporation)
U3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-20] (Symantec Corporation)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U1 IDSVia64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\IPSDefs\20140124.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 NAVENG; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140123.002\ENG64.SYS [126040 2014-01-20] (Symantec Corporation)
U3 NAVEX15; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140123.002\EX64.SYS [2099288 2014-01-20] (Symantec Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300320 2013-09-05] (NVIDIA Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
U1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
U0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
U0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
U3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-20] (Symantec Corporation)
U1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
U1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-26 20:33 - 2014-01-26 20:33 - 00000000 ____D C:\Users\Paddy\Downloads\FRST-OlderVersion
2014-01-26 20:18 - 2014-01-26 20:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-25 21:09 - 2014-01-26 20:18 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-25 21:09 - 2014-01-25 21:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-25 21:06 - 2014-01-25 21:06 - 00000000 ____D C:\Users\Paddy\Downloads\mbar-1.07.0.1009
2014-01-25 21:05 - 2014-01-26 20:17 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-25 21:03 - 2014-01-25 21:03 - 00000000 ____D C:\Users\Paddy\Desktop\mbar
2014-01-25 20:59 - 2014-01-25 20:59 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Paddy\Downloads\mbar-1.07.0.1009.exe
2014-01-25 11:21 - 2014-01-25 11:21 - 00000039 _____ C:\WINDOWS\setupact.log
2014-01-25 11:21 - 2014-01-25 11:21 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-25 11:20 - 2014-01-26 20:25 - 00000578 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2654971770-2897044524-192207933-1001.job
2014-01-25 11:20 - 2014-01-25 11:20 - 00003576 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2654971770-2897044524-192207933-1001
2014-01-25 11:20 - 2014-01-25 11:20 - 00000000 ____D C:\Users\Paddy\AppData\Local\Citrix
2014-01-23 21:09 - 2014-01-23 21:09 - 00008921 _____ C:\Users\Paddy\Downloads\seltsamer Ton.3gpp
2014-01-23 20:40 - 2014-01-23 20:40 - 00110777 _____ C:\Users\Paddy\Downloads\Gmer.txt
2014-01-23 20:32 - 2014-01-23 20:32 - 00370971 _____ C:\Users\Paddy\Downloads\gmer_2.1.19355.zip
2014-01-23 20:29 - 2014-01-23 20:29 - 00014475 _____ C:\Users\Paddy\Downloads\Addition.txt
2014-01-23 20:28 - 2014-01-26 20:35 - 00017991 _____ C:\Users\Paddy\Downloads\FRST.txt
2014-01-23 20:28 - 2014-01-26 20:33 - 00000000 ____D C:\FRST
2014-01-23 20:26 - 2014-01-26 20:33 - 02078208 _____ (Farbar) C:\Users\Paddy\Downloads\FRST64.exe
2014-01-23 20:23 - 2014-01-23 20:23 - 00000472 _____ C:\Users\Paddy\Downloads\defogger_disable.log
2014-01-23 20:23 - 2014-01-23 20:23 - 00000000 _____ C:\Users\Paddy\defogger_reenable
2014-01-23 20:22 - 2014-01-23 20:22 - 00050477 _____ C:\Users\Paddy\Downloads\Defogger.exe
2014-01-23 15:54 - 2014-01-23 15:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security CBE
2014-01-20 16:21 - 2014-01-20 16:21 - 00000000 ____D C:\Users\Paddy\Documents\Symantec
2014-01-20 16:20 - 2014-01-23 15:49 - 00003242 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-01-20 16:20 - 2014-01-23 15:49 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2014-01-20 16:20 - 2014-01-20 16:21 - 00000000 ____D C:\ProgramData\Norton
2014-01-20 16:20 - 2014-01-20 16:20 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-20 16:20 - 2014-01-20 16:20 - 00008222 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-20 16:20 - 2014-01-20 16:20 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-01-20 16:20 - 2014-01-20 16:20 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security CBE
2014-01-20 16:12 - 2014-01-26 20:16 - 00011936 _____ C:\WINDOWS\PFRO.log
2014-01-20 16:11 - 2014-01-19 08:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-20 16:06 - 2014-01-20 16:07 - 00000000 ____D C:\Users\Paddy\Documents\Neuer Ordner
2014-01-20 16:02 - 2014-01-20 16:02 - 00002772 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-01-20 16:02 - 2014-01-20 16:02 - 00000000 ____D C:\Program Files\CCleaner
2014-01-20 16:01 - 2014-01-20 16:01 - 03571656 _____ (Piriform Ltd) C:\Users\Paddy\Downloads\ccsetup409_slim.exe
2014-01-20 15:52 - 2014-01-20 16:03 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-20 14:57 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-20 14:57 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-20 14:57 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-20 14:57 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-20 14:57 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-20 14:57 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-20 14:57 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-20 14:57 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-20 14:57 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-20 14:57 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-20 14:57 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-20 14:54 - 2014-01-20 14:55 - 00000000 _____ C:\Recovery.txt
2013-12-28 00:23 - 2013-12-28 00:23 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\NVIDIA
2013-12-28 00:18 - 2013-12-28 00:19 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\DVDVideoSoft
2013-12-28 00:18 - 2013-12-28 00:19 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-12-28 00:15 - 2013-12-28 00:16 - 90664272 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Paddy\Downloads\FreeStudio.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll

==================== One Month Modified Files and Folders =======

2014-01-26 20:35 - 2014-01-23 20:28 - 00017991 _____ C:\Users\Paddy\Downloads\FRST.txt
2014-01-26 20:33 - 2014-01-26 20:33 - 00000000 ____D C:\Users\Paddy\Downloads\FRST-OlderVersion
2014-01-26 20:33 - 2014-01-23 20:28 - 00000000 ____D C:\FRST
2014-01-26 20:33 - 2014-01-23 20:26 - 02078208 _____ (Farbar) C:\Users\Paddy\Downloads\FRST64.exe
2014-01-26 20:32 - 2013-08-25 19:09 - 00000000 ____D C:\Users\Paddy\Documents\Outlook-Dateien
2014-01-26 20:31 - 2014-01-26 20:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-26 20:27 - 2013-11-12 12:05 - 01518666 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-26 20:25 - 2014-01-25 11:20 - 00000578 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2654971770-2897044524-192207933-1001.job
2014-01-26 20:23 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-26 20:23 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-26 20:23 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-26 20:18 - 2014-01-25 21:09 - 00119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-26 20:17 - 2014-01-25 21:05 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-26 20:16 - 2014-01-20 16:12 - 00011936 _____ C:\WINDOWS\PFRO.log
2014-01-26 20:16 - 2013-12-18 20:45 - 00000000 __RDO C:\Users\Paddy\SkyDrive
2014-01-26 20:16 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-26 20:16 - 2013-07-08 21:31 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-26 20:15 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-26 20:13 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-25 21:52 - 2013-07-08 22:42 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-25 21:09 - 2014-01-25 21:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-25 21:06 - 2014-01-25 21:06 - 00000000 ____D C:\Users\Paddy\Downloads\mbar-1.07.0.1009
2014-01-25 21:03 - 2014-01-25 21:03 - 00000000 ____D C:\Users\Paddy\Desktop\mbar
2014-01-25 21:01 - 2013-07-08 21:57 - 00000000 ___RD C:\Users\Paddy\Desktop\Programme
2014-01-25 20:59 - 2014-01-25 20:59 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Paddy\Downloads\mbar-1.07.0.1009.exe
2014-01-25 11:21 - 2014-01-25 11:21 - 00000039 _____ C:\WINDOWS\setupact.log
2014-01-25 11:21 - 2014-01-25 11:21 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-25 11:20 - 2014-01-25 11:20 - 00003576 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2654971770-2897044524-192207933-1001
2014-01-25 11:20 - 2014-01-25 11:20 - 00000000 ____D C:\Users\Paddy\AppData\Local\Citrix
2014-01-24 13:05 - 2013-07-08 21:32 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2654971770-2897044524-192207933-1001
2014-01-24 12:05 - 2013-07-08 21:54 - 00000000 ___RD C:\Users\Paddy\Dropbox
2014-01-24 12:05 - 2013-07-08 21:51 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\Dropbox
2014-01-23 21:10 - 2013-08-23 23:08 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\vlc
2014-01-23 21:09 - 2014-01-23 21:09 - 00008921 _____ C:\Users\Paddy\Downloads\seltsamer Ton.3gpp
2014-01-23 20:40 - 2014-01-23 20:40 - 00110777 _____ C:\Users\Paddy\Downloads\Gmer.txt
2014-01-23 20:32 - 2014-01-23 20:32 - 00370971 _____ C:\Users\Paddy\Downloads\gmer_2.1.19355.zip
2014-01-23 20:29 - 2014-01-23 20:29 - 00014475 _____ C:\Users\Paddy\Downloads\Addition.txt
2014-01-23 20:23 - 2014-01-23 20:23 - 00000472 _____ C:\Users\Paddy\Downloads\defogger_disable.log
2014-01-23 20:23 - 2014-01-23 20:23 - 00000000 _____ C:\Users\Paddy\defogger_reenable
2014-01-23 20:23 - 2013-11-12 11:53 - 00000000 ____D C:\Users\Paddy
2014-01-23 20:22 - 2014-01-23 20:22 - 00050477 _____ C:\Users\Paddy\Downloads\Defogger.exe
2014-01-23 15:55 - 2013-07-08 21:52 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-23 15:55 - 2013-07-08 12:26 - 00000000 ___RD C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-23 15:54 - 2014-01-23 15:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security CBE
2014-01-23 15:49 - 2014-01-20 16:20 - 00003242 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-01-23 15:49 - 2014-01-20 16:20 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2014-01-23 15:48 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2014-01-23 15:47 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-21 21:50 - 2013-08-19 21:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-20 17:02 - 2013-07-23 19:59 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-20 16:27 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-20 16:21 - 2014-01-20 16:21 - 00000000 ____D C:\Users\Paddy\Documents\Symantec
2014-01-20 16:21 - 2014-01-20 16:20 - 00000000 ____D C:\ProgramData\Norton
2014-01-20 16:20 - 2014-01-20 16:20 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-20 16:20 - 2014-01-20 16:20 - 00008222 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-20 16:20 - 2014-01-20 16:20 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-01-20 16:20 - 2014-01-20 16:20 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security CBE
2014-01-20 16:07 - 2014-01-20 16:06 - 00000000 ____D C:\Users\Paddy\Documents\Neuer Ordner
2014-01-20 16:03 - 2014-01-20 15:52 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-20 16:03 - 2013-11-12 11:47 - 00000000 ___DC C:\WINDOWS\Panther
2014-01-20 16:03 - 2013-08-25 18:33 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\DAEMON Tools Lite
2014-01-20 16:02 - 2014-01-20 16:02 - 00002772 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-01-20 16:02 - 2014-01-20 16:02 - 00000000 ____D C:\Program Files\CCleaner
2014-01-20 16:01 - 2014-01-20 16:01 - 03571656 _____ (Piriform Ltd) C:\Users\Paddy\Downloads\ccsetup409_slim.exe
2014-01-20 14:55 - 2014-01-20 14:54 - 00000000 _____ C:\Recovery.txt
2014-01-20 14:09 - 2013-07-08 22:01 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\Skype
2014-01-19 08:38 - 2014-01-20 16:11 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-13 23:39 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2014-01-09 23:41 - 2013-07-08 22:44 - 00000000 ____D C:\Users\Paddy\Documents\Full Moon
2014-01-07 12:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-28 12:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-28 12:02 - 2013-07-08 12:25 - 00000000 ____D C:\Users\Paddy\AppData\Local\Packages
2013-12-28 00:23 - 2013-12-28 00:23 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\NVIDIA
2013-12-28 00:19 - 2013-12-28 00:18 - 00000000 ____D C:\Users\Paddy\AppData\Roaming\DVDVideoSoft
2013-12-28 00:19 - 2013-12-28 00:18 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-12-28 00:16 - 2013-12-28 00:15 - 90664272 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Paddy\Downloads\FreeStudio.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2013-12-27 22:06 - 2013-12-27 22:06 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2013-12-27 22:06 - 2013-12-27 22:06 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2013-12-27 21:44 - 2013-07-08 22:44 - 00000000 ____D C:\Users\Paddy\Documents\Virat

Some content of TEMP:
====================
C:\Users\Paddy\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-23 17:12

==================== End Of Log ============================
         
--- --- ---


Gruß,
Patrick

Alt 27.01.2014, 16:10   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner? - Standard

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?



sehr strange. Kannst Du ein USB Keyboard organisieren und anklemmen? Mit dem mal testen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.02.2014, 09:50   #9
SirPatrick
 
Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner? - Standard

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?



Hallo Schrauber,

habe endlich ein Keyboard organisieren können. Macht leider keinen Unterschied.
Hast du sonst vielleicht noch eine Idee? Würde notfalls auch Windows neu aufsetzen, falls dies etwas bringen würde und leichter wäre.

gruß,
Patrick

Alt 11.02.2014, 19:06   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner? - Standard

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?



Der kommt immer nur bei der ersten Kombi, sonst nimmer? Bei welcher Kombi, egal welcher?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.02.2014, 21:54   #11
SirPatrick
 
Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner? - Standard

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?



Halleluja! Meine Freundin ist gerade aus Zufall auf die Lösung gekommen.

Unter dem "Center für erleichterte Bedienung" ==> "Bedienung der Tastatur erleichtern" war das Häckchen bei "Einen Sound beim Drücken der FESTSTELL-, NUM- oder ROLLEN-Taste ausgeben" gesetzt. Seitdem ich es herausgenommen habe, kommt das Geräusch nicht mehr. Frage mich nur, weswegen das Geräusch unter dem Soundschema von Windows nicht zu finden ist.

LG,Patrick

Alt 12.02.2014, 18:19   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner? - Standard

Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?



Weil das nen Extra ist
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?
adblock, adobe, avg, avira, bonjour, browser, ccsetup, defender, desktop, device driver, dvdvideosoft ltd., error, excel, fehlermeldung, firefox, flash player, google, gvu-trojaner, homepage, hängen, mozilla, registry, rundll, scan, security, seltsamer ton, services.exe, svchost.exe, symantec, temp, windows, windows 8.1 neu installieren



Ähnliche Themen: Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?


  1. Strg/Alt/Ent reagiert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (5)
  2. Neuer Laptop - 4 Trojaner am ersten Tag?
    Plagegeister aller Art und deren Bekämpfung - 01.09.2014 (11)
  3. Windows XP 32bit mit "not-a-virus:WebToolbar.Win32.MyWebSearch.rh." befallen,KEIN SPEERBILD, TASK-MANGER lässt sich NICHT über strg+alt+entf
    Plagegeister aller Art und deren Bekämpfung - 11.11.2013 (14)
  4. GVU Trojaner, zum ersten ...
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (9)
  5. GVU Trojaner und nach ersten Rettungsversuchen auch noch nen Bootloop!
    Log-Analyse und Auswertung - 01.08.2013 (5)
  6. Hilfe habe meinen ersten Virus: W32/Patched.uc
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (5)
  7. Weißer Bildschirm und links Buchstabenkombination
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (2)
  8. Tastatur spinnt und Strg+Alt+Ent funktioniert nicht
    Log-Analyse und Auswertung - 16.05.2013 (22)
  9. ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht
    Mülltonne - 21.12.2012 (4)
  10. strg-taste geht alleine an und aus
    Plagegeister aller Art und deren Bekämpfung - 10.10.2012 (0)
  11. Live Security Platinum Virus - Probleme bei den ersten Schritten
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (1)
  12. Polizei Virus + Tastatur + strg+alt+ent Probleme
    Log-Analyse und Auswertung - 05.04.2012 (5)
  13. seltsamer virus?
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (1)
  14. Bundespolizei-Virus, ersten Schritte schon erledigt
    Log-Analyse und Auswertung - 12.07.2011 (3)
  15. Shift, Alt und Strg funktionieren in gedrücktem Zustand nichtmehr
    Plagegeister aller Art und deren Bekämpfung - 17.10.2007 (6)
  16. Seltsamer wahrscheinlich neuer Virus!
    Plagegeister aller Art und deren Bekämpfung - 30.09.2007 (24)
  17. Virus/Trojaner eingefangen, zum ersten mal!
    Plagegeister aller Art und deren Bekämpfung - 15.04.2007 (18)

Zum Thema Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner? - Hallo! Da ich leider nicht weiss, was alles wichtig sein könnte, schreibe ich eine kurze Vorgeschichte und komme zum Ist-Zustand. Vorgeschichte: Vor ca. zwei Monaten hatte ich den GVU-Trojaner auf - Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner?...
Archiv
Du betrachtest: Seltsamer Ton bei der ersten Strg+Buchstabenkombination. Virus/Trojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.