| |
| |||||||
Log-Analyse und Auswertung: entfernen W32 blaster wormWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.08.2013, 12:05
| #16 |
 |  entfernen W32 blaster worm Hallo Leo, habe wie beschrieben den Rechner im angesicherten Modus mit Netzwerktreibern gestartet. Allerdings wird nur ein File erzeugt. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-08-2013
Ran by PM (administrator) on 17-08-2013 12:48:01
Running from C:\Users\PM\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) ===================
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] - C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [NeroCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Symantec PIF AlertEng] - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [92704 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8530464 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [88608 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM\...\Run: [FromDocToPDF Search Scope Monitor] - C:\PROGRA~1\FROMDO~2\bar\1.bin\65srchmn.exe [44784 2013-07-09] (MindSpark)
HKLM\...\Run: [FromDocToPDF_65 Browser Plugin Loader] - C:\PROGRA~1\FROMDO~2\bar\1.bin\65brmon.exe [30096 2013-07-09] (VER_COMPANY_NAME)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185896 2007-06-18] (RealNetworks, Inc.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44168 2007-03-07] (soft thinks)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKCU\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Internet Security] - C:\Users\PM\AppData\Roaming\msprotection.exe [845312 2013-08-17] (Peter Pawlowski)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-18] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-18] (Microsoft Corporation)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\PM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {13ACC3AB-22DA-47E2-854A-F3A72E8F4FF7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {13ACC3AB-22DA-47E2-854A-F3A72E8F4FF7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {AE67D855-EA9B-4626-9C96-0939A094504C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU -No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: haufereader - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 83.169.185.33 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @FromDocToPDF_65.com/Plugin - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2629 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.16 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\ask-web-search.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\searchplugins-backup
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Yahoo! Toolbar - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: pdfforge - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\pdfforge@mybrowserbar.com
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] C:\Program Files\FromDocToPDF_65\bar\1.bin
FF Extension: FromDocToPDF - C:\Program Files\FromDocToPDF_65\bar\1.bin
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Docs) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
========================== Services (Whitelisted) =================
S2 FromDocToPDF_65Service; C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe [42504 2013-07-09] (COMPANYVERS_NAME)
S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll [537992 2008-04-10] (Symantec Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 SymAppCore; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [47712 2007-01-04] (Symantec Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1514304 2011-12-14] (TuneUp Software)
S2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
==================== Drivers (Whitelisted) ====================
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
S1 IDSvix86; C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [261680 2008-02-13] (Symantec Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-10-31] (Duplex Secure Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2007-12-01] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2007-12-01] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2007-12-01] (Symantec Corporation)
S3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [12848 2007-10-30] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2008-02-13] (Symantec Corporation)
S3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [145968 2007-10-30] (Symantec Corporation)
S3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [39856 2007-10-30] (Symantec Corporation)
S3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [37936 2007-10-30] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27696 2007-10-30] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191536 2007-10-30] (Symantec Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\PM\AppData\Local\Temp\catchme.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080413.003\NAVENG.SYS [x]
S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080413.003\NAVEX15.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-17 12:46 - 2013-08-17 12:36 - 01068993 _____ (Farbar) C:\Users\PM\Desktop\FRST.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00845312 _____ (Peter Pawlowski) C:\Users\PM\AppData\Roaming\msprotection.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00240640 _____ C:\Users\PM\firefox.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk
2013-08-17 10:43 - 2013-08-17 10:43 - 00000000 _____ C:\Users\PM\windowsupdate.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000000 _____ C:\Users\PM\msconfig.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000000 _____ C:\Users\PM\jucheck.exe
2013-08-17 10:26 - 2013-08-17 10:26 - 00009725 _____ C:\ComboFix.txt
2013-08-17 10:11 - 2013-08-17 10:27 - 00000000 ____D C:\ComboFix
2013-08-17 10:11 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-17 10:11 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-17 10:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-17 10:10 - 2013-08-17 10:27 - 00000000 ____D C:\Qoobox
2013-08-17 10:04 - 2013-08-17 10:09 - 05105390 ____R (Swearware) C:\Users\PM\Desktop\ComboFix.exe
2013-08-17 08:59 - 2013-08-17 10:25 - 00000000 ____D C:\Windows\erdnt
2013-08-17 08:42 - 2013-08-17 08:44 - 00075013 _____ C:\AdwCleaner[S1].txt
2013-08-17 08:42 - 2013-08-17 08:44 - 00000157 _____ C:\Windows\DeleteOnReboot.bat
2013-08-17 00:21 - 2013-08-17 00:21 - 00000000 ____D C:\_OTL
2013-08-16 23:55 - 2013-08-16 23:55 - 00000000 ____D C:\FRST
2013-08-16 20:07 - 2013-08-16 20:07 - 00000000 ____D C:\Users\PM\Desktop\Wintrack
2013-08-16 19:26 - 2013-08-16 19:26 - 00000527 _____ C:\Users\PM\Desktop\Denis - Verknüpfung.lnk
2013-08-16 19:23 - 2013-08-16 19:24 - 00000000 ____D C:\Users\PM\Desktop\Bewerbung
2013-08-16 19:23 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Anschreiben, Status
2013-08-16 06:34 - 2013-08-16 06:34 - 00080248 _____ C:\OTL1.txt
2013-08-16 06:34 - 2013-08-16 06:34 - 00034466 _____ C:\Extras1.txt
2013-08-16 06:30 - 2013-08-16 18:32 - 00043352 _____ C:\Extras.Txt
2013-08-16 06:29 - 2013-08-16 18:56 - 00069774 _____ C:\OTL.Txt
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\NIS60dDE.exe
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 613529.crdownload
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 281099.crdownload
2013-08-14 23:33 - 2013-08-14 23:33 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-12 19:39 - 2013-08-17 13:47 - 00000304 _____ C:\Windows\Tasks\pmrsud.job
2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll
2013-08-06 13:55 - 2013-08-06 13:55 - 00004096 ____H C:\Users\PM\AppData\Local\keyfile3.drm
==================== One Month Modified Files and Folders =======
2013-08-17 13:57 - 2007-07-16 03:22 - 01857154 _____ C:\Windows\WindowsUpdate.log
2013-08-17 13:57 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-17 13:57 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-17 13:57 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-17 13:57 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-17 13:52 - 2006-11-02 12:33 - 01517318 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-17 13:47 - 2013-08-12 19:39 - 00000304 _____ C:\Windows\Tasks\pmrsud.job
2013-08-17 13:47 - 2010-01-31 08:56 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-17 13:47 - 2007-06-18 13:39 - 00000000 ____D C:\Windows\SMINST
2013-08-17 12:36 - 2013-08-17 12:46 - 01068993 _____ (Farbar) C:\Users\PM\Desktop\FRST.exe
2013-08-17 11:43 - 2013-08-17 13:48 - 00139264 _____ C:\Users\PM\Desktop\SystemLook.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00845312 _____ (Peter Pawlowski) C:\Users\PM\AppData\Roaming\msprotection.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00240640 _____ C:\Users\PM\firefox.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk
2013-08-17 10:43 - 2013-08-17 10:43 - 00000000 _____ C:\Users\PM\windowsupdate.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000000 _____ C:\Users\PM\msconfig.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000000 _____ C:\Users\PM\jucheck.exe
2013-08-17 10:43 - 2007-09-01 15:57 - 00000000 ____D C:\Users\PM
2013-08-17 10:32 - 2007-06-18 13:41 - 00411156 _____ C:\Windows\PFRO.log
2013-08-17 10:27 - 2013-08-17 10:11 - 00000000 ____D C:\ComboFix
2013-08-17 10:27 - 2013-08-17 10:10 - 00000000 ____D C:\Qoobox
2013-08-17 10:27 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-08-17 10:27 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-08-17 10:26 - 2013-08-17 10:26 - 00009725 _____ C:\ComboFix.txt
2013-08-17 10:25 - 2013-08-17 08:59 - 00000000 ____D C:\Windows\erdnt
2013-08-17 10:24 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-08-17 10:09 - 2013-08-17 10:04 - 05105390 ____R (Swearware) C:\Users\PM\Desktop\ComboFix.exe
2013-08-17 10:08 - 2009-11-26 16:41 - 00000000 ____D C:\Users\PM\Tracing
2013-08-17 08:44 - 2013-08-17 08:42 - 00075013 _____ C:\AdwCleaner[S1].txt
2013-08-17 08:44 - 2013-08-17 08:42 - 00000157 _____ C:\Windows\DeleteOnReboot.bat
2013-08-17 08:20 - 2010-01-31 08:56 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-17 08:19 - 2008-08-25 22:46 - 00000412 ____H C:\Windows\Tasks\User_Feed_Synchronization-{45D4D7FF-D19B-4345-8B4E-5C1638791C24}.job
2013-08-17 00:21 - 2013-08-17 00:21 - 00000000 ____D C:\_OTL
2013-08-16 23:55 - 2013-08-16 23:55 - 00000000 ____D C:\FRST
2013-08-16 23:07 - 2009-08-30 14:52 - 00000000 ____D C:\Ablage Wolfgang
2013-08-16 22:26 - 2009-12-03 22:53 - 00000000 ____D C:\Users\PM\AppData\Roaming\WinTrack
2013-08-16 20:07 - 2013-08-16 20:07 - 00000000 ____D C:\Users\PM\Desktop\Wintrack
2013-08-16 19:26 - 2013-08-16 19:26 - 00000527 _____ C:\Users\PM\Desktop\Denis - Verknüpfung.lnk
2013-08-16 19:26 - 2010-08-22 17:55 - 00000000 ____D C:\Denis
2013-08-16 19:24 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Bewerbung
2013-08-16 19:23 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Anschreiben, Status
2013-08-16 18:56 - 2013-08-16 06:29 - 00069774 _____ C:\OTL.Txt
2013-08-16 18:32 - 2013-08-16 06:30 - 00043352 _____ C:\Extras.Txt
2013-08-16 13:33 - 2007-06-18 13:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-16 13:33 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-16 13:32 - 2006-11-02 12:23 - 00000277 _____ C:\Windows\win.ini
2013-08-16 06:34 - 2013-08-16 06:34 - 00080248 _____ C:\OTL1.txt
2013-08-16 06:34 - 2013-08-16 06:34 - 00034466 _____ C:\Extras1.txt
2013-08-15 17:50 - 2008-03-09 14:34 - 00026624 _____ C:\Users\PM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\NIS60dDE.exe
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 613529.crdownload
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 281099.crdownload
2013-08-15 10:43 - 2011-06-08 16:38 - 00001356 _____ C:\Users\PM\AppData\Local\d3d9caps.dat
2013-08-14 23:33 - 2013-08-14 23:33 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-13 21:37 - 2007-06-18 13:20 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-13 11:54 - 2012-11-06 00:00 - 00000000 ____D C:\Users\PM\AppData\Local\Paint.NET
2013-08-13 09:35 - 2007-09-01 16:02 - 00000000 ____D C:\Users\PM\AppData\Local\Google
2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll
2013-08-06 13:55 - 2013-08-06 13:55 - 00004096 ____H C:\Users\PM\AppData\Local\keyfile3.drm
2013-07-31 08:13 - 2007-09-01 16:01 - 00108136 _____ C:\Users\PM\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-31 08:11 - 2006-11-02 14:47 - 00400344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 13:02 - 2012-02-21 20:01 - 00000310 _____ C:\Windows\Tasks\HPCeeScheduleForPM.job
Files to move or delete:
====================
ZeroAccess:
C:\Users\PM\AppData\Local\Google\Desktop\Install\{de9b0f9d-a697-0505-79ad-d01a3c1dbf87}
C:\Users\PM\firefox.exe
C:\Users\PM\jucheck.exe
C:\Users\PM\msconfig.exe
C:\Users\PM\windowsupdate.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-17 15:39
==================== End Of Log ============================
Gruß Roland |
|
17.08.2013, 14:15
| #17 |
| /// TB-Ausbilder   | entfernen W32 blaster worm Hallo Roland,
__________________du hast dich wieder neu infiziert. Verzichte bitte aufs Surfen mit diesem Rechner, bis wir hier ganz fertig sind und den Computer gegen einen neuerlichen Befall abgesichert haben. Immer noch im abgesicherten Modus weiter: Schritt 1 Scan mit Combofix
Schritt 2 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
17.08.2013, 16:07
| #18 |
| | entfernen W32 blaster worm Hallo Leo,
__________________hier die beiden Files. Combofix Code:
ATTFilter Combofix Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-08-2013
Ran by PM (administrator) on 17-08-2013 16:56:23
Running from C:\Users\PM\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) ===================
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] - C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [NeroCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Symantec PIF AlertEng] - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [92704 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8530464 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [88608 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM\...\Run: [FromDocToPDF Search Scope Monitor] - C:\PROGRA~1\FROMDO~2\bar\1.bin\65srchmn.exe [44784 2013-07-09] (MindSpark)
HKLM\...\Run: [FromDocToPDF_65 Browser Plugin Loader] - C:\PROGRA~1\FROMDO~2\bar\1.bin\65brmon.exe [30096 2013-07-09] (VER_COMPANY_NAME)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185896 2007-06-18] (RealNetworks, Inc.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44168 2007-03-07] (soft thinks)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKCU\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-18] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-18] (Microsoft Corporation)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\PM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {13ACC3AB-22DA-47E2-854A-F3A72E8F4FF7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {13ACC3AB-22DA-47E2-854A-F3A72E8F4FF7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {AE67D855-EA9B-4626-9C96-0939A094504C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU -No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: haufereader - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 83.169.185.33 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @FromDocToPDF_65.com/Plugin - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2629 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.16 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\ask-web-search.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\searchplugins-backup
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Yahoo! Toolbar - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: pdfforge - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\pdfforge@mybrowserbar.com
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] C:\Program Files\FromDocToPDF_65\bar\1.bin
FF Extension: FromDocToPDF - C:\Program Files\FromDocToPDF_65\bar\1.bin
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Docs) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
========================== Services (Whitelisted) =================
S2 FromDocToPDF_65Service; C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe [42504 2013-07-09] (COMPANYVERS_NAME)
S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll [537992 2008-04-10] (Symantec Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 SymAppCore; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [47712 2007-01-04] (Symantec Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1514304 2011-12-14] (TuneUp Software)
S2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
==================== Drivers (Whitelisted) ====================
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
S1 IDSvix86; C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [261680 2008-02-13] (Symantec Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-10-31] (Duplex Secure Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2007-12-01] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2007-12-01] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2007-12-01] (Symantec Corporation)
S3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [12848 2007-10-30] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2008-02-13] (Symantec Corporation)
S3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [145968 2007-10-30] (Symantec Corporation)
S3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [39856 2007-10-30] (Symantec Corporation)
S3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [37936 2007-10-30] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27696 2007-10-30] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191536 2007-10-30] (Symantec Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
R3 catchme; \??\C:\Users\PM\AppData\Local\Temp\catchme.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080413.003\NAVENG.SYS [x]
S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080413.003\NAVEX15.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
U3 mbr; \??\C:\ComboFix\mbr.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-17 16:54 - 2013-08-17 16:54 - 00009694 _____ C:\ComboFix.txt
2013-08-17 13:48 - 2013-08-17 11:43 - 00139264 _____ C:\Users\PM\Desktop\SystemLook.exe
2013-08-17 12:46 - 2013-08-17 12:36 - 01068993 _____ (Farbar) C:\Users\PM\Desktop\FRST.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk
2013-08-17 10:11 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-17 10:11 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-17 10:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-17 10:10 - 2013-08-17 16:54 - 00000000 ____D C:\Qoobox
2013-08-17 10:04 - 2013-08-17 10:09 - 05105390 ____R (Swearware) C:\Users\PM\Desktop\ComboFix.exe
2013-08-17 08:59 - 2013-08-17 10:25 - 00000000 ____D C:\Windows\erdnt
2013-08-17 08:42 - 2013-08-17 08:44 - 00075013 _____ C:\AdwCleaner[S1].txt
2013-08-17 08:42 - 2013-08-17 08:44 - 00000157 _____ C:\Windows\DeleteOnReboot.bat
2013-08-17 00:21 - 2013-08-17 00:21 - 00000000 ____D C:\_OTL
2013-08-16 23:55 - 2013-08-16 23:55 - 00000000 ____D C:\FRST
2013-08-16 20:07 - 2013-08-16 20:07 - 00000000 ____D C:\Users\PM\Desktop\Wintrack
2013-08-16 19:26 - 2013-08-16 19:26 - 00000527 _____ C:\Users\PM\Desktop\Denis - Verknüpfung.lnk
2013-08-16 19:23 - 2013-08-16 19:24 - 00000000 ____D C:\Users\PM\Desktop\Bewerbung
2013-08-16 19:23 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Anschreiben, Status
2013-08-16 06:34 - 2013-08-16 06:34 - 00080248 _____ C:\OTL1.txt
2013-08-16 06:34 - 2013-08-16 06:34 - 00034466 _____ C:\Extras1.txt
2013-08-16 06:30 - 2013-08-16 18:32 - 00043352 _____ C:\Extras.Txt
2013-08-16 06:29 - 2013-08-17 19:57 - 00061446 _____ C:\OTL.Txt
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\NIS60dDE.exe
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 613529.crdownload
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 281099.crdownload
2013-08-14 23:33 - 2013-08-14 23:33 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-12 19:39 - 2013-08-17 17:29 - 00000304 _____ C:\Windows\Tasks\pmrsud.job
2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll
2013-08-06 13:55 - 2013-08-06 13:55 - 00004096 ____H C:\Users\PM\AppData\Local\keyfile3.drm
==================== One Month Modified Files and Folders =======
2013-08-17 20:00 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-08-17 19:57 - 2013-08-16 06:29 - 00061446 _____ C:\OTL.Txt
2013-08-17 17:30 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-17 17:30 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-17 17:29 - 2013-08-12 19:39 - 00000304 _____ C:\Windows\Tasks\pmrsud.job
2013-08-17 17:29 - 2010-01-31 08:56 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-17 17:29 - 2007-06-18 13:39 - 00000000 ____D C:\Windows\SMINST
2013-08-17 17:29 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-17 17:29 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-17 16:54 - 2013-08-17 16:54 - 00009694 _____ C:\ComboFix.txt
2013-08-17 16:54 - 2013-08-17 10:10 - 00000000 ____D C:\Qoobox
2013-08-17 16:52 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-08-17 16:51 - 2007-09-01 15:57 - 00000000 ____D C:\Users\PM
2013-08-17 13:57 - 2007-07-16 03:22 - 01857154 _____ C:\Windows\WindowsUpdate.log
2013-08-17 13:52 - 2006-11-02 12:33 - 01517318 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-17 12:36 - 2013-08-17 12:46 - 01068993 _____ (Farbar) C:\Users\PM\Desktop\FRST.exe
2013-08-17 11:43 - 2013-08-17 13:48 - 00139264 _____ C:\Users\PM\Desktop\SystemLook.exe
2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk
2013-08-17 10:32 - 2007-06-18 13:41 - 00411156 _____ C:\Windows\PFRO.log
2013-08-17 10:27 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-08-17 10:25 - 2013-08-17 08:59 - 00000000 ____D C:\Windows\erdnt
2013-08-17 10:09 - 2013-08-17 10:04 - 05105390 ____R (Swearware) C:\Users\PM\Desktop\ComboFix.exe
2013-08-17 10:08 - 2009-11-26 16:41 - 00000000 ____D C:\Users\PM\Tracing
2013-08-17 08:44 - 2013-08-17 08:42 - 00075013 _____ C:\AdwCleaner[S1].txt
2013-08-17 08:44 - 2013-08-17 08:42 - 00000157 _____ C:\Windows\DeleteOnReboot.bat
2013-08-17 08:20 - 2010-01-31 08:56 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-17 08:19 - 2008-08-25 22:46 - 00000412 ____H C:\Windows\Tasks\User_Feed_Synchronization-{45D4D7FF-D19B-4345-8B4E-5C1638791C24}.job
2013-08-17 00:21 - 2013-08-17 00:21 - 00000000 ____D C:\_OTL
2013-08-16 23:55 - 2013-08-16 23:55 - 00000000 ____D C:\FRST
2013-08-16 23:07 - 2009-08-30 14:52 - 00000000 ____D C:\Ablage Wolfgang
2013-08-16 22:26 - 2009-12-03 22:53 - 00000000 ____D C:\Users\PM\AppData\Roaming\WinTrack
2013-08-16 20:07 - 2013-08-16 20:07 - 00000000 ____D C:\Users\PM\Desktop\Wintrack
2013-08-16 19:26 - 2013-08-16 19:26 - 00000527 _____ C:\Users\PM\Desktop\Denis - Verknüpfung.lnk
2013-08-16 19:26 - 2010-08-22 17:55 - 00000000 ____D C:\Denis
2013-08-16 19:24 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Bewerbung
2013-08-16 19:23 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Anschreiben, Status
2013-08-16 18:32 - 2013-08-16 06:30 - 00043352 _____ C:\Extras.Txt
2013-08-16 13:33 - 2007-06-18 13:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-16 13:33 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-16 13:32 - 2006-11-02 12:23 - 00000277 _____ C:\Windows\win.ini
2013-08-16 06:34 - 2013-08-16 06:34 - 00080248 _____ C:\OTL1.txt
2013-08-16 06:34 - 2013-08-16 06:34 - 00034466 _____ C:\Extras1.txt
2013-08-15 17:50 - 2008-03-09 14:34 - 00026624 _____ C:\Users\PM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\NIS60dDE.exe
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 613529.crdownload
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 281099.crdownload
2013-08-15 10:43 - 2011-06-08 16:38 - 00001356 _____ C:\Users\PM\AppData\Local\d3d9caps.dat
2013-08-14 23:33 - 2013-08-14 23:33 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-13 21:37 - 2007-06-18 13:20 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-13 11:54 - 2012-11-06 00:00 - 00000000 ____D C:\Users\PM\AppData\Local\Paint.NET
2013-08-13 09:35 - 2007-09-01 16:02 - 00000000 ____D C:\Users\PM\AppData\Local\Google
2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll
2013-08-06 13:55 - 2013-08-06 13:55 - 00004096 ____H C:\Users\PM\AppData\Local\keyfile3.drm
2013-07-31 08:13 - 2007-09-01 16:01 - 00108136 _____ C:\Users\PM\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-31 08:11 - 2006-11-02 14:47 - 00400344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 13:02 - 2012-02-21 20:01 - 00000310 _____ C:\Windows\Tasks\HPCeeScheduleForPM.job
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-17 16:54
==================== End Of Log ============================
Gruß Roland |
|
17.08.2013, 16:24
| #19 |
| /// TB-Ausbilder | entfernen W32 blaster worm So, dann jetzt so weiter: (Immer noch aufs Surfen verzichten, um eine erneute Re-Infektion zu vermeiden.) Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter 2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll
2013-08-12 19:39 - 2013-08-17 17:29 - 00000304 _____ C:\Windows\Tasks\pmrsud.job
2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Lade SystemLook (von jpshortstuff) herunter und speichere das Tool auf dem Desktop.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
17.08.2013, 17:52
| #20 |
| | entfernen W32 blaster worm Hallo Leo, hier die Ergebnisse. Schritt 1 Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-08-2013
Ran by PM at 2013-08-17 17:49:25 Run:1
Running from C:\Users\PM\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================
Content of fixlist:
*****************
2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll 2013-08-12 19:39 - 2013-08-17 17:29 - 00000304 _____ C:\Windows\Tasks\pmrsud.job 2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"C:\Users\PM\Desktop\Internet Security 2013.lnk SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms} " => File/Directory not found.
==== End of Fixlog ====
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 18:24 on 17/08/2013 by PM
Administrator - Elevation successful
========== filefind ==========
Searching for "*FromDocToPDF*"
C:\Users\PM\AppData\Roaming\Microsoft\Windows\Cookies\Low\pm@fromdoctopdf[2].txt --a---- 477 bytes [19:17 09/07/2013] [19:18 09/07/2013] E77392F1B487BF1E615A86589A63B0E6
========== folderfind ==========
Searching for "*FromDocToPDF*"
C:\Program Files\FromDocToPDF_65 d------ [19:17 09/07/2013]
C:\Users\PM\AppData\LocalLow\FromDocToPDF_65 d------ [06:45 17/08/2013]
========== regfind ==========
Searching for "FromDocToPDF"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FromDocToPDF_65]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"SettingsDir"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\Settings\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"CacheDir"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\Cache\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"HistoryDir"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\History\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"SkinsDirLowIL"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\"
[HKEY_CURRENT_USER\Software\FromDocToPDF_65]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Firefox]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Internet Explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65mlbtn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}\ProgID]
@="FromDocToPDF_65.MultipleButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}\VersionIndependentProgID]
@="FromDocToPDF_65.MultipleButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}]
@="FromDocToPDF Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65tpinst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}\ProgID]
@="FromDocToPDF_65.ThirdPartyInstaller.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}\VersionIndependentProgID]
@="FromDocToPDF_65.ThirdPartyInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65script.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}\ProgID]
@="FromDocToPDF_65.ScriptButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}\VersionIndependentProgID]
@="FromDocToPDF_65.ScriptButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e6260ac-bc6f-44b4-942b-1568c367543a}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65skin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ffa72ec-9fd9-4b2b-92a5-68b60885fd8a}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65httpct.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{504b4aa9-9952-4490-b0e1-80a5321c35f7}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65radio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{504b4aa9-9952-4490-b0e1-80a5321c35f7}\ProgID]
@="FromDocToPDF_65.RadioSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{504b4aa9-9952-4490-b0e1-80a5321c35f7}\VersionIndependentProgID]
@="FromDocToPDF_65.RadioSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72d05120-df65-4c27-921e-899b5267fef2}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65dlghk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad40e5e-9fd9-4f5e-b4d1-ddf2c921dce3}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65msg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad40e5e-9fd9-4f5e-b4d1-ddf2c921dce3}\ProgID]
@="FromDocToPDF_65.XMLSessionPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad40e5e-9fd9-4f5e-b4d1-ddf2c921dce3}\VersionIndependentProgID]
@="FromDocToPDF_65.XMLSessionPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf6cb9-2276-4f30-b841-05a67067ace0}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65uabtn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf6cb9-2276-4f30-b841-05a67067ace0}\ProgID]
@="FromDocToPDF_65.UrlAlertButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf6cb9-2276-4f30-b841-05a67067ace0}\VersionIndependentProgID]
@="FromDocToPDF_65.UrlAlertButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65bprtct.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}\ProgID]
@="FromDocToPDF_65.ToolbarProtector.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}\VersionIndependentProgID]
@="FromDocToPDF_65.ToolbarProtector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afa196f4-80e5-47ad-b7bc-c671487d36fb}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65datact.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fd68f7-d28b-431e-9ee8-e45d915b7f17}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65radio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fd68f7-d28b-431e-9ee8-e45d915b7f17}\ProgID]
@="FromDocToPDF_65.Radio.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fd68f7-d28b-431e-9ee8-e45d915b7f17}\VersionIndependentProgID]
@="FromDocToPDF_65.Radio"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}\ProgID]
@="FromDocToPDF_65.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}\VersionIndependentProgID]
@="FromDocToPDF_65.SettingsPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65skin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}\ProgID]
@="FromDocToPDF_65.PseudoTransparentPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}\VersionIndependentProgID]
@="FromDocToPDF_65.PseudoTransparentPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65feedmg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}\ProgID]
@="FromDocToPDF_65.FeedManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}\VersionIndependentProgID]
@="FromDocToPDF_65.FeedManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65skin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}]
@="FromDocToPDF_65 HTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\T8HTML.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}\ProgID]
@="FromDocToPDF_65.HTMLPanel.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}\VersionIndependentProgID]
@="FromDocToPDF_65.HTMLPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f96ee2ef-fe15-4878-aecd-bc367f12c70f}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65dyn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f96ee2ef-fe15-4878-aecd-bc367f12c70f}\ProgID]
@="FromDocToPDF_65.DynamicBarButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f96ee2ef-fe15-4878-aecd-bc367f12c70f}\VersionIndependentProgID]
@="FromDocToPDF_65.DynamicBarButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}]
@="FromDocToPDF_65 HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}\InprocServer32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\65htmlmu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}\ProgID]
@="FromDocToPDF_65.HTMLMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}\VersionIndependentProgID]
@="FromDocToPDF_65.HTMLMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton\CurVer]
@="FromDocToPDF_65.DynamicBarButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.FeedManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.FeedManager\CurVer]
@="FromDocToPDF_65.FeedManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu]
@="FromDocToPDF_65 HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu\CurVer]
@="FromDocToPDF_65.HTMLMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1]
@="FromDocToPDF_65 HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel]
@="FromDocToPDF_65 HTML Panel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel\CurVer]
@="FromDocToPDF_65.HTMLPanel.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1]
@="FromDocToPDF_65 HTML Panel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton\CurVer]
@="FromDocToPDF_65.MultipleButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin\CurVer]
@="FromDocToPDF_65.PseudoTransparentPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.Radio]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.Radio\CurVer]
@="FromDocToPDF_65.Radio.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.Radio.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings\CurVer]
@="FromDocToPDF_65.RadioSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton\CurVer]
@="FromDocToPDF_65.ScriptButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin\CurVer]
@="FromDocToPDF_65.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher\CurVer]
@="FromDocToPDF_65.SkinLauncher.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings\CurVer]
@="FromDocToPDF_65.SkinLauncherSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller]
@="FromDocToPDF Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller\CurVer]
@="FromDocToPDF_65.ThirdPartyInstaller.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1]
@="FromDocToPDF Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector\CurVer]
@="FromDocToPDF_65.ToolbarProtector.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton\CurVer]
@="FromDocToPDF_65.UrlAlertButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin\CurVer]
@="FromDocToPDF_65.XMLSessionPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\405"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\625"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\1003"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\1506"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\1807"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\1306"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\1104"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\626"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\905"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\1406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}\1.0\0\win32]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin\t8res.dll\1604"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}\1.0\HELPDIR]
@="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65]
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65\bar]
"un"="FromDocToPDF"
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65\bar]
"Dir"="C:\Program Files\FromDocToPDF_65\bar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65\bar]
"UninstallString"=""C:\Program Files\FromDocToPDF_65\bar\1.bin\65highin.exe" 65bar.dll,O uninstalltype="IE""
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65\bar]
"PluginPath"="C:\Program Files\FromDocToPDF_65\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65\bar]
"SettingsDir"="C:\Program Files\FromDocToPDF_65\bar\Settings\"
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65\bar]
"HistoryDir"="C:\Program Files\FromDocToPDF_65\bar\History\"
[HKEY_LOCAL_MACHINE\SOFTWARE\FromDocToPDF_65\SkinTools]
"PlayerPath"=""C:\Program Files\FromDocToPDF_65\bar\1.bin\65SkPlay.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36b445bf-1b84-466a-a623-a360a8cff8c3}]
"AppPath"="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6cbf5c01-c876-481b-867e-111cb1d2a7d6}]
"AppPath"="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701f5c41-bb30-46da-a56b-68784b0b762b}]
"AppPath"="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a3b975a0-f679-444e-9d94-6d292fa53140}]
"AppPath"="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d97143c2-4282-496b-bdc4-7ec852f1497c}]
"AppPath"="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}]
"AppPath"="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FromDocToPDF Search Scope Monitor"=""C:\PROGRA~1\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FromDocToPDF_65 Browser Plugin Loader"="C:\PROGRA~1\FROMDO~2\bar\1.bin\65brmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox]
"DisplayName"="FromDocToPDF Firefox Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox]
"UninstallString"="rundll32 "C:\Program Files\FromDocToPDF_65\bar\1.bin\65Bar.dll",O mindsparktoolbarkey="FromDocToPDF_65" uninstalltype="FF""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer]
"DisplayName"="FromDocToPDF Internet Explorer Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer]
"UninstallString"="rundll32 "C:\Program Files\FromDocToPDF_65\bar\1.bin\65Bar.dll",O mindsparktoolbarkey="FromDocToPDF_65" uninstalltype="IE""
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"65ffxtbr@FromDocToPDF_65.com"="C:\Program Files\FromDocToPDF_65\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin]
"Description"="FromDocToPDF Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin]
"Path"="C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin]
"vendor"="FromDocToPDF_65"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin\MimeTypes\application/x-fromdoctopdf_65plugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin\MimeTypes\application/x-fromdoctopdf_65plugin]
"Description"="FromDocToPDF Plugin"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FromDocToPDF_65Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FromDocToPDF_65Service]
"DisplayName"="FromDocToPDFService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FromDocToPDF_65Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FromDocToPDF_65Service]
"DisplayName"="FromDocToPDFService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FromDocToPDF_65Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FromDocToPDF_65Service]
"DisplayName"="FromDocToPDFService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FromDocToPDF_65Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FromDocToPDF_65Service]
"DisplayName"="FromDocToPDFService"
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\AppDataLow\Software\FromDocToPDF_65]
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"SettingsDir"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\Settings\"
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"CacheDir"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\Cache\"
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"HistoryDir"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\History\"
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\AppDataLow\Software\FromDocToPDF_65\bar]
"SkinsDirLowIL"="C:\Users\PM\AppData\LocalLow\FromDocToPDF_65\bar\"
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\FromDocToPDF_65]
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Firefox]
[HKEY_USERS\S-1-5-21-1644527311-4281704627-1724655704-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Internet Explorer]
-= EOF =-
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.04.07 Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6001.18000 PM :: PM-PC [Administrator] Schutz: Deaktiviert 17.08.2013 18:37:12 mbam-log-2013-08-17 (18-37-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213105 Laufzeit: 5 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
17.08.2013, 18:24
| #21 |
| /// TB-Ausbilder | entfernen W32 blaster worm Hallo Roland, der FRST-Fix hat nicht ganz geklappt. Ich hab hier einen neuen für dich. Achte dieses Mal bitte darauf, dass in deinem Fixskript, dass du von hier kopierst, die Zeilenumbrüche vorhanden sind, so dass jede Angabe auf einer eigenen Zeile steht. Schritt 1
Schritt 2 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter 2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll
2013-08-12 19:39 - 2013-08-17 17:29 - 00000304 _____ C:\Windows\Tasks\pmrsud.job
2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
C:\Program Files\FromDocToPDF_65
C:\Users\PM\AppData\LocalLow\FromDocToPDF_65
REG: reg delete "HKCU\Software\AppDataLow\Software\FromDocToPDF_65" /f
REG: reg delete "HKCU\Software\FromDocToPDF_65" /f
REG: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Firefox" /f
REG: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Internet Explorer" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{3e6260ac-bc6f-44b4-942b-1568c367543a}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{504b4aa9-9952-4490-b0e1-80a5321c35f7}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{72d05120-df65-4c27-921e-899b5267fef2}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{8ad40e5e-9fd9-4f5e-b4d1-ddf2c921dce3}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{a0cf6cb9-2276-4f30-b841-05a67067ace0}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{afa196f4-80e5-47ad-b7bc-c671487d36fb}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{b7fd68f7-d28b-431e-9ee8-e45d915b7f17}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{f96ee2ef-fe15-4878-aecd-bc367f12c70f}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}" /f
REG: reg delete "HKLM\SOFTWARE\FromDocToPDF_65" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36b445bf-1b84-466a-a623-a360a8cff8c3}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6cbf5c01-c876-481b-867e-111cb1d2a7d6}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701f5c41-bb30-46da-a56b-68784b0b762b}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a3b975a0-f679-444e-9d94-6d292fa53140}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d97143c2-4282-496b-bdc4-7ec852f1497c}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FromDocToPDF Search Scope Monitor" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FromDocToPDF_65 Browser Plugin Loader" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer" /f
REG: reg delete "HKLM\SOFTWARE\Mozilla\Firefox\Extensions" /v "65ffxtbr@FromDocToPDF_65.com" /f
REG: reg delete "HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin" /f
REG: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\FromDocToPDF_65Service" /f
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 3 ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ --> entfernen W32 blaster worm |
|
17.08.2013, 18:43
| #22 |
| | entfernen W32 blaster worm Hallo Leo, beim Schritt 1 erscheint folgende Fehlermeldung im abgesichteren Modus. "Fehler beim Laden von C:/ProgramFiles/FromDocToPDF_65/bar/1.65Bar.dll" "Das angebene Modul wurde nicht gefunden Für das zweite Programm göeicher Fehler. Gruß Roland |
|
17.08.2013, 18:48
| #23 |
| /// TB-Ausbilder | entfernen W32 blaster worm Ah, ich hab vergessen zu schreiben: Du musst jetzt nicht mehr im abgesicherten Modus arbeiten, der normale Modus sollte auch wieder funktionieren. Benutze diesen Rechner einfach noch nicht zum Surfen im Internet, bis wir hier ganz fertig sind. Wenn der Schritt 1 nicht klappt, dann überspring ihn und mach mit Schritt 2 weiter. (Wichtig ist beim Schritt 2 wie gesagt, dass die Zeilenumbrüche beim Rüberkopieren nicht verloren gehen.)
__________________ cheers, Leo |
|
17.08.2013, 19:23
| #24 |
| | entfernen W32 blaster worm Hallo Leo, kann den Est online scanner nicht wie beschrieben starten. Folgende Fehlermeldung erscheint "Can not get update. Is proxy configured?" Gruß Roland |
|
17.08.2013, 19:25
| #25 |
| /// TB-Ausbilder | entfernen W32 blaster worm Ok, dann überspringen und weiter mit Schritt 4. 
__________________ cheers, Leo |
|
17.08.2013, 19:45
| #26 |
| | entfernen W32 blaster worm Hallo Leo, hier die Ergebnisse. Fixlog von FRST Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-08-2013
Ran by PM at 2013-08-17 20:08:40 Run:1
Running from C:\Users\PM\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
2013-08-12 19:39 - 2013-08-12 19:39 - 00460800 __RSH C:\Windows\system32\KBDYCLP.dll
2013-08-12 19:39 - 2013-08-17 17:29 - 00000304 _____ C:\Windows\Tasks\pmrsud.job
2013-08-17 10:43 - 2013-08-17 10:43 - 00000713 _____ C:\Users\PM\Desktop\Internet Security 2013.lnk
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm043^YYA^de&si=swissconverter&ptb=D1881E25-0032-4500-A85B-49180ECAE22D&ind=2013070915&n=77fd0643&psa=&st=sb&searchfor={searchTerms}
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
C:\Program Files\FromDocToPDF_65
C:\Users\PM\AppData\LocalLow\FromDocToPDF_65
REG: reg delete "HKCU\Software\AppDataLow\Software\FromDocToPDF_65" /f
REG: reg delete "HKCU\Software\FromDocToPDF_65" /f
REG: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Firefox" /f
REG: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Internet Explorer" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{3e6260ac-bc6f-44b4-942b-1568c367543a}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{504b4aa9-9952-4490-b0e1-80a5321c35f7}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{72d05120-df65-4c27-921e-899b5267fef2}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{8ad40e5e-9fd9-4f5e-b4d1-ddf2c921dce3}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{a0cf6cb9-2276-4f30-b841-05a67067ace0}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{afa196f4-80e5-47ad-b7bc-c671487d36fb}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{b7fd68f7-d28b-431e-9ee8-e45d915b7f17}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{f96ee2ef-fe15-4878-aecd-bc367f12c70f}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin" /f
REG: reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}" /f
REG: reg delete "HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}" /f
REG: reg delete "HKLM\SOFTWARE\FromDocToPDF_65" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36b445bf-1b84-466a-a623-a360a8cff8c3}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6cbf5c01-c876-481b-867e-111cb1d2a7d6}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701f5c41-bb30-46da-a56b-68784b0b762b}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a3b975a0-f679-444e-9d94-6d292fa53140}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d97143c2-4282-496b-bdc4-7ec852f1497c}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FromDocToPDF Search Scope Monitor" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FromDocToPDF_65 Browser Plugin Loader" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox" /f
REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer" /f
REG: reg delete "HKLM\SOFTWARE\Mozilla\Firefox\Extensions" /v "65ffxtbr@FromDocToPDF_65.com" /f
REG: reg delete "HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin" /f
REG: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\FromDocToPDF_65Service" /f
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Starte nun FRST erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.
*****************
"C:\Windows\system32\KBDYCLP.dll" => File/Directory not found.
"C:\Windows\Tasks\pmrsud.job" => File/Directory not found.
"C:\Users\PM\Desktop\Internet Security 2013.lnk" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKCR\Wow6432Node\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKCR\Wow6432Node\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll => Moved successfully.
"C:\Program Files\FromDocToPDF_65" directory move:
C:\Program Files\FromDocToPDF_65\bar\Settings\s_pid.dat => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\Message\COMMON.T8S => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\IE9Mesg\COMMON.T8S => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\gen1\COMMON.T8S => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65bprtct.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65brmon.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65brstub.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65datact.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65dlghk.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65dyn.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65feedmg.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65highin.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65hkstub.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65htmlmu.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65httpct.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65idle.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65ieovr.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65impipe.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65medint.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65mlbtn.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65msg.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65Plugin.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65radio.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65regfft.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65reghk.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65regiet.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65script.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65skin.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65sknlcr.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65skplay.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrchMn.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65tpinst.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\65uabtn.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\AppIntegratorStub64.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\BOOTSTRAP.JS => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\CHROME.MANIFEST => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\CREXT.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\CrExtP65.exe => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\DPNMNGR.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\EXEMANAGER.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\Hpg64.dll => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\INSTALL.RDF => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\installKeys.js => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\LOGO.BMP => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\T8EXTEX.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\T8EXTPEX.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\T8HTML.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\T8RES.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\T8TICKER.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\VERIFY.DLL => Moved successfully.
C:\Program Files\FromDocToPDF_65\bar\1.bin\chrome\65ffxtbr.jar => Moved successfully.
Could not move "C:\Program Files\FromDocToPDF_65" directory. => Scheduled to move on reboot.
C:\Users\PM\AppData\LocalLow\FromDocToPDF_65 => Moved successfully.
========= reg delete "HKCU\Software\AppDataLow\Software\FromDocToPDF_65" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKCU\Software\FromDocToPDF_65" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Firefox" /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Internet Explorer" /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{3e6260ac-bc6f-44b4-942b-1568c367543a}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{504b4aa9-9952-4490-b0e1-80a5321c35f7}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{72d05120-df65-4c27-921e-899b5267fef2}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{8ad40e5e-9fd9-4f5e-b4d1-ddf2c921dce3}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{a0cf6cb9-2276-4f30-b841-05a67067ace0}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{afa196f4-80e5-47ad-b7bc-c671487d36fb}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{b7fd68f7-d28b-431e-9ee8-e45d915b7f17}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{f96ee2ef-fe15-4878-aecd-bc367f12c70f}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\FromDocToPDF_65" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36b445bf-1b84-466a-a623-a360a8cff8c3}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6cbf5c01-c876-481b-867e-111cb1d2a7d6}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701f5c41-bb30-46da-a56b-68784b0b762b}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a3b975a0-f679-444e-9d94-6d292fa53140}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d97143c2-4282-496b-bdc4-7ec852f1497c}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FromDocToPDF Search Scope Monitor" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FromDocToPDF_65 Browser Plugin Loader" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Mozilla\Firefox\Extensions" /v "65ffxtbr@FromDocToPDF_65.com" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKLM\SYSTEM\CurrentControlSet\Services\FromDocToPDF_65Service" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
=========== Result of Scheduled Files to move ===========
C:\Program Files\FromDocToPDF_65 => Moved successfully.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-08-2013
Ran by PM (administrator) on 17-08-2013 20:31:10
Running from C:\Users\PM\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\hp\kbd\kbd.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] - C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [NeroCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Symantec PIF AlertEng] - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [92704 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8530464 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [88608 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185896 2007-06-18] (RealNetworks, Inc.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44168 2007-03-07] (soft thinks)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKCU\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-18] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-18] (Microsoft Corporation)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\PM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {13ACC3AB-22DA-47E2-854A-F3A72E8F4FF7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL =
SearchScopes: HKCU - {13ACC3AB-22DA-47E2-854A-F3A72E8F4FF7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - {AE67D855-EA9B-4626-9C96-0939A094504C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU -No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: haufereader - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 83.169.185.33 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2629 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.16 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\ask-web-search.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\searchplugins\searchplugins-backup
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Yahoo! Toolbar - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: pdfforge - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\pdfforge@mybrowserbar.com
FF Extension: No Name - C:\Users\PM\AppData\Roaming\Mozilla\Firefox\Profiles\e2au7sym.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Docs) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\PM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
========================== Services (Whitelisted) =================
R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll [537992 2008-04-10] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 SymAppCore; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [47712 2007-01-04] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1514304 2011-12-14] (TuneUp Software)
S2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
==================== Drivers (Whitelisted) ====================
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
R1 IDSvix86; C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [261680 2008-02-13] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-10-31] ()
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2007-12-01] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2007-12-01] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2007-12-01] (Symantec Corporation)
R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [12848 2007-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2008-02-13] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [145968 2007-10-30] (Symantec Corporation)
R3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [39856 2007-10-30] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [37936 2007-10-30] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27696 2007-10-30] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191536 2007-10-30] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\PM\AppData\Local\Temp\catchme.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080413.003\NAVENG.SYS [x]
S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080413.003\NAVEX15.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-17 18:35 - 2013-08-17 18:35 - 00000000 ____D C:\Users\PM\AppData\Roaming\Malwarebytes
2013-08-17 18:34 - 2013-08-17 18:36 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-17 18:34 - 2013-08-17 18:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-17 18:34 - 2013-08-17 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-17 18:34 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-17 18:13 - 2013-08-17 18:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\PM\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-17 16:54 - 2013-08-17 16:54 - 00009694 _____ C:\ComboFix.txt
2013-08-17 13:48 - 2013-08-17 18:08 - 00139264 _____ C:\Users\PM\Desktop\SystemLook.exe
2013-08-17 12:46 - 2013-08-17 12:36 - 01068993 _____ (Farbar) C:\Users\PM\Desktop\FRST.exe
2013-08-17 10:11 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-17 10:11 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-17 10:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-17 10:11 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-17 10:10 - 2013-08-17 16:54 - 00000000 ____D C:\Qoobox
2013-08-17 10:04 - 2013-08-17 10:09 - 05105390 ____R (Swearware) C:\Users\PM\Desktop\ComboFix.exe
2013-08-17 08:59 - 2013-08-17 10:25 - 00000000 ____D C:\Windows\erdnt
2013-08-17 08:42 - 2013-08-17 08:44 - 00075013 _____ C:\AdwCleaner[S1].txt
2013-08-17 08:42 - 2013-08-17 08:44 - 00000157 _____ C:\Windows\DeleteOnReboot.bat
2013-08-17 00:21 - 2013-08-17 00:21 - 00000000 ____D C:\_OTL
2013-08-16 23:55 - 2013-08-17 20:10 - 00000000 ____D C:\FRST
2013-08-16 20:07 - 2013-08-16 20:07 - 00000000 ____D C:\Users\PM\Desktop\Wintrack
2013-08-16 19:26 - 2013-08-16 19:26 - 00000527 _____ C:\Users\PM\Desktop\Denis - Verknüpfung.lnk
2013-08-16 19:23 - 2013-08-16 19:24 - 00000000 ____D C:\Users\PM\Desktop\Bewerbung
2013-08-16 19:23 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Anschreiben, Status
2013-08-16 06:34 - 2013-08-16 06:34 - 00080248 _____ C:\OTL1.txt
2013-08-16 06:34 - 2013-08-16 06:34 - 00034466 _____ C:\Extras1.txt
2013-08-16 06:30 - 2013-08-16 18:32 - 00043352 _____ C:\Extras.Txt
2013-08-16 06:29 - 2013-08-17 19:57 - 00061446 _____ C:\OTL.Txt
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\NIS60dDE.exe
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 613529.crdownload
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 281099.crdownload
2013-08-14 23:33 - 2013-08-14 23:33 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-06 13:55 - 2013-08-06 13:55 - 00004096 ____H C:\Users\PM\AppData\Local\keyfile3.drm
==================== One Month Modified Files and Folders =======
2013-08-17 20:20 - 2010-01-31 08:56 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-17 20:20 - 2007-07-16 03:22 - 01968664 _____ C:\Windows\WindowsUpdate.log
2013-08-17 20:17 - 2010-01-31 08:56 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-17 20:17 - 2007-06-18 13:39 - 00000000 ____D C:\Windows\SMINST
2013-08-17 20:17 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-17 20:17 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-17 20:17 - 2006-11-02 14:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-17 20:16 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-17 20:16 - 2006-11-02 12:33 - 01517318 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-17 20:15 - 2013-08-17 20:15 - 00000000 ____D C:\Program Files\ESET
2013-08-17 20:10 - 2013-08-16 23:55 - 00000000 ____D C:\FRST
2013-08-17 20:09 - 2007-06-18 13:41 - 00412220 _____ C:\Windows\PFRO.log
2013-08-17 20:00 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-08-17 19:57 - 2013-08-16 06:29 - 00061446 _____ C:\OTL.Txt
2013-08-17 18:36 - 2013-08-17 18:34 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-17 18:36 - 2013-08-17 18:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-17 18:35 - 2013-08-17 18:35 - 00000000 ____D C:\Users\PM\AppData\Roaming\Malwarebytes
2013-08-17 18:34 - 2013-08-17 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-17 18:10 - 2013-08-17 18:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\PM\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-17 18:08 - 2013-08-17 13:48 - 00139264 _____ C:\Users\PM\Desktop\SystemLook.exe
2013-08-17 18:02 - 2006-11-02 14:47 - 00400344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-17 16:54 - 2013-08-17 16:54 - 00009694 _____ C:\ComboFix.txt
2013-08-17 16:54 - 2013-08-17 10:10 - 00000000 ____D C:\Qoobox
2013-08-17 16:52 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-08-17 16:51 - 2007-09-01 15:57 - 00000000 ____D C:\Users\PM
2013-08-17 12:36 - 2013-08-17 12:46 - 01068993 _____ (Farbar) C:\Users\PM\Desktop\FRST.exe
2013-08-17 10:27 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-08-17 10:25 - 2013-08-17 08:59 - 00000000 ____D C:\Windows\erdnt
2013-08-17 10:09 - 2013-08-17 10:04 - 05105390 ____R (Swearware) C:\Users\PM\Desktop\ComboFix.exe
2013-08-17 10:08 - 2009-11-26 16:41 - 00000000 ____D C:\Users\PM\Tracing
2013-08-17 08:44 - 2013-08-17 08:42 - 00075013 _____ C:\AdwCleaner[S1].txt
2013-08-17 08:44 - 2013-08-17 08:42 - 00000157 _____ C:\Windows\DeleteOnReboot.bat
2013-08-17 08:19 - 2008-08-25 22:46 - 00000412 ____H C:\Windows\Tasks\User_Feed_Synchronization-{45D4D7FF-D19B-4345-8B4E-5C1638791C24}.job
2013-08-17 00:21 - 2013-08-17 00:21 - 00000000 ____D C:\_OTL
2013-08-16 23:07 - 2009-08-30 14:52 - 00000000 ____D C:\Ablage Wolfgang
2013-08-16 22:26 - 2009-12-03 22:53 - 00000000 ____D C:\Users\PM\AppData\Roaming\WinTrack
2013-08-16 20:07 - 2013-08-16 20:07 - 00000000 ____D C:\Users\PM\Desktop\Wintrack
2013-08-16 19:26 - 2013-08-16 19:26 - 00000527 _____ C:\Users\PM\Desktop\Denis - Verknüpfung.lnk
2013-08-16 19:26 - 2010-08-22 17:55 - 00000000 ____D C:\Denis
2013-08-16 19:24 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Bewerbung
2013-08-16 19:23 - 2013-08-16 19:23 - 00000000 ____D C:\Users\PM\Desktop\Anschreiben, Status
2013-08-16 18:32 - 2013-08-16 06:30 - 00043352 _____ C:\Extras.Txt
2013-08-16 13:33 - 2007-06-18 13:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-16 13:33 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-16 13:32 - 2006-11-02 12:23 - 00000277 _____ C:\Windows\win.ini
2013-08-16 06:34 - 2013-08-16 06:34 - 00080248 _____ C:\OTL1.txt
2013-08-16 06:34 - 2013-08-16 06:34 - 00034466 _____ C:\Extras1.txt
2013-08-15 17:50 - 2008-03-09 14:34 - 00026624 _____ C:\Users\PM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\NIS60dDE.exe
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 613529.crdownload
2013-08-15 10:46 - 2013-08-15 10:46 - 83665920 _____ C:\Users\PM\Downloads\Nicht bestätigt 281099.crdownload
2013-08-15 10:43 - 2011-06-08 16:38 - 00001356 _____ C:\Users\PM\AppData\Local\d3d9caps.dat
2013-08-14 23:33 - 2013-08-14 23:33 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-13 21:37 - 2007-06-18 13:20 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-13 11:54 - 2012-11-06 00:00 - 00000000 ____D C:\Users\PM\AppData\Local\Paint.NET
2013-08-13 09:35 - 2007-09-01 16:02 - 00000000 ____D C:\Users\PM\AppData\Local\Google
2013-08-06 13:55 - 2013-08-06 13:55 - 00004096 ____H C:\Users\PM\AppData\Local\keyfile3.drm
2013-07-31 08:13 - 2007-09-01 16:01 - 00108136 _____ C:\Users\PM\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-22 13:02 - 2012-02-21 20:01 - 00000310 _____ C:\Windows\Tasks\HPCeeScheduleForPM.job
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-17 20:23
==================== End Of Log ============================
-------------------------------------------------------------------------- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-08-2013 Ran by PM at 2013-08-17 20:32:02 Running from C:\Users\PM\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) ABBYY FineReader 6.0 Sprint (Version: 6.0.0.1550.41613) Activation Assistant for the 2007 Microsoft Office suites Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0) Adobe AIR (Version: 1.5.0.7220) Adobe Flash Player 10 Plugin (Version: 10.1.82.76) Adobe Flash Player 11 ActiveX (Version: 11.0.1.152) Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4) Advertising Center (Version: 0.0.0.1) Ahead Nero Burning ROM AppCore (Version: 1) Apple Software Update (Version: 2.1.1.116) AVG 2012 (Version: 12.0.3162) Biet-O-Matic v2.14.8 (Version: 2.14.8) Bonjour (Version: 1.0.106) Brother MFL-Pro Suite MFC-290C (Version: 1.1.8.0) Counter-Strike FinePixViewer Resource FinePixViewer Ver.5.0 FoxTab Video Converter Google Chrome (Version: 28.0.1500.95) Google Update Helper (Version: 1.3.21.153) Hardware Diagnose Tools (Version: 5.00.4424.15) Haufe iDesk-Browser (Version: 8.07.16.5590) Haufe iDesk-Service (Version: 8.08.20.5622) HP Advisor (Version: 3.1.9152.3107) HP Customer Experience Enhancements (Version: 5.1.0.2264) HP Customer Feedback (Version: 1.0.0) HP Easy Setup - Frontend (Version: 5.1.0.2269) HP On-Screen Cap/Num/Scroll Lock Indicator HP Photosmart Essential 2.0 (Version: 2.0) HP Photosmart Essential2.5 (Version: 1.00.0000) HP Picasso Media Center Add-In (Version: 1.0.0) HP Update (Version: 5.002.002.002) Java 7 Update 7 (Version: 7.0.70) Java Auto Updater (Version: 2.1.9.0) Java(TM) 6 Update 2 (Version: 1.6.0.20) JDownloader (Version: 0.89) Konz 2012 (Version: 1.00.0000) Konz 2013 (Version: 1.00.0000) LeechFTP Lexmark Symbolleiste Lexware Info Service (Version: 2.70.00.0081) LightScribe 1.4.142.1 (Version: 1.4.142.1) LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5) LokProgrammer v2 (Version: 2.7.9) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) McAfee Security Scan Plus (Version: 3.0.318.3) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office FrontPage 2003 (Version: 11.0.8173.0) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Works (Version: 08.05.0822) Mozilla Firefox 22.0 (x86 de) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) muvee autoProducer 6.0 (Version: 6.00.050) Nero 9 Essentials Nero ControlCenter (Version: 9.0.0.1) Nero Installer (Version: 4.4.9.0) Nero Online Upgrade (Version: 1.3.0.0) Nero StartSmart (Version: 9.4.12.100) Nero StartSmart OEM (Version: 9.4.10.100) neroxml (Version: 1.0.0) Norton Internet Security (Version: 10.2.0.30) NVIDIA Drivers Optimierte Multimedia-Tastatur-Lösung Paint.NET v3.5.10 (Version: 3.60.0) PaperPort Image Printer (Version: 1.00.0000) PDF24 Creator 5.6.0 pdfforge Toolbar v7.1 (Version: 7.1) PKH-fix 3.2 PL-2303 USB-to-Serial (Version: 1.1.0) PSSWCORE (Version: 2.00.5000) Python 2.4.3 (Version: 2.4.3150) Railroad & Co. Version 5.8 RapidShare Manager (Version: 0.1) RAW FILE CONVERTER LE RealPlayer Realtek High Definition Audio Driver (Version: 6.0.1.5548) Roxio Activation Module (Version: 1.0) Roxio Creator Audio (Version: 3.4.0) Roxio Creator Basic v9 (Version: 3.4.0) Roxio Creator Copy (Version: 3.4.0) Roxio Creator Data (Version: 3.4.0) Roxio Creator EasyArchive (Version: 3.4.0) Roxio Creator Tools (Version: 3.4.0) Roxio Express Labeler 3 (Version: 3.2.1) Roxio MyDVD Basic v9 (Version: 9.0.559) RTC Client API v1.2 (Version: 1.2.0000) ScanSoft PaperPort 11 (Version: 11.1.0000) Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0) Steam (Version: 1.0.0.0) Steuer 2007 (Version: 14.00) Steuer 2010 (Version: 17.00.00.0062) Steuer 2011 (Version: 19.00.7304) Steuer 2012 (Version: 20.00.8137) Steuer Hilfesammlung (Version: 14.0.0.0) Steuer Hilfesammlung (Version: 15.0.0.0) Symantec Real Time Storage Protection Component (Version: 10.2.2.6) SymNet (Version: 7.2.1.110) TomTom HOME Visual Studio Merge Modules (Version: 1.0.2) TuneUp Utilities 2012 (Version: 12.0.2160.11) TuneUp Utilities Language Pack (de-DE) (Version: 12.0.2160.11) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Windows Live Anmelde-Assistent (Version: 5.000.818.6) Windows Live Call (Version: 14.0.8117.0416) Windows Live Communications Platform (Version: 14.0.8117.416) Windows Live Essentials (Version: 14.0.8117.0416) Windows Live Essentials (Version: 14.0.8117.416) Windows Live Messenger (Version: 14.0.8117.0416) Windows Live-Uploadtool (Version: 14.0.8014.1029) Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00) (Version: 10/22/2009 2.06.00) WinRAR archiver WinTrack 3D-Modelle (Teil 1-11) WinTrack Demo Version 10.0 3D (Version: 10.0 3D) WinTrack V9.0 3D ==================== Restore Points ========================= 11-07-2013 07:57:17 Geplanter Prüfpunkt 12-07-2013 06:49:31 Windows Update 12-07-2013 07:01:11 Windows Update 13-07-2013 09:45:16 Geplanter Prüfpunkt 14-07-2013 16:26:39 Geplanter Prüfpunkt 15-07-2013 07:06:55 Geplanter Prüfpunkt 15-07-2013 10:26:48 Installiert Steuer 2012 16-07-2013 06:26:15 Windows Update 17-07-2013 21:06:54 Windows Update 18-07-2013 17:13:15 Geplanter Prüfpunkt 19-07-2013 10:53:03 Geplanter Prüfpunkt 19-07-2013 21:38:08 Windows Update 20-07-2013 17:29:59 Geplanter Prüfpunkt 21-07-2013 21:36:45 Geplanter Prüfpunkt 23-07-2013 06:40:31 Windows Update 23-07-2013 19:39:18 Geplanter Prüfpunkt 24-07-2013 08:22:46 Geplanter Prüfpunkt 25-07-2013 19:02:16 Geplanter Prüfpunkt 26-07-2013 05:48:15 Windows Update 27-07-2013 13:29:09 Geplanter Prüfpunkt 28-07-2013 10:50:38 Geplanter Prüfpunkt 30-07-2013 06:02:39 Windows Update 30-07-2013 18:35:57 Geplanter Prüfpunkt 02-08-2013 07:08:27 Windows Update 04-08-2013 19:06:33 Geplanter Prüfpunkt 05-08-2013 18:56:45 Geplanter Prüfpunkt 06-08-2013 07:32:56 Windows Update 09-08-2013 07:21:01 Windows Update 10-08-2013 10:30:50 Geplanter Prüfpunkt 11-08-2013 17:55:53 Geplanter Prüfpunkt 12-08-2013 15:22:11 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2006-11-02 12:23 - 2013-08-17 16:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0C57124A-989C-4DC9-A85A-65E1F56F3C18} - System32\Tasks\HPCeeScheduleForPM => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-07] (Hewlett-Packard) Task: {1519696E-009F-4429-B757-515F06B2BFD9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-18] (Microsoft Corporation) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {27092A8B-44A9-4341-A174-A718C61A8610} - System32\Tasks\Microsoft\Windows\RestartManager\{07D857BA-122E-4753-840D-86CE76F8B495} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {2B0EF2C6-9FCF-4271-BAB0-8815DED0A084} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08] (Hewlett-Packard) Task: {2D1F265C-45DF-49E9-8D44-1D7F579325BF} - \RegCure No Task File Task: {2D36B681-011A-4CC0-B69B-ED36239558F3} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.) Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {423F6588-C47F-45BB-9384-CD945A2FF3F1} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-18] (Microsoft Corp.) Task: {4492F359-46DE-4614-98F9-C047A161D1DD} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => C:\Program Files\Java\jre6\bin\jusched.exe No File Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation) Task: {7AF7316D-F704-4D0A-A2F1-BEDDED2233AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31] (Google Inc.) Task: {8FDF5864-5687-4168-A063-E691EF6D899A} - \RegCure Program Check No Task File Task: {A4D279C6-4536-4634-A75A-AE6C1D0B73DF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-18] (Microsoft Corporation) Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-18] (Microsoft Corporation) Task: {AC24617D-D855-4B90-8F81-DE93EE579ECD} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {ACB04661-E9F4-4E22-B960-F8D250F3E721} - System32\Tasks\Advanced System Protector => C:\Program Files\RegClean Pro\SystweakASP.exe No File Task: {AE373B69-DD63-4339-8C1A-17BF79D592F8} - System32\Tasks\{D49F5661-E562-4E51-A948-1282240E8CE5} => C:\Program Files\Skype\Phone\Skype.exe No File Task: {B2BA7CA1-617D-40CF-AA29-3EA2E51DAD3E} - System32\Tasks\User_Feed_Synchronization-{45D4D7FF-D19B-4345-8B4E-5C1638791C24} => C:\Windows\system32\msfeedssync.exe [2008-01-18] (Microsoft Corporation) Task: {B37B3F24-B563-419A-8A13-E17C7CD85F55} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe No File Task: {C06617F8-3222-43FC-86C5-6C52D0BF0B19} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2011-12-14] (TuneUp Software) Task: {C76BFDFF-B62E-4971-9766-CBFF98283676} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2010-09-15] (Haufe-Lexware GmbH & Co. KG) Task: {CD1C5AE0-35B1-4184-B4CD-A2B2DCE9E8A2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe No File Task: {E4A511C6-E22C-4473-934E-0CCCE5CB31B2} - System32\Tasks\pmrsud => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] () Task: {E5831471-BD3F-4FAF-A99B-52D364254837} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31] (Google Inc.) Task: {F094E537-DCBD-460C-B3E4-A1F98552D349} - System32\Tasks\At1 => C:\Users\PM\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForPM.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{45D4D7FF-D19B-4345-8B4E-5C1638791C24}.job => C:\Windows\system32\msfeedssync.exe ==================== Faulty Device Manager Devices ============= Name: Microsoft-ISATAP-Adapter Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (08/17/2013 07:35:48 PM) (Source: EventSystem) (User: ) Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/17/2013 06:22:51 PM) (Source: EventSystem) (User: ) Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/17/2013 06:02:35 PM) (Source: EventSystem) (User: ) Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/17/2013 04:54:40 PM) (Source: EventSystem) (User: ) Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/17/2013 04:54:03 PM) (Source: EventSystem) (User: ) Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/17/2013 04:51:50 PM) (Source: EventSystem) (User: ) Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/17/2013 05:36:46 PM) (Source: EventSystem) (User: ) Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/17/2013 05:32:14 PM) (Source: EventSystem) (User: ) Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/17/2013 03:21:23 PM) (Source: EventSystem) (User: ) Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/17/2013 10:28:51 AM) (Source: Application Hang) (User: ) Description: Programm explorer.exe, Version 6.0.6001.18164 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: e98 Anfangszeit: 01ce9b238d52d427 Zeitpunkt der Beendigung: 31 System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-17 20:31:46.690 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-17 20:31:46.224 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-17 20:31:45.755 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-17 20:31:45.287 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-17 20:31:44.813 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-17 20:31:44.344 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-17 20:31:43.868 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-17 20:31:43.391 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-17 18:40:41.736 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-17 18:40:41.299 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 41% Total physical RAM: 2045.82 MB Available physical RAM: 1190.89 MB Total Pagefile: 4334.16 MB Available Pagefile: 3310.13 MB Total Virtual: 2047.88 MB Available Virtual: 1915.12 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:457.79 GB) (Free:305.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Recovery) (Fixed) (Total:7.97 GB) (Free:1 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive g: (Transcend) (Removable) (Total:15.1 GB) (Free:14.21 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=458 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=8 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=15 GB) - (Type=0C) ==================== End Of Log ============================ |
|
17.08.2013, 19:59
| #27 |
| /// TB-Ausbilder | entfernen W32 blaster worm Hallo Roland, das sieht jetzt besser aus. Wie läuft der Rechner? Bemerkst du noch Probleme? Dann müssen wir jetzt den Rechner noch absichern, damit sowas nicht wieder passiert...  Hinweis: Kein AntivirenprogrammIch sehe in deinen Logfiles kein laufendes Antivirenprogramm mit Hintergrundwächter. Das ist gefährlich. Auch wenn so ein Wächter niemals alle Bedrohungen abwehren kann, ist er doch ein wichtiger Bestandteil, um den Rechner sauber zu halten. Downloade und installiere bitte ein Antivirenprogramm mit Hintergrundwächter. Hier sind zwei mögliche Vorschläge: Schritt 1 Mache einen Vollscan (über die ganze Festplatte) mit deinem neu installierten Antivirenprogramm. Poste das Logfile, falls es Funde gibt. Schritt 2 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 25.
Überleg dir also, ob du eine Java-Installation wirklich brauchst. Falls du Java weiterhin verwenden möchtest, dann:
Schritt 3 Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Schritt 4 Dein Firefox ist nicht mehr aktuell. Starte deinen Firefox als Administrator, klicke Hilfe --> Über Firefox und führe das angebotene Update durch. Wiederhole diesen Schritt, bis Firefox als aktuell angezeigt wird. Schritt 5 Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:
Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
17.08.2013, 20:05
| #28 |
| | entfernen W32 blaster worm Hallo Leo, danke für die Hinweise, werde diese umsetzen, wird allerdings heute nichts mehr da ich gleich zum Dienst muss. Kann ich den IE verwenden oder sollte es lieber lassen? Gruß Roland |
|
17.08.2013, 20:14
| #29 |
| /// TB-Ausbilder | entfernen W32 blaster worm Oh, beim IE hab ich vergessen, der muss ja auch noch unbedingt erneuert werden! Downloade und installiere den Internet Explorer 9. Der Internet Explorer sollte auch dann aktuell gehalten werden, wenn er nicht zum Surfen verwendet wird. Ich würde nicht im Internet surfen, bis du alle diese Punkte abgearbeitet hast, denn im jetzigen Zustand ist dein Rechner höchst verwundbar!
__________________ cheers, Leo |
|
17.08.2013, 20:22
| #30 |
| | entfernen W32 blaster worm Hallo Leo, danke für die schnelle Rückantwort, wünsche Dir noch einen schönen Abend. Melde mich dann Morgen wieder. Gruß Roland |
|
| Themen zu entfernen W32 blaster worm |
| anwendung, beste, besten, bildschirm, blaster, entferne, entfernen, erscheint, fehlermeldung, folge, folgende, gen, hallo zusammen, infected, laufen, rechner, sofort, streikt, system, version, versuche, w32, worm, zusammen, öffen |
Linear-Darstellung
