|
Plagegeister aller Art und deren Bekämpfung: Google öffnet lauter leere FensterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.07.2013, 18:50 | #1 |
| Google öffnet lauter leere Fenster Hallo zusammen , Seit kurzem öffnet sich bei google lauter leer Fenster wenn ich ein Suchbeggriff eingebe. Bing läuft - Firefox auch Geb ich ein Adresse ein klappt alles Goolge search spinnt Ich melde mich mit meinem Googlekonto an dann gebe ich eine Begriff ins Suchfeld ein . dann muss das Teil regelrecht "abschiessen" sonst öffnet er 1000 leere Fenster Siehe Anlage Habe WIN 7 Vermute ein Virus oder Trojaner aber ..... Defender - Spybot -norton und Kaspersky ( Virus removal tool) = (alles aktualisiert) findet nix !? Bestimmt gibt es hier eine thread -> ich finde ihn aber nicht - Hat wer ein heissen Tip |
01.07.2013, 18:55 | #2 |
/// the machine /// TB-Ausbilder | Google öffnet lauter leere Fenster Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
01.07.2013, 19:09 | #3 |
| Google öffnet lauter leere Fenster Bin schon dabei
__________________Bin ich blind - wo hänge ich hier die ANlage ran ????? |
01.07.2013, 19:20 | #4 |
| Google öffnet lauter leere Fenster Ahhh gefunden |
01.07.2013, 19:35 | #5 | |
/// the machine /// TB-Ausbilder | Google öffnet lauter leere Fenster Hi, Logs bitte in den Thread posten. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.07.2013, 19:51 | #6 |
| Google öffnet lauter leere Fenster ist doch im Anhang ????? Aber gern auch so : Erst addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2013 02 Ran by admin at 2013-07-01 20:10:01 Running from C:\Users\admin\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= ??? ActiveX ?? Windows Live Mesh ???? ??????? ??????? (x32 Version: 15.4.5722.2) ???? ??? Windows Live (x32 Version: 15.4.3502.0922) ???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? (x32 Version: 15.4.5722.2) ???? Windows Live (x32 Version: 15.4.3502.0922) ?????? ??????? ?? Windows Live (x32 Version: 15.4.3502.0922) ??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? (x32 Version: 15.4.5722.2) ??????? Windows Live Mesh ActiveX ??? (x32 Version: 15.4.5722.2) ???????? ?????????? Windows Live (x32 Version: 15.4.3502.0922) ????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???) (x32 Version: 15.4.5722.2) ?????????? Windows Live (x32 Version: 15.4.3502.0922) ??????????? ?? Windows Live (x32 Version: 15.4.3502.0922) 7-Zip 9.20 (x32) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1395.4512) Acrobat.com (x32 Version: 1.6.65) ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ?????? (x32 Version: 15.4.5722.2) ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2) Adobe AIR (x32 Version: 3.6.0.5970) Adobe Community Help (x32 Version: 3.2.1) Adobe Community Help (x32 Version: 3.2.1.650) Adobe Download Assistant (x32 Version: 1.2.5) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Photoshop CS6 (x32 Version: 13.0) Adobe Premiere Elements 9 (x32 Version: 9.0) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) Applian FLV and Media Player 3.1.1.12 (x32 Version: 3.1.1.12) ArcSoft TotalMedia 3.5 (x32 Version: 3.5.28.291) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36) ATI Catalyst Install Manager (Version: 3.0.808.0) Audacity 2.0.2 (x32 Version: 2.0.2) Backup Manager V3 (x32 Version: 3.0.0.90) BearShare (x32 Version: 9.0.0.88083) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95) Bonjour (Version: 3.0.0.10) Camera RAW Plug-In for EPSON Creativity Suite (x32 Version: 2.3.0.0) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center InstallProxy (x32 Version: 2011.0331.249.3126) Catalyst Control Center Localization All (x32 Version: 2011.0331.249.3126) Catalyst Control Center Profiles Mobile (x32 Version: 2011.0331.249.3126) CCC Help Chinese Standard (x32 Version: 2011.0331.0248.3126) CCC Help Chinese Traditional (x32 Version: 2011.0331.0248.3126) CCC Help Czech (x32 Version: 2011.0331.0248.3126) CCC Help Danish (x32 Version: 2011.0331.0248.3126) CCC Help Dutch (x32 Version: 2011.0331.0248.3126) CCC Help English (x32 Version: 2011.0331.0248.3126) CCC Help Finnish (x32 Version: 2011.0331.0248.3126) CCC Help French (x32 Version: 2011.0331.0248.3126) CCC Help German (x32 Version: 2011.0331.0248.3126) CCC Help Greek (x32 Version: 2011.0331.0248.3126) CCC Help Hungarian (x32 Version: 2011.0331.0248.3126) CCC Help Italian (x32 Version: 2011.0331.0248.3126) CCC Help Japanese (x32 Version: 2011.0331.0248.3126) CCC Help Korean (x32 Version: 2011.0331.0248.3126) CCC Help Norwegian (x32 Version: 2011.0331.0248.3126) CCC Help Polish (x32 Version: 2011.0331.0248.3126) CCC Help Portuguese (x32 Version: 2011.0331.0248.3126) CCC Help Russian (x32 Version: 2011.0331.0248.3126) CCC Help Spanish (x32 Version: 2011.0331.0248.3126) CCC Help Swedish (x32 Version: 2011.0331.0248.3126) CCC Help Thai (x32 Version: 2011.0331.0248.3126) CCC Help Turkish (x32 Version: 2011.0331.0248.3126) ccc-core-static (x32 Version: 2011.0331.249.3126) ccc-utility64 (Version: 2011.0331.249.3126) CDex - Open Source Digital Audio CD Extractor (x32 Version: 1.70.4.2009) Chuzzle Deluxe (x32 Version: 2.2.0.95) Configo (x32 Version: 2.1.7.0) Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2) Control ActiveX del Windows Live Mesh per a connexions remotes (x32 Version: 15.4.5722.2) Control ActiveX Windows Live Mesh pentru conexiuni la distan?a (x32 Version: 15.4.5722.2) Controle ActiveX do Windows Live Mesh para Conexões Remotas (x32 Version: 15.4.5722.2) Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2) Crazy Chicken Kart 2 (x32 Version: 2.2.0.95) CyberLink MediaEspresso (x32 Version: 6.0.1027_32100) D3DX10 (x32 Version: 15.4.2368.0902) Desktop Icon für Amazon (Version: 1.0.1 (de)) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95) DivX-Setup (x32 Version: 2.6.1.9) Elements 9 Organizer (x32 Version: 9.0) Elements STI Installer (x32 Version: 1.0) ElsterFormular (x32 Version: 14.0.0.10960) EPSON Attach To Email (x32 Version: 1.01.0000) EPSON Easy Photo Print (x32 Version: 1.5.1.0) EPSON File Manager (x32 Version: 1.3.1.0) EPSON Scan (x32) EPSON Scan Assistant (x32 Version: 1.10.00) EPSON Stylus SX200 Series Printer Uninstall EPSON Stylus SX200_SX400_TX200_TX400 Handbuch (x32) FATE (x32 Version: 2.2.0.95) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych (x32 Version: 15.4.5722.2) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922) Foxit Reader (x32 Version: 5.4.5.124) Free FLV Converter V 7.5.0 (x32 Version: 7.5.0.0) Free YouTube Download version 3.2.1.320 (x32 Version: 3.2.1.320) Freecom Hard Drive Formatter 1.41 (x32) Freecom Product Update 1.06 (x32) FreePDF (Remove only) (x32) Freeware.de Toolbar (x32 Version: 6.8.2.0) Freez FLV to MP3 Converter (x32 Version: 1.5) FreeZip (x32) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922) Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922) Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922) Galeria fotografii uslugi Windows Live (x32 Version: 15.4.3502.0922) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922) Galerie foto Windows Live (x32 Version: 15.4.3502.0922) Google Chrome (x32 Version: 27.0.1453.116) Google Earth (x32 Version: 7.0.3.8542) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358) Google Update Helper (x32 Version: 1.3.21.145) GPL Ghostscript 8.64 (x32) HomeMedia (x32 Version: 2.0.8520) iCloud (Version: 2.1.1.3) Identity Card (x32 Version: 1.00.3006) Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144) Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004) iTunes (Version: 11.0.4.4) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Java(TM) 6 Update 38 (x32 Version: 6.0.380) JDownloader 0.9 (x32 Version: 0.9) Jewel Quest Solitaire (x32 Version: 2.2.0.95) John Deere Drive Green (x32 Version: 2.2.0.95) Junk Mail filter update (x32 Version: 15.4.3502.0922) Kontrola Windows Live Mesh ActiveX za daljinske veze (x32 Version: 15.4.5722.2) Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2) Launch Manager (x32 Version: 5.1.4) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2000 Premium (x32 Version: 9.00.2816) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Mozilla Firefox 10.0.2 (x86 de) (x32 Version: 10.0.2) MSI to redistribute MS VS2005 CRT libraries (x32 Version: 8.0.50727.42) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Mystery P.I. - The London Caper (x32 Version: 2.2.0.95) Nero Backup Drivers (Version: 1.0.11100.8.0) Nero Control Center 10 (x32 Version: 10.2.11100.1.1) Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000) Nero Core Components 10 (x32 Version: 2.0.18100.8.8) Nero DiscSpeed 10 (x32 Version: 6.2.10500.2.100) Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000) Nero Express 10 (x32 Version: 10.2.12000.21.100) Nero Express 10 Help (CHM) (x32 Version: 10.5.10200) Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10300) Nero StartSmart 10 (x32 Version: 10.2.11600.14.100) Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000) Nero Update (x32 Version: 1.0.0018) Norton Internet Security (x32 Version: 18.7.2.3) Norton Online Backup (x32 Version: 2.1.17869) OpenOffice.org 3.3 (x32 Version: 3.3.9567) Orbit Downloader (x32) Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení (x32 Version: 15.4.5722.2) Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (x32 Version: 15.4.5722.2) Packard Bell Games (x32 Version: 1.0.2.4) Packard Bell MyBackup (x32 Version: 3.0.0.90) Packard Bell Power Management (x32 Version: 6.00.3006) Packard Bell Recovery Management (x32 Version: 5.00.3002) Packard Bell Registration (x32 Version: 1.03.3004) Packard Bell ScreenSaver (x32 Version: 1.1.1025.2010) Packard Bell Social Networks (x32 Version: 2.0.2211) Packard Bell Updater (x32 Version: 1.02.3005) PDF Settings CS6 (x32 Version: 11.0) Penguins! (x32 Version: 2.2.0.95) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95) Poczta uslugi Windows Live (x32 Version: 15.4.3502.0922) Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922) Polar Bowler (x32 Version: 2.2.0.95) Pošta Windows Live (x32 Version: 15.4.3502.0922) Profi cash (x32) PX Profile Update (x32 Version: 1.00.1.) QuickTime (x32 Version: 7.73.80.64) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922) REALTEK DTV USB DEVICE (x32 Version: 1.00.0000) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6329) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30123) RedMon - Redirection Port Monitor RewardsArcadeSuite (HKCU) S?????? f?t???af??? t?? Windows Live (x32 Version: 15.4.3502.0922) Secure Eraser v4.0 (x32) Skype™ 5.10 (x32 Version: 5.10.116) Slingo Deluxe (x32 Version: 2.2.0.95) Softonic toolbar on IE and Chrome (x32) Spybot - Search & Destroy (x32 Version: 1.6.2) StarMoney (x32 Version: 2.0) StarMoney (x32 Version: 3.0.5.8) StarMoney 8.0 (x32 Version: 8.0) Synaptics Pointing Device Driver (Version: 15.1.6.0) Torchlight (x32 Version: 2.2.0.95) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update Installer for WildTangent Games App (x32) Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (x32 Version: 15.4.5722.2) Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) Video Web Camera (x32 Version: 1.0.1523) VideoConverter (x32) Virtual Villagers - The Secret City (x32 Version: 2.2.0.95) VLC media player 1.1.11 (x32 Version: 1.1.11) Wedding Dash (x32 Version: 2.2.0.95) Welcome Center (x32 Version: 1.02.3102) WildTangent Games App (Packard Bell Games) (x32 Version: 4.0.3.57) Windows Live ??? (x32 Version: 15.4.3502.0922) Windows Live ???? (x32 Version: 15.4.3502.0922) Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Fotogaléria (x32 Version: 15.4.3502.0922) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live Fotogalleri (x32 Version: 15.4.3502.0922) Windows Live Fotograf Galerisi (x32 Version: 15.4.3502.0922) Windows Live Fotótár (x32 Version: 15.4.3502.0922) Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922) Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz (x32 Version: 15.4.5722.2) Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922) Windows Liven sähköposti (x32 Version: 15.4.3502.0922) Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922) WinX Free FLV to MP4 Converter 4.1.7 (x32) WinZip 15.0 (x32 Version: 15.0.9411) WiseConvert 1.3 Toolbar (x32 Version: 6.9.0.16) Zuma Deluxe (x32 Version: 2.2.0.95) ==================== Restore Points ========================= 23-06-2013 11:51:43 Windows Update 28-06-2013 11:48:17 Windows Update 30-06-2013 15:04:02 Installed Sophos Virus Removal Tool. 30-06-2013 17:29:00 Removed Sophos Virus Removal Tool. ==================== Hosts content: ========================== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are more than 1000 lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {16730B1D-FF19-4019-B458-583B0F10930C} - System32\Tasks\AdobeAAMUpdater-1.0-home-jörg => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {201A9F1F-21A7-4640-B369-912633B026B6} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation) Task: {277F5A78-E82A-4029-B7E1-F6F469598154} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2010-10-28] (CyberLink) Task: {2B67024A-00BB-4A12-B31D-75CEAEF38327} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {597CCC43-0860-4880-8F24-B5B2B6B2D937} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {59A7CAB6-C4D9-4180-8952-DE97E258317C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {60193A6D-E0B7-480F-8AC6-289BFE6BBD06} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2799057012-1557965162-470920329-1004 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {72D588D8-BE7B-49E6-B5D6-2B21DA28DC4C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-14] (Adobe Systems Incorporated) Task: {74723509-D50E-40F4-A4E8-2B6F9D66BF61} - System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896} => C:\Windows\system32\msfeedssync.exe [2011-07-28] (Microsoft Corporation) Task: {8D90092A-3603-4DF4-B0FF-3B36A7B01AA7} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation) Task: {98EAF0E2-62FF-41B5-BC9B-09C1BC06AD3C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29] (Google Inc.) Task: {C7D2F019-EE9B-4EC0-84FE-9ADFE36BCD69} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation) Task: {D0FD4A03-5F63-460A-A834-6F37086B10DC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {DE75400B-3886-447C-9DF1-EB96F1A9124D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29] (Google Inc.) Task: {E00BA8FA-2C19-46D6-B7D6-0E768914F1FE} - System32\Tasks\AdobeAAMUpdater-1.0-home-Manu => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {E55DB095-337A-4A84-89A3-9E4AFF305883} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2799057012-1557965162-470920329-1007 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {FE27252D-67E3-4AE5-9D07-465D2160F3B8} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2799057012-1557965162-470920329-1003 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\BearShareNAG.job => C:\Users\JRG~1\AppData\Local\Temp\BearShare_setup.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/01/2013 07:03:01 PM) (Source: Application Hang) (User: ) Description: Programm iexplore.exe, Version 9.0.8112.16490 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1e58 Startzeit: 01ce767c802d61d3 Endzeit: 25 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error: (07/01/2013 06:51:20 PM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11d4 Startzeit: 01ce767b018835eb Endzeit: 81 Anwendungspfad: D:\firefox\firefox.exe Berichts-ID: 71ef633e-e26e-11e2-b053-b870f4817a81 Error: (07/01/2013 05:13:54 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 03:42:12 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/30/2013 06:58:10 PM) (Source: Application Hang) (User: ) Description: Programm SpybotSD.exe, Version 1.6.2.46 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 538 Startzeit: 01ce75b26eb7ba35 Endzeit: 12 Anwendungspfad: D:\spybot\Spybot - Search & Destroy\SpybotSD.exe Berichts-ID: Error: (06/30/2013 06:54:09 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/30/2013 04:07:35 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/30/2013 01:46:28 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 05:18:35 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 03:27:05 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16490, Zeitstempel: 0x51955cca Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften Prozesses: 0x16a8 Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0 Pfad der fehlerhaften Anwendung: iexplore.exe1 Pfad des fehlerhaften Moduls: iexplore.exe2 Berichtskennung: iexplore.exe3 System errors: ============= Error: (07/01/2013 07:42:54 PM) (Source: DCOM) (User: home) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC) Error: (07/01/2013 07:42:52 PM) (Source: DCOM) (User: home) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC) Error: (07/01/2013 07:42:51 PM) (Source: DCOM) (User: home) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC) Error: (07/01/2013 07:42:46 PM) (Source: DCOM) (User: home) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC) Error: (07/01/2013 07:42:45 PM) (Source: DCOM) (User: home) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC) Error: (07/01/2013 07:42:43 PM) (Source: DCOM) (User: home) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC) Error: (07/01/2013 07:42:42 PM) (Source: DCOM) (User: home) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC) Error: (07/01/2013 07:42:41 PM) (Source: DCOM) (User: home) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC) Error: (07/01/2013 07:42:36 PM) (Source: DCOM) (User: home) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC) Error: (07/01/2013 07:42:35 PM) (Source: DCOM) (User: home) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC) Microsoft Office Sessions: ========================= Error: (07/01/2013 07:03:01 PM) (Source: Application Hang)(User: ) Description: iexplore.exe9.0.8112.164901e5801ce767c802d61d325C:\Program Files (x86)\Internet Explorer\iexplore.exe Error: (07/01/2013 06:51:20 PM) (Source: Application Hang)(User: ) Description: firefox.exe17.0.1.471511d401ce767b018835eb81D:\firefox\firefox.exe71ef633e-e26e-11e2-b053-b870f4817a81 Error: (07/01/2013 05:13:54 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 03:42:12 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/30/2013 06:58:10 PM) (Source: Application Hang)(User: ) Description: SpybotSD.exe1.6.2.4653801ce75b26eb7ba3512D:\spybot\Spybot - Search & Destroy\SpybotSD.exe Error: (06/30/2013 06:54:09 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/30/2013 04:07:35 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/30/2013 01:46:28 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 05:18:35 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 03:27:05 PM) (Source: Application Error)(User: ) Description: iexplore.exe9.0.8112.1649051955ccantdll.dll6.1.7601.177254ec49b8fc0000374000ce6c316a801ce74cc03105549C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dll96b8a9c0-e0bf-11e2-a306-b870f4817a81 ==================== Memory info =========================== Percentage of memory in use: 66% Total physical RAM: 3947.86 MB Available physical RAM: 1316.89 MB Total Pagefile: 7893.9 MB Available Pagefile: 5091.34 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:103.86 GB) (Free:13.53 GB) NTFS (Disk=0 Partition=3) Drive d: (Software) (Fixed) (Total:97.66 GB) (Free:79.71 GB) NTFS (Disk=0 Partition=4) Drive e: (Data) (Fixed) (Total:244.14 GB) (Free:54.25 GB) NTFS Drive g: (TOSHIBA) (Removable) (Total:7.21 GB) (Free:3.63 GB) FAT32 (Disk=1 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5EBAD0F3) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=104 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=342 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 7 GB) (Disk ID: 6B1B7998) Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) ==================== End Of Log ============================ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2013 02 Ran by admin (administrator) on 01-07-2013 20:07:19 Running from C:\Users\admin\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (AMD) C:\Windows\system32\atieclxx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Ask.com) C:\ProgramData\Ask\APN-Stub\FXTV5\Local\ApnStub.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Philips) D:\prestigo\2.1.7.0\Configo.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (ArcSoft, Inc.) D:\TV\TMMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) D:\I tunes\iTunesHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Orbitdownloader.com) C:\Program Files (x86)\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) C:\Program Files (x86)\Orbitdownloader\orbitnet.exe () D:\Downloads\setup_11.0.0.1245.x01_2013_07_01_18_13.exe () C:\Users\admin\AppData\Local\Temp\RarSFX2\7666287.exe (Kaspersky Lab) C:\Users\admin\AppData\Local\Temp\3067917\7666287.exe (Mozilla Corporation) D:\firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dinotify.exe (Mozilla Corporation) D:\firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11785832 2011-03-10] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [Power Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated) HKLM-x32\...\RunOnce: [ApnStub] "C:\ProgramData\Ask\APN-Stub\FXTV5\Local\ApnStub.exe" /debug /hpr toolbar=FXTV5 dtid= /tbr /sa toolbar=FXTV5 dtid= [356520 2013-05-08] (Ask.com) HKLM-x32\...\Runonce: [GrpConv] grpconv -o [x] HKCU\...\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Users\admin\AppData\Local\Temp\E_SE1A8.tmp" /EF "HKCU" [x] <===== ATTENTION HKCU\...\Run: [AdobeBridge] [x] HKCR\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess? HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess? MountPoints2: {8cc8f981-b8ba-11e0-a0ec-806e6f6e6963} - F:\Autorun.exe HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation) HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" -h -k [295744 2011-03-09] (NTI Corporation) HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-03-31] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.) HKLM-x32\...\Run: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" [371200 2011-02-23] (shbox.de) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [IR_SERVER] D:\tv\IR_SERVER.exe [x] HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] "D:\I tunes\iTunesHelper.exe" [x] HKU\jörg\...\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S5BF5.tmp" /EF "HKCU" [x] <===== ATTENTION HKU\jörg\...\Run: [Copernic Desktop Search - Home] "D:\search\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray [x] HKU\jörg\...\Run: [Norton Download Manager{NBRT41-B34-Retail-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NBRT41-B34-Retail-4abb-B07C-C084B04B4F12}\NBRT-Retail-Downloader.exe /m [x] HKU\jörg\...\Winlogon: [Shell] cmd.exe [345088 2010-11-21] (Microsoft Corporation) <==== ATTENTION HKU\jörg\...\Command Processor: <===== ATTENTION! AppInit_DLLs: [0 ] () AppInit_DLLs-x32: [0 ] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_07623136.lnk ShortcutTarget: _uninst_07623136.lnk -> C:\Users\admin\AppData\Local\Temp\_uninst_07623136.bat (No File) Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62611638.lnk ShortcutTarget: _uninst_62611638.lnk -> C:\Users\admin\AppData\Local\Temp\_uninst_62611638.bat () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_99245666.lnk ShortcutTarget: _uninst_99245666.lnk -> C:\Users\admin\AppData\Local\Temp\_uninst_99245666.bat (No File) Startup: C:\ProgramData\Start Menu\Programs\Startup\Philips Configo.lnk ShortcutTarget: Philips Configo.lnk -> D:\prestigo\2.1.7.0\Configo.exe (Philips) Startup: C:\ProgramData\Start Menu\Programs\Startup\TMMonitor.lnk ShortcutTarget: TMMonitor.lnk -> D:\TV\TMMonitor.exe (ArcSoft, Inc.) Startup: C:\Users\jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk ShortcutTarget: Zahlungserinnerung.lnk -> D:\Profi cash\wzed.exe () Startup: C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\open office\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/#output=search&sclient=psy-ab&q=test&oq=test&gs_l=hp.12..0l4.9000.9329.0.11166.4.4.0.0.0.0.88.276.4.4.0...0.0...1c.1.18.psy-ab.H4SAn_fWiPk&pbx=1&bav=on.2,or.r_qf.&bvm=bv.48572450,d.Yms&fp=ca1c41bc59b1d6d5&biw=1230&bih=534 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com URLSearchHook: (No Name) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No File SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=8712433843584564&q={searchTerms} SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=8712433843584564&q={searchTerms} HKCU SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=8712433843584564&q={searchTerms} SearchScopes: HKCU - {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=DE&install_date=20120108&user_guid=AA59C97E440F40A1920182F9F55FF4FB&machine_id=49bd5e136d2b2f631ebe4891a8a6fb02&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=8712433843584564&q={searchTerms} SearchScopes: HKCU - {B49ED955-277E-438A-9199-D02FF81A91EA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-x32: WiseConvert 1.3 Toolbar - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWis0.dll (Conduit Ltd.) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com) Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () Toolbar: HKLM-x32 - WiseConvert 1.3 Toolbar - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWis0.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File Toolbar: HKCU - No Name - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No File Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - Handler-x32: ipp - No CLSID Value - Handler-x32: msdaipp - No CLSID Value - Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4b8kq9k8.default FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4b8kq9k8.default\user.js FF SearchEngine: Search Results FF Homepage: hxxp://www.bing.com/?cc=de FF Keyword.URL: hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=bcde545000000000000018f46ad5266c&tlver=1.5.29.1&instlRef=sst&babTrack&q= FF NetworkProxy: "no_proxies_on", "*.local" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\I tunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Babylon - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4b8kq9k8.default\Extensions\ffxtlbr@babylon.com FF Extension: SpecialSavings - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4b8kq9k8.default\Extensions\specialsavings@superfish.com FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4b8kq9k8.default\Extensions\{35379F86-8CCB-4724-AE33-4278DE266C70} FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 FF HKLM-x32\...\Firefox\Extensions: [crossriderapp1950@crossrider.com] C:\Users\admin\AppData\Local\RewardsArcadeSuite\1950\Firefox FF Extension: No Name - C:\Users\admin\AppData\Local\RewardsArcadeSuite\1950\Firefox FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKCU\...\Firefox\Extensions: [specialsavings@superfish.com] C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles/4b8kq9k8.default\extensions\specialsavings@superfish.com FF Extension: SpecialSavings - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles/4b8kq9k8.default\extensions\specialsavings@superfish.com Chrome: ======= CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Babylon Toolbar) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0 CHR Extension: (RewardsArcade Suite) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.18.35_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [873064 2011-02-22] (Acer Incorporated) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [244904 2010-10-28] () R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH) ==================== Drivers (Whitelisted) ==================== R0 07623136; C:\Windows\System32\DRIVERS\07623136.sys [460888 2013-05-13] (Kaspersky Lab ZAO) R0 62611638; C:\Windows\System32\DRIVERS\62611638.sys [460888 2013-07-01] (Kaspersky Lab ZAO) R0 99245666; C:\Windows\System32\DRIVERS\99245666.sys [460888 2013-06-22] (Kaspersky Lab ZAO) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-12] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-12] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-06-04] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130628.001\IDSvia64.sys [513184 2013-06-01] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130628.001\IDSvia64.sys [513184 2013-06-01] (Symantec Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130630.003\ENG64.SYS [126040 2013-06-04] (Symantec Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130630.003\ENG64.SYS [126040 2013-06-04] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130630.003\EX64.SYS [2098776 2013-06-04] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130630.003\EX64.SYS [2098776 2013-06-04] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-07-28] (Symantec Corporation) R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2011-03-31] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-01 20:07 - 2013-07-01 20:07 - 00000000 ____D C:\FRST 2013-07-01 20:06 - 2013-07-01 20:05 - 01933776 ____A (Farbar) C:\Users\admin\Desktop\FRST64.exe 2013-07-01 20:04 - 2013-07-01 20:05 - 01933776 ____A (Farbar) C:\Users\admin\Downloads\FRST64.exe 2013-07-01 19:15 - 2013-07-01 19:15 - 00000000 ____D C:\Users\admin\AppData\Local\Macromedia 2013-07-01 19:01 - 2013-07-01 19:01 - 00000000 ____D C:\Users\JD\AppData\Local\{3D9F68A6-A700-4BD6-B3D7-E00B98D0E883} 2013-07-01 18:49 - 2013-07-01 18:49 - 00008764 ____A C:\Users\Manu\Desktop\favoriten.htm 2013-07-01 18:48 - 2013-07-01 18:48 - 00000000 ____A C:\Users\Manu\Desktop\lesezeichen.html 2013-07-01 18:47 - 2013-07-01 18:47 - 00008764 ____A C:\Users\Manu\Desktop\bookmark.htm 2013-07-01 18:06 - 2013-07-01 18:13 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\62611638.sys 2013-07-01 15:44 - 2013-07-01 15:44 - 00000000 ____D C:\Users\Manu\AppData\Local\{BE2D3B67-3432-4D70-9484-89DE2876AE15} 2013-06-30 19:31 - 2013-06-22 16:02 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\99245666.sys 2013-06-30 19:13 - 2013-06-30 19:14 - 00000000 ____D C:\Users\JD\Desktop\Tai Chi 2013-06-30 18:46 - 2013-06-30 18:46 - 00001453 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-06-30 18:45 - 2013-06-30 18:45 - 00000000 ____D C:\Program Files\iTunes 2013-06-30 18:45 - 2013-06-30 18:45 - 00000000 ____D C:\Program Files\iPod 2013-06-30 16:48 - 2013-06-30 16:57 - 00000000 ____D C:\Users\JD\AppData\Roaming\vlc 2013-06-30 16:40 - 2013-06-30 16:47 - 00000000 ____D C:\Users\JD\AppData\Local\{4B6F1783-475F-4BBA-B2E4-A2E1066B7B92} 2013-06-30 16:40 - 2013-06-30 16:40 - 00000000 ____D C:\Users\JD\AppData\Local\{305B313F-8EAF-47FE-9E73-6FBB8F7B581B} 2013-06-30 14:06 - 2013-06-30 14:06 - 00000000 ____D C:\Users\Manu\AppData\Local\{B6C34DF3-9A63-4832-9B58-84F2D7A73B36} 2013-06-30 13:51 - 2013-06-30 13:51 - 00000000 ____D C:\Users\JD\AppData\Roaming\Mozilla 2013-06-30 13:51 - 2013-06-30 13:51 - 00000000 ____D C:\Users\JD\AppData\Local\Mozilla 2013-06-29 16:27 - 2013-06-29 16:28 - 00000000 ____D C:\Users\JD\MediaEspresso 2013-06-29 16:27 - 2013-06-29 16:27 - 00000000 ____D C:\Users\JD\AppData\Roaming\CyberLink 2013-06-29 16:05 - 2013-06-30 18:47 - 00000000 ____D C:\Users\JD\AppData\Roaming\Applian FLV and Media Player 2013-06-29 16:03 - 2013-06-29 16:03 - 00156028 ____A C:\Users\JD\Desktop\libmp3lame-win-3.97.zip 2013-06-29 16:02 - 2013-06-29 17:16 - 00000000 ____D C:\Users\JD\AppData\Roaming\Orbit 2013-06-29 16:02 - 2013-06-29 16:02 - 00000000 ____D C:\Users\JD\AppData\Roaming\ProgSense 2013-06-29 15:58 - 2013-06-30 19:09 - 00000000 ____D C:\Users\JD\AppData\Roaming\Audacity 2013-06-29 15:57 - 2013-06-30 18:40 - 00019086 ____A C:\Users\JD\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil.aup 2013-06-29 15:57 - 2013-06-29 15:57 - 00000000 ____D C:\Users\JD\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil_data 2013-06-29 15:57 - 2013-06-04 20:36 - 00001609 ____A C:\Users\JD\Desktop\Zugangsdaten.doc - Verknüpfung.lnk 2013-06-29 15:57 - 2013-03-24 21:33 - 35210877 ____A C:\Users\JD\Desktop\0004.mp4 2013-06-29 15:57 - 2013-03-24 17:51 - 71403622 ____A C:\Users\JD\Desktop\0001.mp4 2013-06-29 15:57 - 2013-03-10 13:26 - 00001333 ____A C:\Users\JD\Desktop\IMG_3288.JPG - Verknüpfung.lnk 2013-06-29 15:57 - 2013-03-03 23:43 - 00001494 ____A C:\Users\JD\Desktop\Photoshop.lnk 2013-06-29 15:57 - 2012-09-05 20:27 - 00001109 ____A C:\Users\JD\Desktop\audacity..lnk 2013-06-29 15:57 - 2012-07-29 19:19 - 00001154 ____A C:\Users\JD\Desktop\FreeVideoPerformer.lnk 2013-06-29 15:57 - 2012-03-22 22:05 - 00000855 ____A C:\Users\JD\Desktop\TotalMedia.lnk 2013-06-29 15:57 - 2012-01-04 17:46 - 00001010 ____A C:\Users\JD\Desktop\Teamviewer.lnk 2013-06-29 15:57 - 2011-11-08 20:32 - 00000541 ____A C:\Users\JD\Desktop\Profi cash.lnk 2013-06-29 15:57 - 2011-07-30 22:45 - 00000967 ____A C:\Users\JD\Desktop\WORD.lnk 2013-06-29 15:57 - 2011-07-30 22:41 - 00000975 ____A C:\Users\JD\Desktop\EXCEL -.lnk 2013-06-29 15:57 - 2011-07-30 21:08 - 00000355 ____A C:\Users\JD\Desktop\home.lnk 2013-06-29 15:57 - 2011-04-19 13:21 - 00001272 ____A C:\Users\JD\Desktop\Snipping Tool.lnk 2013-06-29 15:57 - 2010-10-26 13:22 - 05661184 ____A (Digiarty Software, Inc.) C:\Users\JD\Desktop\WinX_Free_FLV_to_MP4_Converter.exe 2013-06-29 14:14 - 2013-06-29 14:14 - 00000000 ____D C:\Users\Manu\AppData\Local\{8D5FB07C-1332-4180-811D-0B0937414065} 2013-06-28 13:45 - 2013-06-28 13:45 - 00000000 ____D C:\Users\Manu\AppData\Local\{CF15F97D-FD2A-4921-9620-F46E5FAE8FE9} 2013-06-27 15:46 - 2013-06-27 15:46 - 00000000 ____D C:\Users\Manu\AppData\Local\{8D30D727-0318-40CE-BBBF-2EE5696849ED} 2013-06-26 19:16 - 2013-06-26 19:16 - 00013304 ____A C:\Users\JD\Desktop\SnippingTool - Verknüpfung.lnk 2013-06-26 19:11 - 2013-06-26 19:12 - 00000000 ____D C:\Users\JD\AppData\Local\{C5EB48C1-30C5-4AEF-9AD7-D4E702E19C4D} 2013-06-26 16:22 - 2013-06-26 16:22 - 00000000 ____D C:\Users\Manu\AppData\Local\{12172258-93F8-4732-B7DB-EA3ABDD86310} 2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Manu\AppData\Local\{81026923-5E18-4EA7-B18D-3CD51D7B2524} 2013-06-24 15:49 - 2013-06-24 15:49 - 00000000 ____D C:\Users\Manu\AppData\Local\{BFEDC1D9-3EBA-4CCE-8A01-0AC2B1BE3311} 2013-06-23 20:40 - 2013-06-23 20:40 - 00000000 ____D C:\Users\Manu\AppData\Local\{E3FEFA46-4EE9-4B5F-82AC-51C42AEFCFA8} 2013-06-23 19:32 - 2013-06-23 19:32 - 00000000 ____D C:\Users\JD\AppData\Local\Apple 2013-06-23 18:24 - 2013-06-23 18:24 - 00000000 ____D C:\Users\JD\AppData\Roaming\EPSON 2013-06-23 18:23 - 2013-06-23 18:23 - 00000000 ____A C:\Users\JD\Sti_Trace.log 2013-06-23 14:39 - 2013-06-23 14:39 - 00001502 ____A C:\Users\JD\Desktop\Windows Live Mail.lnk 2013-06-23 13:47 - 2013-06-29 15:27 - 00000000 ____D C:\Users\JD\AppData\Local\CrashDumps 2013-06-23 13:24 - 2013-06-23 13:30 - 00000000 ____D C:\Users\JD\AppData\Roaming\Google 2013-06-23 13:24 - 2013-06-23 13:30 - 00000000 ____D C:\Users\JD\AppData\Local\Google 2013-06-23 13:21 - 2013-06-23 22:37 - 00000000 ____D C:\Users\JD\AppData\Roaming\Windows Live Writer 2013-06-23 13:21 - 2013-06-23 20:22 - 00000000 ____D C:\Users\JD\AppData\Local\Windows Live Writer 2013-06-23 13:21 - 2013-06-23 13:21 - 00000000 ____D C:\Users\JD\AppData\Local\{7D8C5629-8D8E-40C7-8407-BAAA224646DF} 2013-06-23 13:20 - 2013-06-23 13:20 - 00000000 ____D C:\Users\JD\AppData\Local\ArcSoft 2013-06-23 13:19 - 2013-06-30 16:40 - 00000000 ____D C:\Users\JD\AppData\Local\Windows Live 2013-06-23 13:19 - 2013-06-30 16:21 - 00000000 ____D C:\users\JD 2013-06-23 13:19 - 2013-06-28 18:25 - 00000000 ____D C:\Users\JD\AppData\Local\Apple Computer 2013-06-23 13:19 - 2013-06-23 19:32 - 00000000 ____D C:\Users\JD\AppData\Roaming\Apple Computer 2013-06-23 13:19 - 2013-06-23 18:30 - 00000000 ____D C:\Users\JD\AppData\Roaming\Adobe 2013-06-23 13:19 - 2013-06-23 18:30 - 00000000 ____D C:\Users\JD\AppData\Local\Adobe 2013-06-23 13:19 - 2013-06-23 13:26 - 00002267 ____A C:\Users\JD\Desktop\Google Chrome.lnk 2013-06-23 13:19 - 2013-06-23 13:20 - 00000000 ____D C:\Users\JD\AppData\Roaming\ArcSoft 2013-06-23 13:19 - 2013-06-23 13:19 - 00073384 ____A C:\Users\JD\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Vorlagen 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Startmenü 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Netzwerkumgebung 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Lokale Einstellungen 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Eigene Dateien 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Druckumgebung 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Documents\Eigene Musik 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Documents\Eigene Bilder 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\AppData\Local\Verlauf 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\AppData\Local\Anwendungsdaten 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Anwendungsdaten 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Local\VirtualStore 2013-06-23 13:19 - 2011-04-19 14:30 - 00000000 ____D C:\Users\JD\AppData\Local\Cyberlink 2013-06-23 13:19 - 2011-04-19 14:25 - 00000000 ____D C:\Users\JD\AppData\Roaming\Macromedia 2013-06-23 13:19 - 2011-04-19 13:33 - 00000000 ____D C:\Users\JD\AppData\Roaming\Intel Corporation 2013-06-23 13:19 - 2011-04-19 13:31 - 00000000 ____D C:\Users\JD\AppData\Roaming\InstallShield 2013-06-23 13:19 - 2010-11-21 04:50 - 00000020 ___SH C:\Users\JD\ntuser.ini 2013-06-22 15:56 - 2013-06-22 15:56 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-22 15:56 - 2013-06-22 15:56 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-21 17:06 - 2013-06-21 17:06 - 00000000 ____D C:\Users\Manu\AppData\Local\{58054010-D9C4-493A-BA5C-ECC6AB248295} 2013-06-20 14:55 - 2013-06-20 14:56 - 00000000 ____D C:\Users\Manu\AppData\Local\{20F75D8B-C59D-4957-B684-2730AE880216} 2013-06-19 14:43 - 2013-06-19 14:43 - 00000000 ____D C:\Users\Manu\AppData\Local\{EB4454CD-9472-471D-82BD-C8AC2DC6FADA} 2013-06-18 23:02 - 2013-06-18 23:02 - 09755584 ____A (SurfRight B.V.) C:\Users\admin\Downloads\hitmanpro_x64.exe 2013-06-18 22:34 - 2013-06-18 22:34 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-06-18 22:32 - 2013-05-13 16:56 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\07623136.sys 2013-06-18 22:02 - 2013-06-18 22:02 - 01084698 ____A C:\ProgramData\2433f433 2013-06-18 22:02 - 2013-06-18 22:02 - 01084684 ____A C:\Users\jörg\AppData\Roaming\2433f433 2013-06-18 22:02 - 2013-06-18 22:02 - 01084669 ____A C:\Users\jörg\AppData\Local\2433f433 2013-06-18 19:07 - 2013-06-18 19:07 - 00000000 ____D C:\Users\jörg\AppData\Local\{A2442D88-5E58-49A3-A333-204F436735D8} 2013-06-16 17:32 - 2013-06-16 17:32 - 00000000 ____D C:\Users\jörg\AppData\Local\{267C70E8-5B72-45D7-9CDF-DECD5E6E3A5C} 2013-06-14 15:25 - 2013-06-14 15:25 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-06-14 14:56 - 2013-06-14 14:56 - 00000000 ____D C:\Users\Manu\AppData\Local\{99EE7253-67B4-4F61-A8BC-9177B9312D33} 2013-06-13 16:44 - 2013-05-17 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-13 16:44 - 2013-05-17 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-13 16:44 - 2013-05-17 04:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-13 16:44 - 2013-05-17 04:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-13 16:44 - 2013-05-17 04:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-13 16:44 - 2013-05-17 04:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-13 16:44 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-13 16:44 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-13 16:44 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-13 16:44 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-13 16:44 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-13 16:44 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-13 16:44 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-13 16:43 - 2013-05-17 06:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-13 16:43 - 2013-05-17 05:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-13 16:43 - 2013-05-17 05:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-13 16:43 - 2013-05-17 05:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-13 16:43 - 2013-05-17 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-13 16:43 - 2013-05-17 04:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-13 16:43 - 2013-05-17 04:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-13 16:43 - 2013-05-17 04:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-13 16:43 - 2013-05-17 04:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-13 16:43 - 2013-05-17 04:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-13 16:43 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-13 16:43 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-13 16:43 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-13 16:43 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-13 16:43 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-13 16:43 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-13 16:43 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-13 16:43 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-13 16:43 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-13 16:16 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-13 16:16 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-13 16:16 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-13 16:16 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-13 16:16 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-13 16:16 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-13 16:16 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-13 16:16 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-13 16:16 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-13 16:16 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-13 16:14 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-13 16:14 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-13 16:14 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-13 16:14 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-13 16:14 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-13 16:06 - 2013-06-13 16:06 - 00000000 ____D C:\Users\Manu\AppData\Local\{44E2793B-6AD0-41D5-B25A-69DFDE532F57} 2013-06-11 14:53 - 2013-06-11 14:53 - 00000000 ____D C:\Users\Manu\AppData\Local\{A0821F0E-E78A-4601-B328-5A5F35668781} 2013-06-10 20:44 - 2013-06-10 20:44 - 00000000 ____D C:\Users\jörg\AppData\Local\{7563DCB8-3CAB-493E-A1E5-3BFAA1192631} 2013-06-09 19:30 - 2013-06-09 19:30 - 00000000 ____D C:\Users\Manu\AppData\Local\{FEC6F72C-007B-4073-A665-3FDE103D2FAE} 2013-06-08 09:48 - 2013-06-08 09:48 - 00000000 ____D C:\Users\Manu\AppData\Local\{C463F1D9-FD8A-47BF-8DC5-44B3DFA22AB7} 2013-06-07 16:04 - 2013-06-07 16:04 - 00000000 ____D C:\Users\Manu\AppData\Local\{377F3E1B-52C1-418A-A5B0-397F38965AE9} 2013-06-06 18:43 - 2013-06-06 18:43 - 00000000 ____D C:\Users\jörg\AppData\Local\{65138475-27C5-448E-BCB3-4A88B43B1F56} 2013-06-06 16:14 - 2013-06-06 16:14 - 00000000 ____D C:\Users\Manu\AppData\Local\{C5CCD79F-D5C9-408F-A647-387609FE459E} 2013-06-05 16:38 - 2013-06-05 16:38 - 00000000 ____D C:\Users\Manu\AppData\Local\{2630AFAC-26F1-4E03-86ED-E810169F8E2B} 2013-06-04 20:41 - 2013-06-04 20:41 - 00000000 ____D C:\Users\jörg\AppData\Local\{C3C906FE-0FE4-43D6-96B6-5937D326E06F} 2013-06-04 20:36 - 2013-06-04 20:36 - 00001609 ____A C:\Users\jörg\Desktop\Zugangsdaten.doc - Verknüpfung.lnk 2013-06-04 19:40 - 2013-06-04 19:40 - 00000000 ____D C:\Users\jörg\AppData\Local\{3C44CF72-A437-41AE-AFC5-C9EC1DF8556D} 2013-06-04 17:13 - 2013-06-04 17:13 - 00000000 ____D C:\Users\Manu\AppData\Local\{BD654D46-DA3D-439F-9F7C-6EE6485BDE83} 2013-06-03 14:15 - 2013-06-03 14:15 - 00000000 ____D C:\Users\Manu\AppData\Local\{80A46B06-9E39-4984-802A-96CBCF0E00E4} 2013-06-02 21:45 - 2013-06-02 21:45 - 00000000 ____D C:\Users\jörg\AppData\Local\{9C36CA55-8318-41D5-860F-7056DC52E4B6} 2013-06-02 19:16 - 2013-06-02 21:29 - 00019764 ____A C:\Users\jörg\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil.aup 2013-06-02 19:16 - 2013-06-02 19:16 - 00000000 ____D C:\Users\jörg\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil_data 2013-06-02 11:17 - 2013-06-02 11:17 - 00000000 ____D C:\Users\Manu\AppData\Local\{9DDD6CF3-BA43-42BE-B0C0-593440A39EC4} ==================== One Month Modified Files and Folders ======= 2013-07-01 20:07 - 2013-07-01 20:07 - 00000000 ____D C:\FRST 2013-07-01 20:07 - 2011-08-05 18:47 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer 2013-07-01 20:05 - 2013-07-01 20:06 - 01933776 ____A (Farbar) C:\Users\admin\Desktop\FRST64.exe 2013-07-01 20:05 - 2013-07-01 20:04 - 01933776 ____A (Farbar) C:\Users\admin\Downloads\FRST64.exe 2013-07-01 20:04 - 2011-07-28 13:36 - 00659690 ____A C:\Windows\System32\perfh007.dat 2013-07-01 20:04 - 2011-07-28 13:36 - 00132970 ____A C:\Windows\System32\perfc007.dat 2013-07-01 20:04 - 2009-07-14 07:13 - 01513970 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-01 20:01 - 2009-07-14 06:51 - 00152200 ____A C:\Windows\setupact.log 2013-07-01 19:25 - 2012-07-18 18:09 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-01 19:15 - 2013-07-01 19:15 - 00000000 ____D C:\Users\admin\AppData\Local\Macromedia 2013-07-01 19:15 - 2011-07-29 21:19 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-01 19:01 - 2013-07-01 19:01 - 00000000 ____D C:\Users\JD\AppData\Local\{3D9F68A6-A700-4BD6-B3D7-E00B98D0E883} 2013-07-01 18:59 - 2011-07-29 21:19 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-01 18:58 - 2012-04-11 10:47 - 00000000 ____D C:\Users\Manu\AppData\Roaming\Orbit 2013-07-01 18:49 - 2013-07-01 18:49 - 00008764 ____A C:\Users\Manu\Desktop\favoriten.htm 2013-07-01 18:48 - 2013-07-01 18:48 - 00000000 ____A C:\Users\Manu\Desktop\lesezeichen.html 2013-07-01 18:47 - 2013-07-01 18:47 - 00008764 ____A C:\Users\Manu\Desktop\bookmark.htm 2013-07-01 18:13 - 2013-07-01 18:06 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\62611638.sys 2013-07-01 18:02 - 2012-01-01 15:53 - 00000000 ____D C:\Users\admin\AppData\Roaming\Orbit 2013-07-01 17:58 - 2011-07-28 03:43 - 01742806 ____A C:\Windows\WindowsUpdate.log 2013-07-01 17:21 - 2011-07-28 22:54 - 00000000 ____D C:\users\Manu 2013-07-01 17:20 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-01 17:20 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-01 17:13 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-01 15:51 - 2011-07-28 22:54 - 00000000 ____D C:\Users\Manu\AppData\Local\Adobe 2013-07-01 15:44 - 2013-07-01 15:44 - 00000000 ____D C:\Users\Manu\AppData\Local\{BE2D3B67-3432-4D70-9484-89DE2876AE15} 2013-06-30 19:14 - 2013-06-30 19:13 - 00000000 ____D C:\Users\JD\Desktop\Tai Chi 2013-06-30 19:09 - 2013-06-29 15:58 - 00000000 ____D C:\Users\JD\AppData\Roaming\Audacity 2013-06-30 18:52 - 2010-11-21 05:47 - 00131768 ____A C:\Windows\PFRO.log 2013-06-30 18:47 - 2013-06-29 16:05 - 00000000 ____D C:\Users\JD\AppData\Roaming\Applian FLV and Media Player 2013-06-30 18:46 - 2013-06-30 18:46 - 00001453 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-06-30 18:45 - 2013-06-30 18:45 - 00000000 ____D C:\Program Files\iTunes 2013-06-30 18:45 - 2013-06-30 18:45 - 00000000 ____D C:\Program Files\iPod 2013-06-30 18:45 - 2013-01-01 15:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-30 18:40 - 2013-06-29 15:57 - 00019086 ____A C:\Users\JD\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil.aup 2013-06-30 17:33 - 2012-02-25 18:49 - 00003192 ____A C:\Windows\wininit.ini 2013-06-30 16:57 - 2013-06-30 16:48 - 00000000 ____D C:\Users\JD\AppData\Roaming\vlc 2013-06-30 16:47 - 2013-06-30 16:40 - 00000000 ____D C:\Users\JD\AppData\Local\{4B6F1783-475F-4BBA-B2E4-A2E1066B7B92} 2013-06-30 16:40 - 2013-06-30 16:40 - 00000000 ____D C:\Users\JD\AppData\Local\{305B313F-8EAF-47FE-9E73-6FBB8F7B581B} 2013-06-30 16:40 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Local\Windows Live 2013-06-30 16:21 - 2013-06-23 13:19 - 00000000 ____D C:\users\JD 2013-06-30 14:06 - 2013-06-30 14:06 - 00000000 ____D C:\Users\Manu\AppData\Local\{B6C34DF3-9A63-4832-9B58-84F2D7A73B36} 2013-06-30 13:51 - 2013-06-30 13:51 - 00000000 ____D C:\Users\JD\AppData\Roaming\Mozilla 2013-06-30 13:51 - 2013-06-30 13:51 - 00000000 ____D C:\Users\JD\AppData\Local\Mozilla 2013-06-29 17:16 - 2013-06-29 16:02 - 00000000 ____D C:\Users\JD\AppData\Roaming\Orbit 2013-06-29 16:28 - 2013-06-29 16:27 - 00000000 ____D C:\Users\JD\MediaEspresso 2013-06-29 16:27 - 2013-06-29 16:27 - 00000000 ____D C:\Users\JD\AppData\Roaming\CyberLink 2013-06-29 16:03 - 2013-06-29 16:03 - 00156028 ____A C:\Users\JD\Desktop\libmp3lame-win-3.97.zip 2013-06-29 16:02 - 2013-06-29 16:02 - 00000000 ____D C:\Users\JD\AppData\Roaming\ProgSense 2013-06-29 15:57 - 2013-06-29 15:57 - 00000000 ____D C:\Users\JD\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil_data 2013-06-29 15:27 - 2013-06-23 13:47 - 00000000 ____D C:\Users\JD\AppData\Local\CrashDumps 2013-06-29 14:39 - 2011-07-29 21:41 - 00000000 ____D C:\Users\Manu\AppData\Local\FreePDF_XP 2013-06-29 14:14 - 2013-06-29 14:14 - 00000000 ____D C:\Users\Manu\AppData\Local\{8D5FB07C-1332-4180-811D-0B0937414065} 2013-06-28 18:25 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Local\Apple Computer 2013-06-28 13:45 - 2013-06-28 13:45 - 00000000 ____D C:\Users\Manu\AppData\Local\{CF15F97D-FD2A-4921-9620-F46E5FAE8FE9} 2013-06-28 13:42 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-27 15:46 - 2013-06-27 15:46 - 00000000 ____D C:\Users\Manu\AppData\Local\{8D30D727-0318-40CE-BBBF-2EE5696849ED} 2013-06-26 19:16 - 2013-06-26 19:16 - 00013304 ____A C:\Users\JD\Desktop\SnippingTool - Verknüpfung.lnk 2013-06-26 19:12 - 2013-06-26 19:11 - 00000000 ____D C:\Users\JD\AppData\Local\{C5EB48C1-30C5-4AEF-9AD7-D4E702E19C4D} 2013-06-26 16:22 - 2013-06-26 16:22 - 00000000 ____D C:\Users\Manu\AppData\Local\{12172258-93F8-4732-B7DB-EA3ABDD86310} 2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Manu\AppData\Local\{81026923-5E18-4EA7-B18D-3CD51D7B2524} 2013-06-25 15:12 - 2013-02-10 18:05 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0 2013-06-24 15:49 - 2013-06-24 15:49 - 00000000 ____D C:\Users\Manu\AppData\Local\{BFEDC1D9-3EBA-4CCE-8A01-0AC2B1BE3311} 2013-06-23 22:37 - 2013-06-23 13:21 - 00000000 ____D C:\Users\JD\AppData\Roaming\Windows Live Writer 2013-06-23 20:40 - 2013-06-23 20:40 - 00000000 ____D C:\Users\Manu\AppData\Local\{E3FEFA46-4EE9-4B5F-82AC-51C42AEFCFA8} 2013-06-23 20:22 - 2013-06-23 13:21 - 00000000 ____D C:\Users\JD\AppData\Local\Windows Live Writer 2013-06-23 19:32 - 2013-06-23 19:32 - 00000000 ____D C:\Users\JD\AppData\Local\Apple 2013-06-23 19:32 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Roaming\Apple Computer 2013-06-23 18:30 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Roaming\Adobe 2013-06-23 18:30 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Local\Adobe 2013-06-23 18:24 - 2013-06-23 18:24 - 00000000 ____D C:\Users\JD\AppData\Roaming\EPSON 2013-06-23 18:23 - 2013-06-23 18:23 - 00000000 ____A C:\Users\JD\Sti_Trace.log 2013-06-23 18:13 - 2011-07-29 20:16 - 00000403 ____A C:\Windows\ODBC.INI 2013-06-23 14:39 - 2013-06-23 14:39 - 00001502 ____A C:\Users\JD\Desktop\Windows Live Mail.lnk 2013-06-23 13:30 - 2013-06-23 13:24 - 00000000 ____D C:\Users\JD\AppData\Roaming\Google 2013-06-23 13:30 - 2013-06-23 13:24 - 00000000 ____D C:\Users\JD\AppData\Local\Google 2013-06-23 13:26 - 2013-06-23 13:19 - 00002267 ____A C:\Users\JD\Desktop\Google Chrome.lnk 2013-06-23 13:21 - 2013-06-23 13:21 - 00000000 ____D C:\Users\JD\AppData\Local\{7D8C5629-8D8E-40C7-8407-BAAA224646DF} 2013-06-23 13:20 - 2013-06-23 13:20 - 00000000 ____D C:\Users\JD\AppData\Local\ArcSoft 2013-06-23 13:20 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Roaming\ArcSoft 2013-06-23 13:19 - 2013-06-23 13:19 - 00073384 ____A C:\Users\JD\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Vorlagen 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Startmenü 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Netzwerkumgebung 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Lokale Einstellungen 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Eigene Dateien 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Druckumgebung 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Documents\Eigene Musik 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Documents\Eigene Bilder 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\AppData\Local\Verlauf 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\AppData\Local\Anwendungsdaten 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Anwendungsdaten 2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Local\VirtualStore 2013-06-22 19:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-22 16:02 - 2013-06-30 19:31 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\99245666.sys 2013-06-22 15:56 - 2013-06-22 15:56 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-22 15:56 - 2013-06-22 15:56 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-22 15:56 - 2013-03-05 20:57 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-22 15:56 - 2013-03-05 20:57 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-22 15:56 - 2012-09-23 12:31 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2013-06-22 15:56 - 2011-08-21 12:11 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-22 15:56 - 2011-08-21 12:11 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-22 15:40 - 2013-05-08 15:25 - 00000000 ____D C:\Program Files (x86)\Iminent 2013-06-22 15:28 - 2013-05-08 15:26 - 00000898 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog 2013-06-21 17:06 - 2013-06-21 17:06 - 00000000 ____D C:\Users\Manu\AppData\Local\{58054010-D9C4-493A-BA5C-ECC6AB248295} 2013-06-20 14:56 - 2013-06-20 14:55 - 00000000 ____D C:\Users\Manu\AppData\Local\{20F75D8B-C59D-4957-B684-2730AE880216} 2013-06-19 14:43 - 2013-06-19 14:43 - 00000000 ____D C:\Users\Manu\AppData\Local\{EB4454CD-9472-471D-82BD-C8AC2DC6FADA} 2013-06-18 23:02 - 2013-06-18 23:02 - 09755584 ____A (SurfRight B.V.) C:\Users\admin\Downloads\hitmanpro_x64.exe 2013-06-18 22:34 - 2013-06-18 22:34 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-06-18 22:02 - 2013-06-18 22:02 - 01084698 ____A C:\ProgramData\2433f433 2013-06-18 22:02 - 2013-06-18 22:02 - 01084684 ____A C:\Users\jörg\AppData\Roaming\2433f433 2013-06-18 22:02 - 2013-06-18 22:02 - 01084669 ____A C:\Users\jörg\AppData\Local\2433f433 2013-06-18 19:14 - 2011-07-30 21:00 - 00000000 ____D C:\Users\jörg\AppData\Local\Adobe 2013-06-18 19:07 - 2013-06-18 19:07 - 00000000 ____D C:\Users\jörg\AppData\Local\{A2442D88-5E58-49A3-A333-204F436735D8} 2013-06-16 17:32 - 2013-06-16 17:32 - 00000000 ____D C:\Users\jörg\AppData\Local\{267C70E8-5B72-45D7-9CDF-DECD5E6E3A5C} 2013-06-14 15:25 - 2013-06-14 15:25 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-06-14 15:25 - 2012-04-23 14:17 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-14 15:25 - 2011-08-17 18:20 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-14 14:56 - 2013-06-14 14:56 - 00000000 ____D C:\Users\Manu\AppData\Local\{99EE7253-67B4-4F61-A8BC-9177B9312D33} 2013-06-13 16:09 - 2011-07-28 22:40 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-13 16:06 - 2013-06-13 16:06 - 00000000 ____D C:\Users\Manu\AppData\Local\{44E2793B-6AD0-41D5-B25A-69DFDE532F57} 2013-06-11 14:53 - 2013-06-11 14:53 - 00000000 ____D C:\Users\Manu\AppData\Local\{A0821F0E-E78A-4601-B328-5A5F35668781} 2013-06-10 20:44 - 2013-06-10 20:44 - 00000000 ____D C:\Users\jörg\AppData\Local\{7563DCB8-3CAB-493E-A1E5-3BFAA1192631} 2013-06-09 19:30 - 2013-06-09 19:30 - 00000000 ____D C:\Users\Manu\AppData\Local\{FEC6F72C-007B-4073-A665-3FDE103D2FAE} 2013-06-08 09:48 - 2013-06-08 09:48 - 00000000 ____D C:\Users\Manu\AppData\Local\{C463F1D9-FD8A-47BF-8DC5-44B3DFA22AB7} 2013-06-07 16:04 - 2013-06-07 16:04 - 00000000 ____D C:\Users\Manu\AppData\Local\{377F3E1B-52C1-418A-A5B0-397F38965AE9} 2013-06-06 18:43 - 2013-06-06 18:43 - 00000000 ____D C:\Users\jörg\AppData\Local\{65138475-27C5-448E-BCB3-4A88B43B1F56} 2013-06-06 16:14 - 2013-06-06 16:14 - 00000000 ____D C:\Users\Manu\AppData\Local\{C5CCD79F-D5C9-408F-A647-387609FE459E} 2013-06-05 16:38 - 2013-06-05 16:38 - 00000000 ____D C:\Users\Manu\AppData\Local\{2630AFAC-26F1-4E03-86ED-E810169F8E2B} 2013-06-04 20:41 - 2013-06-04 20:41 - 00000000 ____D C:\Users\jörg\AppData\Local\{C3C906FE-0FE4-43D6-96B6-5937D326E06F} 2013-06-04 20:36 - 2013-06-29 15:57 - 00001609 ____A C:\Users\JD\Desktop\Zugangsdaten.doc - Verknüpfung.lnk 2013-06-04 20:36 - 2013-06-04 20:36 - 00001609 ____A C:\Users\jörg\Desktop\Zugangsdaten.doc - Verknüpfung.lnk 2013-06-04 20:32 - 2011-07-30 21:00 - 00000000 ____D C:\users\jörg 2013-06-04 20:30 - 2012-09-05 18:23 - 00000000 ____D C:\Users\jörg\AppData\Roaming\Audacity 2013-06-04 20:30 - 2012-01-14 17:51 - 00000000 ____D C:\Users\jörg\AppData\Roaming\vlc 2013-06-04 20:30 - 2011-08-27 15:16 - 00000000 ____D C:\Program Files (x86)\gs 2013-06-04 20:30 - 2011-07-29 21:03 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP 2013-06-04 20:30 - 2011-07-28 22:25 - 00000000 ____D C:\users\admin 2013-06-04 20:30 - 2011-04-19 14:26 - 00000000 ____D C:\ProgramData\Norton 2013-06-04 20:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-06-04 20:28 - 2013-05-08 15:25 - 00000000 ____D C:\ProgramData\Ask 2013-06-04 20:28 - 2012-01-01 15:53 - 00000000 ____D C:\Users\jörg\AppData\Roaming\Orbit 2013-06-04 20:14 - 2011-08-28 10:51 - 00000000 ____D C:\Users\admin\AppData\Local\FreePDF_XP 2013-06-04 20:12 - 2011-07-29 21:03 - 00000000 ____D C:\ProgramData\FreePDF 2013-06-04 19:40 - 2013-06-04 19:40 - 00000000 ____D C:\Users\jörg\AppData\Local\{3C44CF72-A437-41AE-AFC5-C9EC1DF8556D} 2013-06-04 17:13 - 2013-06-04 17:13 - 00000000 ____D C:\Users\Manu\AppData\Local\{BD654D46-DA3D-439F-9F7C-6EE6485BDE83} 2013-06-03 14:15 - 2013-06-03 14:15 - 00000000 ____D C:\Users\Manu\AppData\Local\{80A46B06-9E39-4984-802A-96CBCF0E00E4} 2013-06-02 21:45 - 2013-06-02 21:45 - 00000000 ____D C:\Users\jörg\AppData\Local\{9C36CA55-8318-41D5-860F-7056DC52E4B6} 2013-06-02 21:29 - 2013-06-02 19:16 - 00019764 ____A C:\Users\jörg\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil.aup 2013-06-02 19:16 - 2013-06-02 19:16 - 00000000 ____D C:\Users\jörg\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil_data 2013-06-02 11:17 - 2013-06-02 11:17 - 00000000 ____D C:\Users\Manu\AppData\Local\{9DDD6CF3-BA43-42BE-B0C0-593440A39EC4} ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-22 18:59 ==================== End Of Log ============================ --- --- --- Wann ist comofix fertig ??? Wo ist das logfile ??? |
02.07.2013, 07:10 | #7 |
/// the machine /// TB-Ausbilder | Google öffnet lauter leere Fenster Liest Du auch die Anleitungen? Da steht wo das Logfile zu finden ist, unter C:\Combofix.txt
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.07.2013, 18:25 | #8 |
| Google öffnet lauter leere Fenster Gibt kein Textfile unter C - es hat aber ein Datei ComboFix angelegt mit dem Computersymbol wenn ich die öffne sehe ich nochmal alle Laufwerke ???? Soll ich combofix nochmal starten -habe das Gefühl es ist nicht richtig gelaufen da es bei dem löschen hängengeblieben ist - oder ist das normal ?? |
02.07.2013, 18:49 | #9 |
/// the machine /// TB-Ausbilder | Google öffnet lauter leere Fenster wie besprochen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.07.2013, 21:28 | #10 |
| Google öffnet lauter leere Fenster Hier nun das LogFile :-) Fehler ist aber noch nicht weg -habe allerdings noch keinen Neustart geacht .... Mach ich nachher noch |
03.07.2013, 08:07 | #11 |
/// the machine /// TB-Ausbilder | Google öffnet lauter leere Fenster Logs bitte immer in den Thread posten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.07.2013, 18:48 | #12 |
| Google öffnet lauter leere Fenster Huiiiiiii der Fehler is nach Neustart wech Heissen Dank an "Schrauber" Ich werde dich wärmstens weiterempfehlen - Was war das denn nun ? Kannst du das an den Logfiles erkennen ? ...und vor allem -> warum hat Norton versagt (Virensignaturen sind aktuell ..... auch Spybot + Defender haben das Ding nicht geknackt .... Habe gehört das Kaspersky eh besser ist - stimmt das ? .... obwohl - Kaspersky hat das Ding auch nicht wegbekommen Nochmals vielen Dank |
03.07.2013, 18:52 | #13 |
/// the machine /// TB-Ausbilder | Google öffnet lauter leere Fenster Adware und so Kram. den Rest bitte auch noch machen, wir sind noch nit fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.07.2013, 19:00 | #14 |
| Google öffnet lauter leere Fenster Habe es schon geshen - ich lege los ; Geändert von Indexation (03.07.2013 um 19:07 Uhr) |
03.07.2013, 19:26 | #15 |
| Google öffnet lauter leere Fenster Logfile von Adw-Cleaner |
Themen zu Google öffnet lauter leere Fenster |
adresse, aktualisiert, fenster, firefox, google, hallo zusammen, kaspersky, kurzem, lauter, leer, leere, leere fenster, melde, search, spinn, spinnt, spybot, suchfeld, thread, troja, trojaner, virus, win, zusammen, öffnet |