Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.04.2014, 14:31   #1
Odin2013
 
Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf - Standard

Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf



Hallo,

am 02.04 wurde ich beim Surfen im www auf ein Seite umgeleitet bei der, im Vordergrund die Meldung kam „ die Polizei hat ihre Browserdaten gespeichert“ aus schreck habe ich die Seite nicht vollens gelesen und wollte dies sofort schließe, diese ließ sich jedoch nicht mehr schließe, so habe ich diese über den Task-Manager geschlossen. Den Browser hatte ich allerdings über die Sandbox offen.

Ich habe jetzt mehrfach versucht, meine Notebook mit meinem Vieren Scanner ( Norten 360) einen komplett Scan zu unterziehen aber er überspringt immer einige Dateien und beim Scannen der Festplatte D hängt er sich bei einem Ordner ( ich glaube bei World of Warplan) immer wieder auf so dass ich den Vierenscanner über den Task- Manager beenden muss.

Seit kurzem kommen beim Schließen des Browser auch ab und zu irgendwelche Fehler Meldung, habe diese bis jetzt aber noch nicht notiert gehabt.
Nach dem ich den Scan mit Gamer durchgeführt habe und ich meine Notebook neu starten wollte kam erst folgende Meldung „Die Anweisung in 0x71eb138e verweist auf Speicher 0x00000000.Der Vorgang read konnte nicht im Speicher durchgeführt werden. Zum Abrechen solle ich OK drücken“
Dieses habe ich auch gemacht. Das Notebook führ aber nicht ordnungsgemäß Herunter so dass ich durch längeres drücken der Einschalttaste das Notebook ausbekommen habe.

Vor ca. 3 Wochen hatte mein Sohn schon etwas ohne sein Wissen heruntergeladen, durch klicken auf irgendwelche spiele Seiten, aber ich glaube er hatte nichts installiert, bin mir da aber nicht sicher.
Danach hatte ich auf jeden Fall Problem WOT zu starten und gewisse mods zu installiere. Ich damals den Vierenscanner nicht laufen lassen, so kann ich nicht genau bestimme wann das Problem auftrat.

Ich freue mich auf schnelle Hilfe und bedanke mich schon mal im Voraus für ihr bemühen
MFG
Odin2013

Bei Defogger kam keine Fehler Meldungdefogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:04 on 06/04/2014 (Odin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Addution.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Odin at 2014-04-06 14:07:47
Running from C:\Users\Odin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version: - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.2602 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2626 - CyberLink Corp.) Hidden
diclovit's mod pack 1.10.6 (HKLM-x32\...\{28B1238E-1C18-4637-A2B7-95315E94EB29}_is1) (Version: 1.10.6 - diclovit)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.1505 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5.1 (DAN) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (dansk) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1030) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (ESN) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (FRA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (ITA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (NLD) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (PTG) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.127.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM-x32\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 6.4.1.14 - Symantec Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5925 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios)
Overwolf (HKLM-x32\...\{A7234617-513C-4292-A013-7DD915493BDA}) (Version: 0.49.305 - Overwolf)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6201 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Secure Banking Version 1.5.2 (HKLM-x32\...\{0BEE0AF9-79F3-4C4F-B374-90C0A16BF294}_is1) (Version: 1.5.2 - Hopfgartner Niklas)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
System Control Manager (HKLM-x32\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.210.0719.M007.01 - Micro-Star International Co., Ltd.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth (05/27/2009 6.1.7100.0) (HKLM\...\B24074592222CFC1B8ABF520F9089E49FB1763D7) (Version: 05/27/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Tanks - Common Test (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1) (Version: - Wargaming.net)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)

==================== Restore Points =========================


==================== Hosts content: ==========================



FRST.txt:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Odin (administrator) on ODIN-PC on 06-04-2014 14:07:07
Running from C:\Users\Odin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secure Banking) C:\Program Files (x86)\Secure Banking\SecureBanking.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Secure Banking\sbservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Wargaming.net) C:\Games\World_of_Tanks\WorldOfTanks.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
() C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-27] (Microsoft Corporation)
HKU\S-1-5-21-2478809043-2154460372-851361966-1001\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2478809043-2154460372-851361966-1001\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-2478809043-2154460372-851361966-1001\...\Run: [SecureBanking] - C:\Program Files (x86)\Secure Banking\SecureBanking.exe [507904 2013-06-30] (Secure Banking)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB
CHR Extension: (Google Docs) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-27]
CHR Extension: (Google Drive) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-27]
CHR Extension: (WOT) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-27]
CHR Extension: (YouTube) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-27]
CHR Extension: (Google-Suche) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-27]
CHR Extension: (Heroes & Generals) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-02-26]
CHR Extension: (Norton Identity Protection) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-12-27]
CHR Extension: (Google Wallet) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-27]
CHR Extension: (Google Mail) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2014-02-03]

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-01-30] (Overwolf LTD)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140404.001\IDSvia64.sys [525016 2014-03-24] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140405.003\ENG64.SYS [126040 2014-03-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140405.003\EX64.SYS [2099288 2014-03-27] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-12-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-06 14:07 - 2014-04-06 14:07 - 00012336 _____ () C:\Users\Odin\Downloads\FRST.txt
2014-04-06 14:06 - 2014-04-06 14:07 - 00000000 ____D () C:\FRST
2014-04-06 14:05 - 2014-04-06 14:06 - 02157056 _____ (Farbar) C:\Users\Odin\Downloads\FRST64.exe
2014-04-06 14:03 - 2014-04-06 14:04 - 00000470 _____ () C:\Users\Odin\Downloads\defogger_disable.log
2014-04-06 14:03 - 2014-04-06 14:03 - 00000000 _____ () C:\Users\Odin\defogger_reenable
2014-04-06 14:02 - 2014-04-06 14:02 - 00050477 _____ () C:\Users\Odin\Downloads\Defogger.exe
2014-04-05 17:41 - 2014-04-05 17:41 - 00002296 _____ () C:\{C05329E7-B55A-40D4-B4C3-564269EA5997}
2014-04-03 16:47 - 2014-03-14 11:24 - 08669040 _____ (Wargaming.net) C:\Users\Odin\Desktop\WOWpLauncher.exe
2014-04-02 10:25 - 2014-04-02 10:25 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner.exe
2014-04-01 12:05 - 2014-04-01 12:05 - 00000000 ____D () C:\Windows\Sun
2014-03-29 07:31 - 2014-03-29 07:32 - 14851176 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.6_setup.exe
2014-03-22 01:54 - 2014-03-22 01:55 - 00000000 ____D () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23
2014-03-22 01:54 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Desktop\New Folder
2014-03-22 00:12 - 2014-03-22 00:12 - 06782040 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.rar
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.ts3_plugin
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23 (1).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (2).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (1).ts3_plugin
2014-03-21 23:03 - 2014-03-21 23:03 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23.ts3_plugin
2014-03-21 22:15 - 2014-04-06 13:35 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\TS3Client
2014-03-21 22:15 - 2014-03-22 19:29 - 00001221 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-03-21 21:58 - 2014-03-21 21:58 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\Odin\Downloads\TeamSpeak3-Client-win64-3.0.14.exe
2014-03-21 21:03 - 2014-03-21 21:03 - 00003326 _____ () C:\Windows\System32\Tasks\{41328DD1-6DED-4075-B6D7-AE9CB59626B1}
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\ts3overlay
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\ProgramData\dbg
2014-03-20 21:49 - 2014-03-20 21:50 - 14843439 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.5_setup.exe
2014-03-20 15:55 - 2014-03-20 15:55 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-03-18 11:23 - 2014-03-04 16:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-18 11:23 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-16 22:04 - 2014-03-17 01:33 - 00006945 _____ () C:\Users\Odin\Downloads\Entwurf 2.04.odt
2014-03-13 20:38 - 2014-03-13 21:05 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-03-13 20:37 - 2014-03-13 20:58 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Origin
2014-03-13 20:37 - 2014-03-13 20:38 - 00000000 ____D () C:\Users\Odin\AppData\Local\Origin
2014-03-13 20:35 - 2014-03-13 21:05 - 00000000 ____D () C:\ProgramData\Origin
2014-03-13 20:35 - 2014-03-13 20:58 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-13 20:35 - 2014-03-13 20:35 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-03-13 20:35 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-13 20:34 - 2014-03-13 20:34 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Odin\Downloads\OriginThinSetup.exe
2014-03-13 10:51 - 2014-03-13 10:51 - 00574416 _____ () C:\Windows\Minidump\031314-19312-01.dmp
2014-03-13 08:27 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 08:27 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 08:27 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 08:27 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 08:27 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 08:27 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 08:27 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 08:27 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 08:27 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 08:27 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 08:27 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 08:27 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 08:27 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 08:27 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 08:27 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 08:27 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 08:27 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 08:27 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 08:27 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 08:27 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 08:27 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 08:27 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 08:27 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 08:27 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 08:27 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 08:27 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 08:27 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 08:27 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 08:27 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 08:27 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 08:27 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 08:27 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 08:27 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 08:27 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 08:27 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 08:27 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 08:27 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 08:27 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 08:27 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 08:27 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 08:27 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 08:27 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 08:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 08:27 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 08:26 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 08:26 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 08:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 08:26 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 12:37 - 2014-03-26 16:53 - 00000000 ____D () C:\Users\Odin\Documents\Panzer Noah
2014-03-09 19:55 - 2014-03-16 21:48 - 00150647 _____ () C:\Users\Odin\Downloads\Entwurf 2.03.odt
2014-03-09 19:27 - 2014-03-09 19:28 - 00149749 _____ () C:\Users\Odin\Downloads\Entwurf 2.02.odt
2014-03-09 19:26 - 2014-03-09 19:27 - 00149719 _____ () C:\Users\Odin\Downloads\Entwurf 2.01.odt
2014-03-09 14:39 - 2014-03-09 14:39 - 00109493 _____ () C:\Users\Odin\Downloads\CLAN AN SCHRIFFT 3.odt
2014-03-09 02:00 - 2014-03-09 02:00 - 00392718 _____ () C:\Users\Odin\Downloads\logo 2.psd
2014-03-07 14:39 - 2014-01-23 05:21 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-03-07 14:39 - 2014-01-23 05:21 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys

==================== One Month Modified Files and Folders =======

2014-04-06 14:07 - 2014-04-06 14:07 - 00012336 _____ () C:\Users\Odin\Downloads\FRST.txt
2014-04-06 14:07 - 2014-04-06 14:06 - 00000000 ____D () C:\FRST
2014-04-06 14:06 - 2014-04-06 14:05 - 02157056 _____ (Farbar) C:\Users\Odin\Downloads\FRST64.exe
2014-04-06 14:04 - 2014-04-06 14:03 - 00000470 _____ () C:\Users\Odin\Downloads\defogger_disable.log
2014-04-06 14:03 - 2014-04-06 14:03 - 00000000 _____ () C:\Users\Odin\defogger_reenable
2014-04-06 14:03 - 2013-12-27 07:33 - 00000000 ____D () C:\Users\Odin
2014-04-06 14:02 - 2014-04-06 14:02 - 00050477 _____ () C:\Users\Odin\Downloads\Defogger.exe
2014-04-06 13:58 - 2013-12-27 07:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-06 13:35 - 2014-03-21 22:15 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\TS3Client
2014-04-06 13:23 - 2013-12-27 18:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-06 10:02 - 2013-12-27 07:29 - 01789258 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 08:32 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 08:32 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 08:09 - 2010-05-12 10:18 - 01616898 _____ () C:\Windows\system32\perfh007.dat
2014-04-06 08:09 - 2010-05-12 10:18 - 00443276 _____ () C:\Windows\system32\perfc007.dat
2014-04-06 08:09 - 2009-07-14 07:13 - 00006452 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-06 08:04 - 2013-12-27 07:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-06 08:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 08:04 - 2009-07-14 06:51 - 00098206 _____ () C:\Windows\setupact.log
2014-04-05 23:31 - 2010-09-26 16:56 - 00152782 _____ () C:\Windows\PFRO.log
2014-04-05 17:41 - 2014-04-05 17:41 - 00002296 _____ () C:\{C05329E7-B55A-40D4-B4C3-564269EA5997}
2014-04-05 10:25 - 2013-12-27 19:29 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\SoftGrid Client
2014-04-03 19:47 - 2013-12-30 21:00 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2014-04-03 18:20 - 2014-01-30 16:59 - 00000000 ____D () C:\Users\Odin\Desktop\USB Stick
2014-04-02 20:25 - 2013-12-27 16:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-02 20:13 - 2013-12-27 17:52 - 00000000 ____D () C:\AdwCleaner
2014-04-02 10:25 - 2014-04-02 10:25 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner.exe
2014-04-01 20:54 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-01 12:05 - 2014-04-01 12:05 - 00000000 ____D () C:\Windows\Sun
2014-03-31 10:56 - 2013-12-27 18:47 - 00001632 _____ () C:\Windows\Sandboxie.ini
2014-03-29 15:53 - 2013-12-27 07:33 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 15:53 - 2013-12-27 07:33 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 07:32 - 2014-03-29 07:31 - 14851176 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.6_setup.exe
2014-03-26 16:53 - 2014-03-11 12:37 - 00000000 ____D () C:\Users\Odin\Documents\Panzer Noah
2014-03-23 19:21 - 2014-02-21 15:34 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-22 21:14 - 2014-01-05 19:08 - 00001198 _____ () C:\Windows\wmsetup.log
2014-03-22 19:29 - 2014-03-21 22:15 - 00001221 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-03-22 01:55 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23
2014-03-22 01:54 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Desktop\New Folder
2014-03-22 00:12 - 2014-03-22 00:12 - 06782040 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.rar
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.ts3_plugin
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23 (1).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (2).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (1).ts3_plugin
2014-03-21 23:03 - 2014-03-21 23:03 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23.ts3_plugin
2014-03-21 22:15 - 2013-12-27 17:38 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-21 21:58 - 2014-03-21 21:58 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\Odin\Downloads\TeamSpeak3-Client-win64-3.0.14.exe
2014-03-21 21:03 - 2014-03-21 21:03 - 00003326 _____ () C:\Windows\System32\Tasks\{41328DD1-6DED-4075-B6D7-AE9CB59626B1}
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\ts3overlay
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\ProgramData\dbg
2014-03-20 21:50 - 2014-03-20 21:49 - 14843439 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.5_setup.exe
2014-03-20 15:55 - 2014-03-20 15:55 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-03-19 20:01 - 2013-12-27 16:36 - 00000000 ____D () C:\Users\Odin\Desktop\Mod
2014-03-18 11:26 - 2010-09-26 16:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-17 01:33 - 2014-03-16 22:04 - 00006945 _____ () C:\Users\Odin\Downloads\Entwurf 2.04.odt
2014-03-17 00:20 - 2013-12-27 09:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-17 00:19 - 2010-09-26 15:42 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-16 21:48 - 2014-03-09 19:55 - 00150647 _____ () C:\Users\Odin\Downloads\Entwurf 2.03.odt
2014-03-14 11:24 - 2014-04-03 16:47 - 08669040 _____ (Wargaming.net) C:\Users\Odin\Desktop\WOWpLauncher.exe
2014-03-13 21:05 - 2014-03-13 20:38 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-03-13 21:05 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Origin
2014-03-13 20:58 - 2014-03-13 20:37 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Origin
2014-03-13 20:58 - 2014-03-13 20:35 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-13 20:38 - 2014-03-13 20:37 - 00000000 ____D () C:\Users\Odin\AppData\Local\Origin
2014-03-13 20:35 - 2014-03-13 20:35 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-03-13 20:35 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-13 20:34 - 2014-03-13 20:34 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Odin\Downloads\OriginThinSetup.exe
2014-03-13 18:20 - 2013-12-27 09:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 18:20 - 2013-12-27 09:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 18:20 - 2009-07-14 06:45 - 00276584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 10:51 - 2014-03-13 10:51 - 00574416 _____ () C:\Windows\Minidump\031314-19312-01.dmp
2014-03-13 10:51 - 2014-01-31 23:05 - 00000000 ____D () C:\Windows\Minidump
2014-03-12 19:23 - 2013-12-27 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 19:23 - 2013-12-27 18:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 19:23 - 2013-12-27 18:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 13:06 - 2014-01-01 02:34 - 00000000 ____D () C:\Users\Odin\AppData\Local\CrashDumps
2014-03-11 12:46 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-09 19:28 - 2014-03-09 19:27 - 00149749 _____ () C:\Users\Odin\Downloads\Entwurf 2.02.odt
2014-03-09 19:27 - 2014-03-09 19:26 - 00149719 _____ () C:\Users\Odin\Downloads\Entwurf 2.01.odt
2014-03-09 14:39 - 2014-03-09 14:39 - 00109493 _____ () C:\Users\Odin\Downloads\CLAN AN SCHRIFFT 3.odt
2014-03-09 02:00 - 2014-03-09 02:00 - 00392718 _____ () C:\Users\Odin\Downloads\logo 2.psd
2014-03-08 14:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-07 20:12 - 2013-12-27 10:57 - 00058408 _____ () C:\Users\Odin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-07 16:44 - 2014-01-01 22:37 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Skype
2014-03-07 14:40 - 2014-02-07 09:15 - 00002006 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk

Files to move or delete:
====================
C:\Users\Odin\dmp_1.10.4_setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-01 14:16

==================== End Of Log ============================


Gamer.txt:

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-06 14:33:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 SAMSUNG_ rev.AXM0 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\Odin\AppData\Local\Temp\pwldapog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033fe000 63 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff800033fe040 1 byte [01]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076511465 2 bytes [51, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765114bb 2 bytes [51, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076511465 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765114bb 2 bytes [51, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[6840] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960 000000002d105984 4 bytes [14, 71, E8, D5]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[6840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076511465 2 bytes [51, 76]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[6840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765114bb 2 bytes [51, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007740f9e0 5 bytes JMP 0000000161b36f86
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQueryObject 000000007740f9f8 5 bytes JMP 0000000161b3741f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 000000007740fa28 5 bytes JMP 0000000161b31027
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007740fa40 5 bytes JMP 0000000161b308b2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 000000007740fa90 5 bytes JMP 0000000161b3072c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007740faa8 5 bytes JMP 0000000161b3083a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 000000007740fb40 5 bytes JMP 0000000161b313d1
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007740fc38 5 bytes JMP 0000000161b353c5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 000000007740fd4c 5 bytes JMP 0000000161b306b4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007740fd64 5 bytes JMP 0000000161b359b5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007740fd98 5 bytes JMP 0000000161b34a3a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007740fe44 5 bytes JMP 0000000161b37001
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007740fe5c 5 bytes JMP 0000000161b35b37
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774100b4 5 bytes JMP 0000000161b357ed
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774101c4 5 bytes JMP 0000000161b3092a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000774109e4 5 bytes JMP 0000000161b355e0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000774109fc 5 bytes JMP 0000000161b2d7fa
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077410a44 5 bytes JMP 0000000161b2d8c8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077410b80 5 bytes JMP 0000000161b2d861
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077410f70 5 bytes JMP 0000000161b309a2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077410f88 5 bytes JMP 0000000161b30dff
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077411018 5 bytes JMP 0000000161b3112f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 000000007741133c 5 bytes JMP 0000000161b35bc7
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 000000007741147c 5 bytes JMP 0000000161b30d83
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077411528 5 bytes JMP 0000000161b37397
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077411718 5 bytes JMP 0000000161b2dd06
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077411a58 5 bytes JMP 0000000161b307b4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077411b9c 5 bytes JMP 0000000161b3712e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007631103d 5 bytes JMP 0000000161b09bba
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 0000000161b09cf8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!ReplaceFile 0000000076330dac 5 bytes JMP 0000000161b07e04
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007633c965 5 bytes JMP 0000000161b09f2e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!ReplaceFileA 000000007638eab9 5 bytes JMP 0000000161b07d24
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryW 0000000076390083 5 bytes JMP 0000000161b0a851
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryA 000000007639012b 5 bytes JMP 0000000161b0ab84
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076392c51 5 bytes JMP 0000000161b0a3f3
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!AllocConsole 00000000763b6afe 5 bytes JMP 0000000161b38595
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\kernel32.dll!AttachConsole 00000000763b6bc2 5 bytes JMP 0000000161b385a7
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751c2aa4 4 bytes JMP 0000000161b0ad8f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076428a29 5 bytes JMP 0000000161b3857d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007642d22e 5 bytes JMP 0000000161b38565
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007523d3c2 4 bytes JMP 0000000161b181eb
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\GDI32.dll!AddFontResourceA 000000007523d8cb 1 byte JMP 0000000161b181cf
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\GDI32.dll!AddFontResourceA + 2 000000007523d8cd 2 bytes [A8, 8D]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesW 0000000074fb1e3a 7 bytes JMP 0000000161b1b1d3
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW 0000000074fbb406 7 bytes JMP 0000000161b1c0f4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW 0000000074fd7897 7 bytes JMP 0000000161b1b87a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW 0000000074fd7953 7 bytes JMP 0000000161b1ba2b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA 0000000074fda37a 7 bytes JMP 0000000161b1c1ba
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000074ff2642 4 bytes JMP 0000000161b0a070
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA 0000000075011d74 7 bytes JMP 0000000161b1b932
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA 0000000075011e11 7 bytes JMP 0000000161b1bae3
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusA 0000000075012201 7 bytes JMP 0000000161b1c036
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesA 00000000750122e4 7 bytes JMP 0000000161b1b28a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusW 0000000075012401 4 bytes JMP 0000000161b1bf78
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!ControlService 0000000076254d5c 7 bytes JMP 0000000161b1b018
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000076254dc3 7 bytes JMP 0000000161b1b341
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatus 0000000076254e4b 7 bytes JMP 0000000161b1b0a4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatusEx 0000000076254eaf 7 bytes JMP 0000000161b1b137
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!StartServiceW 0000000076254f35 7 bytes JMP 0000000161b1ae93
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!StartServiceA 000000007625508d 7 bytes JMP 0000000161b1af29
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity 00000000762550f4 7 bytes JMP 0000000161b1be46
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076255181 7 bytes JMP 0000000161b1bee2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076255254 7 bytes JMP 0000000161b1b542
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762553d5 7 bytes JMP 0000000161b1b45d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762554c2 7 bytes JMP 0000000161b1b7e4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762555e2 7 bytes JMP 0000000161b1b74e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007625567c 7 bytes JMP 0000000161b1ac75
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007625589f 7 bytes JMP 0000000161b1ab9f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076255a22 7 bytes JMP 0000000161b1b3cf
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigA 0000000076255a83 7 bytes JMP 0000000161b1bc75
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW 0000000076255b29 7 bytes JMP 0000000161b1bbdc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA 0000000076255ca0 7 bytes JMP 0000000161b1a34f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!ControlServiceExW 0000000076255d8c 7 bytes JMP 0000000161b1a2d6
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerW 00000000762563ad 7 bytes JMP 0000000161b1a89d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerA 00000000762564f0 7 bytes JMP 0000000161b1a929
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2A 0000000076256633 7 bytes JMP 0000000161b1bdaa
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2W 000000007625680c 7 bytes JMP 0000000161b1bd0e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 000000007625714b 7 bytes JMP 0000000161b1aa12
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 0000000076257245 7 bytes JMP 0000000161b1aa9e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoRegisterPSClsid 00000000769ac56e 5 bytes JMP 0000000161b2196d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 00000000769aea09 7 bytes JMP 0000000161b21f3e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!OleRun 00000000769b07de 5 bytes JMP 0000000161b21df9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 00000000769b21e1 5 bytes JMP 0000000161b22a6e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!OleUninitialize 00000000769beba1 6 bytes JMP 0000000161b21d18
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!OleInitialize 00000000769befd7 5 bytes JMP 0000000161b21ca8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoGetPSClsid 00000000769c26b9 5 bytes JMP 0000000161b21ae5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000769d54ad 5 bytes JMP 0000000161b22ffc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoInitializeEx 00000000769e09ad 5 bytes JMP 0000000161b21b58
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoUninitialize 00000000769e86d3 5 bytes JMP 0000000161b21bda
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769e9d0b 5 bytes JMP 0000000161b242ca
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000769e9d4e 5 bytes JMP 0000000161b22405
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 0000000076a0bb09 7 bytes JMP 0000000161b21e69
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 0000000076a2eacf 5 bytes JMP 0000000161b213ca
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 0000000076a6340b 5 bytes JMP 0000000161b234bc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 0000000076aacfd9 5 bytes JMP 0000000161b21d83
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\oleaut32.dll!RegisterActiveObject 0000000076de279e 5 bytes JMP 0000000161b2165d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\oleaut32.dll!RevokeActiveObject 0000000076de3294 5 bytes JMP 0000000161b2177e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[764] C:\Windows\syswow64\oleaut32.dll!GetActiveObject 0000000076df8f40 5 bytes JMP 0000000161b217f1
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000772613a0 8 bytes JMP 000000016fff02b8
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772613b0 8 bytes JMP 000000016fff0838
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000772613d0 8 bytes JMP 000000016fff0158
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 00000000772613e0 8 bytes JMP 000000016fff04c8
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey 0000000077261410 8 bytes JMP 000000016fff03c0
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey 0000000077261420 8 bytes JMP 000000016fff0470
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077261480 1 byte JMP 000000016fff0310
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 2 0000000077261482 6 bytes {JMP 0xfffffffff8d8ee90}
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077261520 8 bytes JMP 000000016fff0aa0
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey 00000000772615d0 8 bytes JMP 000000016fff0368
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000772615e0 8 bytes JMP 000000016fff0890
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile 0000000077261600 8 bytes JMP 000000016fff0a48
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077261670 8 bytes JMP 000000016fff07e0
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077261680 8 bytes JMP 000000016fff0998
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077261800 8 bytes JMP 000000016fff08e8
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000772618b0 8 bytes JMP 000000016fff0520
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 0000000077261e00 8 bytes JMP 000000016fff0940
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 0000000077261e10 8 bytes JMP 000000016fff0208
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077261e40 8 bytes JMP 000000016fff0578
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtFlushKey 0000000077261f10 8 bytes JMP 000000016fff0260
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077262190 8 bytes JMP 000000016fff0680
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772621a0 8 bytes JMP 000000016fff06d8
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 0000000077262200 8 bytes JMP 000000016fff01b0
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077262410 8 bytes JMP 000000016fff09f0
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryMultipleValueKey 00000000772624e0 8 bytes JMP 000000016fff0628
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySecurityObject 0000000077262550 8 bytes JMP 000000016fff0730
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 0000000077262690 8 bytes JMP 000000016fff05d0
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationKey 00000000772628a0 8 bytes JMP 000000016fff0418
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 0000000077262970 8 bytes JMP 000000016fff0788
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000770fa420 12 bytes JMP 000000016fff0e10
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077111b50 12 bytes JMP 000000016fff0d08
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!SetDllDirectoryW 000000007713d890 6 bytes JMP 000000016fff0e68
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!SetDllDirectoryA 0000000077153380 6 bytes JMP 000000016fff0ec0
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!AttachConsole 0000000077175980 9 bytes JMP 000000016fff0c00
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!AllocConsole 0000000077175a70 9 bytes JMP 000000016fff0ba8
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!ReplaceFile 00000000771843c0 5 bytes JMP 000000016fff0cb0
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!ReplaceFileA 0000000077185140 7 bytes JMP 000000016fff0c58
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077188810 7 bytes JMP 000000016fff0d60
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\kernel32.dll!WinExec 0000000077188d50 7 bytes JMP 000000016fff0db8
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fefd3e14f0
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\GDI32.dll!AddFontResourceW 000007fefd4047e4 2 bytes JMP 000007fffd3e0838
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\GDI32.dll!AddFontResourceW + 3 000007fefd4047e7 2 bytes [FD, FF]
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\GDI32.dll!AddFontResourceA 000007fefd4190cc 5 bytes JMP 000007fffd3e07e0
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesW 000007fefd871460 5 bytes JMP 000007fffd3e0e68
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExW 000007fefd87eac0 7 bytes JMP 000007fffd3e0fc8
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameW 000007fefd895720 7 bytes JMP 000007fffd3e1128
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameW 000007fefd8957f0 7 bytes JMP 000007fffd3e1078
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefd8ba6f0 7 bytes JMP 000007fffd3e1498
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!EnumDependentServicesA 000007fefd8bd090 5 bytes JMP 000007fffd3e0ec0
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusExA 000007fefd8bd200 7 bytes JMP 000007fffd3e1020
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusA 000007fefd8bd400 7 bytes JMP 000007fffd3e0f70
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!EnumServicesStatusW 000007fefd8bd800 7 bytes JMP 000007fffd3e0f18
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!GetServiceDisplayNameA 000007fefd8bdb60 9 bytes JMP 000007fffd3e1180
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\ADVAPI32.dll!GetServiceKeyNameA 000007fefd8bdbf0 9 bytes JMP 000007fffd3e10d0
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefd46642c 9 bytes JMP 000007fffd3e0af8
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd466484 7 bytes JMP 000007fffd3e0940
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefd466518 7 bytes JMP 000007fffd3e09f0
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerW 000007fefd46659c 7 bytes JMP 000007fffd3e0890
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatus 000007fefd466730 7 bytes JMP 000007fffd3e13e8
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!QueryServiceStatusEx 000007fefd466784 6 bytes JMP 000007fffd3e1440
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!StartServiceW 000007fefd466824 9 bytes JMP 000007fffd3e0a48
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!OpenSCManagerA 000007fefd466aa4 7 bytes JMP 000007fffd3e08e8
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd466c34 7 bytes JMP 000007fffd3e0998
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!StartServiceA 000007fefd466d00 9 bytes JMP 000007fffd3e0aa0
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!QueryServiceObjectSecurity 000007fefd466d58 5 bytes JMP 000007fffd3e1338
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd466e00 1 byte JMP 000007fffd3e1390
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity + 2 000007fefd466e02 5 bytes {JMP 0xfffffffffff7a590}
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd466f2c 7 bytes JMP 000007fffd3e0d60
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd467220 7 bytes JMP 000007fffd3e0d08
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd46739c 7 bytes JMP 000007fffd3e0e10
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd467538 7 bytes JMP 000007fffd3e0db8
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd4675e8 7 bytes JMP 000007fffd3e0c58
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd46790c 7 bytes JMP 000007fffd3e0c00
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd467ab4 7 bytes JMP 000007fffd3e0cb0
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigA 000007fefd467b04 5 bytes JMP 000007fffd3e1230
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfigW 000007fefd467c34 5 bytes JMP 000007fffd3e11d8
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2A 000007fefd467d78 7 bytes JMP 000007fffd3e12e0
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!QueryServiceConfig2W 000007fefd468244 7 bytes JMP 000007fffd3e1288
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA 000007fefd468b00 7 bytes JMP 000007fffd3e0ba8
.text C:\Windows\splwow64.exe[6256] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW 000007fefd468c38 7 bytes JMP 000007fffd3e0b50
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\oleaut32.dll!RevokeActiveObject 000007fefedf6700 5 bytes JMP 000007fffd3e0418
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\oleaut32.dll!GetActiveObject 000007fefee0c1e0 5 bytes JMP 000007fffd3e0470
.text C:\Windows\splwow64.exe[6256] C:\Windows\system32\oleaut32.dll!RegisterActiveObject 000007fefee0c260 7 bytes JMP 000007fffd3e03c0

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd61e2844
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da2bfad
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd61e2844 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da2bfad (not active ControlSet)

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk1\DR1 unknown MBR code

---- EOF - GMER 2.1 ----

Alt 06.04.2014, 15:07   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf - Standard

Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 06.04.2014, 16:11   #3
Odin2013
 
Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf - Standard

Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf



Hi schrauber

soll ich dir die anderen Auswertungen auch noch mal in CODE.- Tags schicken?
Als ich combofix.exe laufen lassen habe, habe ich die Internetverbindung gekappt, fals das von Bedeutung ist

Hier die Auswertung:
Code:
ATTFilter
Hi,

soll ich dir die anderen Auswertungen auch noch mal  in CODE.- Tags schicken?
Als ich  combofix.exe laufen lassen habe, habe ich die Internetverbindung gekappt, fals das von Bedeutung ist

Hier die Auswertung:
         
Code:
ATTFilter
ComboFix 14-04-05.01 - Odin 06.04.2014  16:53:30.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6125.4715 [GMT 2:00]
ausgeführt von:: c:\users\Odin\Desktop\ComboFix.exe
AV: Norton 360 Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Odin\dmp_1.10.4_setup.exe
D:\Uninstall.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-06 bis 2014-04-06  ))))))))))))))))))))))))))))))
.
.
2014-04-06 14:57 . 2014-04-06 14:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-06 12:06 . 2014-04-06 12:08	--------	d-----w-	C:\FRST
2014-04-01 10:05 . 2014-04-01 10:05	--------	d-----w-	c:\windows\Sun
2014-03-21 20:15 . 2014-04-06 12:15	--------	d-----w-	c:\users\Odin\AppData\Roaming\TS3Client
2014-03-21 19:03 . 2014-03-21 19:03	--------	d-----w-	c:\users\Odin\AppData\Roaming\ts3overlay
2014-03-21 19:03 . 2014-03-21 19:03	--------	d-----w-	c:\programdata\dbg
2014-03-20 13:55 . 2014-03-20 13:55	--------	d-----w-	c:\users\Public\Sony Online Entertainment
2014-03-13 18:38 . 2014-03-13 19:05	--------	d-----w-	c:\program files (x86)\Origin Games
2014-03-13 18:37 . 2014-03-13 18:58	--------	d-----w-	c:\users\Odin\AppData\Roaming\Origin
2014-03-13 18:37 . 2014-03-13 18:38	--------	d-----w-	c:\users\Odin\AppData\Local\Origin
2014-03-13 18:35 . 2014-03-13 19:05	--------	d-----w-	c:\programdata\Origin
2014-03-13 18:35 . 2014-03-13 18:35	--------	d-----w-	c:\programdata\Electronic Arts
2014-03-13 18:35 . 2014-03-13 18:58	--------	d-----w-	c:\program files (x86)\Origin
2014-03-13 06:26 . 2014-02-04 02:32	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-03-13 06:26 . 2014-02-04 02:32	624128	----a-w-	c:\windows\system32\qedit.dll
2014-03-13 06:26 . 2014-02-04 02:04	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-03-13 06:26 . 2014-02-04 02:04	509440	----a-w-	c:\windows\SysWow64\qedit.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-16 22:19 . 2010-09-26 13:42	90015360	----a-w-	c:\windows\system32\MRT.exe
2014-03-12 17:23 . 2013-12-27 16:14	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 17:23 . 2013-12-27 16:14	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 14:35 . 2014-02-20 13:32	2715264	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2013-09-05 01:36	14709720	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2010-09-26 14:46	18302384	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2010-09-26 14:46	3093280	----a-w-	c:\windows\system32\nvapi64.dll
2014-03-04 13:06 . 2010-08-02 03:00	6714312	----a-w-	c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2010-08-02 03:00	3497816	----a-w-	c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2010-08-02 03:00	922968	----a-w-	c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2010-08-02 03:00	2558808	----a-w-	c:\windows\system32\nvsvcr.dll
2014-03-04 13:05 . 2010-08-02 02:00	64968	----a-w-	c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2010-08-02 03:00	386336	----a-w-	c:\windows\system32\nvmctray.dll
2014-02-08 18:34 . 2014-02-20 13:32	1885472	----a-w-	c:\windows\system32\nvdispco6433489.dll
2014-02-08 18:34 . 2014-02-20 13:32	1515296	----a-w-	c:\windows\system32\nvdispgenco6433489.dll
2014-02-05 09:31 . 2014-02-20 13:36	1048152	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-02-05 09:30 . 2014-02-20 13:36	1179576	----a-w-	c:\windows\system32\nvspcap64.dll
2014-01-29 16:04 . 2014-01-29 16:04	312744	----a-w-	c:\windows\system32\javaws.exe
2014-01-29 16:04 . 2014-01-29 16:04	189352	----a-w-	c:\windows\system32\javaw.exe
2014-01-29 16:04 . 2014-01-29 16:04	189352	----a-w-	c:\windows\system32\java.exe
2014-01-29 16:04 . 2014-01-29 16:04	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-29 16:03 . 2014-01-29 16:03	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-23 03:21 . 2014-03-07 12:39	206080	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2014-01-23 03:21 . 2014-03-07 12:39	108800	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2014-01-09 02:22 . 2014-02-26 07:47	5694464	----a-w-	c:\windows\SysWow64\mstscax.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecureBanking"="c:\program files (x86)\Secure Banking\SecureBanking.exe" [2013-06-30 507904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-3 1082144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
2;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140319.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140404.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140404.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\0604010.00E\SYMNETS.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe;c:\program files (x86)\System Control Manager\MSIService.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 19:51	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-27 17:23]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-27 05:33]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-27 05:33]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-BsScanner
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Steam - c:\program files (x86)\Steam\uninstall.exe
AddRemove-Steam App 104900 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 241540 - c:\program files (x86)\Steam\steam.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1 - d:\wot test\World_of_Tanks_CT\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-06  16:58:34
ComboFix-quarantined-files.txt  2014-04-06 14:58
.
Vor Suchlauf: 13 Verzeichnis(se), 10.663.354.368 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 10.526.371.840 Bytes frei
.
- - End Of File - - 4A1B3CB58AA3182CDF2A02CD1538A466
         
__________________

Alt 07.04.2014, 12:55   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf - Standard

Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf



Internet bitte nicht kappen.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.04.2014, 19:54   #5
Odin2013
 
Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf - Standard

Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf



So habe jetzt alles gemacht, auch noch mal nenn neuen comboifix.exe mit bestehender Internetverbindung 2-mal das erste Mal normal und das 2te-mal als Administrator, hoffe das war recht?!? Also ich die jetzt öffnen und dir Posten wollte kam folgende Meldung

„ Die Version dieser Datei ist nicht mit der ausgeführten Windows-Version kompatibel. Öffnen Sie die Systeminformationen des Computers, um zu überprüfen, ob eine x86-(32 Bit)- oder eine x64-(64 Bit(- Version des Programms erforderlich ist, und wenden Sie dich anschließend an der Herausgeber der Software.“

Viele Grüße

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 08.04.2014
Suchlauf-Zeit: 19:56:30
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.08.06
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Odin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 255023
Verstrichene Zeit: 8 Min, 55 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 08/04/2014 um 20:06:28
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Odin - ODIN-PC
# Gestartet von : C:\Users\Odin\Downloads\adwcleaner (1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [789 octets] - [30/01/2014 00:03:48]
AdwCleaner[R1].txt - [2052 octets] - [20/03/2014 21:45:28]
AdwCleaner[R2].txt - [973 octets] - [20/03/2014 21:48:19]
AdwCleaner[R3].txt - [1032 octets] - [02/04/2014 10:25:54]
AdwCleaner[R4].txt - [1093 octets] - [02/04/2014 20:12:54]
AdwCleaner[R5].txt - [1217 octets] - [08/04/2014 20:05:14]
AdwCleaner[S0].txt - [2058 octets] - [20/03/2014 21:47:01]
AdwCleaner[S1].txt - [1155 octets] - [02/04/2014 20:13:43]
AdwCleaner[S2].txt - [1139 octets] - [08/04/2014 20:06:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1199 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Odin on 08.04.2014 at 20:12:56,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.04.2014 at 20:20:20,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Odin (administrator) on ODIN-PC on 08-04-2014 20:28:18
Running from C:\Users\Odin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Secure Banking) C:\Program Files (x86)\Secure Banking\SecureBanking.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-21-2478809043-2154460372-851361966-1001\...\Run: [SecureBanking] - C:\Program Files (x86)\Secure Banking\SecureBanking.exe [507904 2013-06-30] (Secure Banking)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB
CHR Extension: (Google Docs) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-27]
CHR Extension: (Google Drive) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-27]
CHR Extension: (WOT) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-27]
CHR Extension: (YouTube) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-27]
CHR Extension: (Google-Suche) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-27]
CHR Extension: (Heroes & Generals) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-02-26]
CHR Extension: (Norton Identity Protection) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-12-27]
CHR Extension: (Google Wallet) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-27]
CHR Extension: (Google Mail) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2014-02-03]

==================== Services (Whitelisted) =================

S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-01-30] (Overwolf LTD)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140405.001\IDSvia64.sys [525016 2014-03-24] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140407.024\ENG64.SYS [126040 2014-03-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140407.024\EX64.SYS [2099288 2014-03-27] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-12-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-08 20:20 - 2014-04-08 20:21 - 00000624 _____ () C:\Users\Odin\Desktop\JRT.txt
2014-04-08 20:12 - 2014-04-08 20:12 - 01016261 _____ (Thisisu) C:\Users\Odin\Downloads\JRT.exe
2014-04-08 20:08 - 2014-04-08 20:08 - 00001279 _____ () C:\Users\Odin\Desktop\AdwCleaner[S2].txt
2014-04-08 20:04 - 2014-04-08 20:04 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner (1).exe
2014-04-08 20:02 - 2014-04-08 20:02 - 00001145 _____ () C:\Users\Odin\Desktop\mbam.txt
2014-04-08 19:45 - 2014-04-08 20:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 19:44 - 2014-04-08 19:44 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-08 19:44 - 2014-04-08 19:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-08 19:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-08 19:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-08 19:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-08 19:43 - 2014-04-08 19:43 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Odin\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 19:38 - 2014-04-08 19:38 - 00015393 _____ () C:\Users\Odin\Desktop\ComboFix3.exe
2014-04-08 19:37 - 2014-04-08 19:37 - 00015393 _____ () C:\ComboFix.txt
2014-04-08 19:31 - 2014-04-08 19:31 - 00015409 _____ () C:\Users\Odin\Desktop\ComboFix2.exe
2014-04-08 13:17 - 2014-04-08 13:18 - 00001534 _____ () C:\Users\Odin\Desktop\WOWpLauncher.log
2014-04-08 13:17 - 2014-04-08 13:17 - 00000600 ____N () C:\Users\Odin\Desktop\WOWpLauncher.cfg
2014-04-08 13:17 - 2014-04-08 13:17 - 00000000 ____D () C:\Users\Odin\Desktop\Updates
2014-04-07 16:47 - 2014-04-07 16:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Odin\Downloads\UnityWebPlayer.exe
2014-04-06 16:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-06 16:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-06 16:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-06 16:42 - 2014-04-08 19:37 - 00000000 ____D () C:\Qoobox
2014-04-06 16:42 - 2014-04-06 16:57 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 16:38 - 2014-04-08 19:23 - 05194596 ____R (Swearware) C:\Users\Odin\Desktop\ComboFix.exe
2014-04-06 14:33 - 2014-04-06 14:33 - 00057150 _____ () C:\Users\Odin\Desktop\Gamer.txt.log
2014-04-06 14:19 - 2014-04-06 14:19 - 00380416 _____ () C:\Users\Odin\Downloads\Gmer-19357.exe
2014-04-06 14:15 - 2014-04-06 14:15 - 00030568 _____ () C:\Users\Odin\Desktop\Addition.txt
2014-04-06 14:07 - 2014-04-08 20:28 - 00010999 _____ () C:\Users\Odin\Downloads\FRST.txt
2014-04-06 14:07 - 2014-04-06 14:08 - 00030568 _____ () C:\Users\Odin\Downloads\Addition.txt
2014-04-06 14:06 - 2014-04-08 20:28 - 00000000 ____D () C:\FRST
2014-04-06 14:05 - 2014-04-06 14:06 - 02157056 _____ (Farbar) C:\Users\Odin\Downloads\FRST64.exe
2014-04-06 14:03 - 2014-04-06 14:04 - 00000470 _____ () C:\Users\Odin\Downloads\defogger_disable.log
2014-04-06 14:03 - 2014-04-06 14:03 - 00000000 _____ () C:\Users\Odin\defogger_reenable
2014-04-06 14:02 - 2014-04-06 14:02 - 00050477 _____ () C:\Users\Odin\Downloads\Defogger.exe
2014-04-05 17:41 - 2014-04-05 17:41 - 00002296 _____ () C:\{C05329E7-B55A-40D4-B4C3-564269EA5997}
2014-04-02 10:25 - 2014-04-02 10:25 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner.exe
2014-04-01 12:05 - 2014-04-01 12:05 - 00000000 ____D () C:\Windows\Sun
2014-03-29 07:31 - 2014-03-29 07:32 - 14851176 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.6_setup.exe
2014-03-22 01:54 - 2014-03-22 01:55 - 00000000 ____D () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23
2014-03-22 01:54 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Desktop\New Folder
2014-03-22 00:12 - 2014-03-22 00:12 - 06782040 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.rar
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.ts3_plugin
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23 (1).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (2).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (1).ts3_plugin
2014-03-21 23:03 - 2014-03-21 23:03 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23.ts3_plugin
2014-03-21 22:15 - 2014-04-08 17:19 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\TS3Client
2014-03-21 22:15 - 2014-03-22 19:29 - 00001221 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-03-21 21:58 - 2014-03-21 21:58 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\Odin\Downloads\TeamSpeak3-Client-win64-3.0.14.exe
2014-03-21 21:03 - 2014-03-21 21:03 - 00003326 _____ () C:\Windows\System32\Tasks\{41328DD1-6DED-4075-B6D7-AE9CB59626B1}
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\ts3overlay
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\ProgramData\dbg
2014-03-20 21:49 - 2014-03-20 21:50 - 14843439 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.5_setup.exe
2014-03-20 15:55 - 2014-03-20 15:55 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-03-18 11:23 - 2014-03-04 16:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-18 11:23 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-16 22:04 - 2014-03-17 01:33 - 00006945 _____ () C:\Users\Odin\Downloads\Entwurf 2.04.odt
2014-03-13 20:38 - 2014-03-13 21:05 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-03-13 20:37 - 2014-03-13 20:58 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Origin
2014-03-13 20:37 - 2014-03-13 20:38 - 00000000 ____D () C:\Users\Odin\AppData\Local\Origin
2014-03-13 20:35 - 2014-03-13 21:05 - 00000000 ____D () C:\ProgramData\Origin
2014-03-13 20:35 - 2014-03-13 20:58 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-13 20:35 - 2014-03-13 20:35 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-03-13 20:35 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-13 20:34 - 2014-03-13 20:34 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Odin\Downloads\OriginThinSetup.exe
2014-03-13 10:51 - 2014-03-13 10:51 - 00574416 _____ () C:\Windows\Minidump\031314-19312-01.dmp
2014-03-13 08:27 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 08:27 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 08:27 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 08:27 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 08:27 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 08:27 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 08:27 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 08:27 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 08:27 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 08:27 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 08:27 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 08:27 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 08:27 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 08:27 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 08:27 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 08:27 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 08:27 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 08:27 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 08:27 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 08:27 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 08:27 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 08:27 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 08:27 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 08:27 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 08:27 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 08:27 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 08:27 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 08:27 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 08:27 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 08:27 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 08:27 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 08:27 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 08:27 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 08:27 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 08:27 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 08:27 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 08:27 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 08:27 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 08:27 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 08:27 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 08:27 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 08:27 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 08:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 08:27 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 08:26 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 08:26 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 08:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 08:26 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 12:37 - 2014-03-26 16:53 - 00000000 ____D () C:\Users\Odin\Documents\Panzer Noah
2014-03-09 19:55 - 2014-03-16 21:48 - 00150647 _____ () C:\Users\Odin\Downloads\Entwurf 2.03.odt
2014-03-09 19:27 - 2014-03-09 19:28 - 00149749 _____ () C:\Users\Odin\Downloads\Entwurf 2.02.odt
2014-03-09 19:26 - 2014-03-09 19:27 - 00149719 _____ () C:\Users\Odin\Downloads\Entwurf 2.01.odt
2014-03-09 14:39 - 2014-03-09 14:39 - 00109493 _____ () C:\Users\Odin\Downloads\CLAN AN SCHRIFFT 3.odt
2014-03-09 02:00 - 2014-03-09 02:00 - 00392718 _____ () C:\Users\Odin\Downloads\logo 2.psd

==================== One Month Modified Files and Folders =======

2014-04-08 20:28 - 2014-04-06 14:07 - 00010999 _____ () C:\Users\Odin\Downloads\FRST.txt
2014-04-08 20:28 - 2014-04-06 14:06 - 00000000 ____D () C:\FRST
2014-04-08 20:23 - 2013-12-27 18:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 20:21 - 2014-04-08 20:20 - 00000624 _____ () C:\Users\Odin\Desktop\JRT.txt
2014-04-08 20:15 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 20:15 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 20:12 - 2014-04-08 20:12 - 01016261 _____ (Thisisu) C:\Users\Odin\Downloads\JRT.exe
2014-04-08 20:12 - 2013-12-27 17:49 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 20:11 - 2010-05-12 10:18 - 01853570 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 20:11 - 2010-05-12 10:18 - 00519052 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 20:11 - 2009-07-14 07:13 - 00006452 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 20:09 - 2014-04-08 19:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 20:08 - 2014-04-08 20:08 - 00001279 _____ () C:\Users\Odin\Desktop\AdwCleaner[S2].txt
2014-04-08 20:07 - 2013-12-27 07:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 20:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 20:07 - 2009-07-14 06:51 - 00101286 _____ () C:\Windows\setupact.log
2014-04-08 20:06 - 2013-12-27 17:52 - 00000000 ____D () C:\AdwCleaner
2014-04-08 20:06 - 2013-12-27 07:29 - 01877536 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 20:04 - 2014-04-08 20:04 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner (1).exe
2014-04-08 20:02 - 2014-04-08 20:02 - 00001145 _____ () C:\Users\Odin\Desktop\mbam.txt
2014-04-08 19:58 - 2013-12-27 07:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 19:44 - 2014-04-08 19:44 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-08 19:44 - 2014-04-08 19:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-08 19:44 - 2013-12-27 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 19:43 - 2014-04-08 19:43 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Odin\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 19:38 - 2014-04-08 19:38 - 00015393 _____ () C:\Users\Odin\Desktop\ComboFix3.exe
2014-04-08 19:38 - 2010-09-26 16:56 - 00154310 _____ () C:\Windows\PFRO.log
2014-04-08 19:37 - 2014-04-08 19:37 - 00015393 _____ () C:\ComboFix.txt
2014-04-08 19:37 - 2014-04-06 16:42 - 00000000 ____D () C:\Qoobox
2014-04-08 19:36 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-08 19:31 - 2014-04-08 19:31 - 00015409 _____ () C:\Users\Odin\Desktop\ComboFix2.exe
2014-04-08 19:23 - 2014-04-06 16:38 - 05194596 ____R (Swearware) C:\Users\Odin\Desktop\ComboFix.exe
2014-04-08 17:19 - 2014-03-21 22:15 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\TS3Client
2014-04-08 13:18 - 2014-04-08 13:17 - 00001534 _____ () C:\Users\Odin\Desktop\WOWpLauncher.log
2014-04-08 13:17 - 2014-04-08 13:17 - 00000600 ____N () C:\Users\Odin\Desktop\WOWpLauncher.cfg
2014-04-08 13:17 - 2014-04-08 13:17 - 00000000 ____D () C:\Users\Odin\Desktop\Updates
2014-04-07 16:47 - 2014-04-07 16:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Odin\Downloads\UnityWebPlayer.exe
2014-04-07 07:43 - 2013-12-27 19:29 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\SoftGrid Client
2014-04-07 07:22 - 2014-01-30 16:59 - 00000000 ____D () C:\Users\Odin\Desktop\USB Stick
2014-04-06 22:45 - 2013-12-27 18:47 - 00001680 _____ () C:\Windows\Sandboxie.ini
2014-04-06 16:57 - 2014-04-06 16:42 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 16:56 - 2013-12-27 07:33 - 00000000 ____D () C:\Users\Odin
2014-04-06 14:33 - 2014-04-06 14:33 - 00057150 _____ () C:\Users\Odin\Desktop\Gamer.txt.log
2014-04-06 14:19 - 2014-04-06 14:19 - 00380416 _____ () C:\Users\Odin\Downloads\Gmer-19357.exe
2014-04-06 14:15 - 2014-04-06 14:15 - 00030568 _____ () C:\Users\Odin\Desktop\Addition.txt
2014-04-06 14:08 - 2014-04-06 14:07 - 00030568 _____ () C:\Users\Odin\Downloads\Addition.txt
2014-04-06 14:06 - 2014-04-06 14:05 - 02157056 _____ (Farbar) C:\Users\Odin\Downloads\FRST64.exe
2014-04-06 14:04 - 2014-04-06 14:03 - 00000470 _____ () C:\Users\Odin\Downloads\defogger_disable.log
2014-04-06 14:03 - 2014-04-06 14:03 - 00000000 _____ () C:\Users\Odin\defogger_reenable
2014-04-06 14:02 - 2014-04-06 14:02 - 00050477 _____ () C:\Users\Odin\Downloads\Defogger.exe
2014-04-05 17:41 - 2014-04-05 17:41 - 00002296 _____ () C:\{C05329E7-B55A-40D4-B4C3-564269EA5997}
2014-04-03 19:47 - 2013-12-30 21:00 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2014-04-03 09:51 - 2014-04-08 19:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-08 19:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-08 19:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 10:25 - 2014-04-02 10:25 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner.exe
2014-04-01 20:54 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-01 12:05 - 2014-04-01 12:05 - 00000000 ____D () C:\Windows\Sun
2014-03-29 15:53 - 2013-12-27 07:33 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 15:53 - 2013-12-27 07:33 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 07:32 - 2014-03-29 07:31 - 14851176 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.6_setup.exe
2014-03-26 16:53 - 2014-03-11 12:37 - 00000000 ____D () C:\Users\Odin\Documents\Panzer Noah
2014-03-23 19:21 - 2014-02-21 15:34 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-22 21:14 - 2014-01-05 19:08 - 00001198 _____ () C:\Windows\wmsetup.log
2014-03-22 19:29 - 2014-03-21 22:15 - 00001221 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-03-22 01:55 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23
2014-03-22 01:54 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Desktop\New Folder
2014-03-22 00:12 - 2014-03-22 00:12 - 06782040 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.rar
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.ts3_plugin
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23 (1).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (2).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (1).ts3_plugin
2014-03-21 23:03 - 2014-03-21 23:03 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23.ts3_plugin
2014-03-21 22:15 - 2013-12-27 17:38 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-21 21:58 - 2014-03-21 21:58 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\Odin\Downloads\TeamSpeak3-Client-win64-3.0.14.exe
2014-03-21 21:03 - 2014-03-21 21:03 - 00003326 _____ () C:\Windows\System32\Tasks\{41328DD1-6DED-4075-B6D7-AE9CB59626B1}
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\ts3overlay
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\ProgramData\dbg
2014-03-20 21:50 - 2014-03-20 21:49 - 14843439 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.5_setup.exe
2014-03-20 15:55 - 2014-03-20 15:55 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-03-19 20:01 - 2013-12-27 16:36 - 00000000 ____D () C:\Users\Odin\Desktop\Mod
2014-03-18 11:26 - 2010-09-26 16:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-17 01:33 - 2014-03-16 22:04 - 00006945 _____ () C:\Users\Odin\Downloads\Entwurf 2.04.odt
2014-03-17 00:20 - 2013-12-27 09:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-17 00:19 - 2010-09-26 15:42 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-16 21:48 - 2014-03-09 19:55 - 00150647 _____ () C:\Users\Odin\Downloads\Entwurf 2.03.odt
2014-03-13 21:05 - 2014-03-13 20:38 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-03-13 21:05 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Origin
2014-03-13 20:58 - 2014-03-13 20:37 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Origin
2014-03-13 20:58 - 2014-03-13 20:35 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-13 20:38 - 2014-03-13 20:37 - 00000000 ____D () C:\Users\Odin\AppData\Local\Origin
2014-03-13 20:35 - 2014-03-13 20:35 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-03-13 20:35 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-13 20:34 - 2014-03-13 20:34 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Odin\Downloads\OriginThinSetup.exe
2014-03-13 18:20 - 2013-12-27 09:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 18:20 - 2013-12-27 09:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 18:20 - 2009-07-14 06:45 - 00276584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 10:51 - 2014-03-13 10:51 - 00574416 _____ () C:\Windows\Minidump\031314-19312-01.dmp
2014-03-13 10:51 - 2014-01-31 23:05 - 00000000 ____D () C:\Windows\Minidump
2014-03-12 19:23 - 2013-12-27 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 19:23 - 2013-12-27 18:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 19:23 - 2013-12-27 18:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 13:06 - 2014-01-01 02:34 - 00000000 ____D () C:\Users\Odin\AppData\Local\CrashDumps
2014-03-11 12:46 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-09 19:28 - 2014-03-09 19:27 - 00149749 _____ () C:\Users\Odin\Downloads\Entwurf 2.02.odt
2014-03-09 19:27 - 2014-03-09 19:26 - 00149719 _____ () C:\Users\Odin\Downloads\Entwurf 2.01.odt
2014-03-09 14:39 - 2014-03-09 14:39 - 00109493 _____ () C:\Users\Odin\Downloads\CLAN AN SCHRIFFT 3.odt
2014-03-09 02:00 - 2014-03-09 02:00 - 00392718 _____ () C:\Users\Odin\Downloads\logo 2.psd

Some content of TEMP:
====================
C:\Users\Odin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-01 14:16

==================== End Of Log ============================
         
--- --- ---


Alt 09.04.2014, 15:03   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf - Standard

Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf

Alt 10.04.2014, 19:01   #7
Odin2013
 
Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf - Standard

Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf



So die folgenden Scans habe ich durchgeführt und hier die Auswertungen davon.
Hatte ich einen Virus, Trojaner oder der gleichen auf meinem Rechner?

Und ob ich noch Probleme habe? Ja, leider, ich wollte einen Vollscan mit Norton durchführen und er hat sich wieder bei der gleichen Datei aufgehängt. Wenn ich auch nur diese Datei scannen möchte oder bzw. sie mit der rechten maustaste anklicke hängt sich die Anwendung auf und ich muss es mit dem Task Manger beenden. Pfad der Anwendung:
D:\World_of_Warplanes\res\packages\08-asian_border.pkg

Ob ich noch weitere Probleme habe weiß ich bis jetzt noch nicht.

Grüße

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e821e5ca32cc4f4287eb3d7b6fdf5e93
# engine=17823
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-09 09:16:14
# local_time=2014-04-09 11:16:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 95 5623177 147740670 0 0
# compatibility_mode=5893 16776574 100 94 7618331 148708024 0 0
# scanned=296847
# found=0
# cleaned=0
# scan_time=5022
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e821e5ca32cc4f4287eb3d7b6fdf5e93
# engine=17826
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-10 12:43:23
# local_time=2014-04-10 02:43:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 95 5678806 147796299 0 0
# compatibility_mode=5893 16776574 100 94 7673960 148763653 0 0
# scanned=471723
# found=0
# cleaned=0
# scan_time=22490
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Norton 360 Online   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.9016)   
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
 Adobe Reader 9  
 Adobe Reader XI  
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 ESET ESET Online Scanner OnlineScannerApp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by Odin (administrator) on ODIN-PC on 10-04-2014 15:04:46
Running from C:\Users\Odin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Secure Banking) C:\Program Files (x86)\Secure Banking\SecureBanking.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-21-2478809043-2154460372-851361966-1001\...\Run: [SecureBanking] - C:\Program Files (x86)\Secure Banking\SecureBanking.exe [507904 2013-06-30] (Secure Banking)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB
CHR Extension: (Google Docs) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-27]
CHR Extension: (Google Drive) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-27]
CHR Extension: (WOT) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-27]
CHR Extension: (YouTube) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-27]
CHR Extension: (Google-Suche) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-27]
CHR Extension: (Heroes & Generals) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-02-26]
CHR Extension: (Norton Identity Protection) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-12-27]
CHR Extension: (Google Wallet) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-27]
CHR Extension: (Google Mail) - C:\Users\Odin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2014-02-03]

==================== Services (Whitelisted) =================

R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-01-30] (Overwolf LTD)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140408.001\IDSvia64.sys [525016 2014-03-24] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140408.025\ENG64.SYS [126040 2014-03-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140408.025\EX64.SYS [2099288 2014-03-27] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-12-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-10 14:58 - 2014-04-10 14:58 - 00000887 _____ () C:\Users\Odin\Desktop\checkup.txt
2014-04-10 14:56 - 2014-04-10 14:56 - 00987448 _____ () C:\Users\Odin\Downloads\SecurityCheck.exe
2014-04-09 23:16 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 23:16 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 23:16 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-09 23:16 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 23:16 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 23:16 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 23:16 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-09 23:16 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 23:16 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 23:16 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 23:16 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 23:16 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 23:16 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 23:16 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-09 23:16 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-09 23:16 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-09 23:16 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 23:16 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-09 23:16 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 23:16 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-09 23:16 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-09 23:16 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-09 23:16 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-09 23:16 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-09 23:16 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 23:16 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 23:16 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 23:16 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-09 23:16 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-09 23:16 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 23:16 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-09 23:16 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-09 23:16 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-09 23:16 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 23:16 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-09 23:16 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 23:16 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-09 23:16 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-09 23:16 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 23:16 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 23:16 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-09 23:16 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 23:16 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 23:16 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 23:16 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-09 23:16 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-09 23:16 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 23:16 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 21:49 - 2014-04-09 21:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-09 21:39 - 2014-04-09 21:39 - 02347384 _____ (ESET) C:\Users\Odin\Downloads\esetsmartinstaller_enu.exe
2014-04-08 20:29 - 2014-04-08 20:29 - 00037678 _____ () C:\Users\Odin\Desktop\FRST2.txt
2014-04-08 20:20 - 2014-04-08 20:21 - 00000624 _____ () C:\Users\Odin\Desktop\JRT.txt
2014-04-08 20:12 - 2014-04-08 20:12 - 01016261 _____ (Thisisu) C:\Users\Odin\Downloads\JRT.exe
2014-04-08 20:08 - 2014-04-08 20:08 - 00001279 _____ () C:\Users\Odin\Desktop\AdwCleaner[S2].txt
2014-04-08 20:04 - 2014-04-08 20:04 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner (1).exe
2014-04-08 20:02 - 2014-04-08 20:02 - 00001145 _____ () C:\Users\Odin\Desktop\mbam.txt
2014-04-08 19:45 - 2014-04-08 21:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 19:44 - 2014-04-08 19:44 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-08 19:44 - 2014-04-08 19:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-08 19:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-08 19:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-08 19:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-08 19:43 - 2014-04-08 19:43 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Odin\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 19:38 - 2014-04-08 19:38 - 00015393 _____ () C:\Users\Odin\Desktop\ComboFix3.exe
2014-04-08 19:37 - 2014-04-08 19:37 - 00015393 _____ () C:\ComboFix.txt
2014-04-08 19:31 - 2014-04-08 19:31 - 00015409 _____ () C:\Users\Odin\Desktop\ComboFix2.exe
2014-04-08 13:17 - 2014-04-08 13:18 - 00001534 _____ () C:\Users\Odin\Desktop\WOWpLauncher.log
2014-04-08 13:17 - 2014-04-08 13:17 - 00000600 ____N () C:\Users\Odin\Desktop\WOWpLauncher.cfg
2014-04-08 13:17 - 2014-04-08 13:17 - 00000000 ____D () C:\Users\Odin\Desktop\Updates
2014-04-07 16:47 - 2014-04-07 16:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Odin\Downloads\UnityWebPlayer.exe
2014-04-06 16:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-06 16:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-06 16:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-06 16:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-06 16:42 - 2014-04-08 19:37 - 00000000 ____D () C:\Qoobox
2014-04-06 16:42 - 2014-04-06 16:57 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 16:38 - 2014-04-08 19:23 - 05194596 ____R (Swearware) C:\Users\Odin\Desktop\ComboFix.exe
2014-04-06 14:33 - 2014-04-06 14:33 - 00057150 _____ () C:\Users\Odin\Desktop\Gamer.txt.log
2014-04-06 14:19 - 2014-04-06 14:19 - 00380416 _____ () C:\Users\Odin\Downloads\Gmer-19357.exe
2014-04-06 14:15 - 2014-04-06 14:15 - 00030568 _____ () C:\Users\Odin\Desktop\Addition.txt
2014-04-06 14:07 - 2014-04-10 15:04 - 00011350 _____ () C:\Users\Odin\Downloads\FRST.txt
2014-04-06 14:07 - 2014-04-06 14:08 - 00030568 _____ () C:\Users\Odin\Downloads\Addition.txt
2014-04-06 14:06 - 2014-04-10 15:04 - 00000000 ____D () C:\FRST
2014-04-06 14:05 - 2014-04-06 14:06 - 02157056 _____ (Farbar) C:\Users\Odin\Downloads\FRST64.exe
2014-04-06 14:03 - 2014-04-06 14:04 - 00000470 _____ () C:\Users\Odin\Downloads\defogger_disable.log
2014-04-06 14:03 - 2014-04-06 14:03 - 00000000 _____ () C:\Users\Odin\defogger_reenable
2014-04-06 14:02 - 2014-04-06 14:02 - 00050477 _____ () C:\Users\Odin\Downloads\Defogger.exe
2014-04-05 17:41 - 2014-04-05 17:41 - 00002296 _____ () C:\{C05329E7-B55A-40D4-B4C3-564269EA5997}
2014-04-02 10:25 - 2014-04-02 10:25 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner.exe
2014-04-01 12:05 - 2014-04-01 12:05 - 00000000 ____D () C:\Windows\Sun
2014-03-29 07:31 - 2014-03-29 07:32 - 14851176 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.6_setup.exe
2014-03-22 01:54 - 2014-03-22 01:55 - 00000000 ____D () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23
2014-03-22 01:54 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Desktop\New Folder
2014-03-22 00:12 - 2014-03-22 00:12 - 06782040 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.rar
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.ts3_plugin
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23 (1).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (2).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (1).ts3_plugin
2014-03-21 23:03 - 2014-03-21 23:03 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23.ts3_plugin
2014-03-21 22:15 - 2014-04-09 21:45 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\TS3Client
2014-03-21 22:15 - 2014-03-22 19:29 - 00001221 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-03-21 21:58 - 2014-03-21 21:58 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\Odin\Downloads\TeamSpeak3-Client-win64-3.0.14.exe
2014-03-21 21:03 - 2014-03-21 21:03 - 00003326 _____ () C:\Windows\System32\Tasks\{41328DD1-6DED-4075-B6D7-AE9CB59626B1}
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\ts3overlay
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\ProgramData\dbg
2014-03-20 21:49 - 2014-03-20 21:50 - 14843439 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.5_setup.exe
2014-03-20 15:55 - 2014-03-20 15:55 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-03-18 11:23 - 2014-03-04 16:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-18 11:23 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-18 11:23 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-16 22:04 - 2014-03-17 01:33 - 00006945 _____ () C:\Users\Odin\Downloads\Entwurf 2.04.odt
2014-03-13 20:38 - 2014-03-13 21:05 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-03-13 20:37 - 2014-03-13 20:58 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Origin
2014-03-13 20:37 - 2014-03-13 20:38 - 00000000 ____D () C:\Users\Odin\AppData\Local\Origin
2014-03-13 20:35 - 2014-03-13 21:05 - 00000000 ____D () C:\ProgramData\Origin
2014-03-13 20:35 - 2014-03-13 20:58 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-13 20:35 - 2014-03-13 20:35 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-03-13 20:35 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-13 20:34 - 2014-03-13 20:34 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Odin\Downloads\OriginThinSetup.exe
2014-03-13 10:51 - 2014-03-13 10:51 - 00574416 _____ () C:\Windows\Minidump\031314-19312-01.dmp
2014-03-13 08:27 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 08:27 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 08:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 08:27 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 08:26 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 08:26 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 08:26 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 08:26 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 12:37 - 2014-03-26 16:53 - 00000000 ____D () C:\Users\Odin\Documents\Panzer Noah

==================== One Month Modified Files and Folders =======

2014-04-10 15:04 - 2014-04-06 14:07 - 00011350 _____ () C:\Users\Odin\Downloads\FRST.txt
2014-04-10 15:04 - 2014-04-06 14:06 - 00000000 ____D () C:\FRST
2014-04-10 14:58 - 2014-04-10 14:58 - 00000887 _____ () C:\Users\Odin\Desktop\checkup.txt
2014-04-10 14:58 - 2013-12-27 07:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-10 14:58 - 2013-12-27 07:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-10 14:56 - 2014-04-10 14:56 - 00987448 _____ () C:\Users\Odin\Downloads\SecurityCheck.exe
2014-04-10 14:23 - 2013-12-27 18:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-10 13:56 - 2013-12-27 07:29 - 01064955 _____ () C:\Windows\WindowsUpdate.log
2014-04-10 07:31 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 07:31 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 07:30 - 2010-05-12 10:18 - 01971906 _____ () C:\Windows\system32\perfh007.dat
2014-04-10 07:30 - 2010-05-12 10:18 - 00556940 _____ () C:\Windows\system32\perfc007.dat
2014-04-10 07:30 - 2009-07-14 07:13 - 00006452 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 07:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-10 07:24 - 2009-07-14 06:51 - 00103593 _____ () C:\Windows\setupact.log
2014-04-10 07:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2014-04-10 07:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-04-10 07:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-09 21:49 - 2014-04-09 21:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-09 21:45 - 2014-03-21 22:15 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\TS3Client
2014-04-09 21:39 - 2014-04-09 21:39 - 02347384 _____ (ESET) C:\Users\Odin\Downloads\esetsmartinstaller_enu.exe
2014-04-08 22:43 - 2013-12-27 19:29 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\SoftGrid Client
2014-04-08 21:02 - 2014-04-08 19:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 20:29 - 2014-04-08 20:29 - 00037678 _____ () C:\Users\Odin\Desktop\FRST2.txt
2014-04-08 20:21 - 2014-04-08 20:20 - 00000624 _____ () C:\Users\Odin\Desktop\JRT.txt
2014-04-08 20:12 - 2014-04-08 20:12 - 01016261 _____ (Thisisu) C:\Users\Odin\Downloads\JRT.exe
2014-04-08 20:12 - 2013-12-27 17:49 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 20:08 - 2014-04-08 20:08 - 00001279 _____ () C:\Users\Odin\Desktop\AdwCleaner[S2].txt
2014-04-08 20:06 - 2013-12-27 17:52 - 00000000 ____D () C:\AdwCleaner
2014-04-08 20:04 - 2014-04-08 20:04 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner (1).exe
2014-04-08 20:02 - 2014-04-08 20:02 - 00001145 _____ () C:\Users\Odin\Desktop\mbam.txt
2014-04-08 19:44 - 2014-04-08 19:44 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-08 19:44 - 2014-04-08 19:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-08 19:44 - 2013-12-27 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 19:43 - 2014-04-08 19:43 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Odin\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 19:38 - 2014-04-08 19:38 - 00015393 _____ () C:\Users\Odin\Desktop\ComboFix3.exe
2014-04-08 19:38 - 2010-09-26 16:56 - 00154310 _____ () C:\Windows\PFRO.log
2014-04-08 19:37 - 2014-04-08 19:37 - 00015393 _____ () C:\ComboFix.txt
2014-04-08 19:37 - 2014-04-06 16:42 - 00000000 ____D () C:\Qoobox
2014-04-08 19:36 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-08 19:31 - 2014-04-08 19:31 - 00015409 _____ () C:\Users\Odin\Desktop\ComboFix2.exe
2014-04-08 19:23 - 2014-04-06 16:38 - 05194596 ____R (Swearware) C:\Users\Odin\Desktop\ComboFix.exe
2014-04-08 13:18 - 2014-04-08 13:17 - 00001534 _____ () C:\Users\Odin\Desktop\WOWpLauncher.log
2014-04-08 13:17 - 2014-04-08 13:17 - 00000600 ____N () C:\Users\Odin\Desktop\WOWpLauncher.cfg
2014-04-08 13:17 - 2014-04-08 13:17 - 00000000 ____D () C:\Users\Odin\Desktop\Updates
2014-04-07 16:47 - 2014-04-07 16:47 - 01070496 _____ (Unity Technologies ApS) C:\Users\Odin\Downloads\UnityWebPlayer.exe
2014-04-07 07:22 - 2014-01-30 16:59 - 00000000 ____D () C:\Users\Odin\Desktop\USB Stick
2014-04-06 22:45 - 2013-12-27 18:47 - 00001680 _____ () C:\Windows\Sandboxie.ini
2014-04-06 16:57 - 2014-04-06 16:42 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 16:56 - 2013-12-27 07:33 - 00000000 ____D () C:\Users\Odin
2014-04-06 14:33 - 2014-04-06 14:33 - 00057150 _____ () C:\Users\Odin\Desktop\Gamer.txt.log
2014-04-06 14:19 - 2014-04-06 14:19 - 00380416 _____ () C:\Users\Odin\Downloads\Gmer-19357.exe
2014-04-06 14:15 - 2014-04-06 14:15 - 00030568 _____ () C:\Users\Odin\Desktop\Addition.txt
2014-04-06 14:08 - 2014-04-06 14:07 - 00030568 _____ () C:\Users\Odin\Downloads\Addition.txt
2014-04-06 14:06 - 2014-04-06 14:05 - 02157056 _____ (Farbar) C:\Users\Odin\Downloads\FRST64.exe
2014-04-06 14:04 - 2014-04-06 14:03 - 00000470 _____ () C:\Users\Odin\Downloads\defogger_disable.log
2014-04-06 14:03 - 2014-04-06 14:03 - 00000000 _____ () C:\Users\Odin\defogger_reenable
2014-04-06 14:02 - 2014-04-06 14:02 - 00050477 _____ () C:\Users\Odin\Downloads\Defogger.exe
2014-04-05 17:41 - 2014-04-05 17:41 - 00002296 _____ () C:\{C05329E7-B55A-40D4-B4C3-564269EA5997}
2014-04-03 19:47 - 2013-12-30 21:00 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2014-04-03 09:51 - 2014-04-08 19:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-08 19:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-08 19:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 10:25 - 2014-04-02 10:25 - 01426178 _____ () C:\Users\Odin\Downloads\adwcleaner.exe
2014-04-01 20:54 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-01 12:05 - 2014-04-01 12:05 - 00000000 ____D () C:\Windows\Sun
2014-03-29 15:53 - 2013-12-27 07:33 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 15:53 - 2013-12-27 07:33 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 07:32 - 2014-03-29 07:31 - 14851176 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.6_setup.exe
2014-03-26 16:53 - 2014-03-11 12:37 - 00000000 ____D () C:\Users\Odin\Documents\Panzer Noah
2014-03-23 19:21 - 2014-02-21 15:34 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-22 21:14 - 2014-01-05 19:08 - 00001198 _____ () C:\Windows\wmsetup.log
2014-03-22 19:29 - 2014-03-21 22:15 - 00001221 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-03-22 01:55 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23
2014-03-22 01:54 - 2014-03-22 01:54 - 00000000 ____D () C:\Users\Odin\Desktop\New Folder
2014-03-22 00:12 - 2014-03-22 00:12 - 06782040 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.rar
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23.ts3_plugin
2014-03-21 23:18 - 2014-03-21 23:18 - 07438097 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.7.23 (1).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (2).ts3_plugin
2014-03-21 23:17 - 2014-03-21 23:17 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23 (1).ts3_plugin
2014-03-21 23:03 - 2014-03-21 23:03 - 07436840 _____ () C:\Users\Odin\Downloads\ts3_overlay-v3.8.23.ts3_plugin
2014-03-21 22:15 - 2013-12-27 17:38 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-21 21:58 - 2014-03-21 21:58 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\Odin\Downloads\TeamSpeak3-Client-win64-3.0.14.exe
2014-03-21 21:03 - 2014-03-21 21:03 - 00003326 _____ () C:\Windows\System32\Tasks\{41328DD1-6DED-4075-B6D7-AE9CB59626B1}
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\ts3overlay
2014-03-21 21:03 - 2014-03-21 21:03 - 00000000 ____D () C:\ProgramData\dbg
2014-03-20 21:50 - 2014-03-20 21:49 - 14843439 _____ (diclovit ) C:\Users\Odin\Desktop\dmp_1.10.5_setup.exe
2014-03-20 15:55 - 2014-03-20 15:55 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-03-19 20:01 - 2013-12-27 16:36 - 00000000 ____D () C:\Users\Odin\Desktop\Mod
2014-03-18 11:26 - 2010-09-26 16:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-17 01:33 - 2014-03-16 22:04 - 00006945 _____ () C:\Users\Odin\Downloads\Entwurf 2.04.odt
2014-03-17 00:20 - 2013-12-27 09:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-17 00:19 - 2010-09-26 15:42 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-16 21:48 - 2014-03-09 19:55 - 00150647 _____ () C:\Users\Odin\Downloads\Entwurf 2.03.odt
2014-03-13 21:05 - 2014-03-13 20:38 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-03-13 21:05 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Origin
2014-03-13 20:58 - 2014-03-13 20:37 - 00000000 ____D () C:\Users\Odin\AppData\Roaming\Origin
2014-03-13 20:58 - 2014-03-13 20:35 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-13 20:38 - 2014-03-13 20:37 - 00000000 ____D () C:\Users\Odin\AppData\Local\Origin
2014-03-13 20:35 - 2014-03-13 20:35 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-03-13 20:35 - 2014-03-13 20:35 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-03-13 20:34 - 2014-03-13 20:34 - 17009704 _____ (Electronic Arts, Inc.) C:\Users\Odin\Downloads\OriginThinSetup.exe
2014-03-13 18:20 - 2013-12-27 09:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 18:20 - 2013-12-27 09:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 18:20 - 2009-07-14 06:45 - 00276584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 10:51 - 2014-03-13 10:51 - 00574416 _____ () C:\Windows\Minidump\031314-19312-01.dmp
2014-03-13 10:51 - 2014-01-31 23:05 - 00000000 ____D () C:\Windows\Minidump
2014-03-12 19:23 - 2013-12-27 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 19:23 - 2013-12-27 18:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 19:23 - 2013-12-27 18:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 13:06 - 2014-01-01 02:34 - 00000000 ____D () C:\Users\Odin\AppData\Local\CrashDumps
2014-03-11 12:46 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV

Some content of TEMP:
====================
C:\Users\Odin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 11:18

==================== End Of Log ============================
         
--- --- ---

Alt 11.04.2014, 07:39   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf - Standard

Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf



Das ist ein Problem bei Norton. Mal neuinstallierne.


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf
.com, adobe, defender, desktop, device driver, error, explorer, fehler, festplatte, flash player, helper, home, homepage, horde, hängt, minidump, ntdll.dll, problem, registry, scan, security, server, services.exe, starten, svchost.exe, symantec, temp, windows



Ähnliche Themen: Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf


  1. Windows 8.1: PC hängt sich auf und ADwareCleaner lässt sich nicht starten
    Log-Analyse und Auswertung - 20.06.2015 (4)
  2. Laptop fährt sich teilweise nicht runter oder hängt sich bei Benutzerwechsel auf!
    Plagegeister aller Art und deren Bekämpfung - 14.04.2015 (9)
  3. Win7/32bit - Laptop hängt sich andauernd auf, fremde Seiten öffnen sich von selbst
    Log-Analyse und Auswertung - 23.06.2014 (7)
  4. WindowsUpdate Probleme! PC hängt sich auf! GMER lässt sich nicht ausführen! Virus?
    Plagegeister aller Art und deren Bekämpfung - 19.02.2014 (14)
  5. HDvid Codec V1 eingefangen, lässt sich nicht deinstallieren, Rechner hängt sich bei Beutzerwechsel auf
    Log-Analyse und Auswertung - 28.09.2013 (15)
  6. Malwareverdacht: Browserdaten werden auf unbekanntem Netzlaufwerk gespeichert
    Log-Analyse und Auswertung - 17.07.2013 (1)
  7. Ordner auf Externer WD HDMI Festplatte lassen sich nicht mehr öffnen, PC hängt sich auf
    Netzwerk und Hardware - 17.11.2011 (14)
  8. Pc hängt sich bei Virenüberprüfung auf, hängt.
    Log-Analyse und Auswertung - 29.08.2011 (3)
  9. Virenprogramm lässt sich nicht mehr aktivieren + Pc hängt sich auf
    Plagegeister aller Art und deren Bekämpfung - 19.03.2011 (10)
  10. maus hängt---> pc hängt sich auf
    Alles rund um Windows - 08.09.2010 (2)
  11. Inet explorer schließt sich immer wider ... Ohne Antiwirus hängt sich der PC auf ....
    Log-Analyse und Auswertung - 25.05.2010 (3)
  12. PC hängt sich mehrfach auf - läuft dann eine Weile problemlos - hängt dann wieder...
    Log-Analyse und Auswertung - 06.12.2009 (1)
  13. internetseiten bauen sich langsam auf/laptop hängt sich ständig auf
    Plagegeister aller Art und deren Bekämpfung - 14.01.2009 (0)
  14. Internet Explorer öffnet sich selbsständig, hängt sich auf
    Log-Analyse und Auswertung - 09.11.2007 (10)
  15. Internet Explorer öffnet sich automatisch, hängt sich auf
    Mülltonne - 06.11.2007 (0)
  16. 2 Vierenscaner parallel?
    Antiviren-, Firewall- und andere Schutzprogramme - 27.05.2005 (4)
  17. Wo befinden sich die E-Mails die von Outlock Express gespeichert wurden?
    Alles rund um Windows - 26.01.2004 (5)

Zum Thema Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf - Hallo, am 02.04 wurde ich beim Surfen im www auf ein Seite umgeleitet bei der, im Vordergrund die Meldung kam „ die Polizei hat ihre Browserdaten gespeichert“ aus schreck habe - Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf...
Archiv
Du betrachtest: Polizei hat ihr Browserdaten gespeichert. Vierenscaner hängt sich auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.