Rechner tut seltsame Dinge

Paprika1509 · 28.03.2014, 22:19

Hallo Leute,
seit einigen Tagen fällt mir auf, dass mein Rechner seltsame Dinge tut.

Er will z.B. plötzlich immer wieder den Registrierschlüssel meines Vokabelprogramms und das Drucken an den Netzwerkdrucker im Haus klappt auch nicht mehr.

Jetzt ist mir aufgefallen, dass der WindowsUpdateDienst auch nciht mehr gestartet werden kann.

Kann mir von Euch bitte jemand helfen?

Gruß,
Patrik

Ach ja, ich habe Win7 64bit laufen

Systemscan mit FRST64
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Administrator (administrator) on PATRIKS-LAPTOP on 28-03-2014 22:03:42
Running from C:\Users\Administrator\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Validity Sensors, Inc.) C:\Windows\system32\vfsFPService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Tobias Süllhöfer Software) C:\Windows\system32\wtmcore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Neuber Software) \\DISKSTATION\TimeAnalyzer\tbaction.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [TBAction] - \\DISKSTATION\TimeAnalyzer\tbaction.exe [131504 2013-01-30] (Neuber Software)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [809480 2008-06-16] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-05] (Acer Corp.)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [815888 2014-02-18] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [TBAction] - \\DISKSTATION\TimeAnalyzer\tbaction.exe [131504 2013-01-30] (Neuber Software)
HKLM-x32\...\RunOnce: [*TampMon] - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\tampmon.exe [61792 2014-02-10] (Symantec Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe,wtmcore.exe
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-08] (Microsoft Corporation)
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\MountPoints2: {1b8816fc-1552-11e3-93d7-806e6f6e6963} - E:\.\Autorun.exe
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\MountPoints2: {e9420234-155a-11e3-8921-806e6f6e6963} - E:\Start.exe
GroupPolicyUsers\S-1-5-21-1352531634-2534244058-2222343639-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9A2A4B2768A9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=8817001E331D8665&affID=120522&tsp=4995
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.1.7\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.1.7\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9-x64 01 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 02 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 03 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 04 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 05 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 06 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 07 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 08 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 09 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 10 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 21 %windir%\system32\wlsppc.dll [442880] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\
FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-02-26]

==================== Services (Whitelisted) =================

R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-30] (AVerMedia)
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] ()
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [766736 2014-02-18] (BlueStack Systems, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe [276376 2014-02-12] (Symantec Corporation)
R2 NSM; C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe [570944 2014-02-10] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2009-06-03] (Validity Sensors, Inc.)
R2 vfsFPService; C:\Windows\SysWOW64\vfsFPService.exe [599344 2009-06-03] (Validity Sensors, Inc.)

==================== Drivers (Whitelisted) ====================

R3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [311424 2009-05-22] (AVerMedia TECHNOLOGIES, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122128 2014-02-18] (BlueStack Systems)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501010.007\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0209050.01D\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 DritekPortIO; C:\Program Files (x86)\Launch Manager\DPortIO.sys [21264 2006-11-02] (Dritek System Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-26] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140327.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140328.002\ENG64.SYS [126040 2014-02-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140328.002\EX64.SYS [2099288 2014-02-26] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1501010.007\SRTSP64.SYS [875736 2014-02-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501010.007\SRTSPX64.SYS [36952 2014-02-11] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501010.007\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501010.007\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-26] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501010.007\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501010.007\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0209050.01D\SymRdrS.SYS [246488 2013-12-18] (Symantec Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2009-10-05] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-28 22:03 - 2014-03-28 22:04 - 00017313 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-03-28 22:03 - 2014-03-28 22:03 - 02157056 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2014-03-28 22:03 - 2014-03-28 22:03 - 00000000 ____D () C:\FRST
2014-03-28 21:48 - 2014-03-28 21:48 - 00102495 _____ (Medion) C:\Users\Administrator\Downloads\Fix_Wup.exe
2014-03-28 20:46 - 2013-09-10 03:47 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2014-03-28 20:36 - 2014-03-28 20:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 20:36 - 2014-03-28 20:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 20:36 - 2014-03-28 20:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-28 20:36 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-28 20:36 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-28 20:36 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-28 20:35 - 2014-03-28 20:35 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 20:25 - 2014-03-28 20:25 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-03-28 20:25 - 2014-03-28 20:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-28 20:24 - 2014-03-28 20:24 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-03-28 20:24 - 2013-12-04 00:14 - 00601376 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll
2014-03-28 20:24 - 2013-12-04 00:14 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll
2014-03-28 20:24 - 2013-12-04 00:13 - 00217376 _____ (Hewlett-Packard) C:\Windows\system32\hpmml160.dll
2014-03-28 20:24 - 2013-12-04 00:13 - 00189728 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll
2014-03-28 20:24 - 2013-12-04 00:13 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp160.dll
2014-03-28 20:24 - 2013-12-04 00:13 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll
2014-03-28 20:24 - 2013-12-04 00:12 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja160.dll
2014-03-28 20:24 - 2013-12-04 00:11 - 00447264 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn160.dll
2014-03-28 20:24 - 2013-12-04 00:11 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll
2014-03-28 20:24 - 2013-12-04 00:07 - 00446240 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3160.dll
2014-03-28 20:24 - 2011-02-11 14:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll
2014-03-28 20:24 - 2011-02-11 14:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll
2014-03-28 20:24 - 2009-02-25 16:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll
2014-03-28 20:22 - 2014-03-28 20:23 - 18409760 _____ () C:\Users\Administrator\Downloads\upd-pcl6-x64-5.8.0.17508.exe
2014-03-28 20:00 - 2014-03-28 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 15:52 - 2014-03-28 15:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Minesweeper - Verknüpfung.lnk
2014-03-28 15:52 - 2014-03-28 15:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Hearts - Verknüpfung.lnk
2014-03-28 15:51 - 2014-03-28 15:51 - 00000622 _____ () C:\Users\Patrik\Desktop\Solitär - Verknüpfung.lnk
2014-03-28 15:51 - 2014-03-28 15:51 - 00000574 _____ () C:\Users\Patrik\Desktop\Chess Titans - Verknüpfung.lnk
2014-03-14 16:25 - 2014-03-14 16:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft
2014-03-11 16:07 - 2014-03-11 16:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (5)
2014-03-11 16:07 - 2014-03-11 16:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (4)
2014-03-11 16:06 - 2014-03-22 10:04 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner
2014-03-11 16:06 - 2014-03-11 16:08 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (3)
2014-03-11 16:06 - 2014-03-11 16:08 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (2)
2014-03-11 16:05 - 2014-03-22 10:03 - 00000000 ___RD () C:\Users\Patrik\Desktop\Neuer Aktenkoffer
2014-03-07 15:37 - 2014-03-07 15:37 - 00000000 ____D () C:\Users\Patrik\Desktop\Alte Firefox-Daten
2014-03-02 20:55 - 2014-03-02 20:56 - 00002679 _____ () C:\Users\Administrator\Desktop\1.pel
2014-03-02 20:50 - 2014-03-02 20:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\OpenOffice
2014-03-02 20:36 - 2014-03-02 20:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Cornelsen
2014-03-02 20:31 - 2014-03-02 20:31 - 00000000 _____ () C:\wlspinst.log
2014-03-02 20:29 - 2014-03-08 15:15 - 00000000 ____D () C:\Program Files\WinTimer
2014-03-02 20:29 - 2011-11-29 08:48 - 00442880 _____ () C:\Windows\system32\wlsppc.dll
2014-03-02 20:29 - 2011-11-29 08:27 - 02024960 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmconfig.exe
2014-03-02 20:29 - 2011-11-29 08:27 - 00073437 _____ () C:\Windows\system32\wtmconfig.chm
2014-03-02 20:29 - 2011-11-29 08:25 - 00087552 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmtray.exe
2014-03-02 20:29 - 2011-11-29 08:24 - 00092672 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmdeinstall.exe
2014-03-02 20:29 - 2011-11-29 08:23 - 00257536 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmcore.exe
2014-03-02 11:51 - 2014-03-02 11:51 - 00001230 _____ () C:\Users\Patrik\Desktop\Calculator.lnk
2014-03-02 11:38 - 2014-03-02 11:38 - 00000000 ____D () C:\Users\Patrik\AppData\Local\Skype
2014-03-01 12:27 - 2014-03-01 12:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Corporation
2014-03-01 12:27 - 2014-03-01 12:27 - 00000000 ____D () C:\ProgramData\Microsoft Corporation
2014-03-01 12:21 - 2014-03-01 12:21 - 00000740 _____ () C:\Users\Administrator\CompAdmin_Datenbank.sdb
2014-03-01 12:14 - 2014-03-01 12:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Compatibility Toolkit
2014-03-01 12:13 - 2014-03-01 12:13 - 12812600 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\ApplicationCompatibilityToolkitSetup.exe
2014-03-01 12:01 - 2014-03-01 12:01 - 00001242 _____ () C:\Users\Patrik\Desktop\Paint.lnk
2014-03-01 11:14 - 2014-03-01 11:46 - 00000000 ____D () C:\ProgramData\Analyzer
2014-03-01 11:07 - 2014-03-01 11:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Skype
2014-03-01 11:06 - 2014-03-01 11:06 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-01 11:06 - 2014-03-01 11:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-26 20:17 - 2014-02-26 20:24 - 00000000 ____D () C:\Users\Administrator\Documents\Network Monitor 3
2014-02-26 20:14 - 2014-02-26 20:14 - 00000000 ____D () C:\Users\Patrik\Documents\Network Monitor 3
2014-02-26 20:13 - 2014-02-26 20:13 - 00000000 ____D () C:\Program Files\Microsoft Network Monitor 3
2014-02-26 20:05 - 2014-02-26 20:05 - 06837560 _____ (Microsoft Corporation) C:\Users\Patrik\Downloads\NM34_x64.exe
2014-02-26 19:23 - 2014-02-26 19:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-02-26 19:15 - 2014-03-02 20:31 - 00003410 _____ () C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9
2014-02-26 18:59 - 2014-02-26 20:03 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-02-26 18:59 - 2014-02-26 20:02 - 00001307 _____ () C:\Users\Patrik\Desktop\Norton-Installationsdateien.lnk
2014-02-26 18:58 - 2014-02-26 18:58 - 01021936 _____ (Symantec Corporation) C:\Users\Patrik\Downloads\NISDownloader.exe
2014-02-26 18:19 - 2014-02-26 18:19 - 00675988 _____ () C:\Users\Patrik\Desktop\Minecraft.exe
2014-02-26 18:10 - 2014-02-26 18:00 - 02346186 _____ () C:\Users\Patrik\Desktop\TechnicLauncher.exe
2014-02-26 18:01 - 2014-02-26 18:07 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\.technic
2014-02-26 18:00 - 2014-02-26 18:00 - 02346186 _____ () C:\Users\Administrator\Downloads\TechnicLauncher.exe
2014-02-26 17:55 - 2014-02-26 17:55 - 00001824 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-02-26 17:55 - 2014-02-26 17:55 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-02-26 17:54 - 2014-02-26 17:54 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-02-26 17:54 - 2014-02-26 17:54 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-02-26 17:53 - 2014-02-26 17:53 - 10071168 _____ (BlueStack Systems Inc.) C:\Users\Administrator\Downloads\BlueStacks-SplitInstaller_native.exe
2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\NVIDIA
2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Bluestacks

==================== One Month Modified Files and Folders =======

2014-03-28 22:04 - 2014-03-28 22:03 - 00017313 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-03-28 22:03 - 2014-03-28 22:03 - 02157056 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2014-03-28 22:03 - 2014-03-28 22:03 - 00000000 ____D () C:\FRST
2014-03-28 22:01 - 2013-09-04 12:10 - 01320704 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 21:52 - 2013-10-15 13:35 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-03-28 21:49 - 2014-01-14 17:27 - 00000680 __RSH () C:\Users\Administrator\ntuser.pol
2014-03-28 21:49 - 2013-09-04 12:39 - 00000000 ____D () C:\Users\Administrator
2014-03-28 21:48 - 2014-03-28 21:48 - 00102495 _____ (Medion) C:\Users\Administrator\Downloads\Fix_Wup.exe
2014-03-28 21:31 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 21:31 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 21:23 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-28 21:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 21:23 - 2009-07-14 05:51 - 00049465 _____ () C:\Windows\setupact.log
2014-03-28 21:05 - 2013-09-04 13:10 - 00172194 _____ () C:\Windows\PFRO.log
2014-03-28 20:54 - 2013-09-04 13:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-28 20:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding
2014-03-28 20:36 - 2014-03-28 20:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 20:36 - 2014-03-28 20:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 20:36 - 2014-03-28 20:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-28 20:35 - 2014-03-28 20:35 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 20:25 - 2014-03-28 20:25 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-03-28 20:25 - 2014-03-28 20:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-28 20:24 - 2014-03-28 20:24 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-03-28 20:23 - 2014-03-28 20:22 - 18409760 _____ () C:\Users\Administrator\Downloads\upd-pcl6-x64-5.8.0.17508.exe
2014-03-28 20:00 - 2014-03-28 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 15:52 - 2014-03-28 15:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Minesweeper - Verknüpfung.lnk
2014-03-28 15:52 - 2014-03-28 15:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Hearts - Verknüpfung.lnk
2014-03-28 15:51 - 2014-03-28 15:51 - 00000622 _____ () C:\Users\Patrik\Desktop\Solitär - Verknüpfung.lnk
2014-03-28 15:51 - 2014-03-28 15:51 - 00000574 _____ () C:\Users\Patrik\Desktop\Chess Titans - Verknüpfung.lnk
2014-03-28 15:51 - 2013-10-15 13:53 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Skype
2014-03-27 16:05 - 2013-09-04 14:40 - 00000000 ____D () C:\Users\Patrik\AppData\Local\LogMeIn Hamachi
2014-03-26 14:51 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-25 16:16 - 2013-09-04 14:11 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-03-24 16:41 - 2013-09-04 15:21 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\.minecraft
2014-03-22 10:04 - 2014-03-11 16:06 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner
2014-03-22 10:03 - 2014-03-11 16:05 - 00000000 ___RD () C:\Users\Patrik\Desktop\Neuer Aktenkoffer
2014-03-20 18:06 - 2013-10-15 13:05 - 00000000 ____D () C:\Users\Patrik\AppData\Local\CrashDumps
2014-03-19 17:42 - 2013-10-18 11:43 - 00000000 ____D () C:\Users\Patrik\Desktop\Skins
2014-03-14 16:30 - 2014-03-14 16:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft
2014-03-14 15:25 - 2013-09-04 16:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 16:29 - 2013-09-04 16:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 16:29 - 2013-09-04 16:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 16:08 - 2014-03-11 16:06 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (3)
2014-03-11 16:08 - 2014-03-11 16:06 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (2)
2014-03-11 16:07 - 2014-03-11 16:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (5)
2014-03-11 16:07 - 2014-03-11 16:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (4)
2014-03-08 15:15 - 2014-03-02 20:29 - 00000000 ____D () C:\Program Files\WinTimer
2014-03-07 15:37 - 2014-03-07 15:37 - 00000000 ____D () C:\Users\Patrik\Desktop\Alte Firefox-Daten
2014-03-05 09:26 - 2014-03-28 20:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-28 20:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-28 20:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 12:16 - 2014-02-25 15:33 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\TeamViewer
2014-03-02 20:56 - 2014-03-02 20:55 - 00002679 _____ () C:\Users\Administrator\Desktop\1.pel
2014-03-02 20:50 - 2014-03-02 20:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\OpenOffice
2014-03-02 20:36 - 2014-03-02 20:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Cornelsen
2014-03-02 20:31 - 2014-03-02 20:31 - 00000000 _____ () C:\wlspinst.log
2014-03-02 20:31 - 2014-02-26 19:15 - 00003410 _____ () C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9
2014-03-02 11:54 - 2014-02-09 14:31 - 00000000 ____D () C:\Users\Patrik\Desktop\Skreenshots
2014-03-02 11:51 - 2014-03-02 11:51 - 00001230 _____ () C:\Users\Patrik\Desktop\Calculator.lnk
2014-03-02 11:38 - 2014-03-02 11:38 - 00000000 ____D () C:\Users\Patrik\AppData\Local\Skype
2014-03-01 12:27 - 2014-03-01 12:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Corporation
2014-03-01 12:27 - 2014-03-01 12:27 - 00000000 ____D () C:\ProgramData\Microsoft Corporation
2014-03-01 12:21 - 2014-03-01 12:21 - 00000740 _____ () C:\Users\Administrator\CompAdmin_Datenbank.sdb
2014-03-01 12:14 - 2014-03-01 12:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Compatibility Toolkit
2014-03-01 12:13 - 2014-03-01 12:13 - 12812600 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\ApplicationCompatibilityToolkitSetup.exe
2014-03-01 12:01 - 2014-03-01 12:01 - 00001242 _____ () C:\Users\Patrik\Desktop\Paint.lnk
2014-03-01 11:46 - 2014-03-01 11:14 - 00000000 ____D () C:\ProgramData\Analyzer
2014-03-01 11:07 - 2014-03-01 11:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Skype
2014-03-01 11:07 - 2013-10-15 13:34 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 11:06 - 2014-03-01 11:06 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-01 11:06 - 2014-03-01 11:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-27 16:15 - 2013-12-14 14:21 - 00000000 ____D () C:\Users\Patrik\Desktop\Server--
2014-02-27 16:07 - 2014-01-14 17:27 - 00001330 __RSH () C:\Users\Patrik\ntuser.pol
2014-02-27 16:07 - 2013-09-04 12:35 - 00000000 ____D () C:\Users\Patrik
2014-02-26 20:24 - 2014-02-26 20:17 - 00000000 ____D () C:\Users\Administrator\Documents\Network Monitor 3
2014-02-26 20:14 - 2014-02-26 20:14 - 00000000 ____D () C:\Users\Patrik\Documents\Network Monitor 3
2014-02-26 20:13 - 2014-02-26 20:13 - 00000000 ____D () C:\Program Files\Microsoft Network Monitor 3
2014-02-26 20:05 - 2014-02-26 20:05 - 06837560 _____ (Microsoft Corporation) C:\Users\Patrik\Downloads\NM34_x64.exe
2014-02-26 20:03 - 2014-02-26 18:59 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-02-26 20:03 - 2013-09-04 14:03 - 00000000 ____D () C:\ProgramData\Norton
2014-02-26 20:02 - 2014-02-26 18:59 - 00001307 _____ () C:\Users\Patrik\Desktop\Norton-Installationsdateien.lnk
2014-02-26 19:23 - 2014-02-26 19:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-02-26 19:13 - 2013-09-04 14:12 - 00003232 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-02-26 19:08 - 2013-09-04 14:12 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-02-26 19:08 - 2013-09-04 14:12 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-02-26 19:08 - 2013-09-04 14:11 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-02-26 18:58 - 2014-02-26 18:58 - 01021936 _____ (Symantec Corporation) C:\Users\Patrik\Downloads\NISDownloader.exe
2014-02-26 18:58 - 2013-09-04 14:31 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-02-26 18:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-26 18:19 - 2014-02-26 18:19 - 00675988 _____ () C:\Users\Patrik\Desktop\Minecraft.exe
2014-02-26 18:17 - 2014-01-14 17:15 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-02-26 18:07 - 2014-02-26 18:01 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\.technic
2014-02-26 18:00 - 2014-02-26 18:10 - 02346186 _____ () C:\Users\Patrik\Desktop\TechnicLauncher.exe
2014-02-26 18:00 - 2014-02-26 18:00 - 02346186 _____ () C:\Users\Administrator\Downloads\TechnicLauncher.exe
2014-02-26 17:55 - 2014-02-26 17:55 - 00001824 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-02-26 17:55 - 2014-02-26 17:55 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-02-26 17:55 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-02-26 17:54 - 2014-02-26 17:54 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-02-26 17:54 - 2014-02-26 17:54 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-02-26 17:53 - 2014-02-26 17:53 - 10071168 _____ (BlueStack Systems Inc.) C:\Users\Administrator\Downloads\BlueStacks-SplitInstaller_native.exe
2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\NVIDIA
2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Bluestacks
2014-02-26 17:53 - 2013-09-04 12:43 - 00065184 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-26 17:49 - 2014-01-14 18:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TeamViewer

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Administrator\AppData\Local\Temp\hamachi[1].exe
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe
C:\Users\Administrator\AppData\Local\Temp\_is38BB.exe
C:\Users\Administrator\AppData\Local\Temp\_is5051.exe
C:\Users\Patrik\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-b2879jnks.dll
C:\Users\Patrik\AppData\Local\Temp\jna114883685745129520.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna1171981781797598678.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna1209255075411401630.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna1406460608305017024.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna1754964713553170129.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna1786369830316775443.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna1799450561922908339.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna1858966496871480007.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna224273009972411466.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna2244571356553203550.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna233369873421628547.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna2410639943530203191.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna2470036853226153286.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna2580976900361334399.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna2679975733977796924.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna2751789591295715763.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna3092896893470508079.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna3148515868751628192.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna3621691421065832835.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna3652667280830667712.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna3816286913880648034.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna4544823264106586215.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna4663761231667001156.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna4816268342654006562.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna4916862768548123213.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna4985909099265085395.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna5379041077397511301.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna5429880454353204383.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna5447190931593573632.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna5477068355618401835.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna5806010439583663518.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna5905348858530535132.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna5927110002941320916.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna6173670650123214419.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna6274670532390610494.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna6554462728952546946.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna6875680510268834722.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna7687073715495911056.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna768789706692340728.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8026998817664720112.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8377958837177055182.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8557452717958544260.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8588495855117834481.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8631584836972744411.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8699216473563722175.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8823025396137691071.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8921268283624943607.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna894739210834010363.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna9026893948041788916.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna9141171519816712679.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna9202816540881808333.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna994989799751676367.hunspell-win-x86-32.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-26 18:44

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Administrator at 2014-03-28 22:04:31
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7006 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7006 - CyberLink Corp.) Hidden
Acer Crystal Eye Webcam 3.0.6.3 (HKLM-x32\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 3.0.6.3 - SuYin)
Adobe Flash Player 12 Plugin (HKLM-x32\...\{9D32CD07-EA5C-4A79-B976-C0C7F975EDE4}) (Version: 12.0.0.77 - Adobe Systems Incorporated)
AVerMedia A850 USB DMB-TH 1.0.64.28 (HKLM-x32\...\AVerMedia A850 USB DMB-TH) (Version: 1.0.64.28 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV (HKLM-x32\...\InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.18 - AVerMedia Technologies, Inc.)
AVerTV (x32 Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden
BlueStacks Notification Center (HKLM-x32\...\{62763BAD-53A8-4C9F-B4CF-7CCABFEFD725}) (Version: 0.8.6.3059 - BlueStack Systems, Inc.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
ITECIR (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Launch Manager (HKLM-x32\...\LManager) (Version:  - )
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Family (HKLM-x32\...\NSM) (Version: 2.9.5.29 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.1.1.7 - Symantec Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.15.1 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)
Upgrade Kit (HKLM-x32\...\{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}) (Version: 1.00.3002 - Acer Inc.)
Validity Sensors software (HKLM\...\{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}) (Version: 2.8.120 - Validity Sensors, Inc.)
WinTimer 3.0 (HKLM\...\WinTimer 3) (Version:  - )

==================== Restore Points  =========================

26-02-2014 16:46:41 Removed BlueStacks Notification Center
26-02-2014 19:13:16 Installed Microsoft Network Monitor 3.4
26-02-2014 19:14:14 Installed Microsoft Network Monitor: NetworkMonitor Parsers 3.4
01-03-2014 11:14:25 Installed Microsoft Application Compatibility Toolkit 5.6
28-03-2014 19:46:06 Removed LogMeIn Hamachi

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-02-24 20:36 - 00000824 ____R C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2B426802-DDC2-41F4-807D-ACAF9732743F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {420C4F35-F72F-4652-A449-E9F6E00D103A} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {4477716C-3277-41DC-B8BE-3243EA19443D} - System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 => C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\tampmon.exe [2014-02-10] (Symantec Corporation)
Task: {46E5C194-7375-48A5-9B5D-CDAADF7B0FF7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\WSCStub.exe [2014-02-12] (Symantec Corporation)
Task: {84FB94CE-3E60-4ECD-896E-A3D186F7C67E} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe <==== ATTENTION
Task: {982D5B48-75F4-42AB-BECB-1185D8E186CE} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {A47BCF2E-A922-468E-BDC4-90DFCF0C50AC} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {B297DA38-E866-4D28-8E56-BD7FBCFDEDDA} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {DC75545A-8362-45DB-95D5-2F243F5FB878} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-02 20:29 - 2011-11-29 08:48 - 00442880 _____ () C:\Windows\system32\wlsppc.dll
2014-02-23 11:56 - 2014-02-08 18:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-04 16:39 - 2009-12-07 06:13 - 00397312 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2013-09-04 16:39 - 2009-08-01 02:06 - 00155648 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
2013-09-04 16:39 - 2009-12-30 11:47 - 00053248 _____ () C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL
2014-02-12 14:49 - 2012-05-29 19:21 - 00699280 ____R () C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\wincfi39.dll
2003-06-07 06:30 - 2003-06-07 06:30 - 00057344 _____ () C:\Program Files (x86)\Launch Manager\PowerUtl.dll
2014-03-28 20:00 - 2014-03-28 20:00 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2014 09:44:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ae7f
Name des fehlerhaften Moduls: upnp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9e5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001a249
ID des fehlerhaften Prozesses: 0x1310
Startzeit der fehlerhaften Anwendung: 0xwmpnetwk.exe0
Pfad der fehlerhaften Anwendung: wmpnetwk.exe1
Pfad des fehlerhaften Moduls: wmpnetwk.exe2
Berichtskennung: wmpnetwk.exe3

Error: (03/28/2014 09:23:25 PM) (Source: Schedule) (User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 09:05:39 PM) (Source: Schedule) (User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 08:55:22 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 08:55:05 PM) (Source: Schedule) (User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 07:58:16 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 07:57:51 PM) (Source: Schedule) (User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 02:02:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NF.exe, Version: 12.11.0.16, Zeitstempel: 0x524cbb5e
Name des fehlerhaften Moduls: WDJobs.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52f8ffb7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x73b0902b
ID des fehlerhaften Prozesses: 0x860
Startzeit der fehlerhaften Anwendung: 0xNF.exe0
Pfad der fehlerhaften Anwendung: NF.exe1
Pfad des fehlerhaften Moduls: NF.exe2
Berichtskennung: NF.exe3

Error: (03/27/2014 04:03:54 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/27/2014 04:03:32 PM) (Source: Schedule) (User: )
Description: Schedule error: 87Initialize call failed, bailing out


System errors:
=============
Error: (03/28/2014 10:00:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147024809

Error: (03/28/2014 10:00:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147024809

Error: (03/28/2014 09:59:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147024809

Error: (03/28/2014 09:59:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147024809

Error: (03/28/2014 09:59:03 PM) (Source: DCOM) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (03/28/2014 09:58:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147024809.

Error: (03/28/2014 09:58:33 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147942487.

Error: (03/28/2014 09:58:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147024809

Error: (03/28/2014 09:58:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147024809.

Error: (03/28/2014 09:58:26 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147942487.


Microsoft Office Sessions:
=========================
Error: (03/28/2014 09:44:44 PM) (Source: Application Error)(User: )
Description: wmpnetwk.exe12.0.7601.175144ce7ae7fupnp.dll6.1.7601.175144ce7c9e5c0000005000000000001a249131001cf4ac3a95b6141C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\upnp.dllcaa55902-b6b9-11e3-ab7e-0022fa1f9226

Error: (03/28/2014 09:23:25 PM) (Source: Schedule)(User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 09:05:39 PM) (Source: Schedule)(User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 08:55:22 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 08:55:05 PM) (Source: Schedule)(User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 07:58:16 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 07:57:51 PM) (Source: Schedule)(User: )
Description: Schedule error: 87Initialize call failed, bailing out

Error: (03/28/2014 02:02:36 PM) (Source: Application Error)(User: )
Description: NF.exe12.11.0.16524cbb5eWDJobs.dll_unloaded0.0.0.052f8ffb7c000000573b0902b86001cf49cdbb06cf35C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exeWDJobs.dll3b7a069b-b679-11e3-a764-0022fa1f9226

Error: (03/27/2014 04:03:54 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/27/2014 04:03:32 PM) (Source: Schedule)(User: )
Description: Schedule error: 87Initialize call failed, bailing out


==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 4092.96 MB
Available physical RAM: 1887.68 MB
Total Pagefile: 8184.1 MB
Available Pagefile: 5817.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:144.04 GB) (Free:93.49 GB) NTFS
Drive d: (DATA) (Fixed) (Total:141.04 GB) (Free:110.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (eworkbook_2_a) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4EBF5754)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=141 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Scan mit GMER

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-28 22:19:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB4O 298,09GB
Running: 5izoz6n9.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\axtiakoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                              fffff80002dff000 45 bytes [00, 00, 16, 00, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                              fffff80002dff02f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                      0000000072da11a8 2 bytes [DA, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                0000000072da13a8 2 bytes [DA, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                    0000000072da1422 2 bytes [DA, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19             0000000072da1498 2 bytes [DA, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195  0000000072cc1b41 2 bytes [CC, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362  0000000072cc1be8 2 bytes [CC, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418  0000000072cc1c20 2 bytes [CC, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596  0000000072cc1cd2 2 bytes [CC, 72]
.text     C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe[1796] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628  0000000072cc1cf2 2 bytes [CC, 72]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       0000000076431465 2 bytes [43, 76]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000764314bb 2 bytes [43, 76]
.text     ...                                                                                                                                             * 2
.text     C:\Program Files (x86)\BlueStacks\HD-Service.exe[972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                   0000000076431465 2 bytes [43, 76]
.text     C:\Program Files (x86)\BlueStacks\HD-Service.exe[972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                  00000000764314bb 2 bytes [43, 76]
.text     ...                                                                                                                                             * 2
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000076431465 2 bytes [43, 76]
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000764314bb 2 bytes [43, 76]
.text     ...                                                                                                                                             * 2
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000076431465 2 bytes [43, 76]
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000764314bb 2 bytes [43, 76]
.text     ...                                                                                                                                             * 2
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                            0000000077a3fcb0 5 bytes JMP 00000001001f091c
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                          0000000077a3fe14 5 bytes JMP 00000001001f0048
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                   0000000077a3fea8 5 bytes JMP 00000001001f02ee
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                0000000077a40004 5 bytes JMP 00000001001f04b2
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                        0000000077a40038 5 bytes JMP 00000001001f09fe
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                0000000077a40068 5 bytes JMP 00000001001f0ae0
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                             0000000077a40084 5 bytes JMP 0000000100020050
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                0000000077a4079c 5 bytes JMP 00000001001f012a
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                    0000000077a4088c 5 bytes JMP 00000001001f0758
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                              0000000077a408a4 5 bytes JMP 00000001001f0676
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                  0000000077a40df4 5 bytes JMP 00000001001f03d0
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                            0000000077a41920 5 bytes JMP 00000001001f0594
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                        0000000077a41be4 5 bytes JMP 00000001001f083a
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                               0000000077a41d70 5 bytes JMP 00000001001f020c
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                              000000007648524f 7 bytes JMP 00000001001f0f52
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                  00000000764853d0 7 bytes JMP 0000000100280210
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                 0000000076485677 1 byte JMP 0000000100280048
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                 0000000076485679 5 bytes {JMP 0xffffffff89dfa9d1}
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                        000000007648589a 7 bytes JMP 00000001001f0ca6
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                        0000000076485a1d 7 bytes JMP 00000001002803d8
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                   0000000076485c9b 7 bytes JMP 000000010028012c
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                     0000000076485d87 7 bytes JMP 00000001002802f4
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                    0000000076487240 7 bytes JMP 00000001001f0e6e
.text     C:\Users\Administrator\Downloads\5izoz6n9.exe[7780] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                   0000000075b41492 7 bytes JMP 00000001002804bc
---- Processes - GMER 2.1 ----

Library   \\DISKSTATION\TimeAnalyzer\tbaction.exe (*** suspicious ***) @ \\DISKSTATION\TimeAnalyzer\tbaction.exe [3500]                                   0000000000400000

---- EOF - GMER 2.1 ----

schrauber · 29.03.2014, 07:26

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Paprika1509 · 29.03.2014, 14:10

Code:

ATTFilter

ComboFix 14-03-24.01 - Administrator 29.03.2014  14:02:17.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4093.2184 [GMT 1:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUZIERTER FUNKTIONALITÄTSMODUS -
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\lollipop
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-02-28 bis 2014-03-29  ))))))))))))))))))))))))))))))
.
.
2014-03-29 13:04 . 2014-03-29 13:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-03-29 13:04 . 2014-03-29 13:04	--------	d-----w-	c:\users\Patrik\AppData\Local\temp
2014-03-28 21:03 . 2014-03-28 21:05	--------	d-----w-	C:\FRST
2014-03-28 20:50 . 2014-03-28 20:56	--------	d-----w-	c:\windows\system32\catroot2
2014-03-28 19:46 . 2013-09-10 02:47	78936	----a-r-	c:\windows\system32\drivers\SymIMV.sys
2014-03-28 19:36 . 2014-03-28 19:36	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-28 19:36 . 2014-03-28 19:36	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-03-28 19:36 . 2014-03-28 19:36	--------	d-----w-	c:\programdata\Malwarebytes
2014-03-28 19:36 . 2014-03-05 08:26	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-03-28 19:36 . 2014-03-05 08:26	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-03-28 19:36 . 2014-03-05 08:26	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-03-28 19:25 . 2014-03-28 19:25	--------	d-----w-	c:\programdata\Hewlett-Packard
2014-03-25 15:16 . 2014-03-25 15:16	--------	d-----w-	c:\windows\system32\drivers\NISx64\1502000.026
2014-03-14 15:25 . 2014-03-14 15:30	--------	d-----w-	c:\users\Administrator\AppData\Roaming\.minecraft
2014-03-02 19:50 . 2014-03-02 19:50	--------	d-----w-	c:\users\Administrator\AppData\Roaming\OpenOffice
2014-03-02 19:36 . 2014-03-02 19:36	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Cornelsen
2014-03-02 19:29 . 2014-03-08 14:15	--------	d-----w-	c:\program files\WinTimer
2014-03-02 19:29 . 2011-11-29 07:48	442880	----a-w-	c:\windows\system32\wlsppc.dll
2014-03-02 19:29 . 2011-11-29 07:27	2024960	----a-w-	c:\windows\system32\wtmconfig.exe
2014-03-02 19:29 . 2011-11-29 07:25	87552	----a-w-	c:\windows\system32\wtmtray.exe
2014-03-02 19:29 . 2011-11-29 07:24	92672	----a-w-	c:\windows\system32\wtmdeinstall.exe
2014-03-02 19:29 . 2011-11-29 07:23	257536	----a-w-	c:\windows\system32\wtmcore.exe
2014-03-02 10:38 . 2014-03-02 10:38	--------	d-----w-	c:\users\Patrik\AppData\Local\Skype
2014-03-01 11:27 . 2014-03-01 11:27	--------	d-----w-	c:\users\Administrator\AppData\Local\Microsoft Corporation
2014-03-01 11:27 . 2014-03-01 11:27	--------	d-----w-	c:\programdata\Microsoft Corporation
2014-03-01 11:14 . 2014-03-01 11:14	--------	d-----w-	c:\program files (x86)\Microsoft Application Compatibility Toolkit
2014-03-01 10:14 . 2014-03-28 21:10	--------	d-----w-	c:\programdata\Analyzer
2014-03-01 10:07 . 2014-03-01 10:07	--------	d-----w-	c:\users\Administrator\AppData\Local\Skype
2014-03-01 10:06 . 2014-03-01 10:06	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-03-01 10:06 . 2014-03-01 10:06	--------	d-----r-	c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-13 15:29 . 2013-09-04 15:33	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-13 15:29 . 2013-09-04 15:33	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-26 18:08 . 2013-09-04 13:12	177752	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-02-16 17:52 . 2013-10-15 11:44	88567024	----a-w-	c:\windows\system32\MRT.exe
2014-02-11 18:33 . 2014-02-26 18:08	875736	----a-r-	c:\windows\system32\drivers\NISx64\1501010.007\srtsp64.sys
2014-02-11 18:33 . 2014-02-26 18:08	36952	----a-r-	c:\windows\system32\drivers\NISx64\1501010.007\srtspx64.sys
2014-02-08 18:34 . 2014-02-23 10:56	61216	----a-w-	c:\windows\system32\OpenCL.dll
2014-02-08 18:34 . 2014-02-23 10:56	53024	----a-w-	c:\windows\SysWow64\OpenCL.dll
2014-02-08 18:34 . 2014-02-23 10:51	9690424	----a-w-	c:\windows\SysWow64\nvopencl.dll
2014-02-08 18:34 . 2014-02-23 10:51	18257576	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-02-08 18:34 . 2014-02-23 10:51	15740232	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2014-02-08 18:34 . 2014-02-23 10:51	11589272	----a-w-	c:\windows\system32\nvopencl.dll
2014-02-08 18:34 . 2014-02-23 10:51	892192	----a-w-	c:\windows\system32\NvIFR64.dll
2014-02-08 18:34 . 2014-02-23 10:51	863520	----a-w-	c:\windows\SysWow64\NvIFR.dll
2014-02-08 18:34 . 2014-02-23 10:51	31432480	----a-w-	c:\windows\system32\nvoglv64.dll
2014-02-08 18:34 . 2014-02-23 10:51	23683360	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2014-02-08 18:34 . 2014-02-23 10:51	12324640	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2014-02-08 18:34 . 2014-02-23 10:51	9728064	----a-w-	c:\windows\SysWow64\nvcuda.dll
2014-02-08 18:34 . 2014-02-23 10:51	875296	----a-w-	c:\windows\system32\NvFBC64.dll
2014-02-08 18:34 . 2014-02-23 10:51	844576	----a-w-	c:\windows\SysWow64\NvFBC.dll
2014-02-08 18:34 . 2014-02-23 10:51	3142432	----a-w-	c:\windows\system32\nvcuvid.dll
2014-02-08 18:34 . 2014-02-23 10:51	2956576	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2014-02-08 18:34 . 2014-02-23 10:51	2782496	----a-w-	c:\windows\system32\nvcuvenc.dll
2014-02-08 18:34 . 2014-02-23 10:51	2410784	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2014-02-08 18:34 . 2014-02-23 10:51	1885472	----a-w-	c:\windows\system32\nvdispco6433489.dll
2014-02-08 18:34 . 2014-02-23 10:51	17715784	----a-w-	c:\windows\system32\nvd3dumx.dll
2014-02-08 18:34 . 2014-02-23 10:51	1515296	----a-w-	c:\windows\system32\nvdispgenco6433489.dll
2014-02-08 18:34 . 2014-02-23 10:51	14669032	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-02-08 18:34 . 2014-02-23 10:51	11636176	----a-w-	c:\windows\system32\nvcuda.dll
2014-02-08 18:34 . 2014-02-23 10:51	3090184	----a-w-	c:\windows\system32\nvapi64.dll
2014-02-08 18:34 . 2014-02-23 10:51	2713728	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-02-08 18:34 . 2014-02-23 10:51	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2014-02-08 18:34 . 2014-02-23 10:51	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2014-02-08 17:42 . 2014-02-23 10:56	3498272	----a-w-	c:\windows\system32\nvsvc64.dll
2014-02-08 17:42 . 2014-02-23 10:56	6712608	----a-w-	c:\windows\system32\nvcpl.dll
2014-02-08 17:42 . 2014-02-23 10:56	923936	----a-w-	c:\windows\system32\nvvsvc.exe
2014-02-08 17:42 . 2014-02-23 10:56	63776	----a-w-	c:\windows\system32\nvshext.dll
2014-02-08 17:42 . 2014-02-23 10:56	2559776	----a-w-	c:\windows\system32\nvsvcr.dll
2014-02-08 17:42 . 2014-02-23 10:56	386336	----a-w-	c:\windows\system32\nvmctray.dll
2014-02-06 12:16 . 2014-02-13 16:54	23170048	----a-w-	c:\windows\system32\mshtml.dll
2014-02-06 11:30 . 2014-02-13 16:54	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-02-06 11:30 . 2014-02-13 16:54	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 . 2014-02-13 16:54	2765824	----a-w-	c:\windows\system32\iertutil.dll
2014-02-06 11:07 . 2014-02-13 16:54	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-02-06 11:06 . 2014-02-13 16:54	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-02-06 10:57 . 2014-02-13 16:54	53760	----a-w-	c:\windows\system32\jsproxy.dll
2014-02-06 10:56 . 2014-02-13 16:54	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-02-06 10:52 . 2014-02-13 16:54	574976	----a-w-	c:\windows\system32\ieui.dll
2014-02-06 10:49 . 2014-02-13 16:54	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-02-06 10:48 . 2014-02-13 16:54	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-02-06 10:48 . 2014-02-13 16:54	708608	----a-w-	c:\windows\system32\jscript9diag.dll
2014-02-06 10:32 . 2014-02-13 16:54	218624	----a-w-	c:\windows\system32\ie4uinit.exe
2014-02-06 10:20 . 2014-02-13 16:54	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-02-06 10:17 . 2014-02-13 16:54	195584	----a-w-	c:\windows\system32\msrating.dll
2014-02-06 10:11 . 2014-02-13 16:54	5768704	----a-w-	c:\windows\system32\jscript9.dll
2014-02-06 10:01 . 2014-02-13 16:54	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-02-06 10:00 . 2014-02-13 16:54	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:57 . 2014-02-13 16:54	627200	----a-w-	c:\windows\system32\msfeeds.dll
2014-02-06 09:50 . 2014-02-13 16:54	2041856	----a-w-	c:\windows\system32\inetcpl.cpl
2014-02-06 09:47 . 2014-02-13 16:54	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-02-06 09:46 . 2014-02-13 16:54	553472	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-02-06 09:25 . 2014-02-13 16:54	4244480	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-02-06 09:24 . 2014-02-13 16:54	2334208	----a-w-	c:\windows\system32\wininet.dll
2014-02-06 09:22 . 2014-02-13 16:54	13051392	----a-w-	c:\windows\system32\ieframe.dll
2014-02-06 09:09 . 2014-02-13 16:54	1964032	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-02-06 08:55 . 2014-02-13 16:54	1393664	----a-w-	c:\windows\system32\urlmon.dll
2014-02-06 08:41 . 2014-02-13 16:54	1820160	----a-w-	c:\windows\SysWow64\wininet.dll
2014-02-06 08:40 . 2014-02-13 16:54	817664	----a-w-	c:\windows\system32\ieapfltr.dll
2014-01-16 16:12 . 2014-01-16 16:12	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20924576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2008-06-16 809480]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-05 181480]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-02-18 815888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"*TampMon"="c:\program files (x86)\Norton Family\Engine\2.9.5.29\tampmon.exe" [2014-02-10 61792]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2013-9-4 155648]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2013-9-4 651264]
phase-6 Reminder.lnk - c:\program files (x86)\phase-6\phase-6\reminder\reminder.exe [2014-1-7 724992]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCommonGroups"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Family;c:\windows\System32\Drivers\NSMx64\0209050.01D\SymRdrS.SYS;c:\windows\SYSNATIVE\Drivers\NSMx64\0209050.01D\SymRdrS.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501010.007\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501010.007\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501010.007\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501010.007\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140319.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501010.007\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501010.007\ccSetx64.sys [x]
S1 ccSet_NSM;Norton Family Settings Manager;c:\windows\system32\drivers\NSMx64\0209050.01D\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSMx64\0209050.01D\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140328.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140328.001\IDSvia64.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501010.007\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501010.007\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501010.007\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501010.007\SYMNETS.SYS [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2013/09/04 14:45];c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl;c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [x]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe [x]
S2 NSM;Norton Family;c:\program files (x86)\Norton Family\Engine\2.9.5.29\NF.exe;c:\program files (x86)\Norton Family\Engine\2.9.5.29\NF.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe;c:\windows\SYSNATIVE\vfsFPService.exe [x]
S3 AVerAF15;AVerMedia A815;c:\windows\system32\Drivers\AVerAF15.sys;c:\windows\SYSNATIVE\Drivers\AVerAF15.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b8816fc-1552-11e3-93d7-806e6f6e6963}]
\shell\AutoRun\command - e:\.\Autorun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9420234-155a-11e3-8921-806e6f6e6963}]
\shell\AutoRun\command - E:\Start.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-04 15:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-TBAction - \\DISKSTATION\TimeAnalyzer\tbaction.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TBAction - \\DISKSTATION\TimeAnalyzer\tbaction.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.1.7\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSM]
"ImagePath"="\"c:\program files (x86)\Norton Family\Engine\2.9.5.29\NF.exe\" /s \"NSM\" /m \"c:\program files (x86)\Norton Family\Engine\2.9.5.29\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501010.007\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.1.7;c:\program files (x86)\Norton Internet Security\Engine64\21.1.1.7"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f3,f0,fa,
   63,2c,3d,25,0f,82,da,b9,f0,9f,0d,0f,d2
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,3b,1b,1e,c4,3b,
   7c,ca,1c,7b,0e,90,a9,d3,9a,c6,99,e2,10
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,3b,1b,94,f3,42,
   71,9b,3c,eb,0b,b4,e6,b2,22,8d,47,47,14
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,05,
   6a,c5,80,40,0a,ac,e3,92,9a,f3,9f,6b,5b
"{B8E07826-0971-4F16-B133-047B88034E89}"=hex:51,66,7a,6c,4c,1d,3b,1b,36,67,f1,
   a4,44,5f,7a,03,ab,3b,42,3b,8a,45,08,91
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d9,
   c7,70,f2,37,0f,a6,7c,da,65,c3,83,ce,b1
.
[HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"{11111111-1111-1111-1111-110311121157}"=""
"Timestamp"=hex:da,1c,77,6d,78,ac,ce,01
.
[HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,20,15,9d,fc,1d,d0,42,b9,a7,94,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,20,15,9d,fc,1d,d0,42,b9,a7,94,\
.
[HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1352531634-2534244058-2222343639-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item1]
@Denied: (2) (Administrator)
"Flag"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item2]
@Denied: (2) (Administrator)
"Flag"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item3]
@Denied: (2) (Administrator)
"Flag"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-03-29  14:07:02
ComboFix-quarantined-files.txt  2014-03-29 13:07
.
Vor Suchlauf: 13 Verzeichnis(se), 99.984.900.096 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 99.981.402.112 Bytes frei
.
- - End Of File - - FBB2B63AD2A33FCD030724759BE0D9DA
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 30.03.2014, 07:32

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Paprika1509 · 30.03.2014, 12:04

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 30.03.2014
Suchlauf-Zeit: 13:02:49
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.03.28.07
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Administrator

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 276081
Verstrichene Zeit: 33 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1352531634-2534244058-2222343639-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [17e9619f9b65a25e66e2127efe05a55b], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

# AdwCleaner v3.022 - Bericht erstellt am 30/03/2014 um 13:51:54
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Administrator - PATRIKS-LAPTOP
# Gestartet von : C:\Users\Administrator\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default\invalidprefs.js
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default\searchplugins\safesearch.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
Datei Gelöscht : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\53edfdeb73eea14
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\omigaplusSvc
Schlüssel Gelöscht : HKLM\Software\V9

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Patrik\AppData\Roaming\Mozilla\Firefox\Profiles\yiwdr1nt.default-1394203077012\prefs.js ]


[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3821 octets] - [30/03/2014 13:08:51]
AdwCleaner[S0].txt - [3241 octets] - [30/03/2014 13:51:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3301 octets] ##########

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Administrator (administrator) on PATRIKS-LAPTOP on 30-03-2014 13:57:49
Running from C:\Users\Administrator\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Validity Sensors, Inc.) C:\Windows\system32\vfsFPService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Tobias Süllhöfer Software) C:\Windows\system32\wtmcore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Neuber Software) \\DISKSTATION\TimeAnalyzer\tbaction.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [TBAction] - \\DISKSTATION\TimeAnalyzer\tbaction.exe [131504 2013-01-30] (Neuber Software)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [809480 2008-06-16] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-05] (Acer Corp.)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [815888 2014-02-18] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [TBAction] - \\DISKSTATION\TimeAnalyzer\tbaction.exe [131504 2013-01-30] (Neuber Software)
HKLM-x32\...\RunOnce: [*TampMon] - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\tampmon.exe [61792 2014-02-10] (Symantec Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe,wtmcore.exe
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\MountPoints2: {1b8816fc-1552-11e3-93d7-806e6f6e6963} - E:\.\Autorun.exe
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\MountPoints2: {e9420234-155a-11e3-8921-806e6f6e6963} - E:\Start.exe
GroupPolicyUsers\S-1-5-21-1352531634-2534244058-2222343639-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9A2A4B2768A9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.1.7\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.1.7\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9-x64 01 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 02 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 03 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 04 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 05 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 06 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 07 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 08 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 09 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 10 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 21 %windir%\system32\wlsppc.dll [442880] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\
FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-02-26]

==================== Services (Whitelisted) =================

R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-31] (AVerMedia)
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] ()
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [766736 2014-02-18] (BlueStack Systems, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe [276376 2014-02-12] (Symantec Corporation)
R2 NSM; C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe [570944 2014-02-10] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2009-06-03] (Validity Sensors, Inc.)
R2 vfsFPService; C:\Windows\SysWOW64\vfsFPService.exe [599344 2009-06-03] (Validity Sensors, Inc.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [311424 2009-05-22] (AVerMedia TECHNOLOGIES, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122128 2014-02-18] (BlueStack Systems)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501010.007\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0209050.01D\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 DritekPortIO; C:\Program Files (x86)\Launch Manager\DPortIO.sys [21264 2006-11-02] (Dritek System Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-26] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140328.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-03-30] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140329.002\ENG64.SYS [126040 2014-02-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140329.002\EX64.SYS [2099288 2014-02-26] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1501010.007\SRTSP64.SYS [875736 2014-02-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501010.007\SRTSPX64.SYS [36952 2014-02-11] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501010.007\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501010.007\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-26] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501010.007\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501010.007\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0209050.01D\SymRdrS.SYS [246488 2013-12-18] (Symantec Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2009-10-05] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-30 13:57 - 2014-03-30 13:57 - 00016567 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-03-30 13:08 - 2014-03-30 13:51 - 00000000 ____D () C:\AdwCleaner
2014-03-30 13:04 - 2014-03-30 13:05 - 00017859 _____ () C:\Users\Administrator\Desktop\mbam.txt
2014-03-30 12:23 - 2014-03-30 13:57 - 00000000 ____D () C:\Users\Administrator\Desktop\trojaner-board.de
2014-03-29 15:07 - 2014-03-29 15:07 - 00024658 _____ () C:\ComboFix.txt
2014-03-29 14:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-29 14:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-29 14:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-29 14:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-29 14:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-29 14:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-29 14:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-29 14:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-29 14:58 - 2014-03-29 15:07 - 00000000 ____D () C:\Qoobox
2014-03-29 14:57 - 2014-03-29 15:04 - 00000000 ____D () C:\Windows\erdnt
2014-03-28 23:08 - 2014-03-28 23:08 - 00380416 _____ () C:\Users\Administrator\Downloads\5izoz6n9.exe
2014-03-28 23:04 - 2014-03-28 23:05 - 00019533 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-03-28 23:03 - 2014-03-30 13:57 - 00000000 ____D () C:\FRST
2014-03-28 23:03 - 2014-03-28 23:05 - 00042500 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-03-28 23:03 - 2014-03-28 23:03 - 02157056 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-03-28 22:48 - 2014-03-28 22:48 - 00102495 _____ (Medion) C:\Users\Administrator\Downloads\Fix_Wup.exe
2014-03-28 21:46 - 2013-09-10 04:47 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2014-03-28 21:36 - 2014-03-30 12:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-28 21:36 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-28 21:36 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-28 21:36 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-28 21:35 - 2014-03-28 21:35 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 21:25 - 2014-03-28 21:25 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-03-28 21:25 - 2014-03-28 21:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-28 21:24 - 2014-03-28 21:24 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-03-28 21:24 - 2013-12-04 01:14 - 00601376 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll
2014-03-28 21:24 - 2013-12-04 01:14 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll
2014-03-28 21:24 - 2013-12-04 01:13 - 00217376 _____ (Hewlett-Packard) C:\Windows\system32\hpmml160.dll
2014-03-28 21:24 - 2013-12-04 01:13 - 00189728 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll
2014-03-28 21:24 - 2013-12-04 01:13 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp160.dll
2014-03-28 21:24 - 2013-12-04 01:13 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll
2014-03-28 21:24 - 2013-12-04 01:12 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja160.dll
2014-03-28 21:24 - 2013-12-04 01:11 - 00447264 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn160.dll
2014-03-28 21:24 - 2013-12-04 01:11 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll
2014-03-28 21:24 - 2013-12-04 01:07 - 00446240 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3160.dll
2014-03-28 21:24 - 2011-02-11 15:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll
2014-03-28 21:24 - 2011-02-11 15:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll
2014-03-28 21:24 - 2009-02-25 17:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll
2014-03-28 21:22 - 2014-03-28 21:23 - 18409760 _____ () C:\Users\Administrator\Downloads\upd-pcl6-x64-5.8.0.17508.exe
2014-03-28 21:00 - 2014-03-28 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Minesweeper - Verknüpfung.lnk
2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Hearts - Verknüpfung.lnk
2014-03-28 16:51 - 2014-03-28 16:51 - 00000622 _____ () C:\Users\Patrik\Desktop\Solitär - Verknüpfung.lnk
2014-03-28 16:51 - 2014-03-28 16:51 - 00000574 _____ () C:\Users\Patrik\Desktop\Chess Titans - Verknüpfung.lnk
2014-03-14 17:25 - 2014-03-14 17:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft
2014-03-11 17:07 - 2014-03-11 17:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (5)
2014-03-11 17:07 - 2014-03-11 17:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (4)
2014-03-11 17:06 - 2014-03-22 11:04 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner
2014-03-11 17:06 - 2014-03-11 17:08 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (3)
2014-03-11 17:06 - 2014-03-11 17:08 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (2)
2014-03-11 17:05 - 2014-03-22 11:03 - 00000000 ___RD () C:\Users\Patrik\Desktop\Neuer Aktenkoffer
2014-03-07 16:37 - 2014-03-07 16:37 - 00000000 ____D () C:\Users\Patrik\Desktop\Alte Firefox-Daten
2014-03-02 21:55 - 2014-03-02 21:56 - 00002679 _____ () C:\Users\Administrator\Desktop\1.pel
2014-03-02 21:50 - 2014-03-02 21:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\OpenOffice
2014-03-02 21:36 - 2014-03-02 21:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Cornelsen
2014-03-02 21:31 - 2014-03-02 21:31 - 00000000 _____ () C:\wlspinst.log
2014-03-02 21:29 - 2014-03-08 16:15 - 00000000 ____D () C:\Program Files\WinTimer
2014-03-02 21:29 - 2011-11-29 09:48 - 00442880 _____ () C:\Windows\system32\wlsppc.dll
2014-03-02 21:29 - 2011-11-29 09:27 - 02024960 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmconfig.exe
2014-03-02 21:29 - 2011-11-29 09:27 - 00073437 _____ () C:\Windows\system32\wtmconfig.chm
2014-03-02 21:29 - 2011-11-29 09:25 - 00087552 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmtray.exe
2014-03-02 21:29 - 2011-11-29 09:24 - 00092672 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmdeinstall.exe
2014-03-02 21:29 - 2011-11-29 09:23 - 00257536 _____ (Tobias Süllhöfer Software) C:\Windows\system32\wtmcore.exe
2014-03-02 12:51 - 2014-03-02 12:51 - 00001230 _____ () C:\Users\Patrik\Desktop\Calculator.lnk
2014-03-02 12:38 - 2014-03-02 12:38 - 00000000 ____D () C:\Users\Patrik\AppData\Local\Skype
2014-03-01 13:27 - 2014-03-01 13:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Corporation
2014-03-01 13:27 - 2014-03-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft Corporation
2014-03-01 13:21 - 2014-03-01 13:21 - 00000740 _____ () C:\Users\Administrator\CompAdmin_Datenbank.sdb
2014-03-01 13:14 - 2014-03-01 13:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Compatibility Toolkit
2014-03-01 13:13 - 2014-03-01 13:13 - 12812600 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\ApplicationCompatibilityToolkitSetup.exe
2014-03-01 13:01 - 2014-03-01 13:01 - 00001242 _____ () C:\Users\Patrik\Desktop\Paint.lnk
2014-03-01 12:14 - 2014-03-28 23:10 - 00000000 ____D () C:\ProgramData\Analyzer
2014-03-01 12:07 - 2014-03-01 12:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Skype
2014-03-01 12:06 - 2014-03-01 12:06 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-01 12:06 - 2014-03-01 12:06 - 00000000 ___RD () C:\Program Files (x86)\Skype

==================== One Month Modified Files and Folders =======

2014-03-30 13:58 - 2014-03-30 13:57 - 00016567 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-03-30 13:57 - 2014-03-30 12:23 - 00000000 ____D () C:\Users\Administrator\Desktop\trojaner-board.de
2014-03-30 13:57 - 2014-03-28 23:03 - 00000000 ____D () C:\FRST
2014-03-30 13:57 - 2013-10-15 14:35 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-03-30 13:56 - 2013-09-04 17:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-30 13:54 - 2014-02-26 20:15 - 00003410 _____ () C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9
2014-03-30 13:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-30 13:53 - 2009-07-14 06:51 - 00050305 _____ () C:\Windows\setupact.log
2014-03-30 13:52 - 2013-09-04 13:10 - 01557610 _____ () C:\Windows\WindowsUpdate.log
2014-03-30 13:51 - 2014-03-30 13:08 - 00000000 ____D () C:\AdwCleaner
2014-03-30 13:05 - 2014-03-30 13:04 - 00017859 _____ () C:\Users\Administrator\Desktop\mbam.txt
2014-03-30 12:58 - 2013-09-04 17:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-30 12:32 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 12:32 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 12:29 - 2014-03-28 21:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 12:29 - 2009-07-14 19:58 - 00698956 _____ () C:\Windows\system32\perfh007.dat
2014-03-30 12:29 - 2009-07-14 19:58 - 00149064 _____ () C:\Windows\system32\perfc007.dat
2014-03-30 12:29 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-30 10:55 - 2013-10-15 14:53 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Skype
2014-03-30 10:40 - 2013-09-04 14:10 - 00172746 _____ () C:\Windows\PFRO.log
2014-03-29 15:07 - 2014-03-29 15:07 - 00024658 _____ () C:\ComboFix.txt
2014-03-29 15:07 - 2014-03-29 14:58 - 00000000 ____D () C:\Qoobox
2014-03-29 15:07 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-29 15:04 - 2014-03-29 14:57 - 00000000 ____D () C:\Windows\erdnt
2014-03-29 15:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-28 23:10 - 2014-03-01 12:14 - 00000000 ____D () C:\ProgramData\Analyzer
2014-03-28 23:08 - 2014-03-28 23:08 - 00380416 _____ () C:\Users\Administrator\Downloads\5izoz6n9.exe
2014-03-28 23:05 - 2014-03-28 23:04 - 00019533 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-03-28 23:05 - 2014-03-28 23:03 - 00042500 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-03-28 23:03 - 2014-03-28 23:03 - 02157056 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-03-28 22:49 - 2014-01-14 18:27 - 00000680 __RSH () C:\Users\Administrator\ntuser.pol
2014-03-28 22:49 - 2013-09-04 13:39 - 00000000 ____D () C:\Users\Administrator
2014-03-28 22:48 - 2014-03-28 22:48 - 00102495 _____ (Medion) C:\Users\Administrator\Downloads\Fix_Wup.exe
2014-03-28 21:54 - 2013-09-04 14:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-28 21:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding
2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-28 21:35 - 2014-03-28 21:35 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 21:25 - 2014-03-28 21:25 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-03-28 21:25 - 2014-03-28 21:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-28 21:24 - 2014-03-28 21:24 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-03-28 21:23 - 2014-03-28 21:22 - 18409760 _____ () C:\Users\Administrator\Downloads\upd-pcl6-x64-5.8.0.17508.exe
2014-03-28 21:00 - 2014-03-28 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Minesweeper - Verknüpfung.lnk
2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Hearts - Verknüpfung.lnk
2014-03-28 16:51 - 2014-03-28 16:51 - 00000622 _____ () C:\Users\Patrik\Desktop\Solitär - Verknüpfung.lnk
2014-03-28 16:51 - 2014-03-28 16:51 - 00000574 _____ () C:\Users\Patrik\Desktop\Chess Titans - Verknüpfung.lnk
2014-03-27 17:05 - 2013-09-04 15:40 - 00000000 ____D () C:\Users\Patrik\AppData\Local\LogMeIn Hamachi
2014-03-26 15:51 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-25 17:16 - 2013-09-04 15:11 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-03-24 17:41 - 2013-09-04 16:21 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\.minecraft
2014-03-22 11:04 - 2014-03-11 17:06 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner
2014-03-22 11:03 - 2014-03-11 17:05 - 00000000 ___RD () C:\Users\Patrik\Desktop\Neuer Aktenkoffer
2014-03-20 19:06 - 2013-10-15 14:05 - 00000000 ____D () C:\Users\Patrik\AppData\Local\CrashDumps
2014-03-19 18:42 - 2013-10-18 12:43 - 00000000 ____D () C:\Users\Patrik\Desktop\Skins
2014-03-14 17:30 - 2014-03-14 17:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft
2014-03-13 17:29 - 2013-09-04 17:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 17:29 - 2013-09-04 17:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 17:08 - 2014-03-11 17:06 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (3)
2014-03-11 17:08 - 2014-03-11 17:06 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (2)
2014-03-11 17:07 - 2014-03-11 17:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (5)
2014-03-11 17:07 - 2014-03-11 17:07 - 00000000 ____D () C:\Users\Patrik\Desktop\Neuer Ordner (4)
2014-03-08 16:15 - 2014-03-02 21:29 - 00000000 ____D () C:\Program Files\WinTimer
2014-03-07 16:37 - 2014-03-07 16:37 - 00000000 ____D () C:\Users\Patrik\Desktop\Alte Firefox-Daten
2014-03-05 10:26 - 2014-03-28 21:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 10:26 - 2014-03-28 21:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 10:26 - 2014-03-28 21:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 13:16 - 2014-02-25 16:33 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\TeamViewer
2014-03-02 21:56 - 2014-03-02 21:55 - 00002679 _____ () C:\Users\Administrator\Desktop\1.pel
2014-03-02 21:50 - 2014-03-02 21:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\OpenOffice
2014-03-02 21:36 - 2014-03-02 21:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Cornelsen
2014-03-02 21:31 - 2014-03-02 21:31 - 00000000 _____ () C:\wlspinst.log
2014-03-02 12:54 - 2014-02-09 15:31 - 00000000 ____D () C:\Users\Patrik\Desktop\Skreenshots
2014-03-02 12:51 - 2014-03-02 12:51 - 00001230 _____ () C:\Users\Patrik\Desktop\Calculator.lnk
2014-03-02 12:38 - 2014-03-02 12:38 - 00000000 ____D () C:\Users\Patrik\AppData\Local\Skype
2014-03-01 13:27 - 2014-03-01 13:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Corporation
2014-03-01 13:27 - 2014-03-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft Corporation
2014-03-01 13:21 - 2014-03-01 13:21 - 00000740 _____ () C:\Users\Administrator\CompAdmin_Datenbank.sdb
2014-03-01 13:14 - 2014-03-01 13:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Compatibility Toolkit
2014-03-01 13:13 - 2014-03-01 13:13 - 12812600 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\ApplicationCompatibilityToolkitSetup.exe
2014-03-01 13:01 - 2014-03-01 13:01 - 00001242 _____ () C:\Users\Patrik\Desktop\Paint.lnk
2014-03-01 12:07 - 2014-03-01 12:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Skype
2014-03-01 12:07 - 2013-10-15 14:34 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 12:06 - 2014-03-01 12:06 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-01 12:06 - 2014-03-01 12:06 - 00000000 ___RD () C:\Program Files (x86)\Skype

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Patrik\AppData\Local\Temp\jna6179475853113028583.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8659652830429220834.hunspell-win-x86-32.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-26 19:44

==================== End Of Log ============================

--- --- ---

schrauber · 31.03.2014, 09:39

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Paprika1509 · 02.04.2014, 11:49

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=1
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=31ad342324da0a41b362c8dbab77650c
# engine=17718
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-02 09:54:51
# local_time=2014-04-02 11:54:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 88 65270 159029076 0 0
# compatibility_mode=5893 16776574 100 94 17775040 148062341 0 0
# scanned=176529
# found=0
# cleaned=0
# scan_time=14791

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.9016)   
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
 Mozilla Firefox (28.0) 
````````Process Check: objlist.exe by Laurent````````  
 ESET ESET Online Scanner OnlineScannerApp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Administrator (administrator) on PATRIKS-LAPTOP on 02-04-2014 12:45:47
Running from C:\Users\Administrator\Desktop\trojaner-board.de
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Validity Sensors, Inc.) C:\Windows\system32\vfsFPService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Tobias Süllhöfer Software) C:\Windows\system32\wtmcore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [TBAction] - \\DISKSTATION\TimeAnalyzer\tbaction.exe [131504 2013-01-30] (Neuber Software)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [809480 2008-06-16] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-05] (Acer Corp.)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [815888 2014-02-18] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [TBAction] - \\DISKSTATION\TimeAnalyzer\tbaction.exe [131504 2013-01-30] (Neuber Software)
HKLM-x32\...\RunOnce: [*TampMon] - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\tampmon.exe [61792 2014-02-10] (Symantec Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe,wtmcore.exe
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\MountPoints2: {1b8816fc-1552-11e3-93d7-806e6f6e6963} - E:\.\Autorun.exe
HKU\S-1-5-21-1352531634-2534244058-2222343639-500\...\MountPoints2: {e9420234-155a-11e3-8921-806e6f6e6963} - E:\Start.exe
GroupPolicyUsers\S-1-5-21-1352531634-2534244058-2222343639-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9A2A4B2768A9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9-x64 01 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 02 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 03 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 04 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 05 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 06 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 07 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 08 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 09 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 10 %windir%\system32\wlsppc.dll [442880] ()
Winsock: Catalog9-x64 21 %windir%\system32\wlsppc.dll [442880] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c1n8ui26.default
FF DefaultSearchEngine: Norton Safe Search
FF SelectedSearchEngine: Norton Safe Search
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\
FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-02-26]

==================== Services (Whitelisted) =================

R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-31] (AVerMedia)
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] ()
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [766736 2014-02-18] (BlueStack Systems, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 NSM; C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe [570944 2014-02-10] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2009-06-03] (Validity Sensors, Inc.)
R2 vfsFPService; C:\Windows\SysWOW64\vfsFPService.exe [599344 2009-06-03] (Validity Sensors, Inc.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [311424 2009-05-22] (AVerMedia TECHNOLOGIES, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122128 2014-02-18] (BlueStack Systems)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0209050.01D\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 DritekPortIO; C:\Program Files (x86)\Launch Manager\DPortIO.sys [21264 2006-11-02] (Dritek System Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-26] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140401.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-03-30] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140401.023\ENG64.SYS [126040 2014-02-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140401.023\EX64.SYS [2099288 2014-02-26] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2014-02-11] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-26] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0209050.01D\SymRdrS.SYS [246488 2013-12-18] (Symantec Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2009-10-05] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-02 07:45 - 2014-04-02 07:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-01 17:56 - 2014-04-01 17:56 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-04-01 17:40 - 2014-03-02 12:51 - 00001230 _____ () C:\Users\Patrik\Desktop\Calculator - Kopie.lnk
2014-04-01 16:21 - 2014-04-02 07:43 - 00003410 _____ () C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9
2014-03-31 17:32 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-31 17:32 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-30 14:47 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-30 14:47 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-30 14:47 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-30 14:47 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-30 14:47 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-30 14:47 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-30 14:47 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-30 14:47 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-30 14:47 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-03-30 14:47 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-03-30 14:47 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-30 14:47 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-30 14:47 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-30 14:47 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-30 14:47 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-30 14:47 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-03-30 14:44 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-30 14:44 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-03-30 13:08 - 2014-03-30 13:51 - 00000000 ____D () C:\AdwCleaner
2014-03-30 12:44 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 12:44 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 12:44 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-30 12:44 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-30 12:44 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-30 12:44 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-30 12:44 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-30 12:44 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-30 12:44 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-30 12:44 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-30 12:44 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-30 12:44 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-30 12:44 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 12:44 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-30 12:44 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-30 12:44 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 12:44 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-30 12:44 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-30 12:44 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-30 12:44 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-30 12:44 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-30 12:44 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-30 12:44 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-30 12:44 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-30 12:44 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-30 12:44 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-30 12:44 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-30 12:44 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-30 12:44 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-30 12:44 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-30 12:44 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-30 12:44 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-30 12:44 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-30 12:44 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-30 12:44 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-30 12:44 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-30 12:44 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-30 12:44 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-30 12:44 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-30 12:44 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-30 12:43 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-30 12:43 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-30 12:43 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-30 12:43 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-30 12:43 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-30 12:43 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-30 12:43 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-30 12:43 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-30 12:23 - 2014-04-02 12:45 - 00000000 ____D () C:\Users\Administrator\Desktop\trojaner-board.de
2014-03-29 15:07 - 2014-03-29 15:07 - 00024658 _____ () C:\ComboFix.txt
2014-03-29 14:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-29 14:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-29 14:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-29 14:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-29 14:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-29 14:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-29 14:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-29 14:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-29 14:58 - 2014-03-29 15:07 - 00000000 ____D () C:\Qoobox
2014-03-29 14:57 - 2014-03-29 15:04 - 00000000 ____D () C:\Windows\erdnt
2014-03-28 23:08 - 2014-03-28 23:08 - 00380416 _____ () C:\Users\Administrator\Downloads\5izoz6n9.exe
2014-03-28 23:04 - 2014-03-28 23:05 - 00019533 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-03-28 23:03 - 2014-04-02 12:45 - 00000000 ____D () C:\FRST
2014-03-28 23:03 - 2014-03-28 23:05 - 00042500 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-03-28 22:48 - 2014-03-28 22:48 - 00102495 _____ (Medion) C:\Users\Administrator\Downloads\Fix_Wup.exe
2014-03-28 21:46 - 2013-09-10 04:47 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2014-03-28 21:36 - 2014-03-30 12:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-28 21:36 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-28 21:36 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-28 21:36 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-28 21:35 - 2014-03-28 21:35 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 21:25 - 2014-03-28 21:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-28 21:24 - 2014-03-28 21:24 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-03-28 21:24 - 2013-12-04 01:14 - 00601376 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll
2014-03-28 21:24 - 2013-12-04 01:14 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll
2014-03-28 21:24 - 2013-12-04 01:13 - 00217376 _____ (Hewlett-Packard) C:\Windows\system32\hpmml160.dll
2014-03-28 21:24 - 2013-12-04 01:13 - 00189728 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll
2014-03-28 21:24 - 2013-12-04 01:13 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp160.dll
2014-03-28 21:24 - 2013-12-04 01:13 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll
2014-03-28 21:24 - 2013-12-04 01:12 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja160.dll
2014-03-28 21:24 - 2013-12-04 01:11 - 00447264 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn160.dll
2014-03-28 21:24 - 2013-12-04 01:11 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll
2014-03-28 21:24 - 2013-12-04 01:07 - 00446240 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3160.dll
2014-03-28 21:24 - 2011-02-11 15:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll
2014-03-28 21:24 - 2011-02-11 15:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll
2014-03-28 21:24 - 2009-02-25 17:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll
2014-03-28 21:22 - 2014-03-28 21:23 - 18409760 _____ () C:\Users\Administrator\Downloads\upd-pcl6-x64-5.8.0.17508.exe
2014-03-28 21:00 - 2014-03-28 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Minesweeper - Verknüpfung.lnk
2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Hearts - Verknüpfung.lnk
2014-03-28 16:51 - 2014-03-28 16:51 - 00000622 _____ () C:\Users\Patrik\Desktop\Solitär - Verknüpfung.lnk
2014-03-28 16:51 - 2014-03-28 16:51 - 00000574 _____ () C:\Users\Patrik\Desktop\Chess Titans - Verknüpfung.lnk
2014-03-14 17:25 - 2014-03-14 17:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft
2014-03-11 17:05 - 2014-03-22 11:03 - 00000000 ___RD () C:\Users\Patrik\Desktop\Neuer Aktenkoffer

==================== One Month Modified Files and Folders =======

2014-04-02 12:45 - 2014-03-30 12:23 - 00000000 ____D () C:\Users\Administrator\Desktop\trojaner-board.de
2014-04-02 12:45 - 2014-03-28 23:03 - 00000000 ____D () C:\FRST
2014-04-02 12:34 - 2013-09-04 13:10 - 01811983 _____ () C:\Windows\WindowsUpdate.log
2014-04-02 11:56 - 2013-09-04 17:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-02 07:49 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-02 07:49 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-02 07:45 - 2014-04-02 07:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-02 07:43 - 2014-04-01 16:21 - 00003410 _____ () C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9
2014-04-02 07:42 - 2013-10-15 14:35 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-04-02 07:42 - 2009-07-14 06:51 - 00051649 _____ () C:\Windows\setupact.log
2014-04-02 07:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 19:17 - 2013-09-04 16:21 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\.minecraft
2014-04-01 17:56 - 2014-04-01 17:56 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-04-01 17:46 - 2013-09-04 15:12 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-04-01 17:46 - 2013-09-04 15:11 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-04-01 17:44 - 2013-09-04 14:10 - 00173416 _____ () C:\Windows\PFRO.log
2014-04-01 16:46 - 2013-10-15 14:53 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Skype
2014-03-31 17:31 - 2009-07-14 19:58 - 00698956 _____ () C:\Windows\system32\perfh007.dat
2014-03-31 17:31 - 2009-07-14 19:58 - 00149064 _____ () C:\Windows\system32\perfc007.dat
2014-03-31 17:31 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-30 14:45 - 2013-10-15 13:44 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-30 14:45 - 2013-10-15 13:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-30 14:36 - 2009-07-14 06:45 - 00296864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-30 14:35 - 2013-12-24 12:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-30 14:35 - 2013-12-24 12:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-30 13:51 - 2014-03-30 13:08 - 00000000 ____D () C:\AdwCleaner
2014-03-30 12:58 - 2013-09-04 17:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-30 12:29 - 2014-03-28 21:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 15:07 - 2014-03-29 15:07 - 00024658 _____ () C:\ComboFix.txt
2014-03-29 15:07 - 2014-03-29 14:58 - 00000000 ____D () C:\Qoobox
2014-03-29 15:07 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-29 15:04 - 2014-03-29 14:57 - 00000000 ____D () C:\Windows\erdnt
2014-03-29 15:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-28 23:10 - 2014-03-01 12:14 - 00000000 ____D () C:\ProgramData\Analyzer
2014-03-28 23:08 - 2014-03-28 23:08 - 00380416 _____ () C:\Users\Administrator\Downloads\5izoz6n9.exe
2014-03-28 23:05 - 2014-03-28 23:04 - 00019533 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-03-28 23:05 - 2014-03-28 23:03 - 00042500 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-03-28 22:49 - 2014-01-14 18:27 - 00000680 __RSH () C:\Users\Administrator\ntuser.pol
2014-03-28 22:49 - 2013-09-04 13:39 - 00000000 ____D () C:\Users\Administrator
2014-03-28 22:48 - 2014-03-28 22:48 - 00102495 _____ (Medion) C:\Users\Administrator\Downloads\Fix_Wup.exe
2014-03-28 21:54 - 2013-09-04 14:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-28 21:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding
2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 21:36 - 2014-03-28 21:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-28 21:35 - 2014-03-28 21:35 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 21:25 - 2014-03-28 21:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-28 21:24 - 2014-03-28 21:24 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-03-28 21:23 - 2014-03-28 21:22 - 18409760 _____ () C:\Users\Administrator\Downloads\upd-pcl6-x64-5.8.0.17508.exe
2014-03-28 21:00 - 2014-03-28 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Minesweeper - Verknüpfung.lnk
2014-03-28 16:52 - 2014-03-28 16:52 - 00000136 _____ () C:\Users\Patrik\Desktop\Hearts - Verknüpfung.lnk
2014-03-28 16:51 - 2014-03-28 16:51 - 00000622 _____ () C:\Users\Patrik\Desktop\Solitär - Verknüpfung.lnk
2014-03-28 16:51 - 2014-03-28 16:51 - 00000574 _____ () C:\Users\Patrik\Desktop\Chess Titans - Verknüpfung.lnk
2014-03-27 17:05 - 2013-09-04 15:40 - 00000000 ____D () C:\Users\Patrik\AppData\Local\LogMeIn Hamachi
2014-03-26 15:51 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-22 11:03 - 2014-03-11 17:05 - 00000000 ___RD () C:\Users\Patrik\Desktop\Neuer Aktenkoffer
2014-03-20 19:06 - 2013-10-15 14:05 - 00000000 ____D () C:\Users\Patrik\AppData\Local\CrashDumps
2014-03-19 18:42 - 2013-10-18 12:43 - 00000000 ____D () C:\Users\Patrik\Desktop\Skins
2014-03-14 17:30 - 2014-03-14 17:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\.minecraft
2014-03-13 17:29 - 2013-09-04 17:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 17:29 - 2013-09-04 17:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-08 16:15 - 2014-03-02 21:29 - 00000000 ____D () C:\Program Files\WinTimer
2014-03-05 10:26 - 2014-03-28 21:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 10:26 - 2014-03-28 21:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 10:26 - 2014-03-28 21:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 13:16 - 2014-02-25 16:33 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\TeamViewer

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Patrik\AppData\Local\Temp\jna2099022344859018854.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna6179475853113028583.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8659652830429220834.hunspell-win-x86-32.dll
C:\Users\Patrik\AppData\Local\Temp\jna8850834196067963942.hunspell-win-x86-32.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-26 19:44

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Zitat:

Zitat von schrauber