| |
| |||||||
Log-Analyse und Auswertung: Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.08.2013, 12:12
| #1 |
 |  Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? Gestern hat NIS über Autoprotect den Trojan.Zeroaccess festgestellt und gemeldet: "Bedrohung wurde beseitigt, kein weiteres Eingreifen notwendig". Trotzdem wurde im Verlauf immer wieder diese Meldung von NIS gemacht. Malwarebytes fand dann ebenfalls Trojan.Zeroaccess und beförderte ihn in Quarantäne: Meine Frage: Ist damit Trojan.Zeroaccess vollständig beseitigt? Gruss Erlu |
|
23.08.2013, 12:26
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? Hallo und
__________________ ZeroAccess ist noch aktiv: Zitat:
 Lesestoff:Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
__________________ |
|
23.08.2013, 14:51
| #3 |
| | Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? Hallo Cosinus,
__________________Zunächst mal Danke für die schnelle Antwort! Ich würde gern die Bereinigung versuchen, Erlu |
|
23.08.2013, 17:11
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.08.2013, 18:05
| #5 |
| | Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt?Code:
ATTFilter ComboFix 13-08-22.01 - Ernst 23.08.2013 18:43:15.1.3 - x86
ausgeführt von:: c:\users\Ernst\Downloads\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Desktop\Install
c:\program files\Google\Desktop\Install\{731d9b7f-a142-5596-5fcd-eb0d050fc854}\9519~1\A535~1\E628~1\{731d9b7f-a142-5596-5fcd-eb0d050fc854}\L\00000004.@
c:\program files\Google\Desktop\Install\{731d9b7f-a142-5596-5fcd-eb0d050fc854}\9519~1\A535~1\E628~1\{731d9b7f-a142-5596-5fcd-eb0d050fc854}\L\76603ac3
c:\users\Ernst\AppData\Local\TempDIR
c:\users\Ernst\AppData\Local\TempDIR\PIP2691_NDV2_.exe
c:\users\Public\AlexaNSISPlugin.6176.dll
C:\VDM2EB5.tmp
C:\VDM2EC5.tmp
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-23 bis 2013-08-23 ))))))))))))))))))))))))))))))
.
.
2013-08-23 16:57 . 2013-08-23 16:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-23 16:57 . 2013-08-23 16:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-23 16:57 . 2013-08-23 16:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-08-23 15:56 . 2013-08-23 16:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-23 10:32 . 2013-08-23 11:10 -------- d-----w- C:\LOGS
2013-08-23 06:00 . 2013-08-23 06:00 -------- d-----w- C:\FRST
2013-08-23 05:46 . 2013-08-23 16:54 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2013-08-23 04:57 . 2013-08-23 04:57 -------- d-----w- c:\users\Ernst\AppData\Roaming\Malwarebytes
2013-08-23 04:56 . 2013-08-23 04:56 -------- d-----w- c:\programdata\Malwarebytes
2013-08-23 04:56 . 2013-08-23 04:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-23 04:56 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-22 17:11 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-08-22 17:10 . 2013-08-23 11:14 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-08-22 13:14 . 2013-08-22 16:15 -------- d-----w- c:\windows\system32\MpEngineStore
2013-08-21 13:46 . 2013-08-21 13:46 -------- d-----w- c:\users\Ernst\AppData\Local\Cool_Mirage
2013-08-21 11:22 . 2013-08-21 11:22 -------- d-----w- c:\programdata\proDAD
2013-08-17 16:08 . 2013-08-17 16:08 -------- d-----w- c:\programdata\4shared Desktop
2013-08-16 21:17 . 2013-08-16 21:17 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-16 19:12 . 2013-08-16 19:12 -------- d-----w- c:\users\Ernst\AppData\Local\FileViewPro
2013-08-16 19:12 . 2013-08-16 19:12 -------- d-----w- c:\users\Ernst\AppData\Roaming\IsolatedStorage
2013-08-16 19:12 . 2013-08-16 19:12 -------- d-----w- c:\programdata\IsolatedStorage
2013-08-16 18:41 . 2013-08-16 21:13 -------- d-----w- c:\users\Ernst\AppData\Roaming\Solvusoft
2013-08-16 18:41 . 2012-10-15 15:02 17840 ----a-w- c:\windows\system32\roboot.exe
2013-08-16 18:41 . 2013-08-16 18:41 -------- d-----w- C:\Spacekace
2013-08-16 05:17 . 2013-08-19 14:58 -------- d-----w- C:\Dänemark2013
2013-08-16 01:06 . 2013-08-16 01:12 -------- d-----w- c:\windows\system32\MRT
2013-08-15 19:22 . 2013-08-16 12:07 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-08-15 18:50 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 18:50 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 18:50 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 18:50 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 18:50 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 18:50 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 18:50 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-15 18:50 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 18:50 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 18:50 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 18:50 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 18:50 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-16 21:17 . 2012-05-06 16:09 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-08-16 21:17 . 2010-05-29 09:38 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-23 13:35 . 2013-06-23 10:03 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-05 03:05 . 2013-07-11 06:08 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-05 01:02 . 2013-06-05 01:02 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-05 01:02 . 2013-06-05 01:02 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-06-05 01:02 . 2013-06-05 01:02 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-06-05 01:02 . 2013-06-05 01:02 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-06-05 01:02 . 2013-06-05 01:02 158720 ----a-w- c:\windows\system32\msls31.dll
2013-06-05 01:02 . 2013-06-05 01:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-06-05 01:02 . 2013-06-05 01:02 138752 ----a-w- c:\windows\system32\wextract.exe
2013-06-05 01:02 . 2013-06-05 01:02 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-05 01:02 . 2013-06-05 01:02 12800 ----a-w- c:\windows\system32\mshta.exe
2013-06-05 01:02 . 2013-06-05 01:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-05 01:02 . 2013-06-05 01:02 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-05 01:02 . 2013-06-05 01:02 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-05 01:02 . 2013-06-05 01:02 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-06-05 01:02 . 2013-06-05 01:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-05 01:02 . 2013-06-05 01:02 361984 ----a-w- c:\windows\system32\html.iec
2013-06-05 01:02 . 2013-06-05 01:02 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-05 01:02 . 2013-06-05 01:02 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 04:53 . 2013-07-11 06:08 509440 ----a-w- c:\windows\system32\qedit.dll
2010-03-31 08:09 . 2013-08-19 16:23 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 10:36 . 2013-08-19 16:23 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6}"= "c:\program files\Soda PDF 5\PDFIEPlugin.dll" [2013-01-25 691040]
.
[HKEY_CLASSES_ROOT\clsid\{f335aba2-fdb4-4644-92b2-5cc4b0fc91d6}]
[HKEY_CLASSES_ROOT\SodaPDF5_IEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{DC275339-6DF9-41FB-AFB8-03BC81FBD9E5}]
[HKEY_CLASSES_ROOT\SodaPDF5_IEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Ernst\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Ernst\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Ernst\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"iCloudServices"="e:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="e:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
"Driver Updater"="c:\program files\Carambis\Driver Updater\dupdater.exe" [2012-12-24 2995896]
"Browser Infrastructure Helper"="c:\users\Ernst\AppData\Local\Smartbar\Application\QuickShare.exe" [2013-06-24 20248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"DVAPTray"="c:\windows\System32\DVAPTray.exe" [2009-10-29 188416]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-11 5145824]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-11-28 1647912]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"eTMonitor"="c:\program files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe" [2008-11-03 221184]
"Essential Fax Print Controller"="c:\program files\EssentialFax\essfaxcontrol.exe" [2009-09-01 94208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 332288]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-03-20 162856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2013-08-19 4329920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2009-11-16 268800]
.
c:\users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ernst\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Monitor.lnk - c:\program files\ArcSoft\MediaConverter 3\Monitor.exe -H [2010-1-16 139264]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
PHOTOfunSTUDIO 6.3 HD Lite Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "c:\program files\Panasonic\PHOTOfunSTUDIO 6.3 HD Lite\PHOTOfunSTUDIO.exe" [2012-6-23 152048]
STK02N 2.4 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2012-10-27 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EssentialPIM"="c:\program files\EssentialPIM\EssentialPIM.exe" /autorun
"LaunchList"=e:\program files\Pinnacle\Studio 11\LaunchList2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"PlantronicsBatteryStatus.exe"=c:\program files\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
"PlantronicsURE.exe"=c:\program files\Plantronics\PlantronicsURE\PlantronicsURE.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 DiskBoss Service;DiskBoss Service;c:\program files\DiskBoss\bin\diskbsa.exe [2012-12-05 102400]
R2 Soda PDF 5 Service;Soda PDF 5 Service;c:\program files\Soda PDF 5\ConversionService.exe [2013-01-25 877920]
R3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [2008-07-29 34472]
R3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\DRIVERS\STK02NW2.sys [2007-03-12 101520]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmhhpau.sys [2010-04-16 32000]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1404000.028\SYMDS.SYS [2013-05-21 367704]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1404000.028\SYMEFA.SYS [2013-05-23 934488]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-02-01 752128]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2013-03-28 22056]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2012-04-30 37856]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2013-03-28 14432]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [2013-05-31 1002072]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [2013-04-16 134744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130822.001\IDSvix86.sys [2013-08-20 392792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [2013-03-05 175264]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [2013-04-25 339544]
S2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2013-08-22 4159464]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-02-01 3246040]
S2 eTSrv;ETOKSRV;c:\program files\Aladdin\eToken\PKIClient\x32\eTSrv.exe [2008-11-03 7168]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe [2013-05-21 144368]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-05-16 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]
S2 Soda PDF 5 Helper Service;Soda PDF 5 Helper Service;c:\program files\Soda PDF 5\HelperService.exe [2013-01-25 1237856]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-14 5120]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2013-08-19 57432]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-02-01 167968]
S3 cleanhlp;cleanhlp;c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys [2013-08-19 50200]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 106656]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - A2ACC
*NewlyCreated* - A2DDA
*NewlyCreated* - A2INJECTIONDRIVER
*NewlyCreated* - A2UTIL
*NewlyCreated* - CLEANHLP
*NewlyCreated* - UFLDAPOG
*Deregistered* - ufldapog
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 11:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=e388ca60-6efc-4089-9a6a-737cb45b235a&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\
FF - ExtSQL: 2013-06-26 19:40; ftd@ftd.com; c:\users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\extensions\ftd@ftd.com.xpi
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 7497516100000000000000241da32dd8
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15902
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.515:33
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119293&tsp=4945
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-10 - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
WebBrowser-{434D452D-5637-006A-76A7-7A786E7484D7} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
AddRemove-iPhoto Plus 4 - c:\windows\unin0407.exe
AddRemove-VDS-Expert QM - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security CBE\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-23 19:01:27
ComboFix-quarantined-files.txt 2013-08-23 17:01
.
Vor Suchlauf: 68 Verzeichnis(se), 19.744.374.784 Bytes frei
Nach Suchlauf: 72 Verzeichnis(se), 19.636.719.616 Bytes frei
.
- - End Of File - - 5855C8540F7B9BB9536B6F7E4B35192F
A36C5E4F47E84449FF07ED3517B43A31
anbei die Combofix.log Erlu |
|
23.08.2013, 18:07
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? |
|
23.08.2013, 19:33
| #7 |
| | Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? Anbei di Logdatei Erlu Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org
Database version: v2013.08.23.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Ernst :: ELINEU [administrator]
23.08.2013 20:11:39
mbar-log-2013-08-23 (20-11-39).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 278168
Time elapsed: 16 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
24.08.2013, 14:44
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.08.2013, 16:41
| #9 |
| | Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? Hallo! Anbei die Logs! [CODE]# AdwCleaner v3.000 - Report created 24/08/2013 at 17:13:00 # Updated 20/08/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits) # Username : Ernst - ELINEU # Running from : C:\Users\Ernst\Downloads\adwcleaner_3.0.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Partner Folder Deleted : C:\ProgramData\APN Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Program Files\SingAlong Folder Deleted : C:\Users\Ernst\AppData\Local\Ilivid Player Folder Deleted : C:\Users\Ernst\AppData\Local\PackageAware Folder Deleted : C:\Users\Ernst\AppData\Local\Smartbar Folder Deleted : C:\Users\Ernst\AppData\Local\Temp\Smartbar Folder Deleted : C:\Users\Ernst\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\Ernst\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Ernst\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Ernst\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Ernst\AppData\LocalLow\searchquband Folder Deleted : C:\Users\Ernst\AppData\LocalLow\searchresultstb Folder Deleted : C:\Users\Ernst\AppData\LocalLow\Smartbar Folder Deleted : C:\Users\Ernst\AppData\LocalLow\SweetIM Folder Deleted : C:\Users\Ernst\AppData\Roaming\Ask.com Folder Deleted : C:\Users\Ernst\AppData\Roaming\Babylon Folder Deleted : C:\Users\Ernst\AppData\Roaming\dvdvideosoftiehelpers Folder Deleted : C:\Users\Ernst\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\Ernst\AppData\Roaming\software4u Folder Deleted : C:\Users\Administrator\AppData\Local\PackageAware Folder Deleted : C:\Users\Administrator\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Administrator\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Dealio Folder Deleted : C:\Users\Administrator\AppData\LocalLow\DVDVideoSoftTB Folder Deleted : C:\Users\Administrator\AppData\LocalLow\dvdvideosofttoolbar Folder Deleted : C:\Users\Administrator\AppData\LocalLow\ilividtoolbarguid Folder Deleted : C:\Users\Administrator\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Search Settings Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Searchqutoolbar Folder Deleted : C:\Users\Administrator\AppData\LocalLow\softonic-de3 Folder Deleted : C:\Users\Administrator\AppData\LocalLow\SweetIM Folder Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\iyg7iybg.default\WinampToolbarData Folder Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\Conduit Folder Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\ConduitCommon Folder Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\ConduitEngine Folder Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\jetpack Folder Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\Smartbar Folder Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\SweetIMToolbarData Folder Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\WinampToolbarData Folder Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\CT2269050 Folder Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\iyg7iybg.default\Extensions\{0B38152B-1B20-484D-A11F-5E04A9B0661F} Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com Folder Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\iyg7iybg.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} Folder Deleted : C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Folder Deleted : C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb File Deleted : C:\Windows\system32\roboot.exe File Deleted : C:\Users\Ernst\AppData\Local\funmoods.crx File Deleted : C:\Users\Ernst\AppData\Local\funmoods-speeddial_sf.crx File Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\iyg7iybg.default\searchplugins\Askcom.xml File Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\Babylon.xml File Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\delta.xml File Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\iyg7iybg.default\searchplugins\funmoods.xml File Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\Web Search.xml File Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\bProtector_extensions.rdf File Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\iyg7iybg.default\user.js File Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\user.js File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\9woxdmhz.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [singalong@xenophesoft.com] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BHO Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealioToolbar-stub-1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealioToolbar-stub-1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Key Deleted : HKCU\Software\5c2d7deb13dea40 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader38341(2)_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader38341(2)_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader38341_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader38341_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_aida32_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_aida32_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_google-drive_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_google-drive_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_virtualdub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_virtualdub_RASMANCS Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Driver Updater] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD8812D4-E5B8-41C6-94D4-59872A484BF1} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\Iminent Key Deleted : HKCU\Software\SmartbarBackup Key Deleted : HKCU\Software\SmartbarLog Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\eRightSoft\OpenCandy Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] -\\ Mozilla Firefox v23.0.1 (de) [ File : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\iyg7iybg.default\prefs.js ] Line Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Line Deleted : user_pref("browser.search.defaultenginename", "Funmoods"); Line Deleted : user_pref("browser.search.defaulturl", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="); Line Deleted : user_pref("browser.search.order.1", "Ask.com"); Line Deleted : user_pref("browser.search.selectedEngine", "Funmoods"); Line Deleted : user_pref("browser.startup.homepage", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0D0AtAtB0D0DzzyDtCyCtCtN0D0Tzu0CtAtCtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=12265637[...] Line Deleted : user_pref("winamp_toolbar.buttons.layout", "skins_btn_wa;plugins_btn_wa;shout_btn_wa;video_btn_wa;aim_go_away_default_btn;wa_aol_bg_5r;"); Line Deleted : user_pref("winamp_toolbar.firsttime.showwindow", false); Line Deleted : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.11.2"); Line Deleted : user_pref("winamp_toolbar.metrics.activestampdate", "16"); Line Deleted : user_pref("winamp_toolbar.metrics.activestampmonth", "0"); Line Deleted : user_pref("winamp_toolbar.metrics.activestampyear", "2010"); Line Deleted : user_pref("winamp_toolbar.metrics.originalDate", "21"); Line Deleted : user_pref("winamp_toolbar.metrics.originalHours", "21"); Line Deleted : user_pref("winamp_toolbar.metrics.originalMinutes", "4"); Line Deleted : user_pref("winamp_toolbar.metrics.originalMonth", "11"); Line Deleted : user_pref("winamp_toolbar.metrics.originalSeconds", "32"); Line Deleted : user_pref("winamp_toolbar.metrics.originalYear", "2009"); Line Deleted : user_pref("winamp_toolbar.search.populateoncomplete", false); Line Deleted : user_pref("winamp_toolbar.search.searchtype", "web"); Line Deleted : user_pref("winamp_toolbar.search.source", "tb50ffwinamp"); Line Deleted : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar"); Line Deleted : user_pref("winamp_toolbar.upgrade.showwindow", false); Line Deleted : user_pref("winamp_toolbar.winamp.appversion", "1"); Line Deleted : user_pref("winamp_toolbar.winamp.artist", ""); Line Deleted : user_pref("winamp_toolbar.winamp.title", "-999999"); Line Deleted : user_pref("winamp_toolbar.winamp.tracklength", "-999999"); Line Deleted : user_pref("winamp_toolbar.winamp.tracktime", "-999999"); Line Deleted : user_pref("winamp_toolbar.winamp.volume", "0"); [ File : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\prefs.js ] Line Deleted : user_pref("CT2269050..clientLogIsEnabled", false); Line Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); Line Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); Line Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Line Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Line Deleted : user_pref("CT2269050.AppTrackingLastCheckTime", "Fri Jul 20 2012 12:54:56 GMT+0200"); Line Deleted : user_pref("CT2269050.alertChannelId", "666138"); Line Deleted : user_pref("CT2269050.approveUntrustedApps", true); Line Deleted : user_pref("CT2269050.autoDisableScopes", -1); Line Deleted : user_pref("CT2269050.backendstorage./9b*68f17dh6fm9;", "6E6D706F7370727670707B7775"); Line Deleted : user_pref("CT2269050.backendstorage./9b*68f17dh6fm<9j;l", "247E2D2F226A747376757976787C7676227D7B27324E4C4A52453821605F40"); Line Deleted : user_pref("CT2269050.backendstorage./9b*68fcf4h><e  :>e", "");Line Deleted : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B445D4B4C504A6259646C7 87A2[...] Line Deleted : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D7 3675[...] Line Deleted : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B6 6705[...] Line Deleted : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262A442B564B4E3B243D2F2D2F2F33433A45373838615D61406A644F38514341424545574E594B4C4C6B6A7071767A2072597 97[...] Line Deleted : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F71717422562276796 64F6[...] Line Deleted : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E7021747 45B2[...] Line Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6D6C706B72717770"); Line Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737372767178777D76242F4B49474F42357D5D5C3D"); Line Deleted : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B6 6732[...] Line Deleted : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D7 4747[...] Line Deleted : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B6049625250545 1675[...] Line Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cj1j8hg@#ncf", "247E61393F236B25727471762A212C6E414F444D327A343D564454534C2F5A4F523F36414E5259452E4D485866654C354E55605D6E625C3A7C774D603B50244F53482627572[...] Line Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cj3f99hndhq&pp", "247E61393F236B25727573732A212C6E414F444D327A343F524545545A50545D325C5C4138432652535C48314A3B3A4D444F5C6067533C5B566674735A435C636C6B7E7A2[...] Line Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cj6c=@mab$nn", "247E61393F236B25736F79712A212C6E414F444D327A34424F494C594D4E305A5A3F364124615651595457514A334C2B2B4F465134717462563F584A495B525D406C6D76624[...] Line Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cj6f7;i<$oighlorf,vv", "247E61393F236B2576777179752B222D6F4250454E337B35435344485649315C565455595C5F53396363483F4A2D6A5F5A625D605A533C553434584F5A3D7A7D6B5[...] Line Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cj6fcaigooma'qq", "247E61393F236B25737070722A212C6E414F444D327A3442524F4D55535B5B594D335D5D423944276459545C575A544D364F2E2E52495461656C5841605B6B79785F4861[...] Line Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cj6fe8:#gmmnf>qkd,wlo", "247E61393F236B257677717A732B222D6F4250454E337B35435352454730545A5A5B534B5E58513964595C49404B2E6B605B635E615B543D56353559505B3E7B7E[...] Line Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cj75j jj", "247E61393F236B257375707A2A212C6E414F444D327A344341562C56563B323D205D524D5550534D462F4827274B424D5A5E65513A595464727158415A616A797E6E7E7A7324732[...] Line Deleted : user_pref("extensions.crossrider.bic", "140a136f26262a2426ac76252e6eb24b"); Line Deleted : user_pref("extensions.delta.admin", false); Line Deleted : user_pref("extensions.delta.aflt", "babsst"); Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Line Deleted : user_pref("extensions.delta.autoRvrt", "false"); Line Deleted : user_pref("extensions.delta.dfltLng", "de"); Line Deleted : user_pref("extensions.delta.excTlbr", false); Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true); Line Deleted : user_pref("extensions.delta.id", "7497516100000000000000241da32dd8"); Line Deleted : user_pref("extensions.delta.instlDay", "15902"); Line Deleted : user_pref("extensions.delta.instlRef", "sst"); Line Deleted : user_pref("extensions.delta.newTab", false); Line Deleted : user_pref("extensions.delta.prdct", "delta"); Line Deleted : user_pref("extensions.delta.prtnrId", "delta"); Line Deleted : user_pref("extensions.delta.rvrt", "false"); Line Deleted : user_pref("extensions.delta.smplGrp", "none"); Line Deleted : user_pref("extensions.delta.tlbrId", "base"); Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", ""); Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5"); Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.515:33:00"); Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5"); Line Deleted : user_pref("extensions.delta_i.babExt", ""); Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119293&tsp=4945"); Line Deleted : user_pref("extensions.delta_i.srcExt", "ss"); Line Deleted : user_pref("extensions.funmoods.aflt", "download"); Line Deleted : user_pref("extensions.funmoods.autoRvrt", false); Line Deleted : user_pref("extensions.funmoods.dfltLng", ""); Line Deleted : user_pref("extensions.funmoods.dfltSrch", true); Line Deleted : user_pref("extensions.funmoods.dnsErr", true); Line Deleted : user_pref("extensions.funmoods.envrmnt", "production"); Line Deleted : user_pref("extensions.funmoods.excTlbr", false); Line Deleted : user_pref("extensions.funmoods.hmpg", true); Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0D0AtAtB0D0DzzyDtCyCtCtN0D0Tzu0CtAtCtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=12265[...] Line Deleted : user_pref("extensions.funmoods.id", "00241DA32DD85161"); Line Deleted : user_pref("extensions.funmoods.instlDay", "15651"); Line Deleted : user_pref("extensions.funmoods.instlRef", "download"); Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true); Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0D0AtAtB0D0DzzyDtCyCtCtN0D0Tzu0CtAtCtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=122[...] Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods"); Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods"); Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search"); Line Deleted : user_pref("extensions.funmoods.tlbrId", "base"); Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0D0AtAtB0D0DzzyDtCyCtCtN0D0Tzu0CtAtCtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1[...] Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Line Deleted : user_pref("extensions.funmoods_i.newTab", true); Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none"); Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:31:51"); Line Deleted : user_pref("extensions.helperbar.BackPageActive", true); Line Deleted : user_pref("extensions.helperbar.Country", "Germany"); Line Deleted : user_pref("extensions.helperbar.DOWNLOADPROVIDER", "QuickOC"); Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false); Line Deleted : user_pref("extensions.helperbar.PUBLISHER", "QuickOC"); Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false); Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Line Deleted : user_pref("extensions.helperbar.Visibility", false); Line Deleted : user_pref("extensions.helperbar.countryiso", "de"); Line Deleted : user_pref("extensions.helperbar.downloadprovider", "quickoc"); Line Deleted : user_pref("extensions.helperbar.installationID", "e388ca60-6efc-4089-9a6a-737cb45b235a"); Line Deleted : user_pref("extensions.helperbar.installationid", "e388ca60-6efc-4089-9a6a-737cb45b235a"); Line Deleted : user_pref("extensions.helperbar.publisher", "quickoc"); [ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\9woxdmhz.default\prefs.js ] Line Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Line Deleted : user_pref("browser.search.order.1", "Ask.com"); Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search"); Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 30); Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "DE"); Line Deleted : user_pref("extensions.BabylonToolbar.firstRun", false); Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "0ABD35DAD4C74570BB3D82B562559E44"); Line Deleted : user_pref("extensions.BabylonToolbar.lastActv", "30"); Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 30); Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=7497516100000000000000241da32dd8&tlver=1.4.19.19&instlRef=sst&affID=17161&q="); Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}\":{\"descriptor\":\"C:\\\\Program Files\\\\ArcSoft\\\\Media Converter for Ph[...] Line Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=7497516100000000000000241da32dd8&tlver=1.4.19.19&instlRef=sst&affID=17161&q="); -\\ Google Chrome v [ File : C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [32734 octets] - [24/08/2013 17:07:04] AdwCleaner[S0].txt - [32723 octets] - [24/08/2013 17:13:00] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [32784 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.3 (08.21.2013:1)
OS: Windows 7 Home Premium x86
Ran by Ernst on 24.08.2013 at 17:18:33,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ftdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ftdownloader_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ftdownloader_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-de3AutoUpdaterHelper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-de3AutoUpdaterHelper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-de3ToolbarHelper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-de3ToolbarHelper_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6C448ADF-FD2B-4B6A-B5E5-DFE81FF31505}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Ernst\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\Ernst\AppData\Roaming\red kawa"
Successfully deleted: [Folder] "C:\Users\Ernst\appdata\local\cool_mirage"
Successfully deleted: [Folder] "C:\Users\Ernst\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files\red kawa"
~~~ FireFox
Successfully deleted: [File] C:\Users\Ernst\AppData\Roaming\mozilla\firefox\profiles\z3lqlojh.default\invalidprefs.js
Emptied folder: C:\Users\Ernst\AppData\Roaming\mozilla\firefox\profiles\z3lqlojh.default\minidumps [142 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.08.2013 at 17:28:21,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2013 02
Ran by Ernst (administrator) on 24-08-2013 17:33:03
Running from C:\Users\Ernst\Downloads
Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [DVAPTray] - C:\Windows\System32\DVAPTray.exe [188416 2009-10-29] (Chicony Electronics Co., Ltd.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5145824 2010-12-11] ()
HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [1647912 2007-11-28] (Nero AG)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [eTMonitor] - C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe [221184 2008-11-03] (Aladdin Knowledge Systems, Ltd.)
HKLM\...\Run: [Essential Fax Print Controller] - C:\Program Files\EssentialFax\essfaxcontrol.exe [94208 2009-09-01] ()
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [CanonQuickMenu] - C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [emsisoft anti-malware] - c:\program files\emsisoft anti-malware\a2guard.exe [4329920 2013-08-19] (Emsisoft GmbH)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKCU\...\Run: [iCloudServices] - E:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - E:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2008-01-24] (Hewlett-Packard Company)
HKU\Administrator\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [x]
HKU\Administrator\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [x]
HKU\Administrator\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [ 2007-06-27] (Nero AG)
HKU\Administrator\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\Administrator\...\Run: [Browser Infrastructure Helper] - C:\Users\Administrator\AppData\Local\Smartbar\Application\Linkury.exe startup [x]
HKU\Administrator\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk
ShortcutTarget: Device Monitor.lnk -> C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.3 HD Lite Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO 6.3 HD Lite Edition.lnk -> C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.4 PNP Monitor.lnk
ShortcutTarget: STK02N 2.4 PNP Monitor.lnk -> C:\Windows\STK02N\STK02NM.exe (Syntek Ltd.)
Startup: C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ernst\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~2\INTERN~1\ARCURL~1.DLL (ArcSoft, Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Soda PDF 5 IE Helper - {C737F472-1193-4281-BF53-A00B67AB3E19} - C:\Program Files\Soda PDF 5\PDFIEHelper.dll (LULU Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Soda PDF 5 IE Toolbar - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - C:\Program Files\Soda PDF 5\PDFIEPlugin.dll (LULU Software)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: msdaipp - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @innoplus.de/ino3DViewer - C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Ernst\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
FF Extension: No Name - C:\Users\Ernst\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Ernst\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: ftd - C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\Extensions\ftd@ftd.com.xpi
FF Extension: No Name - C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF Extension: Internet Video Downloader - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKLM\...\Firefox\Extensions: [FFSodaPDF5Converter@sodapdf.com] C:\Program Files\Soda PDF 5\FFSoda5Ext
FF Extension: Soda PDF 5 Converter For Firefox - C:\Program Files\Soda PDF 5\FFSoda5Ext
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
========================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4159464 2013-08-22] (Emsisoft GmbH)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [764552 2010-12-11] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-02-01] (Acronis)
R2 DiskBoss Service; C:\Program Files\DiskBoss\bin\diskbsa.exe [102400 2012-12-05] ()
R2 eTSrv; C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe [7168 2008-11-03] (Aladdin Knowledge Systems, Ltd.)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 NIS; C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
S2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
R2 Soda PDF 5 Helper Service; C:\Program Files\Soda PDF 5\HelperService.exe [1237856 2013-01-25] (LULU Software)
S2 Soda PDF 5 Service; C:\Program Files\Soda PDF 5\ConversionService.exe [877920 2013-01-25] (LULU Software)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [57432 2013-08-19] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [37856 2012-04-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [14432 2013-03-28] (Emsisoft GmbH)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [48296 2008-07-29] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [34472 2008-07-29] (Aladdin Knowledge Systems, Ltd.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-08-19] (Emsisoft GmbH)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 DCamUSBSTK02N; C:\Windows\System32\DRIVERS\STK02NW2.sys [101520 2007-03-12] (Syntek Ltd.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-08-21] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-03-24] ()
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-18] (Symantec Corporation)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-03-24] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2010-07-12] (FTDI Ltd.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130822.001\IDSvix86.sys [392792 2013-08-20] (Symantec Corporation)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130823.003\NAVENG.SYS [93272 2013-08-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130823.003\NAVEX15.SYS [1611992 2013-08-20] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2011-03-14] (Samsung Electronics)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [27648 2010-04-29] (Acronis)
S3 ZMHHPAudioSrv; C:\Windows\System32\drivers\zmhhpau.sys [32000 2010-04-16] (ZOOM)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [110592 2009-04-09] (ZTE Corporation)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105344 2009-04-09] (ZTE Incorporated)
S3 catchme; \??\C:\Users\Ernst\AppData\Local\Temp\catchme.sys [x]
S3 taphss6; system32\DRIVERS\taphss6.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-24 17:18 - 2013-08-24 17:18 - 00000000 ____D C:\Windows\ERUNT
2013-08-24 17:18 - 2013-08-24 17:09 - 01021455 _____ (Thisisu) C:\Users\Ernst\Downloads\JRT_5.5.3.exe
2013-08-24 17:07 - 2013-08-24 17:13 - 00000000 ____D C:\AdwCleaner
2013-08-24 17:06 - 2013-08-24 17:04 - 00975858 _____ C:\Users\Ernst\Downloads\adwcleaner_3.0.exe
2013-08-24 15:54 - 2013-08-24 11:50 - 380633088 _____ C:\Users\Ernst\Downloads\pmagic_2013_08_09_UNSTABLE.iso
2013-08-24 15:37 - 2013-08-24 15:37 - 00000244 _____ C:\Users\Ernst\Downloads\defogger_enable.log
2013-08-23 20:56 - 2013-08-22 18:45 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\Ernst\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-23 19:43 - 2013-08-23 19:43 - 00000000 ____D C:\Users\Ernst\Downloads\mbar-1.06.1.1005
2013-08-23 19:16 - 2013-08-24 17:14 - 00000616 _____ C:\Windows\setupact.log
2013-08-23 19:16 - 2013-08-23 21:02 - 00006270 _____ C:\Windows\PFRO.log
2013-08-23 19:16 - 2013-08-23 19:16 - 00000000 _____ C:\Windows\setuperr.log
2013-08-23 19:01 - 2013-08-23 19:01 - 00021890 _____ C:\ComboFix.txt
2013-08-23 18:23 - 2013-08-24 15:39 - 00000000 ____D C:\Windows\erdnt
2013-08-23 17:56 - 2013-08-23 21:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-23 17:54 - 2013-08-23 21:33 - 00000000 ____D C:\Users\Ernst\Desktop\mbar
2013-08-23 17:54 - 2013-08-23 17:25 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Ernst\Downloads\mbar-1.06.1.1005.exe
2013-08-23 12:42 - 2013-08-23 12:42 - 00001435 _____ C:\Users\Ernst\Documents\behobenesicherheitsrisikenNIS.txt
2013-08-23 12:28 - 2013-08-23 12:28 - 00041861 _____ C:\Users\Ernst\Desktop\GMERScanLog.log
2013-08-23 08:15 - 2013-08-23 08:15 - 00000000 ____D C:\Users\Ernst\Downloads\gmer
2013-08-23 08:02 - 2013-08-23 08:02 - 00023626 _____ C:\Users\Ernst\Downloads\Addition.txt
2013-08-23 08:00 - 2013-08-23 08:00 - 00000000 ____D C:\FRST
2013-08-23 07:59 - 2013-08-23 07:59 - 00000472 _____ C:\Users\Ernst\Downloads\defogger_disable.log
2013-08-23 07:46 - 2013-08-24 17:15 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2013-08-23 07:46 - 2013-08-23 07:46 - 00001057 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-08-23 07:46 - 2013-08-23 07:46 - 00000000 ____D C:\Users\Ernst\Documents\Anti-Malware
2013-08-23 06:57 - 2013-08-23 06:57 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\Malwarebytes
2013-08-23 06:56 - 2013-08-23 06:56 - 00001075 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-23 06:56 - 2013-08-23 06:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-23 06:56 - 2013-08-23 06:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-23 06:56 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-22 21:50 - 2013-08-22 21:31 - 01070315 _____ (Farbar) C:\Users\Ernst\Downloads\FRST.exe
2013-08-22 21:50 - 2013-08-22 21:29 - 00050477 _____ C:\Users\Ernst\Downloads\Defogger.exe
2013-08-22 21:49 - 2013-08-22 21:32 - 00368554 _____ C:\Users\Ernst\Downloads\gmer.zip
2013-08-22 20:17 - 2013-08-22 20:10 - 00602112 _____ (OldTimer Tools) C:\Users\Ernst\Downloads\OTL.exe
2013-08-22 20:17 - 2013-08-22 20:00 - 23611105 _____ C:\Users\Ernst\Downloads\paipw.exe
2013-08-22 19:44 - 2013-08-22 19:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ernst\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-22 19:44 - 2013-08-22 19:34 - 195394688 _____ (Emsisoft GmbH ) C:\Users\Ernst\Downloads\EmsisoftAntiMalwareSetup.exe
2013-08-22 19:10 - 2013-08-23 21:02 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-08-22 18:05 - 2013-08-24 17:18 - 00243520 _____ C:\Windows\WindowsUpdate.log
2013-08-22 15:14 - 2013-08-22 18:15 - 00000000 ____D C:\Windows\system32\MpEngineStore
2013-08-22 15:00 - 2013-08-22 14:51 - 86470416 _____ (Microsoft Corporation) C:\Users\Ernst\Downloads\msert.exe
2013-08-21 15:45 - 2013-08-21 15:49 - 00001053 _____ C:\Users\Ernst\Desktop\FTDownloader.lnk
2013-08-21 15:35 - 2013-08-21 15:35 - 00013171 _____ C:\Users\Ernst\ProDAD+Heroglyph+v2.6.32.1+And+Creative+Pack+1.2+3.4
2013-08-21 13:25 - 2013-08-21 13:25 - 00001386 _____ C:\Users\Public\Desktop\Heroglyph + Studio.lnk
2013-08-21 13:25 - 2013-08-21 13:25 - 00001102 _____ C:\Users\Public\Desktop\Heroglyph Video-Workshops.lnk
2013-08-21 13:22 - 2013-08-21 13:22 - 00000000 ____D C:\ProgramData\proDAD
2013-08-19 18:23 - 2013-08-19 18:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-17 11:18 - 2013-08-17 11:20 - 148050925 _____ C:\Users\Ernst\Downloads\Med7v793(1).exe
2013-08-16 23:17 - 2013-08-16 23:17 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-16 23:17 - 2013-08-16 23:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-16 23:17 - 2013-08-16 23:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-16 23:17 - 2013-08-16 23:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-16 21:24 - 2013-08-16 21:24 - 03843072 _____ (Piriform Ltd) C:\Users\Ernst\Downloads\rcsetup148.exe
2013-08-16 21:12 - 2013-08-16 21:12 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\IsolatedStorage
2013-08-16 21:12 - 2013-08-16 21:12 - 00000000 ____D C:\Users\Ernst\AppData\Local\FileViewPro
2013-08-16 21:12 - 2013-08-16 21:12 - 00000000 ____D C:\ProgramData\IsolatedStorage
2013-08-16 20:42 - 2013-08-16 20:42 - 02388400 _____ C:\Users\Ernst\Downloads\FileViewPro_2013(1).exe
2013-08-16 20:41 - 2013-08-16 23:13 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\Solvusoft
2013-08-16 20:41 - 2013-08-16 20:41 - 00000000 ____D C:\Spacekace
2013-08-16 20:40 - 2013-08-16 20:40 - 02388400 _____ C:\Users\Ernst\Downloads\FileViewPro_2013.exe
2013-08-16 07:25 - 2013-08-21 13:40 - 00000000 ____D C:\Dänemark2013Bilder
2013-08-16 07:17 - 2013-08-19 16:58 - 00000000 ____D C:\Dänemark2013
2013-08-16 03:06 - 2013-08-16 03:12 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 03:01 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 03:01 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 03:01 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 03:01 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 03:01 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 03:01 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 03:01 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 03:01 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 03:01 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 03:01 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 03:01 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 03:01 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 03:01 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 03:01 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 03:01 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 03:01 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 21:22 - 2013-08-16 14:07 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-15 20:50 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 20:50 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 20:50 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-15 20:50 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 20:50 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 20:50 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 20:50 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 20:50 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 20:50 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 20:50 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 20:50 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 20:50 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
2013-08-24 17:28 - 2013-08-24 17:28 - 00003763 _____ C:\Users\Ernst\Desktop\JRT.txt
2013-08-24 17:22 - 2009-07-14 06:34 - 00014928 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-24 17:22 - 2009-07-14 06:34 - 00014928 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-24 17:18 - 2013-08-24 17:18 - 00000000 ____D C:\Windows\ERUNT
2013-08-24 17:18 - 2013-08-22 18:05 - 00243520 _____ C:\Windows\WindowsUpdate.log
2013-08-24 17:15 - 2013-08-23 07:46 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2013-08-24 17:15 - 2013-01-27 20:11 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\Dropbox
2013-08-24 17:15 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-24 17:14 - 2013-08-23 19:16 - 00000616 _____ C:\Windows\setupact.log
2013-08-24 17:13 - 2013-08-24 17:07 - 00000000 ____D C:\AdwCleaner
2013-08-24 17:09 - 2013-08-24 17:18 - 01021455 _____ (Thisisu) C:\Users\Ernst\Downloads\JRT_5.5.3.exe
2013-08-24 17:04 - 2013-08-24 17:06 - 00975858 _____ C:\Users\Ernst\Downloads\adwcleaner_3.0.exe
2013-08-24 16:56 - 2013-01-27 20:15 - 00000000 ___RD C:\Users\Ernst\Dropbox
2013-08-24 15:39 - 2013-08-23 18:23 - 00000000 ____D C:\Windows\erdnt
2013-08-24 15:37 - 2013-08-24 15:37 - 00000244 _____ C:\Users\Ernst\Downloads\defogger_enable.log
2013-08-24 15:37 - 2010-01-16 14:40 - 00000000 ____D C:\Users\Ernst
2013-08-24 12:59 - 2011-12-07 16:35 - 00000811 _____ C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Zertifikatsmanager.lnk
2013-08-24 12:59 - 2010-05-05 18:41 - 00000787 _____ C:\Users\Ernst\Desktop\Zertifikatsmanager.lnk
2013-08-24 11:50 - 2013-08-24 15:54 - 380633088 _____ C:\Users\Ernst\Downloads\pmagic_2013_08_09_UNSTABLE.iso
2013-08-24 10:53 - 2010-02-07 11:43 - 00000000 ____D C:\med7net
2013-08-24 10:14 - 2010-02-07 11:42 - 00000000 ____D C:\Med7
2013-08-23 21:33 - 2013-08-23 17:56 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-23 21:33 - 2013-08-23 17:54 - 00000000 ____D C:\Users\Ernst\Desktop\mbar
2013-08-23 21:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-23 21:02 - 2013-08-23 19:16 - 00006270 _____ C:\Windows\PFRO.log
2013-08-23 21:02 - 2013-08-22 19:10 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-08-23 21:01 - 2012-01-22 19:05 - 00004469 _____ C:\Windows\wininit.ini
2013-08-23 19:43 - 2013-08-23 19:43 - 00000000 ____D C:\Users\Ernst\Downloads\mbar-1.06.1.1005
2013-08-23 19:16 - 2013-08-23 19:16 - 00000000 _____ C:\Windows\setuperr.log
2013-08-23 19:12 - 2010-01-16 14:43 - 01590370 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-23 19:01 - 2013-08-23 19:01 - 00021890 _____ C:\ComboFix.txt
2013-08-23 19:01 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-08-23 19:01 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-08-23 18:58 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-08-23 18:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-08-23 18:36 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-23 17:25 - 2013-08-23 17:54 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Ernst\Downloads\mbar-1.06.1.1005.exe
2013-08-23 12:42 - 2013-08-23 12:42 - 00001435 _____ C:\Users\Ernst\Documents\behobenesicherheitsrisikenNIS.txt
2013-08-23 12:28 - 2013-08-23 12:28 - 00041861 _____ C:\Users\Ernst\Desktop\GMERScanLog.log
2013-08-23 08:15 - 2013-08-23 08:15 - 00000000 ____D C:\Users\Ernst\Downloads\gmer
2013-08-23 08:02 - 2013-08-23 08:02 - 00023626 _____ C:\Users\Ernst\Downloads\Addition.txt
2013-08-23 08:00 - 2013-08-23 08:00 - 00000000 ____D C:\FRST
2013-08-23 07:59 - 2013-08-23 07:59 - 00000472 _____ C:\Users\Ernst\Downloads\defogger_disable.log
2013-08-23 07:46 - 2013-08-23 07:46 - 00001057 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-08-23 07:46 - 2013-08-23 07:46 - 00000000 ____D C:\Users\Ernst\Documents\Anti-Malware
2013-08-23 07:34 - 2012-10-27 12:55 - 00000000 ____D C:\Windows\STK02N
2013-08-23 06:57 - 2013-08-23 06:57 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\Malwarebytes
2013-08-23 06:56 - 2013-08-23 06:56 - 00001075 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-23 06:56 - 2013-08-23 06:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-23 06:56 - 2013-08-23 06:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-22 21:54 - 2013-07-04 14:40 - 00000000 ____D C:\Users\Ernst\AppData\Local\CrashDumps
2013-08-22 21:32 - 2013-08-22 21:49 - 00368554 _____ C:\Users\Ernst\Downloads\gmer.zip
2013-08-22 21:31 - 2013-08-22 21:50 - 01070315 _____ (Farbar) C:\Users\Ernst\Downloads\FRST.exe
2013-08-22 21:29 - 2013-08-22 21:50 - 00050477 _____ C:\Users\Ernst\Downloads\Defogger.exe
2013-08-22 20:17 - 2012-11-19 19:31 - 00000701 _____ C:\Users\UpdatusUser\Desktop\PAIP.LNK
2013-08-22 20:17 - 2011-06-20 14:26 - 00000701 _____ C:\Users\Administrator\Desktop\PAIP.LNK
2013-08-22 20:17 - 2010-01-19 22:11 - 00000701 _____ C:\Users\Ernst\Desktop\PAIP.LNK
2013-08-22 20:17 - 2010-01-19 22:11 - 00000016 _____ C:\Windows\HPAIPWUE.INI
2013-08-22 20:10 - 2013-08-22 20:17 - 00602112 _____ (OldTimer Tools) C:\Users\Ernst\Downloads\OTL.exe
2013-08-22 20:00 - 2013-08-22 20:17 - 23611105 _____ C:\Users\Ernst\Downloads\paipw.exe
2013-08-22 19:41 - 2013-08-22 19:44 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ernst\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-22 19:34 - 2013-08-22 19:44 - 195394688 _____ (Emsisoft GmbH ) C:\Users\Ernst\Downloads\EmsisoftAntiMalwareSetup.exe
2013-08-22 19:14 - 2012-01-22 18:10 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-22 18:45 - 2013-08-23 20:56 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\Ernst\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-22 18:15 - 2013-08-22 15:14 - 00000000 ____D C:\Windows\system32\MpEngineStore
2013-08-22 14:51 - 2013-08-22 15:00 - 86470416 _____ (Microsoft Corporation) C:\Users\Ernst\Downloads\msert.exe
2013-08-22 14:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-08-22 07:04 - 2012-05-06 18:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-21 19:52 - 2011-01-08 10:44 - 00000000 ____D C:\Users\Ernst\AppData\Local\Google
2013-08-21 19:52 - 2011-01-08 10:44 - 00000000 ____D C:\Program Files\Google
2013-08-21 18:48 - 2010-02-09 14:39 - 00000024 _____ C:\ProgramData\__FileUploader.log
2013-08-21 18:42 - 2010-01-16 14:40 - 00000000 ____D C:\Users\Ernst\AppData\Local\VirtualStore
2013-08-21 18:39 - 2010-01-17 15:09 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2013-08-21 15:49 - 2013-08-21 15:45 - 00001053 _____ C:\Users\Ernst\Desktop\FTDownloader.lnk
2013-08-21 15:35 - 2013-08-21 15:35 - 00013171 _____ C:\Users\Ernst\ProDAD+Heroglyph+v2.6.32.1+And+Creative+Pack+1.2+3.4
2013-08-21 13:40 - 2013-08-16 07:25 - 00000000 ____D C:\Dänemark2013Bilder
2013-08-21 13:25 - 2013-08-21 13:25 - 00001386 _____ C:\Users\Public\Desktop\Heroglyph + Studio.lnk
2013-08-21 13:25 - 2013-08-21 13:25 - 00001102 _____ C:\Users\Public\Desktop\Heroglyph Video-Workshops.lnk
2013-08-21 13:22 - 2013-08-21 13:22 - 00000000 ____D C:\ProgramData\proDAD
2013-08-19 18:23 - 2013-08-19 18:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-19 16:58 - 2013-08-16 07:17 - 00000000 ____D C:\Dänemark2013
2013-08-18 22:51 - 2013-07-14 08:09 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-08-18 22:42 - 2011-02-27 18:34 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-18 12:07 - 2010-01-17 16:23 - 00020992 _____ C:\Users\Ernst\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-17 11:21 - 2010-02-07 11:40 - 00000000 ____D C:\Windows\Downloaded Installations
2013-08-17 11:20 - 2013-08-17 11:18 - 148050925 _____ C:\Users\Ernst\Downloads\Med7v793(1).exe
2013-08-16 23:17 - 2013-08-16 23:17 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-16 23:17 - 2013-08-16 23:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-16 23:17 - 2013-08-16 23:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-16 23:17 - 2013-08-16 23:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-16 23:17 - 2012-05-06 18:09 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-08-16 23:17 - 2010-05-29 11:38 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-16 23:13 - 2013-08-16 20:41 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\Solvusoft
2013-08-16 21:26 - 2012-12-29 20:14 - 00001803 _____ C:\Users\Public\Desktop\Recuva.lnk
2013-08-16 21:26 - 2012-12-29 20:14 - 00000000 ____D C:\Program Files\Recuva
2013-08-16 21:24 - 2013-08-16 21:24 - 03843072 _____ (Piriform Ltd) C:\Users\Ernst\Downloads\rcsetup148.exe
2013-08-16 21:12 - 2013-08-16 21:12 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\IsolatedStorage
2013-08-16 21:12 - 2013-08-16 21:12 - 00000000 ____D C:\Users\Ernst\AppData\Local\FileViewPro
2013-08-16 21:12 - 2013-08-16 21:12 - 00000000 ____D C:\ProgramData\IsolatedStorage
2013-08-16 20:42 - 2013-08-16 20:42 - 02388400 _____ C:\Users\Ernst\Downloads\FileViewPro_2013(1).exe
2013-08-16 20:41 - 2013-08-16 20:41 - 00000000 ____D C:\Spacekace
2013-08-16 20:40 - 2013-08-16 20:40 - 02388400 _____ C:\Users\Ernst\Downloads\FileViewPro_2013.exe
2013-08-16 20:26 - 2013-01-27 13:35 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\NVIDIA
2013-08-16 19:18 - 2013-01-27 19:04 - 00000000 ___RD C:\Users\Ernst\Google Drive
2013-08-16 17:40 - 2010-01-17 15:17 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2013-08-16 14:07 - 2013-08-15 21:22 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-16 04:11 - 2010-09-30 21:16 - 00000000 ____D C:\Windows\rescache
2013-08-16 03:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-16 03:12 - 2013-08-16 03:06 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 03:06 - 2010-12-08 23:11 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 20:37 - 2013-03-26 14:45 - 00002174 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-26 05:13 - 2013-08-16 03:01 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 05:13 - 2013-08-16 03:01 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 05:13 - 2013-08-16 03:01 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 05:12 - 2013-08-16 03:01 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 05:12 - 2013-08-16 03:01 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 05:12 - 2013-08-16 03:01 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 05:12 - 2013-08-16 03:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 05:12 - 2013-08-16 03:01 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 05:12 - 2013-08-16 03:01 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 05:12 - 2013-08-16 03:01 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 05:12 - 2013-08-16 03:01 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 05:12 - 2013-08-16 03:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:11 - 2013-08-16 03:01 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 05:11 - 2013-08-16 03:01 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 04:49 - 2013-08-16 03:01 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 03:59 - 2013-08-16 03:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 10:57 - 2013-08-15 20:50 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-22 07:58
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-08-2013 02 Ran by Ernst at 2013-08-23 08:02:27 Running from C:\Users\Ernst\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 3D-Viewer-innoplus (Version: 14.00.70) 7-PDF Maker Version 1.4.1 (Build 128) (Version: 7-PDF Maker - Version 1.4.1 (Build 128)) 7-Zip 9.20 AceBackup 3 (Version: 3.0.0) Acronis*True*Image*Home (Version: 13.0.7154) Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7) Adobe Shockwave Player 11.6 (Version: 11.6.3.633) AmazingMIDI Apple Application Support (Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) ArcSoft MediaConverter 3 (Version: 3.1.8.81) ArcSoft MediaImpression 2 (Version: 2.0.53.510) Audacity 2.0 AudibleManager (Version: 2000640624.48.56.11209962) Aura Video to Audio Converter 1.2.5 Aura4You Software Manager 1.0.2 AutoHotkey 1.0.48.05 (Version: 1.0.48.05) AviSynth 2.5 Biet-O-Matic v2.14.8 (Version: 2.14.8) Bonjour (Version: 3.0.0.10) Canon Easy-WebPrint EX Canon IJ Network Tool (Version: 3.1.0) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (Version: 4.0.0) Canon iP7200 series Benutzerregistrierung Canon iP7200 series Printer Driver Canon My Image Garden (Version: 1.0.0) Canon My Image Garden Design Files (Version: 1.0.0) Canon My Printer (Version: 3.0.0) Canon Quick Menu (Version: 2.0.0) Canon ScanGear Starter CanoScan Toolbox Ver4.9 Carambis Driver Updater (Version: 2.0.0.6002) CardRecovery 6.00 CCleaner (Version: 2.31) CDBurnerXP (Version: 4.3.2.2212) CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009) CD-LabelPrint Common Desktop Agent (Version: 1.53.0) Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000) CyberLink PhotoDirector 3 (Version: 3.0.3618) D3DX10 (Version: 15.4.2368.0902) dBpoweramp Music Converter (Version: Release 14.3) DHTML Editing Component (Version: 6.02.0001) Digital Video Converter v1.19.0.56 DiskAid 5.43 (Version: 5.43) DiskBoss 3.1.12 (Version: 3.1.12) Driver Whiz (Version: 8.0.1) Dropbox (HKCU Version: 2.0.22) DVAPTray (Version: 1.0.0.3) EASEUS Partition Master 8.0.1 Home Edition eHealth500 Terminal (Version: 1.07) Emsisoft Anti-Malware (Version: 8.0) EssentialFax (Version: 4.0) EssentialPIM (Version: 3.74) eToken PKI Client 5.0 SP1 (Version: 5.00.0.65) FileRestorePlus™ 3.0.3.521 Fotogalerie (Version: 16.4.3505.0912) Foxit Reader (Version: 3.3.1.518) Free Audio CD to MP3 Converter version 1.3.12.1228 (Version: 1.3.12.1228) Free MP4 Video Converter version 5.0.21.1212 (Version: 5.0.21.1212) Free PDF to Word Doc Converter v1.1 (Version: 1.1) Free Studio version 2013 (Version: 6.1.1.430) Free Video Flip and Rotate version 2.1.5.1212 (Version: 2.1.5.1212) Freemake Video Converter Version 3.1.2 (Version: 3.1.2) FreePDF (Remove only) GoGear ARIA Device Manager (Version: 01.05) GPL Ghostscript 8.56 GPL Ghostscript 9.00 GPL Ghostscript Fonts Haali Media Splitter HandBrake 0.9.8 (Version: 0.9.8) H-Series_ASIO32 (Version: 1.1.0) iCloud (Version: 2.1.2.8) ImgBurn (Version: 2.5.1.0) iPhoto Plus 4 IrfanView (remove only) (Version: 4.35) iTunes (Version: 11.0.4.4) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) KaraFun Player (Version: 1.20.84.761) Karaoke 5 ver. 39.20 (Version: 39.20) KeyView for Lotus 97 K-Lite Codec Pack 5.2.0 (Full) (Version: 5.2.0) LAME v3.99.3 (for Windows) LightScribe System Software 1.12.29.2 (Version: 1.12.29.2) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Med7 (Version: 7.76.0003) Med7 (Version: 7.76.0012) Med7 (Version: 7.76.0038) Med7 (Version: 7.77.0004) Med7 (Version: 7.77.0010) Med7 (Version: 7.77.0026) Med7 (Version: 7.77.0032) Med7 (Version: 7.80.0005) Med7 (Version: 7.80.0010) Med7 (Version: 7.82.0011) Med7 (Version: 7.82.0019) Med7 (Version: 7.82.0020) Med7 (Version: 7.82.0021) Med7 (Version: 7.84.0002) Med7 (Version: 7.84.0003) Med7 (Version: 7.84.0010) Med7 (Version: 7.84.0014) Med7 (Version: 7.84.0017) Med7 (Version: 7.85.0014) Med7 (Version: 7.86.0011) Med7 (Version: 7.86.0012) Med7 (Version: 7.86.0019) Med7 (Version: 7.86.0021) Med7 (Version: 7.86.0023) Med7 (Version: 7.87.0005) Med7 (Version: 7.87.0012) Med7 (Version: 7.87.0015) Med7 (Version: 7.90.0004) Med7 (Version: 7.90.0036) Med7 (Version: 7.90.0037) Med7 (Version: 7.90.0047) Med7 (Version: 7.92.0009) Med7 (Version: 7.92.0017) Med7 (Version: 7.92.0018) Med7 (Version: 7.93.0008) Med7 (Version: 7.93.0022) Media Converter for Philips (Version: 2.5.2.232) Medion GoPal Assistant 4.03.006 (Version: 4.3.6.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office XP Professional mit FrontPage (Version: 10.0.6626.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0) Microsoft Sync Framework Runtime v1.0 (x86) (Version: 1.0.1215.0) Microsoft Sync Framework Services v1.0 (x86) (Version: 1.0.1215.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual J# 2.0 Redistributable Package - SE Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728) Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0) MIDI4all (Version: MIDI4all 1.5) MMI PHARMINDEX MobileMe Control Panel (Version: 3.1.8.0) Movie Maker (Version: 16.4.3505.0912) Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1) Mozilla Maintenance Service (Version: 23.0.1) Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8) MSVCRT (Version: 15.4.2862.0708) MSVCRT110 (Version: 16.4.1108.0727) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MyVoice Nero 7 Essentials (Version: 7.03.0976) neroxml (Version: 1.0.0) Neuratron AudioScore Lite (Version: 6.5.0) Neuratron PhotoScore Lite (Version: 6.0.0) nito Installer (Version: 01.00.00.00) nLite 1.4.9.1 (Version: 1.4.9.1) Norton Internet Security CBE (Version: 20.4.0.40) NVIDIA Install Application (Version: 2.1002.108.688) NVIDIA PhysX (Version: 9.09.0428) NVIDIA Systemsteuerung 311.06 (Version: 311.06) NVIDIA Update 1.10.8 (Version: 1.10.8) NVIDIA Update Components (Version: 1.10.8) Paint.NET v3.5.10 (Version: 3.60.0) PDF24 Creator 5.4.0 Photo Gallery (Version: 16.4.3505.0912) PHOTOfunSTUDIO 6.3 HD Lite Edition (Version: 6.03.414) Pinnacle VideoSpin (Version: 2.0.0.669) Pixum Fotobuch Plantronics Software (Version: 2.2.41656.0) proDAD Heroglyph 2.5 QuickShare (Version: 1.46.60.10997) QuickTime (Version: 7.74.80.86) Recuva (Version: 1.48) RedMon - Redirection Port Monitor Safari (Version: 5.34.51.22) Samsung Easy Printer Manager (Version: 1.02.06.07) Samsung Easy Wireless Setup (Version: 3.60.05) Samsung Master (Version: 1.0.43) Samsung ML-2160 Series (Version: 1.07 (08.05.2012)) Samsung Printer Live Update (Version: 1.01.00.04) Samsung USB Driver (Version: 1.0) Sibelius 6 First Sibelius Scorch (all browsers) (Version: 6.2.0) Sibelius Scorch (Firefox, Opera, Netscape only) (Version: 6.2.0) Sing Along SmartCutter Ps/Ts 20091004 Soda PDF 5 (Version: 5.0.131.9113) Songbird 1.9.1 (Build 1920) Spybot - Search & Destroy (Version: 2.1.21) STK02N 2.4 (Version: 2.4) StreamTransport version: 1.0.2.2171 Studio 11 (Version: 11.0) Studio 11 (Version: 11.0.0.0) sv.net (Version: 12.0) SweetIM for Messenger 3.3 (Version: 3.3.0007) swMSM (Version: 12.0.0.1) Synchredible v3.1 SyncToy 2.0 (x86) (Version: 2.0.100.0) TeamViewer 7 (Version: 7.0.13989) Telekom Fotoservice T-Online 6.0 T-Online WLAN-Access Finder TriKaraoke Free Player 1.0 and Manager 1.0 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) v2011.build.46 (Version: v2011.build.46) vanBasco's Karaoke Player VDS-Expert QM Videora iPad Converter 6 (Version: 6) VLC media player 1.1.7 (Version: 1.1.7) Windows 7 Codec Pack 2.7.0 Windows 7 USB/DVD Download Tool (Version: 1.0.30) Windows Live Communications Platform (Version: 16.4.3505.0912) Windows Live Essentials (Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (Version: 16.4.3505.0912) Windows Live Photo Common (Version: 16.4.3505.0912) Windows Live PIMT Platform (Version: 16.4.3505.0912) Windows Live SOXE (Version: 16.4.3505.0912) Windows Live SOXE Definitions (Version: 16.4.3505.0912) Windows Live Sync (Version: 14.0.8089.726) Windows Live UX Platform (Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (Version: 16.4.3505.0912) Windows Mobile-Gerätecenter (Version: 6.1.6965.0) WinRAR WinX Free MP4 to WMV Converter 4.1.3 WireNote (remove only) Wise Registry Cleaner Free 5.04 XBMC XMedia Recode 2.1.8.4 (Version: 2.1.8.4) Yahoo! Desktop Login (Version: 1.00.0001) YouTube Downloader App 3.00 (Version: 3.00) ==================== Restore Points ========================= Could not list Restore Points. ==================== Hosts content: ========================== 2009-07-14 04:04 - 2013-01-30 18:14 - 00444791 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {39144606-BA14-4EA4-8B0D-D5DE5D07F99B} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: {4CACA859-6530-4A7D-95CF-2FF34112CD7B} - System32\Tasks\{C4550220-FBAF-421B-BC1A-384FD99EA6E4} => C:\Program Files\IPE\MyVoice\MyVoice.exe [2010-03-14] (Copyright© 2002-2003 International Print Edition M.Vachal) Task: {4DE9049B-CD3F-4278-8B5A-AF41B01A9AD4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {4E055AA0-DEEA-4AFE-A487-95B0E8C6E51F} - System32\Tasks\{64050138-96A0-474F-A193-14A5ADB14566} => C:\Program Files\Mozilla Firefox\firefox.exe [2013-08-19] (Mozilla Corporation) Task: {4F1BB354-EF3A-4306-8945-692910DAD559} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {50DDD3A0-ED96-4A68-ACCE-D8D73F384CB3} - System32\Tasks\{5EF930E6-E5DC-45BC-8529-00E0E2333E37} => C:\Program Files\IPE\MyVoice\MyVoice.exe [2010-03-14] (Copyright© 2002-2003 International Print Edition M.Vachal) Task: {6BAD88F1-3854-4116-9A93-B5784EEE31DD} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {836F1538-A42D-4A14-9321-98ED694C176F} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe No File Task: {8A3AEB44-3CDB-4FDD-918C-1EC5F4741980} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {A7073F9C-D60D-4219-B5E6-45C72BAB5D0F} - System32\Tasks\Synchredible-Ernst => C:\Program Files\ASCOMP Software\Synchredible\synchredible.exe [2011-02-04] (ASCOMP Software GmbH) Task: {A944BEAA-7485-422A-9F61-1D000D78B489} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.) Task: {BB1527C5-0C88-4DE1-994A-AEEBCF20180B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {BF4BCFB1-29D3-4044-868A-4B1FB5374CEE} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation) Task: {D1584C87-54A2-4BA5-9374-8D3DC303D365} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {D3977E8D-560E-46C1-9276-6CC2BB7428B5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe No File Task: {D9C577A6-34D5-49A1-B682-2E4C88158C8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe No File Task: {DD9B5349-0A20-472C-BA1C-EFFABE69F3E4} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {E950D0ED-0A70-401B-9623-D6553976A741} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {EC561A72-CF8C-4EB4-B010-5F66A2636F26} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3539214255-4280287789-3925056074-500 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {F5544565-1122-41EE-85CA-EA9F5EE00038} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {F596A9DE-8B4E-43F9-B6E9-CBD07B550759} - System32\Tasks\{B3BFF757-8659-4205-915B-FFFD4049EC0C} => C:\Program Files\IPE\MyVoice\MyVoice.exe [2010-03-14] (Copyright© 2002-2003 International Print Edition M.Vachal) Task: {F5CA7D39-BD43-4752-9CE3-6CA7A495A1BA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe No File ==================== Faulty Device Manager Devices ============= Could not list Devices. ==================== Event log errors: ========================= Application errors: ================== Error: (08/23/2013 07:35:20 AM) (Source: SecurityCenter) (User: ) Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen. Error: (08/23/2013 07:35:20 AM) (Source: WinMgmt) (User: ) Description: 0x8007007e Error: (08/23/2013 02:33:37 AM) (Source: System Restore) (User: ) Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x8004231f). Error: (08/23/2013 02:33:37 AM) (Source: System Restore) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x8004231f). Error: (08/22/2013 09:54:07 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ShowTime.exe, Version: 3.10.1.0, Zeitstempel: 0x467bf506 Name des fehlerhaften Moduls: ASAudio.ax, Version: 1.3.1.98, Zeitstempel: 0x48119577 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00010416 ID des fehlerhaften Prozesses: 0x554 Startzeit der fehlerhaften Anwendung: 0xShowTime.exe0 Pfad der fehlerhaften Anwendung: ShowTime.exe1 Pfad des fehlerhaften Moduls: ShowTime.exe2 Berichtskennung: ShowTime.exe3 Error: (08/22/2013 07:08:20 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: dbghelp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7bc Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004c609 ID des fehlerhaften Prozesses: 0x1048 Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0 Pfad der fehlerhaften Anwendung: explorer.exe1 Pfad des fehlerhaften Moduls: explorer.exe2 Berichtskennung: explorer.exe3 Error: (08/22/2013 07:03:02 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: dbghelp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7bc Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004c685 ID des fehlerhaften Prozesses: 0xc60 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (08/22/2013 06:05:51 PM) (Source: SecurityCenter) (User: ) Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen. Error: (08/22/2013 06:03:46 PM) (Source: WinMgmt) (User: ) Description: 0x8007007e Error: (08/22/2013 03:40:43 PM) (Source: System Restore) (User: ) Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x8004231f). System errors: ============= Error: (08/23/2013 07:48:41 AM) (Source: WMPNetworkSvc) (User: ) Description: WMPNetworkSvc0x80070422 Error: (08/23/2013 07:48:31 AM) (Source: WMPNetworkSvc) (User: ) Description: WMPNetworkSvc0x80070422 Error: (08/23/2013 07:37:27 AM) (Source: WMPNetworkSvc) (User: ) Description: WMPNetworkSvc0x80070422 Error: (08/23/2013 07:35:30 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (08/23/2013 07:35:30 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (08/23/2013 07:35:30 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (08/23/2013 07:35:30 AM) (Source: DCOM) (User: ) Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (08/23/2013 07:35:17 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Soda PDF 5 Service" wurde mit folgendem Fehler beendet: %%-2147467259 Error: (08/23/2013 07:35:17 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (08/23/2013 06:57:36 AM) (Source: WMPNetworkSvc) (User: ) Description: WMPNetworkSvc0x80070422 Microsoft Office Sessions: ========================= Error: (08/23/2013 07:35:20 AM) (Source: SecurityCenter)(User: ) Description: Error: (08/23/2013 07:35:20 AM) (Source: WinMgmt)(User: ) Description: 0x8007007e Error: (08/23/2013 02:33:37 AM) (Source: System Restore)(User: ) Description: 0x8004231f Error: (08/23/2013 02:33:37 AM) (Source: System Restore)(User: ) Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x8004231f Error: (08/22/2013 09:54:07 PM) (Source: Application Error)(User: ) Description: ShowTime.exe3.10.1.0467bf506ASAudio.ax1.3.1.9848119577c00000050001041655401ce9f714e88ebc0C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exeC:\PROGRA~1\COMMON~1\ArcSoft\MPEGEN~1\ASAudio.ax9a8a0ae0-0b64-11e3-a287-00241da32dd8 Error: (08/22/2013 07:08:20 PM) (Source: Application Error)(User: ) Description: explorer.exe6.1.7601.175674d6727a7dbghelp.dll6.1.7601.175144ce7b7bcc00000050004c609104801ce9f599c26d760C:\Windows\explorer.exeC:\Windows\system32\dbghelp.dll71b0db10-0b4d-11e3-a287-00241da32dd8 Error: (08/22/2013 07:03:02 PM) (Source: Application Error)(User: ) Description: Explorer.EXE6.1.7601.175674d6727a7dbghelp.dll6.1.7601.175144ce7b7bcc00000050004c685c6001ce9f5135f07710C:\Windows\Explorer.EXEC:\Windows\system32\dbghelp.dllb3e3d600-0b4c-11e3-a287-00241da32dd8 Error: (08/22/2013 06:05:51 PM) (Source: SecurityCenter)(User: ) Description: Error: (08/22/2013 06:03:46 PM) (Source: WinMgmt)(User: ) Description: 0x8007007e Error: (08/22/2013 03:40:43 PM) (Source: System Restore)(User: ) Description: 0x8004231f ==================== Memory info =========================== Percentage of memory in use: 43% Total physical RAM: 3583.55 MB Available physical RAM: 2018.66 MB Total Pagefile: 7164.84 MB Available Pagefile: 5076.11 MB Total Virtual: 2047.88 MB Available Virtual: 1892.49 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:175.09 GB) (Free:17.31 GB) NTFS Drive e: (Volume) (Fixed) (Total:53.42 GB) (Free:14.79 GB) NTFS Drive f: (Volume) (Fixed) (Total:3.17 GB) (Free:0.31 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 61777466) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=175 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=53 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=3 GB) - (Type=OF Extended) ==================== End Of Log ============================ |
|
25.08.2013, 13:21
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.08.2013, 05:45
| #11 |
| | Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? Hallo! Das hat wohl die ganze Nacht gedauert mit ESET: hier die Files: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d6a7bffdde392346bb32077ff989f295
# engine=14896
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-25 07:46:38
# local_time=2013-08-25 09:46:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 93 798060 140056583 0 0
# compatibility_mode=5893 16776574 100 94 3883707 129091189 0 0
# scanned=360984
# found=0
# cleaned=0
# scan_time=19715
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.25.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16660 Ernst :: ELINEU [Administrator] Schutz: Aktiviert 25.08.2013 15:57:54 mbam-log-2013-08-25 (15-57-54).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 276264 Laufzeit: 13 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Users\Ernst\Downloads\SoftonicDownloader_fuer_super.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Ernst\Downloads\SoftonicDownloader_fuer_virtualdub.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Ernst\Downloads\windows.7.codec.pack.v2.7.0.setup.exe (PUP.Dealio.TB) -> Keine Aktion durchgeführt. C:\Users\Ernst\Downloads\iDeviceManager17.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt. C:\Users\Ernst\Downloads\videora-ipadmini-600-setup.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Windows\Installer\4ed7869.msi (PUP.Optional.SweetIM) -> Keine Aktion durchgeführt. (Ende) |
|
26.08.2013, 08:03
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? Hast du die Funde mit Malwarebytes entfernt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.08.2013, 11:34
| #13 |
| | Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? Habe ich entfernt. Erlu |
|
26.08.2013, 11:36
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? Gut, dann bitte abschließend noch die TEMPs leeren: TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.08.2013, 11:58
| #15 |
| | Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? TFC ist erledigt. |
|
| Themen zu Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt? |
| autoprotect, bedrohung, beseitigt, ebenfalls, festgestellt, frage, gemeldet, geschickt, gestellt, gestern, greifen, immer wieder, malwarebytes, melde, meldet, meldung, norton, notwendig, quarantäne, troja, verlauf, vollständig, weiteres |
Linear-Darstellung
