| |
| |||||||
Log-Analyse und Auswertung: Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.07.2013, 22:07
| #1 |
 |  Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" Hallo Team, ich habe mir in meinem Windows 8 System einen Bundestrojaner eingefangen. Jedoch nur auf einem Benutzer-Account (nicht Admin). Über mein Adminkonto habe ich noch Zugang auf den Rechner und habe entsprechend Anleitung hier im Forum. Beitrag http://www.trojaner-board.de/134453-...tzerkonto.html die Bekämpfung gestartet. Es wurden die Files gefunden und auch beseitigt. Auch alle anderen Benutzer-Accounts sind nicht befallen. Wenn ich nun versuche mich wieder an dem infizierten Account an zu melden ist die Trojanerseite weg. Es erscheint aber ein schwarzer Bildschirm mit einer CMD-Box. Die zeigt nur Windows\system 32. Wie muss ich vorgehen um das Problem zu beseitigen und wieder auf meinen Account zu zu greifen. Leider ist der GMER nicht sauber durchgelaufen, da er an nicht gesteckten Speichermedien hängen bleibt. Ich hoffe Ihr könnt mit meinen Anhängen etwas anfangen Danke im vorraus für Eure Unterstützung wh56 |
|
18.07.2013, 03:14
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" Hallo und
__________________ Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
18.07.2013, 18:34
| #3 |
| | Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" Hallo Cosinus
__________________danke für Deine schnelle Antwort. In der Anlage die beiden Dateien FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 02
Ran by ** ** (administrator) on 18-07-2013 12:58:25
Running from C:\Users\** **\Downloads
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\system32\brsvc01a.exe
(brother Industries Ltd) C:\Windows\system32\brss01a.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(REINER SCT) C:\Windows\system32\cjpcsc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Greenshot\Greenshot.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe
==================== Registry (Whitelisted) ==================
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Lukas **\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Lukas **\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\Lukas **\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\Lukas **\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\Lukas **\...\RunOnce: [WAB Migrate] - %ProgramFiles%\Windows Mail\wab.exe /Upgrade [ 2012-07-26] (Microsoft Corporation)
HKU\Lukas **\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Lukas **\...\Policies\system: [LogonHoursAction] 2
HKU\Mechtild **\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\Mechtild **\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\Mechtild **\...\Run: [PC Suite Tray] - "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [ 2010-05-14] (Nokia)
HKU\Mechtild **\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\Mechtild **\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mechtild **\...\Policies\system: [LogonHoursAction] 2
HKU\Nelson Canga\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\Nelson Canga\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\Nelson Canga\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\Nelson Canga\...\RunOnce: [WAB Migrate] - %ProgramFiles%\Windows Mail\wab.exe /Upgrade [ 2012-07-26] (Microsoft Corporation)
HKU\Nelson Canga\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Nelson Canga\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\UpdatusUser\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\UpdatusUser\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\** ** (Wrk)\...\Run: [Greenshot] - "C:\Program Files\Greenshot\Greenshot.exe" [x]
HKU\** ** (Wrk)\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\** ** (Wrk)\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe [x] <===== ATTENTION
HKU\** ** (Wrk)\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\** ** (Wrk)\...\Policies\system: [LogonHoursAction] 2
HKU\** ** (Wrk)\...\Winlogon: [Shell] cmd.exe [ 2012-07-26] (Microsoft Corporation) <==== ATTENTION
HKU\** ** (Wrk)\...\Command Processor: "C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe" <===== ATTENTION!
IMEO\mediabuilder.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\nsu3ui.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\paprport.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\pdfdirect.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\pppagevw.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\ppscandr.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\scannerwizard.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\teamviewer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\trueimagelauncher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62
FireFox:
========
FF ProfilePath: C:\Users\** **\AppData\Roaming\Mozilla\Firefox\Profiles\k915aems.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\** **\AppData\Roaming\Mozilla\Firefox\Profiles\k915aems.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [fe_9.0@nokia.com] C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF HKLM\...\Thunderbird\Extensions: [te_9.0@nokia.com] C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"]},"first_run_tabs":["hxxp://www.google.com/","hxxp://welcome_page"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Norton Identity Safe) - C:\Users\** ** (Wrk)\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0\npcoplgn.dll (Symantec Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
========================== Services (Whitelisted) =================
S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [846576 2012-05-10] (Acronis)
S4 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-01-17] (Acronis)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [508848 2011-05-09] (REINER SCT)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MCLIENT; C:\Program Files\Norton Management\Engine\3.2.0.19\diMaster.dll [535416 2012-10-11] (Symantec Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13864 2012-07-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-12-06] (Protect Software GmbH)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENT\0302000.013\ccSetx86.sys [134304 2012-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-11-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-11-19] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\system32\drivers\ftdibus.sys [57672 2009-06-10] (FTDI Ltd.)
S3 GigasetGenericUSB; C:\Windows\system32\DRIVERS\GigasetGenericUSB.sys [44032 2013-03-05] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130716.001\IDSvix86.sys [386720 2012-11-19] (Symantec Corporation)
R3 LMouFilt; C:\Windows\system32\DRIVERS\LMouFilt.Sys [39608 2012-09-18] (Logitech, Inc.)
R0 m5287; C:\Windows\System32\drivers\m5287.sys [76544 2004-12-15] (ULi Electronics Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130716.017\NAVENG.SYS [93272 2013-05-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130716.017\NAVEX15.SYS [1611992 2013-05-31] (Symantec Corporation)
R3 Ph3xIB32; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [1311232 2011-05-31] (NXP Semiconductors)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-01-11] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10200 2013-01-11] ()
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NIS\1404000.028\SYMELAM.SYS [21400 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
R3 teamviewervpn; C:\Windows\system32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [125472 2013-03-27] (Acronis)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2013-03-27] (Acronis)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x86.sys [249200 2012-10-02] (Marvell)
U3 idsvc;
U3 pxryiuog; \??\C:\Users\WILHEL~1\AppData\Local\Temp\pxryiuog.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-18 12:58 - 2013-07-18 12:58 - 00000000 ____D C:\FRST
2013-07-18 12:56 - 2013-07-18 12:56 - 01218860 _____ (Farbar) C:\Users\** **\Downloads\FRST.exe
2013-07-17 22:34 - 2013-07-17 22:55 - 00021385 _____ C:\Users\** **\Desktop\GMER.log
2013-07-16 23:19 - 2013-07-17 23:02 - 00084450 _____ C:\Users\** **\Downloads\Extras.Txt
2013-07-16 23:17 - 2013-07-17 23:02 - 00128916 _____ C:\Users\** **\Downloads\OTL.Txt
2013-07-16 23:12 - 2013-07-16 23:12 - 00377856 _____ C:\Users\** **\Downloads\gmer_2.1.19163.exe
2013-07-16 23:05 - 2013-07-16 23:05 - 00602112 _____ (OldTimer Tools) C:\Users\** **\Downloads\OTL.exe
2013-07-16 23:04 - 2013-07-16 23:04 - 00000490 _____ C:\Users\** **\Downloads\defogger_disable.log
2013-07-16 23:04 - 2013-07-16 23:04 - 00000000 _____ C:\Users\** **\defogger_reenable
2013-07-16 23:02 - 2013-07-16 23:02 - 00050477 _____ C:\Users\** **\Downloads\Defogger.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-16 18:46 - 2013-07-17 22:59 - 00001284 _____ C:\Users\** **\Desktop\checkup.txt
2013-07-16 18:40 - 2013-07-16 18:40 - 00891022 _____ C:\Users\** **\Downloads\SecurityCheck.exe
2013-07-16 05:26 - 2013-07-17 23:01 - 00000333 _____ C:\Users\** **\Desktop\eset Ergebnisse.txt
2013-07-10 06:45 - 2013-07-10 06:45 - 02347384 _____ (ESET) C:\Users\** **\Downloads\esetsmartinstaller_enu.exe
2013-07-10 06:45 - 2013-07-10 06:45 - 00000000 ____D C:\Program Files\ESET
2013-07-10 06:40 - 2013-07-10 06:40 - 00171096 _____ C:\WINDOWS\Minidump\071013-32265-01.dmp
2013-07-10 06:31 - 2013-07-10 06:30 - 04745728 _____ (AVAST Software) C:\Users\** **\Desktop\aswMBR.exe
2013-07-10 06:30 - 2013-07-10 06:30 - 04745728 _____ (AVAST Software) C:\Users\** **\Downloads\aswMBR.exe
2013-07-09 22:55 - 2013-07-09 22:55 - 00001082 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Users\** **\AppData\Roaming\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-09 22:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-07-09 22:54 - 2013-07-09 22:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\** **\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-09 21:26 - 2013-07-09 21:26 - 00156240 _____ C:\WINDOWS\Minidump\070913-29453-01.dmp
2013-06-28 19:11 - 2013-06-28 19:11 - 00000000 ____D C:\Users\Mechtild **\AppData\Roaming\TeamViewer
2013-06-20 20:08 - 2013-06-20 20:08 - 00001764 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-06-20 20:07 - 2013-06-20 20:08 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-20 20:07 - 2013-06-20 20:08 - 00000000 ____D C:\Program Files\iTunes
2013-06-20 20:07 - 2013-06-20 20:07 - 00000000 ____D C:\Program Files\iPod
==================== One Month Modified Files and Folders =======
2013-07-18 12:58 - 2013-07-18 12:58 - 00000000 ____D C:\FRST
2013-07-18 12:56 - 2013-07-18 12:56 - 01218860 _____ (Farbar) C:\Users\** **\Downloads\FRST.exe
2013-07-18 12:53 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-07-17 23:02 - 2013-07-16 23:19 - 00084450 _____ C:\Users\** **\Downloads\Extras.Txt
2013-07-17 23:02 - 2013-07-16 23:17 - 00128916 _____ C:\Users\** **\Downloads\OTL.Txt
2013-07-17 23:01 - 2013-07-16 05:26 - 00000333 _____ C:\Users\** **\Desktop\eset Ergebnisse.txt
2013-07-17 22:59 - 2013-07-16 18:46 - 00001284 _____ C:\Users\** **\Desktop\checkup.txt
2013-07-17 22:55 - 2013-07-17 22:34 - 00021385 _____ C:\Users\** **\Desktop\GMER.log
2013-07-17 22:34 - 2013-01-04 00:31 - 00000000 ___RD C:\Users\** **\Desktop
2013-07-17 22:26 - 2012-04-11 20:05 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-17 20:50 - 2013-01-04 00:54 - 01631347 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-17 19:46 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-07-17 19:14 - 2013-02-11 22:08 - 03672987 _____ C:\WINDOWS\setupact.log
2013-07-17 19:14 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-16 23:12 - 2013-07-16 23:12 - 00377856 _____ C:\Users\** **\Downloads\gmer_2.1.19163.exe
2013-07-16 23:05 - 2013-07-16 23:05 - 00602112 _____ (OldTimer Tools) C:\Users\** **\Downloads\OTL.exe
2013-07-16 23:04 - 2013-07-16 23:04 - 00000490 _____ C:\Users\** **\Downloads\defogger_disable.log
2013-07-16 23:04 - 2013-07-16 23:04 - 00000000 _____ C:\Users\** **\defogger_reenable
2013-07-16 23:04 - 2013-01-04 00:31 - 00000000 ____D C:\Users\** **
2013-07-16 23:02 - 2013-07-16 23:02 - 00050477 _____ C:\Users\** **\Downloads\Defogger.exe
2013-07-16 21:58 - 2010-04-13 21:00 - 00000000 ____D C:\Users\Mechtild **\AppData\Roaming\TuneUp Software
2013-07-16 21:37 - 2010-01-17 00:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 21:16 - 2010-01-23 11:17 - 75699896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-16 20:55 - 2012-12-17 21:40 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-07-16 20:55 - 2012-12-17 21:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-07-16 20:55 - 2012-12-17 21:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-07-16 20:55 - 2010-10-06 15:59 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-07-16 20:55 - 2010-01-17 10:48 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-16 18:42 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-07-16 18:40 - 2013-07-16 18:40 - 00891022 _____ C:\Users\** **\Downloads\SecurityCheck.exe
2013-07-16 18:35 - 2013-02-19 22:41 - 00019200 _____ C:\WINDOWS\PFRO.log
2013-07-16 18:34 - 2012-07-26 06:17 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-07-16 18:25 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\IME
2013-07-16 18:25 - 2011-06-07 23:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-15 22:14 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-07-10 06:45 - 2013-07-10 06:45 - 02347384 _____ (ESET) C:\Users\** **\Downloads\esetsmartinstaller_enu.exe
2013-07-10 06:45 - 2013-07-10 06:45 - 00000000 ____D C:\Program Files\ESET
2013-07-10 06:40 - 2013-07-10 06:40 - 00171096 _____ C:\WINDOWS\Minidump\071013-32265-01.dmp
2013-07-10 06:40 - 2013-02-19 22:05 - 286054769 _____ C:\WINDOWS\MEMORY.DMP
2013-07-10 06:40 - 2013-01-13 16:40 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-10 06:30 - 2013-07-10 06:31 - 04745728 _____ (AVAST Software) C:\Users\** **\Desktop\aswMBR.exe
2013-07-10 06:30 - 2013-07-10 06:30 - 04745728 _____ (AVAST Software) C:\Users\** **\Downloads\aswMBR.exe
2013-07-10 06:16 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\twain_32
2013-07-09 22:55 - 2013-07-09 22:55 - 00001082 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Users\** **\AppData\Roaming\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-09 22:55 - 2013-01-04 01:30 - 00047104 ___SH C:\Users\** **\Desktop\Thumbs.db
2013-07-09 22:55 - 2012-07-26 08:53 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-09 22:54 - 2013-07-09 22:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\** **\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-09 21:26 - 2013-07-09 21:26 - 00156240 _____ C:\WINDOWS\Minidump\070913-29453-01.dmp
2013-07-04 21:04 - 2013-02-23 17:38 - 00000000 ____D C:\NetxpVerein
2013-06-28 22:30 - 2013-01-04 00:52 - 01781388 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-06-28 19:11 - 2013-06-28 19:11 - 00000000 ____D C:\Users\Mechtild **\AppData\Roaming\TeamViewer
2013-06-28 19:09 - 2013-01-04 00:31 - 00000000 ___RD C:\Users\Mechtild **\Desktop
2013-06-20 20:08 - 2013-06-20 20:08 - 00001764 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-06-20 20:08 - 2013-06-20 20:07 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-20 20:08 - 2013-06-20 20:07 - 00000000 ____D C:\Program Files\iTunes
2013-06-20 20:07 - 2013-06-20 20:07 - 00000000 ____D C:\Program Files\iPod
2013-06-20 20:07 - 2012-06-03 17:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-20 19:59 - 2012-07-26 08:53 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-06-19 20:19 - 2010-01-23 12:40 - 00000000 ____D C:\WINDOWS\system32\Drivers\NIS
2013-06-19 08:51 - 2010-01-23 12:40 - 00142496 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2013-06-19 08:51 - 2010-01-23 12:40 - 00007611 _____ C:\WINDOWS\system32\Drivers\SYMEVENT.CAT
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-17 19:46
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-07-2013 02 Ran by ** ** at 2013-07-18 12:59:19 Running from C:\Users\** **\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer (Version: 13.1.1) Acronis True Image WD*Edition (Version: 13.0.14189) Adobe AIR (Version: 2.7.0.19530) Adobe Community Help (Version: 3.2.1) Adobe Community Help (Version: 3.2.1.650) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Photoshop Elements 9 (Version: 9.0.3.0) Adobe Photoshop Lightroom 3.5 (Version: 3.5.1) Adobe Premiere Elements 9 (Version: 9.0) Adobe Premiere Elements 9 (Version: 9.0.1) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) Advanced File Security Basic AeroFly Professional Deluxe (inkl. Add-On 1) (Version: 1.9.0103) AllDup 3.4.13 (Version: 3.4.13) Anti-Twin (Installation 07.06.2010) Apple Application Support (Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) Audacity 2.0.2 (Version: 2.0.2) AusweisApp (Version: 1.10.0) Baden-Württemberg Süd 2.0 (Version: 2.0) Bonjour (Version: 3.0.0.10) Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon IJ Network Scan Utility Canon IJ Network Tool CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.0.1) CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.8.0.1) Canon Internet Library for ZoomBrowser EX (Version: 1.7.0.1) Canon MG5200 series Benutzerregistrierung Canon MG5200 series MP Drivers Canon MOV Decoder (Version: 1.7.0.6) Canon MOV Encoder (Version: 1.5.0.3) Canon MovieEdit Task for ZoomBrowser EX (Version: 3.6.0.5) Canon MP Navigator EX 4.0 Canon My Printer Canon Solution Menu EX Canon Utilities CameraWindow DC 8 (Version: 8.3.0.6) Canon Utilities CameraWindow Launcher (Version: 7.5.0.2) Canon Utilities Digital Photo Professional 3.9 (Version: 3.9.0.3) Canon Utilities Movie Uploader for YouTube (Version: 1.1.0.4) Canon Utilities MyCamera (Version: 7.4.0.2) Canon Utilities PhotoStitch (Version: 3.1.22.46) Canon Utilities ZoomBrowser EX (Version: 6.6.0.23) Canon ZoomBrowser EX Memory Card Utility (Version: 1.4.0.4) CCleaner (Version: 3.24) CDBurnerXP (Version: 4.5.0.3717) CD-LabelPrint ChargeProfessional (Version: 2.16) ChargeProfessional 1.71 Chipcardmaster 7.03 cyberJack Base Components (Version: 6.9.12) Das Interaktive Kartenwerk. Deutschland (Version: 2.1.6) DDBAC (Version: 5.3.10) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Elements 9 Organizer (Version: 9.0) Elements STI Installer (Version: 1.0) Eraser 6.0.10.2620 (Version: 6.0.2620) eReg (Version: 1.20.138.34) ESET Online Scanner v3 File Type Assistant (Version: 2012.10.26.0) Gigaset QuickSync (Version: 8.2.0865.2) Grabster AV 400 (Version: 1.3.0) Greenshot IrfanView (remove only) iTunes (Version: 11.0.4.4) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Java(TM) 6 Update 18 (Version: 6.0.180) Java(TM) 6 Update 2 (Version: 1.6.0.20) Java(TM) 6 Update 21 (Version: 6.0.210) LAME v3.99.3 (for Windows) Lexware Info Service (Version: 2.90.00.0009) Lexware online banking (Version: 19.00.00.0059) Logitech SetPoint 6.51 (Version: 6.51.8) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Outlook 2010 (Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Sync Framework 2.0 Core Components (x86) ENU (Version: 2.0.1578.0) Microsoft Sync Framework 2.0 Provider Services (x86) ENU (Version: 2.0.1578.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSVC80_x86_v2 (Version: 1.0.3.0) MSVC90_x86 (Version: 1.0.1.2) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) Nero Backup Drivers (Version: 1.0.11100.8.0) neroxml (Version: 1.0.0) Nokia Connectivity Cable Driver (Version: 7.1.69.0) Nokia PC Suite (Version: 7.1.51.0) Nokia Software Updater (Version: 3.0.560) Nokia Suite (Version: 3.3.86.0) Nordrhein-Westfalen West 2.0 (Version: 2.0) Norton Internet Security (Version: 20.4.0.40) Norton Management (Version: 3.2.0.19) NVIDIA Display Control Panel (Version: 6.14.12.5896) NVIDIA Grafiktreiber 307.74 (Version: 307.74) NVIDIA Install Application (Version: 2.1002.85.551) NVIDIA Systemsteuerung 307.74 (Version: 307.74) NVIDIA Update 1.10.8 (Version: 1.10.8) NVIDIA Update Components (Version: 1.10.8) PaperPort Image Printer (Version: 1.00.0000) PC Connectivity Solution (Version: 11.5.29.0) PeaZip 3.0 PVSonyDll (Version: 1.00.0001) Quicken 2014 (Version: 21.31.00.0109) Quicken Import Export Server 2011 (Version: 18.00.00.0081) QuickTime (Version: 7.73.80.64) Realtek High Definition Audio Driver (Version: 6.0.1.6662) ScanSoft PaperPort 11 (Version: 11.2.0000) ScanSoft PDF Create! 4 (Version: 4.01.0009) SCHLECKER Foto Digital Service (Version: 4.8.7) Servicepack Datumsaktualisierung (Version: 1.00.00.0005) SmartSound Quicktracks for Premiere Elements 9.0 (Version: 3.12.3090) SyncToy 2.1 (x86) (Version: 2.1.0) TeamViewer 8 (Version: 8.0.16642) The Simpsons Hit & Run(TM) (Version: 1.00.000) TuneUp Utilities 2013 (Version: 13.0.3020.2) TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.77) TuneUp Utilities Language Pack (de-DE) (Version: 13.0.3020.2) TuneUp Utilities Language Pack (de-DE) (Version: 9.0.6010.8) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) VLC media player 2.0.5 (Version: 2.0.5) Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5) (Version: 06/09/2010 4.5) Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7) (Version: 06/09/2010 7.01.0.7) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0) WISO Steuer-Sparbuch 2013 (HKCU Version: 20.00.8137) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {026051DD-5B76-447A-B500-DFF813F45F59} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2326591026-2755835626-2187243960-1005 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {0416C00C-A8FD-47A0-8571-9962FA18FE49} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe No File Task: {052133DB-F4AA-42CB-BD2B-4A53CEDC4C83} - System32\Tasks\User_Feed_Synchronization-{168551CE-9DA4-498D-B959-09B0EB78EE57} => C:\WINDOWS\system32\msfeedssync.exe [2012-07-26] (Microsoft Corporation) Task: {0BF0B6B1-5307-42CB-A4E2-7E236AB2B2BB} - System32\Tasks\AdobeAAMUpdater-1.0-Acer_Aspire-** ** (Wrk) => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated) Task: {0DA30D54-42BC-48FA-9D70-91C6EF983B6F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe No File Task: {0E78FEE0-C387-4530-AC36-4D46887FBFD5} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {0FB9F3EA-4F42-41A0-B8CE-06CDEF09B849} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {10E507CF-A2CC-4195-8FD5-DCBA1B5CE5C7} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe No File Task: {1374F7A3-3E3B-4A04-AF6C-15C6B153A322} - System32\Tasks\Netxp-Verein-Sicherung-Boogie-Freunde-Balingen e.V.--1058694068 => C:\NetxpVerein\NetxpVereinBackup.exe [2013-02-19] (Netxp GmbH) Task: {159DA30B-9B91-4267-A71F-5B7ACC15230D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {174644D4-4E5F-4B13-893F-DC718163E165} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {19FE374E-9920-4751-B6B5-D54D2833825A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2012-07-26] (Microsoft Corporation) Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {21EBABC3-315E-4262-91EA-833D48E9208B} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {29393176-E37F-4C1D-8A34-617ED715EB8B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe No File Task: {307D6D3E-9D87-4CFD-B668-C60E8C86B0E3} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {311C4CC9-7320-42AB-B437-C1D02EEB6587} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {342D8E10-501F-4B38-A4C0-F2DE193B46E9} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {34EC503E-E4D2-431E-8BCC-2AD20472B578} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation) Task: {35608D9A-ADF5-4352-BD94-50BA48AAD939} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe No File Task: {363B18FF-B363-4665-B1C4-DD7823139C45} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation) Task: {36F2C165-3DE0-49AB-BBC6-F3FD6D2DE937} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe No File Task: {3799C698-B9E2-4D51-86FC-B9B20E8DEF91} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {37BC8A3D-D499-403D-B362-05AD8E3213F0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe No File Task: {3979CF68-CD08-46D3-A340-CB769AE09013} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {3B292858-FAAA-4B61-9C76-6902AEB7607B} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {3EC42D4C-09B0-49D9-A6A8-F2E1A94C0A74} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {401A6E28-E7D0-4D18-BC47-BFAC50D16D00} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {4248D63C-1E29-40FC-9857-A91082A09C41} - System32\Tasks\Update Manager => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG) Task: {4294B8A6-13BD-4733-8559-C8D558B6F597} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {44E19131-88E9-4238-9DCD-22306E438BB1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {47BC98EF-171C-42A7-86B8-ACCB62C6B2A7} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {499C0FBE-D932-4A65-BF16-1ABAF008C9A9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe No File Task: {4A33F285-53E5-42EB-8814-24276795E146} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe No File Task: {4B47A55C-78E7-4233-B948-81C7D5F30F62} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files\Norton Management\Engine\3.2.0.19\SymErr.exe [2012-10-18] (Symantec Corporation) Task: {4F2DA3E8-0B43-47C0-8811-45ECA435391F} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {52B73E22-7AA0-4874-9C94-BC5B8E0E67DD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {542EB8E9-BA71-4AFA-A440-48904A1E4546} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe No File Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {56883940-B816-41B0-81DE-4DB71BF95777} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {58F1DD5D-0672-4784-9448-CB7E68F41189} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe No File Task: {5AD5C29C-DE77-4141-A77C-2E338FBEDC8B} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {5B88CA1D-EEEA-4BAC-9E36-D94BA7D5CC37} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {5BC5CACF-33CB-40B7-9B74-8A135499E95B} - System32\Tasks\ProgramUpdateCheck => C:\Program Files\File Type Assistant\TSAssist.exe [2012-10-06] (Trusted Software ApS) Task: {60282143-D420-407C-9DE2-470855BFB129} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2326591026-2755835626-2187243960-1005 Task: {611BA3F1-1CA9-4166-B348-D7F4A9A747B2} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {6495D7D8-52C0-4309-9097-247A7B9574CC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {658A2BD5-F249-48E9-A726-A75502D50D58} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: {65B54126-3662-4E42-AF58-7C1EE4BFD6CB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe No File Task: {67FF304D-1A11-4CB0-909A-A92DCFD95294} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {68070BBC-F2DE-4476-95C6-C2ED1ECE3D0F} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {6C5A8B1A-4F41-46CB-9C9C-E86BE1930F86} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe No File Task: {6D3224E7-E43C-4CAC-82AA-ED821C932F0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {74748E76-21FC-465C-ABE1-5E465834A900} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {753C8596-7415-46D3-AF5E-9EEC299E7D90} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {7EBC5A66-ABD2-4B81-872F-BC7CA4AD5D55} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {889B5714-5944-4B05-B083-CED6A3E893B9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {8D54A94F-088B-4371-99CD-54DA83DAF3E1} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2326591026-2755835626-2187243960-1001 Task: {8E694376-21AC-46FA-8E80-C453341417E4} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {9511B98D-9409-4972-AA98-96B0C8550EDD} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe No File Task: {973628F1-FAD0-487A-B3EC-A318007483E8} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {976205DD-9CC9-4090-BD10-81092715D366} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation) Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {9B1694D0-0BD7-4710-B929-5FE53A5AF23A} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2326591026-2755835626-2187243960-1003 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {9C3ADA14-4FAF-445F-B971-A69F60A7C497} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {9D175E12-DB50-4682-9F62-F923B154AA57} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {A014EC55-F9EB-479D-9F4C-ACBE30C9E949} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync Task: {A942F6F0-B7E9-47EA-9E44-EB6BF7A6226B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe No File Task: {A9F2A00E-ABA7-4DC8-8BCF-81B1D9CF701A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe No File Task: {AFE9EACD-AC61-4642-A077-BB06D1147FC5} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {B6E8E3D3-C908-44A4-A599-96EB689A74E0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe No File Task: {B7B01D23-875F-4D30-B56B-55B8A39FD23E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe No File Task: {B9ADA005-AEF4-4108-9ACA-64287AE0ED57} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe [2012-07-26] (Microsoft Corporation) Task: {BB4910D3-79D9-461E-AC1B-915B8E8672A3} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {BC858B0C-7D0F-436F-B08B-50D51DF74306} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {C465A656-3917-43C0-B40A-4EBBE8708BB9} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {C66B8D31-A32F-4AF7-800E-475B2C2BE27D} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {C7B00221-71A0-4FB5-84F5-F1A8A2CA1B2A} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {CB6C4DEB-EA80-4DA1-8C97-27BDCACC5911} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd) Task: {CF7DEDB9-97B8-4B32-A4AB-B1D22D0DE7B9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe No File Task: {D1CDD09C-5F29-4A7F-8FB4-897B439CC9A9} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {D3F6D3D2-56BF-4D2F-B5F2-8B6C7740E37A} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2326591026-2755835626-2187243960-1003 Task: {DBFEB605-058F-437D-A564-4AA088D80C2A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {E3F2C42C-4547-49CD-A14F-FDDA37794A75} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {E3FC5136-FFFE-42DA-BB1D-6C62CAEB4585} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {E60C98D3-B41B-482A-AC61-DD19EDF2841D} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {E6F303A7-A45D-45F0-89AF-79C1ED63EB1D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe No File Task: {ECF892A2-31E3-4DB8-8F12-CB5A4718F3B6} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG) Task: {EDB897D8-6E64-432E-843E-469FACCC54E9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe No File Task: {EE5A381C-19C7-4883-828E-DE71B8EBD3B9} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files\Norton Management\Engine\3.2.0.19\SymErr.exe [2012-10-18] (Symantec Corporation) Task: {EE7F17CC-FCDC-4547-8FC2-B3B4A8B8B1DD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe No File Task: {EF671D6A-2C53-459B-B40B-693DE52C844B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe No File Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {EFF9D33E-9D91-4C22-8322-C8C8217054CB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe No File Task: {F273F7E8-98FA-47D0-BFE3-8B71C8C3E9A8} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {F413C755-E3DC-4075-BB1E-AC60C1CA9AEA} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {F69E710E-D481-4685-9A82-C1B0C2369EB5} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {F6E06073-27B2-48BB-8FA1-AAA8B50066D0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {F9AD723E-8C76-41BC-9AAD-3F44EA0A1222} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\Netxp-Verein-Sicherung-Boogie-Freunde-Balingen e.V.--1058694068.job => C:\NetxpVerein\NetxpVereinBackup.exe Task: C:\WINDOWS\Tasks\Netxp-Verein-Sicherung-Boogie-Freunde-Balingen-1306544401.job => C:\NetxpVerein\NetxpVereinBackup.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/18/2013 00:59:20 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. ] ist ein Fehler aufgetreten. Vorgang: Für diesen Anbieter eine aufrufbare Schnittstelle abrufen Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen Schattenkopien abfragen Kontext: Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshotkontext: 13 Snapshotkontext: 13 Ausführungskontext: Coordinator Error: (07/18/2013 00:59:20 PM) (Source: VSS) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. ] Vorgang: Für diesen Anbieter eine aufrufbare Schnittstelle abrufen Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen Schattenkopien abfragen Kontext: Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshotkontext: 13 Snapshotkontext: 13 Ausführungskontext: Coordinator Error: (07/17/2013 07:49:18 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/17/2013 07:49:11 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/17/2013 07:47:23 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/17/2013 07:46:58 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/16/2013 10:01:27 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/16/2013 09:59:50 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/16/2013 09:16:20 PM) (Source: System Restore) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\WINDOWS\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x8004230f). Error: (07/16/2013 09:16:15 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. ] ist ein Fehler aufgetreten. Vorgang: Für diesen Anbieter eine aufrufbare Schnittstelle abrufen Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Klassen-ID: {00000000-0000-0000-0000-000000000000} Snapshotkontext: 4194317 Ausführungskontext: Coordinator Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Volumename: \\?\Volume{548f4d37-02e8-11df-a741-806e6f6e6963}\ Ausführungskontext: Coordinator System errors: ============= Error: (07/17/2013 07:16:45 PM) (Source: DCOM) (User: ACER_ASPIRE) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Acer_Aspire** **S-1-5-21-2326591026-2755835626-2187243960-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/17/2013 07:16:20 PM) (Source: DCOM) (User: ACER_ASPIRE) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Acer_Aspire** **S-1-5-21-2326591026-2755835626-2187243960-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/17/2013 07:16:20 PM) (Source: DCOM) (User: ACER_ASPIRE) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Acer_Aspire** **S-1-5-21-2326591026-2755835626-2187243960-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/17/2013 07:16:19 PM) (Source: DCOM) (User: ACER_ASPIRE) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Acer_Aspire** **S-1-5-21-2326591026-2755835626-2187243960-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/17/2013 07:15:27 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet. Error: (07/17/2013 07:13:43 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT) Description: Einige Features zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (07/17/2013 07:14:08 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 17.07.2013 um 00:02:26 unerwartet heruntergefahren. Error: (07/17/2013 00:03:50 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet. Error: (07/17/2013 00:02:00 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT) Description: Einige Features zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (07/17/2013 00:02:26 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 16.07.2013 um 23:43:16 unerwartet heruntergefahren. Microsoft Office Sessions: ========================= Error: (03/15/2011 00:13:33 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2203 seconds with 0 seconds of active time. This session ended with a crash. Error: (11/10/2010 08:39:44 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 913 seconds with 660 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-02-18 21:35:18.287 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-02-18 21:35:18.069 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-02-18 21:35:18.006 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-02-18 21:35:17.522 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-02-18 21:35:17.428 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-02-18 21:35:17.350 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-02-18 21:35:13.990 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-02-18 21:35:12.381 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-02-07 18:45:19.794 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-02-07 18:45:19.700 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 2047.43 MB Available physical RAM: 1135.64 MB Total Pagefile: 4095.43 MB Available Pagefile: 3026.65 MB Total Virtual: 2047.88 MB Available Virtual: 1827.92 MB ==================== Drives ================================ Drive c: (ACER PL1 W8) (Fixed) (Total:229.44 GB) (Free:141.33 GB) NTFS Drive d: (ACER PL1 Sys) (Fixed) (Total:228.69 GB) (Free:175.15 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive m: (ACER PL3 DA) (Fixed) (Total:931.51 GB) (Free:750.85 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 94EF6939) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 07C1EE5C) Partition 1: (Not Active) - (Size=8 GB) - (Type=12) Partition 2: (Active) - (Size=229 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=229 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
18.07.2013, 20:44
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\** ** (Wrk)\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe [x] <===== ATTENTION
HKU\** ** (Wrk)\...\Winlogon: [Shell] cmd.exe [ 2012-07-26] (Microsoft Corporation) <==== ATTENTION
HKU\** ** (Wrk)\...\Command Processor: "C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe" <===== ATTENTION!
C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.07.2013, 20:56
| #5 |
| | Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" Hallo Cosinus, danke Ihr seit wirklich schnell! Hier nun das Ergebnis Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-07-2013 02
Ran by ** ** at 2013-07-18 21:54:05 Run:1
Running from C:\Users\** **\Downloads
Boot Mode: Normal
==============================================
HKU\** ** (Wrk)\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\\** ** (Wrk)\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
HKU\\** ** (Wrk)\Software\Microsoft\Command Processor\\AutoRun => Value not found.
"C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe" => File/Directory not found.
==== End of Fixlog ====
|
|
18.07.2013, 21:07
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" Läuft die Anmeldung wieder normal?
__________________ --> Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" |
|
18.07.2013, 21:29
| #7 |
| | Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" hallo sosinus leider nein, immer noch die dosbox. wenn ich Explorer.exe eingebe läuft der user hoch (bin jetzt wieder drin). die Meldung in der Box lautet: Der Befehl c:\user\name\appdata\lokal\temp\cgvrsxaqeyexbffxb.exe ist entweder falsch geschrieben oder konnte nicht gefunden werden. Sorry, weiß nicht wie ich den Text kopiert bekomme "String C" geht nicht. Ich erinnere mich, diese oder eine ähnliche Datei ganz am Anfang gelöscht zu haben. Sie war die neueste exe, die nach dem Befall auf dem Rechner war. |
|
18.07.2013, 22:17
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" Bitte ein neues Log mit FRST machen und nach Möglichkeit NICHTS im Log editieren
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.07.2013, 06:59
| #9 |
| | Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" Hallo cosinus, ich habe nun nochmals den scan ausgeführt. Ergebnisse siehe Anlage. Das befallene Konto ist 1234 5678 (Wrk). Wegen "real names" musste ich aber doch editieren: Admin: Vorname 1234 Nachname 5678 Vorname Konto 2 **** Vorname Konto 3 !!!! Vorname Konto 4 ???? Vorname Konto 5 §§§§ Nachbame Konto 5 $$$$ Jeweils zwischen Vor- und Nachname ein "Space" FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013
Ran by 1234 5678 (administrator) on 19-07-2013 07:22:22
Running from C:\Users\1234 5678\Downloads
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\system32\brsvc01a.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(brother Industries Ltd) C:\Windows\system32\brss01a.exe
(REINER SCT) C:\Windows\system32\cjpcsc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Greenshot\Greenshot.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
==================== Registry (Whitelisted) ==================
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\**** 5678\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\**** 5678\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\**** 5678\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\**** 5678\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\**** 5678\...\RunOnce: [WAB Migrate] - %ProgramFiles%\Windows Mail\wab.exe /Upgrade [ 2012-07-26] (Microsoft Corporation)
HKU\**** 5678\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\**** 5678\...\Policies\system: [LogonHoursAction] 2
HKU\!!!! 5678\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\!!!! 5678\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\!!!! 5678\...\Run: [PC Suite Tray] - "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [ 2010-05-14] (Nokia)
HKU\!!!! 5678\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\!!!! 5678\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\!!!! 5678\...\Policies\system: [LogonHoursAction] 2
HKU\§§§§ $$$$\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\§§§§ $$$$\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\§§§§ $$$$\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\§§§§ $$$$\...\RunOnce: [WAB Migrate] - %ProgramFiles%\Windows Mail\wab.exe /Upgrade [ 2012-07-26] (Microsoft Corporation)
HKU\§§§§ $$$$\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\§§§§ $$$$\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\UpdatusUser\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\UpdatusUser\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\1234 5678 (Wrk)\...\Run: [Greenshot] - "C:\Program Files\Greenshot\Greenshot.exe" [x]
HKU\1234 5678 (Wrk)\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\1234 5678 (Wrk)\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\1234 5678 (Wrk)\...\Policies\system: [LogonHoursAction] 2
HKU\1234 5678 (Wrk)\...\Winlogon: [Shell] cmd.exe [ 2012-07-26] (Microsoft Corporation) <==== ATTENTION
HKU\1234 5678 (Wrk)\...\Command Processor: "C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe" <===== ATTENTION!
IMEO\mediabuilder.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\nsu3ui.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\paprport.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\pdfdirect.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\pppagevw.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\ppscandr.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\scannerwizard.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\teamviewer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\trueimagelauncher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62
FireFox:
========
FF ProfilePath: C:\Users\1234 5678\AppData\Roaming\Mozilla\Firefox\Profiles\k915aems.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\1234 5678\AppData\Roaming\Mozilla\Firefox\Profiles\k915aems.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [fe_9.0@nokia.com] C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF HKLM\...\Thunderbird\Extensions: [te_9.0@nokia.com] C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"]},"first_run_tabs":["hxxp://www.google.com/","hxxp://welcome_page"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Norton Identity Safe) - C:\Users\1234 5678 (Wrk)\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0\npcoplgn.dll (Symantec Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
========================== Services (Whitelisted) =================
S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [846576 2012-05-10] (Acronis)
S4 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-01-17] (Acronis)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [508848 2011-05-09] (REINER SCT)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MCLIENT; C:\Program Files\Norton Management\Engine\3.2.0.19\diMaster.dll [535416 2012-10-11] (Symantec Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13864 2012-07-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-12-06] (Protect Software GmbH)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENT\0302000.013\ccSetx86.sys [134304 2012-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-11-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-11-19] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\system32\drivers\ftdibus.sys [57672 2009-06-10] (FTDI Ltd.)
S3 GigasetGenericUSB; C:\Windows\system32\DRIVERS\GigasetGenericUSB.sys [44032 2013-03-05] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130717.001\IDSvix86.sys [386720 2012-11-19] (Symantec Corporation)
R3 LMouFilt; C:\Windows\system32\DRIVERS\LMouFilt.Sys [39608 2012-09-18] (Logitech, Inc.)
R0 m5287; C:\Windows\System32\drivers\m5287.sys [76544 2004-12-15] (ULi Electronics Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130718.004\NAVENG.SYS [93272 2013-05-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130718.004\NAVEX15.SYS [1611992 2013-05-31] (Symantec Corporation)
R3 Ph3xIB32; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [1311232 2011-05-31] (NXP Semiconductors)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-01-11] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10200 2013-01-11] ()
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NIS\1404000.028\SYMELAM.SYS [21400 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
R3 teamviewervpn; C:\Windows\system32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [125472 2013-03-27] (Acronis)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2013-03-27] (Acronis)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x86.sys [249200 2012-10-02] (Marvell)
U3 idsvc;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-19 07:21 - 2013-07-19 07:21 - 01218862 _____ (Farbar) C:\Users\1234 5678\Downloads\FRST.exe
2013-07-19 07:20 - 2013-07-19 07:20 - 01218862 _____ (Farbar) C:\Users\1234 5678\Downloads\FRST(1).exe
2013-07-18 19:24 - 2013-07-18 19:24 - 00041801 _____ C:\Users\1234 5678\Desktop\Addition.txt
2013-07-18 12:59 - 2013-07-18 19:35 - 00041801 _____ C:\Users\1234 5678\Downloads\2013-07-18 Addition.txt
2013-07-18 12:59 - 2013-07-18 19:25 - 00032345 _____ C:\Users\1234 5678\Downloads\2013-07-18 FRST.txt
2013-07-18 12:58 - 2013-07-18 12:58 - 00000000 ____D C:\FRST
2013-07-17 22:34 - 2013-07-17 22:55 - 00021385 _____ C:\Users\1234 5678\Desktop\GMER.log
2013-07-16 23:19 - 2013-07-17 23:02 - 00084450 _____ C:\Users\1234 5678\Downloads\Extras.Txt
2013-07-16 23:17 - 2013-07-17 23:02 - 00128916 _____ C:\Users\1234 5678\Downloads\OTL.Txt
2013-07-16 23:12 - 2013-07-16 23:12 - 00377856 _____ C:\Users\1234 5678\Downloads\gmer_2.1.19163.exe
2013-07-16 23:05 - 2013-07-16 23:05 - 00602112 _____ (OldTimer Tools) C:\Users\1234 5678\Downloads\OTL.exe
2013-07-16 23:04 - 2013-07-16 23:04 - 00000490 _____ C:\Users\1234 5678\Downloads\defogger_disable.log
2013-07-16 23:04 - 2013-07-16 23:04 - 00000000 _____ C:\Users\1234 5678\defogger_reenable
2013-07-16 23:02 - 2013-07-16 23:02 - 00050477 _____ C:\Users\1234 5678\Downloads\Defogger.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-16 18:46 - 2013-07-17 22:59 - 00001284 _____ C:\Users\1234 5678\Desktop\checkup.txt
2013-07-16 18:40 - 2013-07-16 18:40 - 00891022 _____ C:\Users\1234 5678\Downloads\SecurityCheck.exe
2013-07-16 05:26 - 2013-07-17 23:01 - 00000333 _____ C:\Users\1234 5678\Desktop\eset Ergebnisse.txt
2013-07-10 06:45 - 2013-07-10 06:45 - 02347384 _____ (ESET) C:\Users\1234 5678\Downloads\esetsmartinstaller_enu.exe
2013-07-10 06:45 - 2013-07-10 06:45 - 00000000 ____D C:\Program Files\ESET
2013-07-10 06:40 - 2013-07-10 06:40 - 00171096 _____ C:\WINDOWS\Minidump\071013-32265-01.dmp
2013-07-10 06:31 - 2013-07-10 06:30 - 04745728 _____ (AVAST Software) C:\Users\1234 5678\Desktop\aswMBR.exe
2013-07-10 06:30 - 2013-07-10 06:30 - 04745728 _____ (AVAST Software) C:\Users\1234 5678\Downloads\aswMBR.exe
2013-07-09 22:55 - 2013-07-09 22:55 - 00001082 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Users\1234 5678\AppData\Roaming\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-09 22:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-07-09 22:54 - 2013-07-09 22:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1234 5678\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-09 21:26 - 2013-07-09 21:26 - 00156240 _____ C:\WINDOWS\Minidump\070913-29453-01.dmp
2013-06-28 19:11 - 2013-06-28 19:11 - 00000000 ____D C:\Users\!!!! 5678\AppData\Roaming\TeamViewer
2013-06-20 20:08 - 2013-06-20 20:08 - 00001764 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-06-20 20:07 - 2013-06-20 20:08 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-20 20:07 - 2013-06-20 20:08 - 00000000 ____D C:\Program Files\iTunes
2013-06-20 20:07 - 2013-06-20 20:07 - 00000000 ____D C:\Program Files\iPod
==================== One Month Modified Files and Folders =======
2013-07-19 07:21 - 2013-07-19 07:21 - 01218862 _____ (Farbar) C:\Users\1234 5678\Downloads\FRST.exe
2013-07-19 07:20 - 2013-07-19 07:20 - 01218862 _____ (Farbar) C:\Users\1234 5678\Downloads\FRST(1).exe
2013-07-18 23:10 - 2013-02-23 17:38 - 00000000 ____D C:\NetxpVerein
2013-07-18 22:26 - 2013-01-04 00:54 - 01706534 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-18 22:26 - 2012-04-11 20:05 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-18 22:13 - 2013-02-11 22:08 - 03747031 _____ C:\WINDOWS\setupact.log
2013-07-18 22:13 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-18 22:11 - 2012-07-26 06:17 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-07-18 22:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-07-18 19:35 - 2013-07-18 12:59 - 00041801 _____ C:\Users\1234 5678\Downloads\2013-07-18 Addition.txt
2013-07-18 19:25 - 2013-07-18 12:59 - 00032345 _____ C:\Users\1234 5678\Downloads\2013-07-18 FRST.txt
2013-07-18 19:24 - 2013-07-18 19:24 - 00041801 _____ C:\Users\1234 5678\Desktop\Addition.txt
2013-07-18 19:24 - 2013-01-04 00:31 - 00000000 ___RD C:\Users\1234 5678\Desktop
2013-07-18 13:06 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-07-18 12:58 - 2013-07-18 12:58 - 00000000 ____D C:\FRST
2013-07-17 23:02 - 2013-07-16 23:19 - 00084450 _____ C:\Users\1234 5678\Downloads\Extras.Txt
2013-07-17 23:02 - 2013-07-16 23:17 - 00128916 _____ C:\Users\1234 5678\Downloads\OTL.Txt
2013-07-17 23:01 - 2013-07-16 05:26 - 00000333 _____ C:\Users\1234 5678\Desktop\eset Ergebnisse.txt
2013-07-17 22:59 - 2013-07-16 18:46 - 00001284 _____ C:\Users\1234 5678\Desktop\checkup.txt
2013-07-17 22:55 - 2013-07-17 22:34 - 00021385 _____ C:\Users\1234 5678\Desktop\GMER.log
2013-07-16 23:12 - 2013-07-16 23:12 - 00377856 _____ C:\Users\1234 5678\Downloads\gmer_2.1.19163.exe
2013-07-16 23:05 - 2013-07-16 23:05 - 00602112 _____ (OldTimer Tools) C:\Users\1234 5678\Downloads\OTL.exe
2013-07-16 23:04 - 2013-07-16 23:04 - 00000490 _____ C:\Users\1234 5678\Downloads\defogger_disable.log
2013-07-16 23:04 - 2013-07-16 23:04 - 00000000 _____ C:\Users\1234 5678\defogger_reenable
2013-07-16 23:04 - 2013-01-04 00:31 - 00000000 ____D C:\Users\1234 5678
2013-07-16 23:02 - 2013-07-16 23:02 - 00050477 _____ C:\Users\1234 5678\Downloads\Defogger.exe
2013-07-16 21:58 - 2010-04-13 21:00 - 00000000 ____D C:\Users\!!!! 5678\AppData\Roaming\TuneUp Software
2013-07-16 21:37 - 2010-01-17 00:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 21:16 - 2010-01-23 11:17 - 75699896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-16 20:55 - 2012-12-17 21:40 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-07-16 20:55 - 2012-12-17 21:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-07-16 20:55 - 2012-12-17 21:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-07-16 20:55 - 2010-10-06 15:59 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-07-16 20:55 - 2010-01-17 10:48 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-16 18:42 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-07-16 18:40 - 2013-07-16 18:40 - 00891022 _____ C:\Users\1234 5678\Downloads\SecurityCheck.exe
2013-07-16 18:35 - 2013-02-19 22:41 - 00019200 _____ C:\WINDOWS\PFRO.log
2013-07-16 18:25 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\IME
2013-07-16 18:25 - 2011-06-07 23:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-15 22:14 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-07-10 06:45 - 2013-07-10 06:45 - 02347384 _____ (ESET) C:\Users\1234 5678\Downloads\esetsmartinstaller_enu.exe
2013-07-10 06:45 - 2013-07-10 06:45 - 00000000 ____D C:\Program Files\ESET
2013-07-10 06:40 - 2013-07-10 06:40 - 00171096 _____ C:\WINDOWS\Minidump\071013-32265-01.dmp
2013-07-10 06:40 - 2013-02-19 22:05 - 286054769 _____ C:\WINDOWS\MEMORY.DMP
2013-07-10 06:40 - 2013-01-13 16:40 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-10 06:30 - 2013-07-10 06:31 - 04745728 _____ (AVAST Software) C:\Users\1234 5678\Desktop\aswMBR.exe
2013-07-10 06:30 - 2013-07-10 06:30 - 04745728 _____ (AVAST Software) C:\Users\1234 5678\Downloads\aswMBR.exe
2013-07-10 06:16 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\twain_32
2013-07-09 22:55 - 2013-07-09 22:55 - 00001082 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Users\1234 5678\AppData\Roaming\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-09 22:55 - 2013-01-04 01:30 - 00047104 ___SH C:\Users\1234 5678\Desktop\Thumbs.db
2013-07-09 22:55 - 2012-07-26 08:53 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-09 22:54 - 2013-07-09 22:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1234 5678\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-09 21:26 - 2013-07-09 21:26 - 00156240 _____ C:\WINDOWS\Minidump\070913-29453-01.dmp
2013-06-28 22:30 - 2013-01-04 00:52 - 01781388 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-06-28 19:11 - 2013-06-28 19:11 - 00000000 ____D C:\Users\!!!! 5678\AppData\Roaming\TeamViewer
2013-06-28 19:09 - 2013-01-04 00:31 - 00000000 ___RD C:\Users\!!!! 5678\Desktop
2013-06-20 20:08 - 2013-06-20 20:08 - 00001764 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-06-20 20:08 - 2013-06-20 20:07 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-20 20:08 - 2013-06-20 20:07 - 00000000 ____D C:\Program Files\iTunes
2013-06-20 20:07 - 2013-06-20 20:07 - 00000000 ____D C:\Program Files\iPod
2013-06-20 20:07 - 2012-06-03 17:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-20 19:59 - 2012-07-26 08:53 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-06-19 20:19 - 2010-01-23 12:40 - 00000000 ____D C:\WINDOWS\system32\Drivers\NIS
2013-06-19 08:51 - 2010-01-23 12:40 - 00142496 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2013-06-19 08:51 - 2010-01-23 12:40 - 00007611 _____ C:\WINDOWS\system32\Drivers\SYMEVENT.CAT
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-17 19:46
==================== End Of Log ============================
Das Tool hat nach einem Update gefragt. Ich bin dem Link gefolgt, habe den Download gemacht, dann aber wieder die gleiche Meldung bekommen (out of date). Schließlich dann den scan doch mit der alten Version ausgeführt. Gruß wh56 |
|
19.07.2013, 15:00
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\1234 5678 (Wrk)\...\Winlogon: [Shell] cmd.exe [ 2012-07-26] (Microsoft Corporation) <==== ATTENTION
HKU\1234 5678 (Wrk)\...\Command Processor: "C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe" <===== ATTENTION!
C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.07.2013, 17:02
| #11 |
| | Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" Hallo cosinus hier der aktuelle log Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-07-2013
Ran by 1234 5678 at 2013-07-19 17:56:24 Run:2
Running from C:\Users\1234 5678\Downloads
Boot Mode: Normal
==============================================
HKU\1234 5678 (Wrk)\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\1234 5678 (Wrk)\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
"C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe" => File/Directory not found.
==== End of Fixlog ====
Was muss ich nun noch tun um die Sache ab zu schließen. Hälst Du es für sinnvoll die "real names" der Benutzerkonten zu ersetzten? Habt Ihr auch Tipps für das Entfernen meiner alten XP Partition (auch aus dem Dual-Boot System) Herzlichen Dank für Deine Hilfe Gruß wh56 |
|
20.07.2013, 00:46
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.07.2013, 06:37
| #13 |
| | Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" Hallo Cosinus, das Tool hat keine Malware gefunden Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
Database version: v2013.07.22.01
Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16484
name :: ACER_ASPIRE [administrator]
22.07.2013 06:39:15
mbar-log-2013-07-22 (06-39-15).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 364533
Time elapsed: 34 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
Database version: v2013.07.22.01
Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16484
name :: ACER_ASPIRE [administrator]
22.07.2013 06:39:15
mbar-log-2013-07-22 (06-39-15).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 364533
Time elapsed: 34 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
MfG wh56
|
|
22.07.2013, 22:45
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.07.2013, 22:50
| #15 |
| | Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" Hallo Cosinus, JRT läuft leider nicht unter normalem Benutzer (W8),(Blue screen). 2. Versuch als Admin hat dann funktioniert. Aber beim 1. Durchlauf hat er noch ein paar Dinge bereinigt JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 8 Pro x86
Ran by name on 23.07.2013 at 23:11:59,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\name\AppData\Roaming\mozilla\firefox\profiles\k915aems.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2013 at 23:15:41,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ADW Cleaner ergab folgendes Ergebnis: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 23/07/2013 um 23:18:56 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 8 Pro (32 bits)
# Benutzer : 1234 5678 - ACER_ASPIRE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\1234 5678\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16482
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\1234 5678\AppData\Roaming\Mozilla\Firefox\Profiles\k915aems.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\1234 5678 (Wrk)\AppData\Roaming\Mozilla\Firefox\Profiles\u2skdy4y.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\1234 5678\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\1234 5678 (Wrk)\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1184 octets] - [23/07/2013 23:18:56]
########## EOF - C:\AdwCleaner[S1].txt - [1244 octets] ##########
und nun zum Schluss noch das OTL Ergebnis: OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.07.2013 23:25:29 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\1234 5678\Downloads Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16484) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,05% Memory free 4,00 Gb Paging File | 2,83 Gb Available in Paging File | 70,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229,44 Gb Total Space | 141,33 Gb Free Space | 61,60% Space Free | Partition Type: NTFS Drive D: | 228,69 Gb Total Space | 175,15 Gb Free Space | 76,59% Space Free | Partition Type: NTFS Drive M: | 931,51 Gb Total Space | 750,85 Gb Free Space | 80,61% Space Free | Partition Type: NTFS Computer Name: ACER_ASPIRE | User Name: 1234 5678 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\1234 5678\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Windows\System32\taskhostex.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\RuntimeBroker.exe (Microsoft Corporation) PRC - C:\Windows\System32\dasHost.exe (Microsoft Corporation) PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT) PRC - C:\Programme\Greenshot\Greenshot.exe () PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll () MOD - C:\Programme\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll () MOD - C:\Programme\Greenshot\Greenshot.exe () MOD - C:\Programme\Greenshot\GreenshotPlugin.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (wlidsvc) -- C:\Windows\System32\wlidsvc.dll (Microsoft Corporation) SRV - (netprofm) -- C:\Windows\System32\netprofmsvc.dll (Microsoft Corporation) SRV - (LSM) -- C:\Windows\System32\lsm.dll (Microsoft Corporation) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TimeBroker) -- C:\Windows\System32\TimeBrokerServer.dll (Microsoft Corporation) SRV - (SystemEventsBroker) -- C:\Windows\System32\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV - (PrintNotify) -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll (Microsoft Corporation) SRV - (AudioEndpointBuilder) -- C:\Windows\System32\AudioEndpointBuilder.dll (Microsoft Corporation) SRV - (MCLIENT) -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (Symantec Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WSService) -- C:\Windows\System32\WSService.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (fhsvc) -- C:\Windows\System32\fhsvc.dll (Microsoft Corporation) SRV - (BrokerInfrastructure) -- C:\Windows\System32\bisrv.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (WiaRpc) -- C:\Windows\System32\wiarpc.dll (Microsoft Corporation) SRV - (Wcmsvc) -- C:\Windows\System32\wcmsvc.dll (Microsoft Corporation) SRV - (VaultSvc) -- C:\Windows\System32\vaultsvc.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (svsvc) -- C:\Windows\System32\svsvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (NcaSvc) -- C:\Windows\System32\NcaSvc.dll (Microsoft Corporation) SRV - (NcdAutoSetup) -- C:\Windows\System32\NcdAutoSetup.dll (Microsoft Corporation) SRV - (KeyIso) -- C:\Windows\System32\keyiso.dll (Microsoft Corporation) SRV - (EFS) -- C:\Windows\System32\efssvc.dll (Microsoft Corporation) SRV - (DsmSvc) -- C:\Windows\System32\DeviceSetupManager.dll (Microsoft Corporation) SRV - (DeviceAssociationService) -- C:\Windows\System32\das.dll (Microsoft Corporation) SRV - (AllUserInstallAgent) -- C:\Windows\System32\AUInstallAgent.dll (Microsoft Corporation) SRV - (vmicvss) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation) SRV - (vmictimesync) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation) SRV - (vmicshutdown) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation) SRV - (vmicrdv) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation) SRV - (vmickvpexchange) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation) SRV - (vmicheartbeat) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT) SRV - (AdobeActiveFileMonitor9.0) -- C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SymEvent) -- C:\Windows\System32\Drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130723.002\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130723.002\NAVENG.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\Drivers\NIS\1404000.028\symefa.sys (Symantec Corporation) DRV - (SymDS) -- C:\Windows\System32\Drivers\NIS\1404000.028\symds.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1404000.028\srtsp.sys (Symantec Corporation) DRV - (SymNetS) -- C:\Windows\System32\Drivers\NIS\1404000.028\symnets.sys (Symantec Corporation) DRV - (ccSet_NIS) -- C:\Windows\System32\Drivers\NIS\1404000.028\ccsetx86.sys (Symantec Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\Drivers\mbam.sys (Malwarebytes Corporation) DRV - (timounter) -- C:\Windows\System32\Drivers\timntr.sys (Acronis) DRV - (vididr) -- C:\Windows\System32\Drivers\vididr.sys (Acronis) DRV - (vidsflt53) -- C:\Windows\System32\Drivers\vsflt53.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\Drivers\snapman.sys (Acronis) DRV - (GigasetGenericUSB) -- C:\Windows\System32\Drivers\GigasetGenericUSB.sys (Siemens Home and Office Communication Devices GmbH & Co. KG) DRV - (SymIRON) -- C:\Windows\System32\Drivers\NIS\1404000.028\ironx86.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\Drivers\NIS\1404000.028\srtspx.sys (Symantec Corporation) DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys () DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys () DRV - (nvlddmkm) -- C:\Windows\System32\Drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ACEDRV07) -- C:\Windows\System32\Drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (pdc) -- C:\Windows\System32\Drivers\pdc.sys (Microsoft Corporation) DRV - (teamviewervpn) -- C:\Windows\System32\Drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (BthAvrcpTg) -- C:\Windows\System32\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV - (bthhfhid) -- C:\Windows\System32\Drivers\BthhfHid.sys (Microsoft Corporation) DRV - (hidi2c) -- C:\Windows\System32\Drivers\hidi2c.sys (Microsoft Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130720.001\IDSvix86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (USBHUB3) -- C:\Windows\System32\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV - (FxPPM) -- C:\Windows\System32\Drivers\fxppm.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (dam) -- C:\Windows\System32\Drivers\dam.sys (Microsoft Corporation) DRV - (sdstor) -- C:\Windows\System32\Drivers\sdstor.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\Drivers\WSDScan.sys (Microsoft Corporation) DRV - (ccSet_MCLIENT) -- C:\Windows\System32\Drivers\MCLIENT\0302000.013\ccSetx86.sys (Symantec Corporation) DRV - (yukonw8) -- C:\Windows\System32\Drivers\yk63x86.sys (Marvell) DRV - (cnghwassist) -- C:\Windows\System32\Drivers\cnghwassist.sys (Microsoft Corporation) DRV - (USBXHCI) -- C:\Windows\System32\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV - (UCX01000) -- C:\Windows\System32\Drivers\UCX01000.SYS (Microsoft Corporation) DRV - (GPIOClx0101) -- C:\Windows\System32\Drivers\msgpioclx.sys (Microsoft Corporation) DRV - (msgpiowin32) -- C:\Windows\System32\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\Drivers\tpm.sys (Microsoft Corporation) DRV - (LHidFilt) -- C:\Windows\System32\Drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\Drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (condrv) -- C:\Windows\System32\Drivers\condrv.sys (Microsoft Corporation) DRV - (acpiex) -- C:\Windows\System32\Drivers\acpiex.sys (Microsoft Corporation) DRV - (LSI_SSS) -- C:\Windows\System32\Drivers\lsi_sss.sys (LSI Corporation) DRV - (EhStorTcgDrv) -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV - (EhStorClass) -- C:\Windows\System32\Drivers\EhStorClass.sys (Microsoft Corporation) DRV - (3ware) -- C:\Windows\System32\Drivers\3ware.sys (LSI) DRV - (VSTXRAID) -- C:\Windows\System32\Drivers\VSTXRAID.SYS (VIA Corporation) DRV - (VerifierExt) -- C:\Windows\System32\Drivers\VerifierExt.sys (Microsoft Corporation) DRV - (UASPStor) -- C:\Windows\System32\Drivers\uaspstor.sys (Microsoft Corporation) DRV - (storahci) -- C:\Windows\System32\Drivers\storahci.sys (Microsoft Corporation) DRV - (spaceport) -- C:\Windows\System32\Drivers\spaceport.sys (Microsoft Corporation) DRV - (mvumis) -- C:\Windows\System32\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV - (WFPLWFS) -- C:\Windows\System32\Drivers\wfplwfs.sys (Microsoft Corporation) DRV - (CLFS) -- C:\Windows\System32\Drivers\clfs.sys (Microsoft Corporation) DRV - (terminpt) -- C:\Windows\System32\Drivers\terminpt.sys (Microsoft Corporation) DRV - (WdFilter) -- C:\Windows\System32\Drivers\WdFilter.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\System32\Drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\Drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\Drivers\storvsc.sys (Microsoft Corporation) DRV - (WdBoot) -- C:\Windows\System32\Drivers\WdBoot.sys (Microsoft Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\Drivers\WSDPrint.sys (Microsoft Corporation) DRV - (BasicDisplay) -- C:\Windows\System32\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV - (mshidumdf) -- C:\Windows\System32\Drivers\mshidumdf.sys (Microsoft Corporation) DRV - (HyperVideo) -- C:\Windows\System32\Drivers\HyperVideo.sys (Microsoft Corporation) DRV - (BasicRender) -- C:\Windows\System32\Drivers\BasicRender.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\Drivers\vms3cap.sys (Microsoft Corporation) DRV - (npsvctrig) -- C:\Windows\System32\Drivers\npsvctrig.sys (Microsoft Corporation) DRV - (kdnic) -- C:\Windows\System32\Drivers\kdnic.sys (Microsoft Corporation) DRV - (acpitime) -- C:\Windows\System32\Drivers\acpitime.sys (Microsoft Corporation) DRV - (gencounter) -- C:\Windows\System32\Drivers\vmgencounter.sys (Microsoft Corporation) DRV - (acpipagr) -- C:\Windows\System32\Drivers\acpipagr.sys (Microsoft Corporation) DRV - (WpdUpFltr) -- C:\Windows\System32\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\Drivers\VMBusHID.sys (Microsoft Corporation) DRV - (hyperkbd) -- C:\Windows\System32\Drivers\hyperkbd.sys (Microsoft Corporation) DRV - (SerCx) -- C:\Windows\System32\Drivers\SerCx.sys (Microsoft Corporation) DRV - (SpbCx) -- C:\Windows\System32\Drivers\SpbCx.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\Drivers\winusb.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (BthHFEnum) -- C:\Windows\System32\Drivers\bthhfenum.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (dmvsc) -- C:\Windows\System32\Drivers\dmvsc.sys (Microsoft Corporation) DRV - (wpcfltr) -- C:\Windows\System32\Drivers\wpcfltr.sys (Microsoft Corporation) DRV - (NdisImPlatform) -- C:\Windows\System32\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV - (MsLldp) -- C:\Windows\System32\Drivers\mslldp.sys (Microsoft Corporation) DRV - (Ndu) -- C:\Windows\System32\Drivers\Ndu.sys (Microsoft Corporation) DRV - (SymELAM) -- C:\Windows\System32\Drivers\NIS\1404000.028\symelam.sys (Symantec Corporation) DRV - (NBVol) -- C:\Windows\System32\Drivers\NBVol.sys (Nero AG) DRV - (NBVolUp) -- C:\Windows\System32\Drivers\NBVolUp.sys (Nero AG) DRV - (nmwcd) -- C:\Windows\System32\Drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\Drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\Drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\Drivers\ccdcmbo.sys (Nokia) DRV - (Netaapl) -- C:\Windows\System32\Drivers\netaapl.sys (Apple Inc.) DRV - (Ph3xIB32) -- C:\Windows\System32\Drivers\Ph3xIB32.sys (NXP Semiconductors) DRV - (cjusb) -- C:\Windows\System32\Drivers\cjusb.sys (REINER SCT) DRV - (afcdp) -- C:\Windows\System32\Drivers\afcdp.sys (Acronis) DRV - (FTSER2K) -- C:\Windows\System32\Drivers\ftser2k.sys (FTDI Ltd.) DRV - (FTDIBUS) -- C:\Windows\System32\Drivers\ftdibus.sys (FTDI Ltd.) DRV - (bizVSerial) -- C:\Windows\System32\Drivers\bizVSerialNT.sys (franson.biz) DRV - (Afc) -- C:\Windows\System32\Drivers\afc.sys (Arcsoft, Inc.) DRV - (m5287) -- C:\Windows\System32\Drivers\m5287.sys (ULi Electronics Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 49 4C B9 F6 96 CA 01 [binary data] IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B4F0963A3-1658-4fde-9585-23A25CC288BF%7D:1.10.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.02.19 22:30:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.07.16 21:43:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.01.12 14:38:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2013.03.29 21:28:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F0963A3-1658-4fde-9585-23A25CC288BF}: C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2013.03.29 21:28:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.11.20 21:41:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.19 22:30:43 | 000,000,000 | ---D | M] [2013.01.12 14:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1234 5678\AppData\Roaming\mozilla\Extensions [2013.05.31 08:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1234 5678\AppData\Roaming\mozilla\Firefox\Profiles\k915aems.default\extensions [2013.05.31 08:38:17 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\1234 5678\AppData\Roaming\mozilla\firefox\profiles\k915aems.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.27 21:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.06.02 13:19:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.06.02 13:19:39 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.03.29 21:28:45 | 000,000,000 | ---D | M] (AusweisApp) -- C:\PROGRAM FILES\AUSWEISAPP\MOZILLA\ECARDCLIENTPIN_FFXX_WIN ========== Chrome ========== CHR - homepage: hxxp://www.google.com/,homepage_is_newtabpage:false,browser:{suppress_switch_to_metro_mode_on_set_default:true},distribution:{skip_first_run_ui:false,import_search_engine:false,import_history:false,create_all_shortcuts:true,do_not_launch_chrome:true,make_chrome_default:false,verbose_logging:false,suppress_first_run_default_browser_prompt:true,ping_delay:-60},sync_promo:{show_on_first_run_allowed:false},session:{restore_on_startup:4,urls_to_restore_on_startup:[hxxp://www.google.com/]},first_run_tabs:[hxxp://www.google.com/,hxxp://welcome_page] CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\1234 5678 (Wrk)\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\1234 5678 (Wrk)\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\1234 5678 (Wrk)\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll O1 HOSTS File: ([2012.07.26 06:17:20 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (AusweisApp 1.8.0.0) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Programme\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe () O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe () O4 - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001..\Run: [Greenshot] C:\Programme\Greenshot\Greenshot.exe () O4 - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D6F67C3-5CA9-456A-98CF-BD49C1B8E9AE}: DhcpNameServer = 82.212.62.62 78.42.43.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D927EA9C-28BE-4735-849E-CE62205AEBB4}: DhcpNameServer = 10.74.210.210 10.74.210.211 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\mediabuilder.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\nsu3ui.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\paprport.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\pdfdirect.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\pppagevw.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\ppscandr.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\scannerwizard.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\trueimagelauncher.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.11.02 02:28:06 | 000,000,050 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.23 05:59:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.07.22 06:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.07.18 12:58:08 | 000,000,000 | ---D | C] -- C:\FRST [2013.07.16 20:55:52 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.07.16 20:55:44 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.07.10 06:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.07.10 06:31:27 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\1234 5678\Desktop\aswMBR.exe [2013.07.09 22:55:26 | 000,000,000 | ---D | C] -- C:\Users\1234 5678\AppData\Roaming\Malwarebytes [2013.07.09 22:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.09 22:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.09 22:55:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.07.09 22:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.07.09 22:54:55 | 000,000,000 | ---D | C] -- C:\Users\1234 5678\AppData\Local\Programs [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.23 23:26:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.07.23 23:23:05 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.07.23 23:21:01 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.07.23 23:20:56 | 1610,158,080 | -HS- | M] () -- C:\hiberfil.sys [2013.07.22 22:34:13 | 000,769,776 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.07.22 22:34:13 | 000,717,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.07.22 22:34:13 | 000,160,980 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.07.22 22:34:13 | 000,137,152 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.07.16 23:04:11 | 000,000,000 | ---- | M] () -- C:\Users\1234 5678\defogger_reenable [2013.07.16 20:55:35 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013.07.16 20:55:35 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013.07.16 20:55:35 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.07.16 20:55:35 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.07.16 20:55:35 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.07.16 20:55:35 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.07.10 06:40:20 | 286,054,769 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2013.07.10 06:30:55 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\1234 5678\Desktop\aswMBR.exe [2013.07.09 22:55:21 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.16 23:04:11 | 000,000,000 | ---- | C] () -- C:\Users\1234 5678\defogger_reenable [2013.07.09 22:55:21 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.19 22:05:12 | 000,459,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.14 20:40:05 | 002,822,336 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe [2013.01.14 20:40:05 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys [2013.01.14 20:40:03 | 000,010,200 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys [2013.01.10 20:37:59 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll [2013.01.04 23:15:15 | 000,293,889 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT [2013.01.04 01:19:36 | 000,000,680 | RHS- | C] () -- C:\Users\1234 5678\ntuser.pol [2013.01.04 00:53:43 | 000,021,532 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll [2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll [2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll [2012.07.26 10:41:52 | 000,769,776 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2012.07.26 10:41:52 | 000,305,546 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2012.07.26 10:41:52 | 000,160,980 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2012.07.26 10:41:52 | 000,040,390 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2012.07.26 08:55:27 | 000,717,034 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2012.07.26 08:55:27 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2012.07.26 08:55:27 | 000,137,152 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2012.07.26 08:55:27 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2012.07.26 08:53:47 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2012.07.26 08:53:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT [2012.07.26 08:03:55 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.07.26 03:20:38 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll [2012.07.25 22:41:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2012.07.25 22:24:47 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin [2012.07.14 04:00:46 | 000,043,882 | ---- | C] () -- C:\WINDOWS\System32\srms.dat [2012.06.02 22:25:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat [2012.06.02 16:31:24 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2012.03.21 21:16:44 | 000,007,631 | ---- | C] () -- C:\Users\1234 5678\AppData\Local\Resmon.ResmonCfg [2010.03.13 18:10:19 | 000,000,538 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== ZeroAccess Check ========== [2013.01.21 21:02:28 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2012.07.26 05:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Ich hoffe Du bist zufrieden und ich kann die Sache abschließen Herzlichen Dank für Deine Mühe Gute Nacht Gruß wh56 |
|
| Themen zu Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" |
| admin, anderen, anhänge, anleitung, beitrag, beseitigen, bildschirm, bundestrojaner, files, gmer, hängen, infizierte, konto, melde, melden, meldung, problem, rechner, schwarzer bildschirm, system, system 32, trojaner, trojaner eigene reparaturversuche, versuche, windows, zugang |
Linear-Darstellung
