| |
| |||||||
Log-Analyse und Auswertung: Windows 7 - BKA TROJANER Österreich - LogfileanalyseWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.10.2013, 17:20
| #1 |
| |  Windows 7 - BKA TROJANER Österreich - Logfileanalyse Hallo, habe mir heute die österreichsiche Version des BKA Trojaner eingefangen. Habe es über den abgesicherten Modus mit Eingabemöglichkeit geschafft, das System zurückzusetzen. Habe jetzt den OTL Scan gemacht und möchte euch bitten mir zu helfen den PC wieder sauber zu bekommen. Danke im Voraus!!!  LOGFILES OTL: OTL logfile created on: 20.10.2013 18:10:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Franz\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16721) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 53,11% Memory free 7,49 Gb Paging File | 5,75 Gb Available in Paging File | 76,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 215,74 Gb Total Space | 128,32 Gb Free Space | 59,48% Space Free | Partition Type: NTFS Drive D: | 16,85 Gb Total Space | 2,44 Gb Free Space | 14,45% Space Free | Partition Type: NTFS Computer Name: FRANZ-HP | User Name: Franz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Franz\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (Easybits) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\Tablet\Pen\WacomHost.exe (Wacom Technology) PRC - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (WTabletServiceCon) -- C:\Programme\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.) SRV - (AdobeActiveFileMonitor11.0) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (RtVOsdService) -- C:\Programme\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (WacHidRouter) -- C:\Windows\SysNative\drivers\wachidrouter.sys (Wacom Technology) DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (wacomrouterfilter) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys (Wacom Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Corel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys (Symantec Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ss_mdm) -- C:\Windows\SysNative\drivers\ss_mdm.sys (MCCI Corporation) DRV:64bit: - (ss_bus) -- C:\Windows\SysNative\drivers\ss_bus.sys (MCCI Corporation) DRV:64bit: - (ss_mdfl) -- C:\Windows\SysNative\drivers\ss_mdfl.sys (MCCI Corporation) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110419.001\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110501.002\EX64.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110501.002\ENG64.SYS (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110429.002\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6F48B164-2B38-452A-9325-FBE4E4B9B0AC} IE:64bit: - HKLM\..\SearchScopes\{67630CB6-0DB0-4315-9961-6F2CFBD11C5D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE:64bit: - HKLM\..\SearchScopes\{6F48B164-2B38-452A-9325-FBE4E4B9B0AC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{818A0CD6-9369-47FB-8683-33CC265146B4}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} IE - HKLM\..\SearchScopes\{67630CB6-0DB0-4315-9961-6F2CFBD11C5D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE - HKLM\..\SearchScopes\{6F48B164-2B38-452A-9325-FBE4E4B9B0AC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{818A0CD6-9369-47FB-8683-33CC265146B4}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QUESTSCAN165&keywords={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QUESTSCAN165&keywords={searchTerms} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON/1 IE - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\..\SearchScopes,DefaultScope = {6F48B164-2B38-452A-9325-FBE4E4B9B0AC} IE - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\..\SearchScopes\{67630CB6-0DB0-4315-9961-6F2CFBD11C5D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\..\SearchScopes\{6F48B164-2B38-452A-9325-FBE4E4B9B0AC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\..\SearchScopes\{72898ED4-C692-451D-A15A-442E455CFBAB}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MNC&o=15092&src=kw&q={searchTerms}&locale=&apn_ptnrs=MF&apn_dtid=YYYYYYYYAT&apn_uid=b453da44-14cd-471a-ac7c-fbc1770a67dd&apn_sauid=D2E193BE-4550-44A7-9FC0-ECC0AAE37101 IE - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\..\SearchScopes\{818A0CD6-9369-47FB-8683-33CC265146B4}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.at" FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2.3 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MNC&o=15092&locale=de_US&apn_uid=b453da44-14cd-471a-ac7c-fbc1770a67dd&apn_ptnrs=MF&apn_sauid=D2E193BE-4550-44A7-9FC0-ECC0AAE37101&apn_dtid=YYYYYYYYAT&&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2011.09.29 18:33:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2013.10.20 17:25:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.09.18 11:48:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.09.18 11:48:35 | 000,000,000 | ---D | M] [2011.03.03 21:30:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franz\AppData\Roaming\mozilla\Extensions [2011.03.03 21:30:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franz\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2013.10.15 20:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franz\AppData\Roaming\mozilla\Firefox\Profiles\gk4zqspb.default\extensions [2013.04.02 21:50:41 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Franz\AppData\Roaming\mozilla\Firefox\Profiles\gk4zqspb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2012.07.22 16:36:30 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Franz\AppData\Roaming\mozilla\Firefox\Profiles\gk4zqspb.default\extensions\toolbar@ask.com [2013.08.16 20:23:50 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Franz\AppData\Roaming\mozilla\firefox\profiles\gk4zqspb.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.10.15 20:10:19 | 000,534,870 | ---- | M] () (No name found) -- C:\Users\Franz\AppData\Roaming\mozilla\firefox\profiles\gk4zqspb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.12.11 20:47:07 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Franz\AppData\Roaming\mozilla\firefox\profiles\gk4zqspb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.07.22 16:36:30 | 000,002,323 | ---- | M] () -- C:\Users\Franz\AppData\Roaming\mozilla\firefox\profiles\gk4zqspb.default\searchplugins\askcom.xml [2011.03.03 22:33:23 | 000,001,196 | ---- | M] () -- C:\Users\Franz\AppData\Roaming\mozilla\firefox\profiles\gk4zqspb.default\searchplugins\winamp-search.xml [2013.09.18 11:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.09.18 11:48:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013.09.18 11:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096} [2013.09.18 11:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.09.18 11:49:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007.04.10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Magic Desktop for HP notification] C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (Easybits) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKU\S-1-5-21-3851159658-445460132-1005630107-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Franz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Franz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab (JuniperSetupClientControl64 Class) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DE56F3B-6EA1-4749-A974-FB394EC2FF14}: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEB8EAC9-FEEE-41BD-8735-FE65E71DF980}: NameServer = 195.34.133.21,195.34.133.22 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.10.20 17:30:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Franz\Desktop\OTL.exe [2013.10.11 08:56:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.10.11 08:56:08 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.10.11 08:56:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.10.11 08:56:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.10.11 08:56:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.10.11 08:56:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.10.11 08:56:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.10.11 08:56:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.10.11 08:56:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.10.11 08:56:05 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.10.11 08:56:05 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.10.11 08:56:02 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.10.11 08:56:02 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.10.11 08:56:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.10.11 08:56:01 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.10.11 08:35:25 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2013.10.11 08:35:22 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013.10.11 08:35:22 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013.10.11 08:35:22 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2013.10.11 08:35:22 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2013.10.11 08:35:22 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013.10.11 08:35:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll [2013.10.11 08:35:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013.10.11 08:35:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll [2013.10.11 08:35:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013.10.11 08:35:19 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys [2013.10.11 08:35:17 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2013.10.11 08:35:14 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.10.11 08:35:13 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.10.11 08:35:13 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2013.10.11 08:35:12 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.10.11 08:35:12 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2013.10.11 08:35:11 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll [2013.10.11 08:35:10 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.10.11 08:35:08 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.10.11 08:35:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.10.11 08:35:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.10.11 08:35:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.10.11 08:35:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.10.11 08:35:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.10.11 08:34:54 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll [2013.10.11 08:34:54 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll [2013.10.11 08:34:51 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll [2011.03.08 19:42:10 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeE649.dll ========== Files - Modified Within 30 Days ========== [2013.10.20 18:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.10.20 17:33:23 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.10.20 17:33:23 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.10.20 17:30:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Franz\Desktop\OTL.exe [2013.10.20 17:25:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.10.20 17:25:11 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys [2013.10.17 00:17:05 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.10.11 16:25:21 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.10.11 16:25:21 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.10.11 16:25:21 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.10.11 16:25:21 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.10.11 16:25:21 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.10.11 16:18:46 | 001,923,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.10.10 21:07:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.10.10 21:07:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.10.06 23:52:38 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFRANZ-HP$.job [2013.10.05 18:09:06 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFranz.job [2013.09.23 01:27:49 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.09.23 01:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.09.23 01:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.09.23 01:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.09.23 01:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.09.23 00:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.09.23 00:54:55 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.09.23 00:54:51 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.09.23 00:54:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.09.23 00:54:50 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.09.23 00:54:50 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.09.23 00:54:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.09.23 00:54:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.09.21 04:48:36 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.09.21 04:39:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe ========== Files Created - No Company Name ========== [2013.10.11 08:35:09 | 000,070,144 | ---- | C] () -- C:\Users\Franz\AppData\Roaming\Other.res [2013.09.17 18:28:02 | 004,493,075 | ---- | C] () -- C:\Users\Franz\Zombies_by_IcedCoffee.jpg [2013.09.17 17:52:17 | 002,785,242 | ---- | C] () -- C:\Users\Franz\maraboot_DansLaNuit_insert.pdf [2013.09.17 17:52:17 | 001,051,257 | ---- | C] () -- C:\Users\Franz\MARABOOTS-DansLaNuit-Front.png [2013.09.17 17:52:17 | 000,464,484 | ---- | C] () -- C:\Users\Franz\MARABOOTS-DansLaNuit-Back.png [2011.04.15 17:54:40 | 000,001,854 | ---- | C] () -- C:\Users\Franz\AppData\Roaming\GhostObjGAFix.xml ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.05 13:31:18 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\Ambient Design [2012.11.17 13:20:13 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\DVDVideoSoft [2012.11.17 13:19:46 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.20 08:50:18 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\Juniper Networks [2012.11.17 13:19:22 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\OpenCandy [2013.04.06 19:37:35 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\SoftGrid Client [2011.03.03 22:25:28 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\TP [2012.11.17 13:20:07 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\TuneUp Software [2013.05.05 11:31:40 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\Wacom [2013.05.05 11:33:55 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2012.01.24 18:32:00 | 000,000,000 | ---D | M] -- C:\Users\Franz\AppData\Roaming\_MDLogs ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\system64] -> \systemroot\system32 -> Mount Point ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp  FC5A2B2@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8 < End of report > EXTRAS: OTL Extras logfile created on: 20.10.2013 18:10:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Franz\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16721) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 53,11% Memory free 7,49 Gb Paging File | 5,75 Gb Available in Paging File | 76,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 215,74 Gb Total Space | 128,32 Gb Free Space | 59,48% Space Free | Partition Type: NTFS Drive D: | 16,85 Gb Total Space | 2,44 Gb Free Space | 14,45% Space Free | Partition Type: NTFS Computer Name: FRANZ-HP | User Name: Franz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3851159658-445460132-1005630107-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F5A91CD-79E7-454A-86B1-007CFA557987}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{28069C26-208D-452E-B049-0C62B8372B21}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3711450F-6FED-4F89-A456-75852C61E19C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4BB8C384-F5FF-436F-AACD-A68B82F01E8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{51755FC7-F35D-4CBD-A404-6CCC684B7971}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5EF9A747-03D4-4432-B304-386807675942}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{97351CF2-86C0-469A-85C3-82F8A36AB4BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A01A1834-B44F-4AF7-B4B4-D8DE852C3D9C}" = lport=2869 | protocol=6 | dir=in | app=system | "{E23B64D1-4360-4BED-9692-F73D6A2E6677}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F8EDA7D7-F1A5-451A-974C-5C8E6E8896E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{028633E4-8159-400B-BCEC-ECA552AD1CDA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{06349172-6A1C-4843-A0EF-2C3B8CFCF068}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{0D35B5EE-EE00-471D-B480-F08D6A541125}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{2E79C1B3-46FA-4916-A3CD-63BDC2343D69}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{2F2E0B65-0A4B-4E2B-A148-9E914A9B613F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{40FB2214-7A59-401D-B7D2-F0DC5E0A2539}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{4C726C14-49E7-4A49-81E2-013A867A2C93}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{61FE9F5F-D162-481A-9809-41B9EB921D5C}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{6EF5DCDF-DC58-4D69-944A-E8C4AE386FE0}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{8DE5E178-9BF6-43F9-9D8B-89A8FF1E2A26}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{8E240DD5-DAA5-484C-8101-4AB3EDD77700}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{EC3E81CD-2F23-45BB-93E7-6C8298637059}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F30CC278-653F-49ED-BB43-39EC81E08AC7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FB80A75A-38AE-460D-908E-1EE1988FB179}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "TCP Query User{37528DF7-4CBE-4B6A-A1C9-BA977ACDC639}C:\program files (x86)\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseek\slsk.exe | "TCP Query User{4FC4E42A-992C-4573-BE3B-A10D3A61170F}C:\program files (x86)\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseek\slsk.exe | "UDP Query User{3D9092E2-7844-4DB6-ABB5-1934050D4A29}C:\program files (x86)\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseek\slsk.exe | "UDP Query User{FCDF3179-9842-48ED-BEB9-1A4B0F5B40B6}C:\program files (x86)\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseek\slsk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{E342EC6B-5F25-47FE-B92C-DE616149B430}" = HP Wireless Assistant "{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager "{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client 64-bit Activex Control "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Pen Tablet Driver" = Wacom "SynTPDeinstKey" = Synaptics Pointing Device Driver "Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4 "{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation "{01E73CF7-3B8E-49F6-B09C-3FB122B3938A}" = HP Software Framework "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai "{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish "{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech "{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish "{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00 "{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager "{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4 "{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean "{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{7082E27E-2637-4ED5-9156-E19B57A3B5B0}" = ArtRage Studio Pro "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup "{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation "{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch "{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{90DFD61B-8224-00C6-3D69-A983B60A394E}" = Bamboo Dock "{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5 "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars "{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek "{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light "{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer "{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English "{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All "{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch "{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish "{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian "{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE) "{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11 "Bamboo Dock" = Bamboo Dock "chello launcher" = chello launcher "EasyBits Magic Desktop" = Magic Desktop "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 24.0 (x86 de)" = Mozilla Firefox 24.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "My HP Game Console" = HP Game Console "NIS" = Norton Internet Security "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Soulseek" = SoulSeek Client 156c "TuneUp Utilities 2013" = TuneUp Utilities 2013 "Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit "wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock "WildTangent hp Master Uninstall" = HP Games "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WT087361" = FATE "WT087380" = John Deere Drive Green "WT087394" = Penguins! "WT087396" = Polar Bowler "WT087420" = Agatha Christie - Death on the Nile "WT087428" = Bejeweled 2 Deluxe "WT087453" = Chuzzle Deluxe "WT087480" = Insaniquarium Deluxe "WT087485" = Jewel Quest II "WT087490" = Jewel Quest Solitaire "WT087501" = Plants vs. Zombies "WT087510" = Slingo Deluxe "WT087513" = Virtual Villagers - The Secret City "WT087519" = Wedding Dash "WT087533" = Zuma Deluxe "WT087536" = Diner Dash 2 Restaurant Rescue "Xvid Video Codec 1.3.1" = Xvid Video Codec ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3851159658-445460132-1005630107-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client "Juniper_Term_Services" = Juniper Terminal Services Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.03.2013 15:59:02 | Computer Name = Franz-HP | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 10.03.2013 16:59:38 | Computer Name = Franz-HP | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 10.03.2013 17:00:13 | Computer Name = Franz-HP | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 12.03.2013 13:15:57 | Computer Name = Franz-HP | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: TraverseDir : Unable to FindFirstFile. System Error: Zugriff verweigert . Error - 12.03.2013 13:15:58 | Computer Name = Franz-HP | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: TraverseDir : Unable to FindFirstFile. System Error: Zugriff verweigert . Error - 12.03.2013 15:21:12 | Computer Name = Franz-HP | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 12.03.2013 15:22:25 | Computer Name = Franz-HP | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 12.03.2013 16:38:43 | Computer Name = Franz-HP | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 12.03.2013 16:39:00 | Computer Name = Franz-HP | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 13.03.2013 01:46:58 | Computer Name = Franz-HP | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: TraverseDir : Unable to FindFirstFile. System Error: Zugriff verweigert . Error - 13.03.2013 01:46:58 | Computer Name = Franz-HP | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: TraverseDir : Unable to FindFirstFile. System Error: Zugriff verweigert . [ Hewlett-Packard Events ] Error - 18.11.2011 12:04:30 | Computer Name = Franz-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Das Objekt "/5c95c22b_7bc0_4494_a311_2a97c306cb55/1o5bemweoqdditue0gxfphm__5.rem" wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3834 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String) Error - 06.02.2012 10:31:13 | Computer Name = Franz-HP | Source = hpsa_service.exe | ID = 2000 Description = Error - 25.03.2012 17:11:11 | Computer Name = Franz-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Das Objekt "/0a81e6f4_b5e5_415d_a5a8_fa3ffc3e7a80/8o0ks0ub8_sfuzdzfh22xsx1_5.rem" wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3834 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String) Error - 30.03.2012 10:42:34 | Computer Name = Franz-HP | Source = HPSF.exe | ID = 4000 Description = Error - 03.04.2012 16:56:38 | Computer Name = Franz-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Das Objekt "/30932b1e_298a_493a_8d88_e88060be8962/x9kfrzdvtiec02yznrpezy1n_5.rem" wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String) Error - 03.04.2012 16:56:41 | Computer Name = Franz-HP | Source = HPSF.exe | ID = 4000 Description = Error - 20.04.2012 10:18:10 | Computer Name = Franz-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Das Objekt "/7aefee77_bd2a_40f2_96df_b23088d1e0fc/j5076ntzzeomg6k0r1sadq0p_5.rem" wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3834 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String) Error - 29.04.2012 15:42:54 | Computer Name = Franz-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Das Objekt "/923f4d9d_01d7_4c39_854a_3261a612384e/o762dduxwwmos5qffk8r5krr_5.rem" wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String) Error - 11.05.2012 11:33:45 | Computer Name = Franz-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Das Objekt "/6fa3218a_73fc_4d13_80cb_ed6561924f09/ndsmkoy64ptcvory70875mtv_5.rem" wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3834 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String) Error - 25.05.2012 10:59:13 | Computer Name = Franz-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Das Objekt "/113c70a0_f112_4f34_b222_5776a4753cdc/tqbu7r8mw3+a4tv6j9apxunp_5.rem" wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3834 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String) [ HP Wireless Assistant Events ] Error - 03.03.2011 14:15:51 | Computer Name = Franz-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 03.03.2011 14:16:51 | Computer Name = Franz-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 03.03.2011 14:17:51 | Computer Name = Franz-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 03.03.2011 14:18:52 | Computer Name = Franz-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 03.03.2011 14:19:52 | Computer Name = Franz-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 03.03.2011 14:20:52 | Computer Name = Franz-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 03.03.2011 14:21:52 | Computer Name = Franz-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 27.03.2011 10:58:31 | Computer Name = Franz-HP | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 21.03.2013 12:10:56 | Computer Name = Franz-HP | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 16.09.2013 11:25:23 | Computer Name = Franz-HP | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList() [ System Events ] Error - 20.10.2013 11:01:21 | Computer Name = Franz-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 20.10.2013 11:01:22 | Computer Name = Franz-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 20.10.2013 11:01:22 | Computer Name = Franz-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 20.10.2013 11:01:22 | Computer Name = Franz-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 20.10.2013 11:01:22 | Computer Name = Franz-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 20.10.2013 11:01:22 | Computer Name = Franz-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 20.10.2013 11:06:41 | Computer Name = Franz-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 20.10.2013 11:06:42 | Computer Name = Franz-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 20.10.2013 11:20:11 | Computer Name = Franz-HP | Source = DCOM | ID = 10005 Description = Error - 20.10.2013 11:25:17 | Computer Name = Franz-HP | Source = Microsoft Antimalware | ID = 2004 Description = Beim Laden der Signaturen wurde von %%860 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte Signaturen: %%824 Fehlercode: 0x80070002 Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden. Signaturversion: 0.0.0.0;0.0.0.0 Modulversion: 0.0.0.0 < End of report > |
|
20.10.2013, 17:30
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 - BKA TROJANER Österreich - Logfileanalyse hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
20.10.2013, 17:46
| #3 |
| | Windows 7 - BKA TROJANER Österreich - Logfileanalyse Entschuldigung.
__________________Anbei die LOGS aus dem Farbar's Recovery Scan Tool FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2013
Ran by Franz (administrator) on FRANZ-HP on 20-10-2013 18:42:44
Running from C:\Users\Franz\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TUDefragBackend64.exe
(Microsoft Corporation) C:\Windows\system32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\system32\DXPServer.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1238016 2013-07-27] (Easybits)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON/1
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
SearchScopes: HKLM - DefaultScope {6F48B164-2B38-452A-9325-FBE4E4B9B0AC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {67630CB6-0DB0-4315-9961-6F2CFBD11C5D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM - {818A0CD6-9369-47FB-8683-33CC265146B4} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {67630CB6-0DB0-4315-9961-6F2CFBD11C5D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 - {818A0CD6-9369-47FB-8683-33CC265146B4} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKCU - DefaultScope {6F48B164-2B38-452A-9325-FBE4E4B9B0AC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {67630CB6-0DB0-4315-9961-6F2CFBD11C5D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKCU - {72898ED4-C692-451D-A15A-442E455CFBAB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=MNC&o=15092&src=kw&q={searchTerms}&locale=&apn_ptnrs=MF&apn_dtid=YYYYYYYYAT&apn_uid=b453da44-14cd-471a-ac7c-fbc1770a67dd&apn_sauid=D2E193BE-4550-44A7-9FC0-ECC0AAE37101
SearchScopes: HKCU - {818A0CD6-9369-47FB-8683-33CC265146B4} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2010-07-12] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 212.186.211.21 195.34.133.21
Tcpip\..\Interfaces\{EEB8EAC9-FEEE-41BD-8735-FE65E71DF980}: [NameServer]195.34.133.21,195.34.133.22
FireFox:
========
FF ProfilePath: C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default
FF user.js: detected! => C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\user.js
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: www.google.at
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MNC&o=15092&locale=de_US&apn_uid=b453da44-14cd-471a-ac7c-fbc1770a67dd&apn_ptnrs=MF&apn_sauid=D2E193BE-4550-44A7-9FC0-ECC0AAE37101&apn_dtid=YYYYYYYYAT&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\searchplugins\winamp-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ask Toolbar - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\toolbar@ask.com
FF Extension: Winamp Toolbar - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF Extension: adblockpopups - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: No Name - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-14] (TuneUp Software)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [1127032 2011-04-15] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [1127032 2011-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-03-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-03-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2011-03-03] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110429.002\IDSvia64.sys [476792 2011-03-14] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110429.002\IDSvia64.sys [476792 2011-03-14] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110501.002\ENG64.SYS [117880 2011-03-31] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110501.002\ENG64.SYS [117880 2011-03-31] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110501.002\EX64.SYS [1828984 2011-03-31] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110501.002\EX64.SYS [1828984 2011-03-31] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-28] (TuneUp Software)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-20 18:42 - 2013-10-20 18:42 - 00000000 ____D C:\FRST
2013-10-20 18:40 - 2013-10-20 18:40 - 01954548 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2013-10-20 17:47 - 2013-10-20 18:13 - 00096052 _____ C:\Users\Franz\Desktop\Extras.Txt
2013-10-20 17:46 - 2013-10-20 18:12 - 00124174 _____ C:\Users\Franz\Desktop\OTL.Txt
2013-10-20 17:30 - 2013-10-20 17:30 - 00602112 _____ (OldTimer Tools) C:\Users\Franz\Desktop\OTL.exe
2013-10-11 08:56 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 08:56 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 08:56 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 08:56 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 08:56 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 08:56 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 08:56 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 08:55 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 08:55 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 08:55 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 08:55 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 08:55 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 08:55 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 08:55 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 08:55 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 08:55 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 08:55 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 08:35 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 08:35 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 08:35 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 08:35 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-11 08:35 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 08:35 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 08:35 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 08:35 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-11 08:35 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 08:35 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-11 08:35 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-11 08:35 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-11 08:35 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-11 08:35 - 2013-08-29 03:50 - 00070144 _____ C:\Users\Franz\AppData\Roaming\Other.res
2013-10-11 08:35 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-11 08:35 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-11 08:35 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-11 08:35 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-11 08:35 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-11 08:35 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-11 08:35 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 08:35 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-11 08:35 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 08:35 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 08:35 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 08:35 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 08:35 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-11 08:35 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-11 08:35 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 08:35 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-11 08:35 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 08:35 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 08:35 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 08:35 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 08:35 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 08:35 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 08:35 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 08:35 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 08:35 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 08:35 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 08:35 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 08:35 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 08:35 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 08:35 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 08:34 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 08:34 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 08:34 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:34 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
==================== One Month Modified Files and Folders =======
2013-10-20 18:42 - 2013-10-20 18:42 - 00000000 ____D C:\FRST
2013-10-20 18:40 - 2013-10-20 18:40 - 01954548 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2013-10-20 18:13 - 2013-10-20 17:47 - 00096052 _____ C:\Users\Franz\Desktop\Extras.Txt
2013-10-20 18:12 - 2013-10-20 17:46 - 00124174 _____ C:\Users\Franz\Desktop\OTL.Txt
2013-10-20 18:07 - 2012-04-15 21:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-20 17:39 - 2010-12-01 01:47 - 01629051 _____ C:\Windows\WindowsUpdate.log
2013-10-20 17:33 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-20 17:33 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-20 17:30 - 2013-10-20 17:30 - 00602112 _____ (OldTimer Tools) C:\Users\Franz\Desktop\OTL.exe
2013-10-20 17:25 - 2011-03-03 20:10 - 00000000 ____D C:\Users\Franz
2013-10-20 17:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-20 17:25 - 2009-07-14 06:51 - 00103383 _____ C:\Windows\setupact.log
2013-10-20 17:23 - 2010-12-01 02:02 - 00000000 ____D C:\ProgramData\Norton
2013-10-20 17:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-10-17 00:17 - 2011-10-18 22:25 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-17 00:16 - 2011-10-18 22:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-17 00:16 - 2011-10-18 22:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-12 17:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 16:25 - 2010-07-12 23:48 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-10-11 16:25 - 2010-07-12 23:48 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-10-11 16:25 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 16:18 - 2009-07-14 06:45 - 01923272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 16:14 - 2012-05-12 19:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 16:14 - 2012-05-12 19:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 08:47 - 2013-08-13 08:58 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 08:44 - 2011-12-04 10:28 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 21:07 - 2012-04-15 21:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 21:07 - 2012-04-15 21:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 21:07 - 2011-12-12 21:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-06 23:52 - 2012-04-08 18:49 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFRANZ-HP$
2013-10-06 23:52 - 2012-04-08 18:49 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForFRANZ-HP$.job
2013-10-05 18:16 - 2012-12-15 19:38 - 00000000 ____D C:\Users\Franz\Desktop\Zeichnungen
2013-10-05 18:09 - 2012-03-30 18:11 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFranz
2013-10-05 18:09 - 2012-03-30 18:11 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForFranz.job
2013-09-23 01:28 - 2013-10-11 08:55 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-11 08:55 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 01:27 - 2013-10-11 08:55 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-11 08:55 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-11 08:55 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 00:55 - 2013-10-11 08:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:55 - 2013-10-11 08:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-11 08:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 00:54 - 2013-10-11 08:55 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-11 08:55 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-11 08:55 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-21 05:38 - 2013-10-11 08:56 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-11 08:56 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-11 08:56 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-11 08:56 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-20 10:48 - 2012-04-30 12:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
ZeroAccess:
C:\Users\Franz\AppData\Local\74fbc95f
C:\Users\Franz\AppData\Local\74fbc95f\@
Files to move or delete:
====================
C:\ProgramData\hpeE649.dll
Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\JuniperSetupClientInstaller.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
LastRegBack: 2013-10-12 16:59
==================== End Of Log ============================
FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2013
Ran by Franz at 2013-10-20 18:43:16
Running from C:\Users\Franz\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Photoshop Elements 11 (x32 Version: 11.0)
Adobe Reader 9.3 MUI (x32 Version: 9.3.0)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.7.609)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95)
AMD USB Filter Driver (x32 Version: 1.0.15.94)
ArtRage Studio Pro (x32 Version: 3.5.4)
Ask Toolbar (x32 Version: 1.16.1.0)
Ask Toolbar Updater (HKCU Version: 1.3.1.24630)
ATI Catalyst Install Manager (Version: 3.0.765.0)
Avanquest update (x32 Version: 1.31)
Bamboo Dock (x32 Version: 4.1)
Bamboo Dock (x32 Version: 4.1.0)
Bamboo Tablets Tutorial (x32 Version: 3.0.20)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bing Bar (x32 Version: 7.0.609.0)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
Canon MP250 series MP Drivers
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0617.855.14122)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0617.855.14122)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0617.855.14122)
Catalyst Control Center Graphics Light (x32 Version: 2010.0617.855.14122)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0617.855.14122)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0617.855.14122)
Catalyst Control Center InstallProxy (x32 Version: 2010.0617.855.14122)
Catalyst Control Center Localization All (x32 Version: 2010.0617.855.14122)
CCC Help Chinese Standard (x32 Version: 2010.0617.0854.14122)
CCC Help Chinese Traditional (x32 Version: 2010.0617.0854.14122)
CCC Help Czech (x32 Version: 2010.0617.0854.14122)
CCC Help Danish (x32 Version: 2010.0617.0854.14122)
CCC Help Dutch (x32 Version: 2010.0617.0854.14122)
CCC Help English (x32 Version: 2010.0617.0854.14122)
CCC Help Finnish (x32 Version: 2010.0617.0854.14122)
CCC Help French (x32 Version: 2010.0617.0854.14122)
CCC Help German (x32 Version: 2010.0617.0854.14122)
CCC Help Greek (x32 Version: 2010.0617.0854.14122)
CCC Help Hungarian (x32 Version: 2010.0617.0854.14122)
CCC Help Italian (x32 Version: 2010.0617.0854.14122)
CCC Help Japanese (x32 Version: 2010.0617.0854.14122)
CCC Help Korean (x32 Version: 2010.0617.0854.14122)
CCC Help Norwegian (x32 Version: 2010.0617.0854.14122)
CCC Help Polish (x32 Version: 2010.0617.0854.14122)
CCC Help Portuguese (x32 Version: 2010.0617.0854.14122)
CCC Help Russian (x32 Version: 2010.0617.0854.14122)
CCC Help Spanish (x32 Version: 2010.0617.0854.14122)
CCC Help Swedish (x32 Version: 2010.0617.0854.14122)
CCC Help Thai (x32 Version: 2010.0617.0854.14122)
CCC Help Turkish (x32 Version: 2010.0617.0854.14122)
ccc-core-static (x32 Version: 2010.0617.855.14122)
ccc-utility64 (Version: 2010.0617.855.14122)
chello launcher (x32)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Corel Painter Essentials 4 (x32 Version: 4.2)
Corel Painter Essentials 4 (x32)
CyberLink DVD Suite (x32 Version: 7.0.3003)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217)
CyberLink YouCam (x32 Version: 3.0.2511)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Elements 11 Organizer (x32 Version: 11.0)
Energy Star Digital Logo (x32 Version: 1.0.1)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
FATE (x32 Version: 2.2.0.95)
Free M4a to MP3 Converter 7.0 (x32)
Free YouTube to MP3 Converter version 3.11.35.1031 (x32 Version: 3.11.35.1031)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000)
HP Advisor (x32 Version: 3.4.10262.3295)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4)
HP Documentation (x32 Version: 1.1.1.0)
HP Game Console (x32)
HP Games (x32 Version: 1.0.1.3)
HP Power Manager (x32 Version: 1.0.3)
HP Quick Launch (x32 Version: 2.1.5)
HP Setup (x32 Version: 8.1.4186.3400)
HP Software Framework (x32 Version: 4.0.108.1)
HP Support Assistant (x32 Version: 6.1.12.1)
HP Wireless Assistant (Version: 4.0.9.0)
Insaniquarium Deluxe (x32 Version: 2.2.0.95)
Java Auto Updater (x32 Version: 2.0.2.1)
Java(TM) 6 Update 20 (64-bit) (Version: 6.0.200)
Java(TM) 6 Update 20 (x32 Version: 6.0.200)
Jewel Quest II (x32 Version: 2.2.0.95)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
John Deere Drive Green (x32 Version: 2.2.0.95)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.3.6.37319)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (Version: 2.1.1.1)
Juniper Networks, Inc. Setup Client Activex Control (x32 Version: 2.1.1.1)
Juniper Terminal Services Client (HKCU Version: 7.3.0.25741)
Junk Mail filter update (x32 Version: 14.0.8117.416)
LabelPrint (x32 Version: 2.5.2907)
LightScribe System Software (x32 Version: 1.18.15.1)
Magic Desktop (x32)
Malwarebytes' Anti-Malware (x32)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Default Manager (x32 Version: 2.1.55.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 14.0.1468.721)
Norton Internet Security (x32 Version: 18.7.2.3)
Norton Online Backup (x32 Version: 2.1.17869)
Pando Media Booster (x32 Version: 2.6.0.8)
Penguins! (x32 Version: 2.2.0.95)
PhotoNow! (x32 Version: 1.1.6904)
Plants vs. Zombies (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Power2Go (x32 Version: 6.1.4204)
PowerDirector (x32 Version: 8.0.3003)
PSE11 STI Installer (x32 Version: 11.0)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.18.322.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6122)
Recovery Manager (x32 Version: 5.5.3023)
RtVOsd (Version: 1.0.3)
Skype Toolbars (x32 Version: 5.2.4170)
Skype™ 5.10 (x32 Version: 5.10.116)
Slingo Deluxe (x32 Version: 2.2.0.95)
Sony Ericsson PC Suite 6.011.00 (x32 Version: 6.011.00)
SoulSeek Client 156c (x32)
Synaptics Pointing Device Driver (Version: 15.0.18.0)
TuneUp Utilities 2013 (x32 Version: 13.0.2013.181)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.2013.181)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)
Wacom (Version: 5.3.2-1)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.2)
WebTablet FB Plugin 64 bit (Version: 2.1.0.2)
Wedding Dash (x32 Version: 2.2.0.95)
Winamp (x32 Version: 5.6 )
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Fotogalerie (x32 Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Movie Maker (x32 Version: 14.0.8117.0416)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Writer (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0)
WinRAR (x32)
Xvid Video Codec (x32 Version: 1.3.1)
Zuma Deluxe (x32 Version: 2.2.0.95)
==================== Restore Points =========================
25-08-2013 15:34:54 Windows Update
29-08-2013 16:11:16 Windows Update
01-09-2013 17:55:59 Windows Update
04-09-2013 18:32:35 Windows Update
16-09-2013 15:24:20 Windows Update
16-09-2013 22:44:27 Windows Update
17-09-2013 06:53:36 Windows Update
21-09-2013 19:05:07 Windows Update
25-09-2013 18:15:54 Windows Update
29-09-2013 12:26:13 Windows Update
03-10-2013 16:46:59 Windows Update
07-10-2013 15:50:59 Windows Update
10-10-2013 19:03:13 Windows Update
11-10-2013 06:38:37 Windows Update
14-10-2013 18:23:31 Windows Update
16-10-2013 22:15:46 Windows Update
20-10-2013 10:01:45 Windows Update
20-10-2013 15:37:26 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0CC18420-FFF9-425A-A018-0942783E5391} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {1D775FE9-70A8-4B9B-A761-C3AFE89C6A7C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2D92DFE8-8D8B-4D26-85BC-A8CBDF5CF1D7} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2012-09-14] (TuneUp Software)
Task: {5283E786-2099-409F-BED1-73556FBBB11A} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe
Task: {55302E42-95ED-446F-A427-6406D7AC5A05} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {7359C095-45F2-4BBB-9EAB-BA3324D4479C} - System32\Tasks\{422A4217-8FA5-4B14-9612-7F90BF9C6F70} => Firefox.exe hxxp://ui.skype.com/ui/0/4.2.0.166.321/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {819AC26C-141E-45FC-A1C6-1830CAC50046} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {93CD8E33-0605-4FBF-8AC4-2C0E6A2ABD57} - System32\Tasks\AdobeAAMUpdater-1.0-Franz-HP-Franz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {A3EAE6A0-2B62-4678-977C-D0D5A6272D71} - System32\Tasks\HPCeeScheduleForFranz => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {A59CB793-10C6-4FC1-ABDB-C72405288ED5} - System32\Tasks\HPCeeScheduleForFRANZ-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {AE042BE4-4DE9-4EE7-B612-14971015ABA5} - System32\Tasks\{5EC62AAA-1EA6-4F83-B6BE-71D30C50D945} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {C2A14C2D-51A0-456C-B730-AF11DEB607F1} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-07-15] ()
Task: {CE33F262-81E6-4D5D-9E63-9C1E5FB310ED} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\ClickPotatoLite\bin\10.0.701.0\ClickPotatoLiteSA.exe
Task: {E7441F5E-2DA5-407E-9B8D-EF8DBAC2EAEF} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {F00E8E6E-6D7A-49BD-B0F2-A471BAF689E5} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFRANZ-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFranz.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2009-07-14 01:57 - 2009-07-14 03:40 - 00069120 _____ () C:\Windows\system32\BWContextHandler.dll
2013-05-05 11:28 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-09-18 11:48 - 2013-09-18 11:48 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-10 21:07 - 2013-10-10 21:07 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/20/2013 05:37:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
.
Error: (10/20/2013 05:37:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
.
Error: (10/20/2013 00:01:45 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
.
Error: (10/20/2013 00:01:44 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
.
Error: (10/19/2013 04:32:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (10/18/2013 04:30:42 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (10/17/2013 00:15:47 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
.
Error: (10/17/2013 00:15:46 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
.
Error: (10/15/2013 09:04:19 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (10/14/2013 08:23:31 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
.
System errors:
=============
Error: (10/20/2013 05:25:17 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Laden der Signaturen wurde von %60 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.
Versuchte Signaturen: %24
Fehlercode: 0x80070002
Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden.
Signaturversion: 0.0.0.0;0.0.0.0
Modulversion: %600
Error: (10/20/2013 05:20:11 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (10/20/2013 05:06:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/20/2013 05:06:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/20/2013 05:01:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/20/2013 05:01:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/20/2013 05:01:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/20/2013 05:01:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/20/2013 05:01:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/20/2013 05:01:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (10/20/2013 05:37:26 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
Error: (10/20/2013 05:37:26 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
Error: (10/20/2013 00:01:45 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
Error: (10/20/2013 00:01:44 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
Error: (10/19/2013 04:32:37 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (10/18/2013 04:30:42 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (10/17/2013 00:15:47 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
Error: (10/17/2013 00:15:46 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
Error: (10/15/2013 09:04:19 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (10/14/2013 08:23:31 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
CodeIntegrity Errors:
===================================
Date: 2011-05-28 14:35:18.046
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 3834.9 MB
Available physical RAM: 2024.45 MB
Total Pagefile: 7667.98 MB
Available Pagefile: 5552.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:215.74 GB) (Free:128.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.85 GB) (Free:2.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 7BBF383A)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=216 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End Of Log ============================
|
|
20.10.2013, 18:20
| #4 | |
| /// the machine /// TB-Ausbilder | Windows 7 - BKA TROJANER Österreich - LogfileanalyseCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.10.2013, 19:46
| #5 |
| | Windows 7 - BKA TROJANER Österreich - Logfileanalyse Bitte: Code:
ATTFilter ComboFix 13-10-19.02 - Franz 20.10.2013 20:32:03.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3835.2246 [GMT 2:00]
ausgeführt von:: c:\users\Franz\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Franz\AppData\Roaming\Other.res
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-20 bis 2013-10-20 ))))))))))))))))))))))))))))))
.
.
2013-10-20 18:40 . 2013-10-20 18:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-20 18:29 . 2013-10-20 18:29 -------- d-----w- c:\users\Franz\AppData\Roaming\GetRightToGo
2013-10-20 16:42 . 2013-10-20 16:42 -------- d-----w- C:\FRST
2013-10-20 15:37 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4D1C64F-92F8-4539-B604-D2FB57FF7586}\mpengine.dll
2013-10-19 02:52 . 2013-10-19 02:51 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{400643C0-7F8D-4F9A-9E8D-1AFD1D4A1971}\gapaengine.dll
2013-10-11 06:55 . 2013-09-22 23:27 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-10-11 06:55 . 2013-09-22 22:55 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-10-11 06:55 . 2013-09-22 23:28 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-10-11 06:55 . 2013-09-22 23:28 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-10-11 06:55 . 2013-09-22 22:55 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-10-11 06:55 . 2013-09-22 22:54 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-10-11 06:55 . 2013-09-22 22:55 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-10-11 06:55 . 2013-09-22 22:54 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-10-11 06:55 . 2013-09-22 22:54 19252224 ----a-w- c:\windows\system32\mshtml.dll
2013-10-11 06:34 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-11 06:34 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 06:34 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 06:34 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 06:44 . 2011-12-04 08:28 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-10 19:07 . 2012-04-15 19:00 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-10 19:07 . 2011-12-12 19:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-07 01:59 . 2012-02-13 19:07 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-29 01:48 . 2013-10-11 06:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-05 02:25 . 2013-09-16 15:34 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-16 15:34 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-16 15:34 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-16 15:34 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-16 15:34 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-16 15:34 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-16 15:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-16 15:34 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-16 15:34 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-16 15:34 338432 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-16 15:34 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-16 15:34 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-16 15:34 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-16 15:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-16 15:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-26 02:24 . 2013-09-16 15:34 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-07-26 02:24 . 2013-09-16 15:33 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-07-25 09:25 . 2013-08-14 17:05 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 17:05 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-07-15 1524936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-07-15 19:41 1524936 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-07-15 1524936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-07-27 1238016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110419.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110429.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110429.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 09:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 19:07]
.
2013-10-06 c:\windows\Tasks\HPCeeScheduleForFRANZ-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
2013-10-05 c:\windows\Tasks\HPCeeScheduleForFranz.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Franz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
TCP: Interfaces\{EEB8EAC9-FEEE-41BD-8735-FE65E71DF980}: NameServer = 195.34.133.21,195.34.133.22
FF - ProfilePath - c:\users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.at
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MNC&o=15092&locale=de_US&apn_uid=b453da44-14cd-471a-ac7c-fbc1770a67dd&apn_ptnrs=MF&apn_sauid=D2E193BE-4550-44A7-9FC0-ECC0AAE37101&apn_dtid=YYYYYYYYAT&&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-20 20:44:44
ComboFix-quarantined-files.txt 2013-10-20 18:44
.
Vor Suchlauf: 8 Verzeichnis(se), 137.748.631.552 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 138.570.084.352 Bytes frei
.
- - End Of File - - E2DCAFCD23AB501713A5A5822E06E00A
|
|
21.10.2013, 11:00
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 - BKA TROJANER Österreich - Logfileanalyse Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7 - BKA TROJANER Österreich - Logfileanalyse |
|
21.10.2013, 19:34
| #7 |
| | Windows 7 - BKA TROJANER Österreich - Logfileanalyse bitte und DANKE!! Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.21.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Franz :: FRANZ-HP [Administrator] Schutz: Deaktiviert 21.10.2013 19:47:51 mbam-log-2013-10-21 (19-47-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204119 Laufzeit: 7 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790674B176585236AB96 (Malware.Trace) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790672B7765F573FAE97 (Malware.Trace) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 5 C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096} (Adware.QuestScan) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults (Adware.QuestScan) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences (Adware.QuestScan) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Franz\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Franz\AppData\Roaming\OpenCandy\5E0692D5CE264CC59EF784A32EF0B1C7 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 4 C:\Users\Franz\Downloads\SoftonicDownloader_for_winamp.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome.manifest (Adware.QuestScan) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences\prefs.js (Adware.QuestScan) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Franz\AppData\Roaming\OpenCandy\5E0692D5CE264CC59EF784A32EF0B1C7\TuneUpUtilities2013_2200213_de-DE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.010 - Bericht erstellt am 21/10/2013 um 20:13:24
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Franz - FRANZ-HP
# Gestartet von : C:\Users\Franz\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Franz\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Franz\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\WinampToolbarData
Ordner Gelöscht : C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\{0B38152B-1B20-484D-A11F-5E04A9B0661F}
Ordner Gelöscht : C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\toolbar@ask.com
Datei Gelöscht : C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\.autoreg
Datei Gelöscht : C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winamp_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winamp_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_malwarebytes-anti-malware_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_malwarebytes-anti-malware_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\prefs.js ]
Zeile gelöscht : user_pref("aol_toolbar.surf.date", "110");
Zeile gelöscht : user_pref("aol_toolbar.surf.lastDate", "15");
Zeile gelöscht : user_pref("aol_toolbar.surf.lastMonth", "10");
Zeile gelöscht : user_pref("aol_toolbar.surf.lastYear", "2012");
Zeile gelöscht : user_pref("aol_toolbar.surf.month", "433");
Zeile gelöscht : user_pref("aol_toolbar.surf.prevMonth", "0");
Zeile gelöscht : user_pref("aol_toolbar.surf.total", "436");
Zeile gelöscht : user_pref("aol_toolbar.surf.week", "433");
Zeile gelöscht : user_pref("aol_toolbar.surf.year", "433");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=");
Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MNC&o=15092&locale=de_US&apn_uid=b453da44-14cd-471a-ac7c-fbc1770a67dd&apn_ptnrs=MF&apn_sauid=D2E193BE-4550-44A7-9FC0-ECC[...]
Zeile gelöscht : user_pref("winamp_toolbar.buttons.layout", "");
Zeile gelöscht : user_pref("winamp_toolbar.cookie.homepage", "");
Zeile gelöscht : user_pref("winamp_toolbar.cookie.search", "");
Zeile gelöscht : user_pref("winamp_toolbar.default.homepage.check", false);
Zeile gelöscht : user_pref("winamp_toolbar.default.search.check", false);
Zeile gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
Zeile gelöscht : user_pref("winamp_toolbar.guid", "{E5171A94-0215-D498-F154-35224E55EBC0}");
Zeile gelöscht : user_pref("winamp_toolbar.install.distroid", "");
Zeile gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.20.8949");
Zeile gelöscht : user_pref("winamp_toolbar.install.lid", "");
Zeile gelöscht : user_pref("winamp_toolbar.install.mtmhp", "");
Zeile gelöscht : user_pref("winamp_toolbar.install.ncid", "");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "15");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "10");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2012");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.log", false);
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "3");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "3");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "33");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "3");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "20");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2011");
Zeile gelöscht : user_pref("winamp_toolbar.relatednews.active", true);
Zeile gelöscht : user_pref("winamp_toolbar.relatednews.enabled", false);
Zeile gelöscht : user_pref("winamp_toolbar.remote..xml", "1353014427636");
Zeile gelöscht : user_pref("winamp_toolbar.remote.publish.xml", "1353014427636");
Zeile gelöscht : user_pref("winamp_toolbar.rtw.active", false);
Zeile gelöscht : user_pref("winamp_toolbar.search.button", true);
Zeile gelöscht : user_pref("winamp_toolbar.search.cid", "12-11-2012");
Zeile gelöscht : user_pref("winamp_toolbar.search.focusnewtab", true);
Zeile gelöscht : user_pref("winamp_toolbar.search.instd", "20121112160151352");
Zeile gelöscht : user_pref("winamp_toolbar.search.newtab", true);
Zeile gelöscht : user_pref("winamp_toolbar.search.oid", "03-03-2011");
Zeile gelöscht : user_pref("winamp_toolbar.search.placement", "left");
Zeile gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", false);
Zeile gelöscht : user_pref("winamp_toolbar.search.savehistory", false);
Zeile gelöscht : user_pref("winamp_toolbar.search.searchtype", "web");
Zeile gelöscht : user_pref("winamp_toolbar.search.source", "tb50ffwinamp");
Zeile gelöscht : user_pref("winamp_toolbar.skin.custom", false);
Zeile gelöscht : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Zeile gelöscht : user_pref("winamp_toolbar.surf.show", true);
Zeile gelöscht : user_pref("winamp_toolbar.ticker.active", false);
Zeile gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
Zeile gelöscht : user_pref("winamp_toolbar.weather.degc", "7");
Zeile gelöscht : user_pref("winamp_toolbar.weather.degf", "44");
Zeile gelöscht : user_pref("winamp_toolbar.weather.image", "chrome://winamptoolbar/skin/weather/34.png");
Zeile gelöscht : user_pref("winamp_toolbar.weather.locationid", "USNY0996");
Zeile gelöscht : user_pref("winamp_toolbar.weather.metric", true);
Zeile gelöscht : user_pref("winamp_toolbar.weather.tooltip", "New York , NY : Mostly Sunny");
Zeile gelöscht : user_pref("winamp_toolbar.weather.update", "1353014427637");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.appversion", "20576");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.focus", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.forward", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.open", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.pause", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.play", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.rewind", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.stop", false);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.volume", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.ticker.show", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.title", "Bonecrusher - The Price You Pay");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.tracklength", "175");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.tracktime", "44613");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.volume", "30");
*************************
AdwCleaner[R0].txt - [15172 octets] - [21/10/2013 20:04:35]
AdwCleaner[S0].txt - [14743 octets] - [21/10/2013 20:13:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14804 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Franz on 21.10.2013 at 20:20:33,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{72898ED4-C692-451D-A15A-442E455CFBAB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{818A0CD6-9369-47FB-8683-33CC265146B4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{818A0CD6-9369-47FB-8683-33CC265146B4}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Franz\AppData\Roaming\mozilla\firefox\profiles\gk4zqspb.default\prefs.js
user_pref("extensions.questscan.init", true);
Emptied folder: C:\Users\Franz\AppData\Roaming\mozilla\firefox\profiles\gk4zqspb.default\minidumps [302 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.10.2013 at 20:30:33,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2013
Ran by Franz (administrator) on FRANZ-HP on 21-10-2013 20:33:03
Running from C:\Users\Franz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0N32TFC
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1238016 2013-07-27] (Easybits)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6F48B164-2B38-452A-9325-FBE4E4B9B0AC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {67630CB6-0DB0-4315-9961-6F2CFBD11C5D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM - {818A0CD6-9369-47FB-8683-33CC265146B4} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {67630CB6-0DB0-4315-9961-6F2CFBD11C5D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKCU - DefaultScope {6F48B164-2B38-452A-9325-FBE4E4B9B0AC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {67630CB6-0DB0-4315-9961-6F2CFBD11C5D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2010-07-12] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 212.186.211.21 195.34.133.21
Tcpip\..\Interfaces\{EEB8EAC9-FEEE-41BD-8735-FE65E71DF980}: [NameServer]195.34.133.21,195.34.133.22
FireFox:
========
FF ProfilePath: C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\searchplugins\winamp-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: adblockpopups - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: No Name - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-14] (TuneUp Software)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [1127032 2011-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-03-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2011-03-03] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110429.002\IDSvia64.sys [476792 2011-03-14] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110501.002\ENG64.SYS [117880 2011-03-31] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110501.002\EX64.SYS [1828984 2011-03-31] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-28] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-21 20:30 - 2013-10-21 20:30 - 00001659 _____ C:\Users\Franz\Desktop\JRT.txt
2013-10-21 20:20 - 2013-10-21 20:20 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 20:04 - 2013-10-21 20:13 - 00000000 ____D C:\AdwCleaner
2013-10-21 19:59 - 2013-10-21 19:59 - 00003503 _____ C:\Users\Franz\Desktop\malware.txt
2013-10-21 19:43 - 2013-10-21 19:43 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 19:42 - 2013-10-21 19:41 - 01033335 _____ (Thisisu) C:\Users\Franz\Desktop\JRT.exe
2013-10-21 19:40 - 2013-10-21 19:40 - 01060070 _____ C:\Users\Franz\Desktop\adwcleaner.exe
2013-10-21 19:39 - 2013-10-21 19:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Franz\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-20 20:44 - 2013-10-20 20:44 - 00028767 _____ C:\ComboFix.txt
2013-10-20 20:30 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-20 20:30 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-20 20:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-20 20:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-20 20:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-20 20:30 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-20 20:30 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-20 20:30 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-20 20:29 - 2013-10-20 20:44 - 00000000 ____D C:\Qoobox
2013-10-20 20:29 - 2013-10-20 20:42 - 00000000 ____D C:\Windows\erdnt
2013-10-20 20:29 - 2013-10-20 20:29 - 00000000 ____D C:\Users\Franz\AppData\Roaming\GetRightToGo
2013-10-20 20:28 - 2013-10-20 20:28 - 00368256 _____ (RegNow.com) C:\Users\Franz\Desktop\Download_MaxSDDMnew.exe
2013-10-20 20:19 - 2013-10-20 20:19 - 05135479 ____R (Swearware) C:\Users\Franz\Downloads\ComboFix.exe
2013-10-20 20:00 - 2013-10-20 20:00 - 05135479 _____ (Swearware) C:\Users\Franz\Desktop\ComboFix.exe.part
2013-10-20 18:43 - 2013-10-20 18:43 - 00026322 _____ C:\Users\Franz\Desktop\Addition.txt
2013-10-20 18:42 - 2013-10-20 18:42 - 00000000 ____D C:\FRST
2013-10-20 17:46 - 2013-10-20 18:12 - 00124174 _____ C:\Users\Franz\Desktop\OTL.Txt
2013-10-20 17:30 - 2013-10-20 17:30 - 00602112 _____ (OldTimer Tools) C:\Users\Franz\Desktop\OTL.exe
2013-10-11 08:56 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 08:56 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 08:56 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 08:56 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 08:56 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 08:56 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 08:56 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 08:55 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 08:55 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 08:55 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 08:55 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 08:55 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 08:55 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 08:55 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 08:55 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 08:55 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 08:55 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 08:35 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 08:35 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 08:35 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 08:35 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-11 08:35 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 08:35 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 08:35 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 08:35 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-11 08:35 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 08:35 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-11 08:35 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-11 08:35 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-11 08:35 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-11 08:35 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-11 08:35 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-11 08:35 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-11 08:35 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-11 08:35 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-11 08:35 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-11 08:35 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 08:35 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-11 08:35 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 08:35 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 08:35 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 08:35 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 08:35 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-11 08:35 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-11 08:35 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 08:35 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-11 08:35 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 08:35 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 08:35 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 08:35 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 08:35 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 08:35 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 08:35 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 08:35 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 08:35 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 08:35 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 08:35 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 08:35 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 08:35 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 08:35 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 08:34 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 08:34 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 08:34 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:34 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
==================== One Month Modified Files and Folders =======
2013-10-21 20:30 - 2013-10-21 20:30 - 00001659 _____ C:\Users\Franz\Desktop\JRT.txt
2013-10-21 20:22 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-21 20:22 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-21 20:20 - 2013-10-21 20:20 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 20:20 - 2010-12-01 01:47 - 01702624 _____ C:\Windows\WindowsUpdate.log
2013-10-21 20:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-21 20:14 - 2009-07-14 06:51 - 00103551 _____ C:\Windows\setupact.log
2013-10-21 20:13 - 2013-10-21 20:04 - 00000000 ____D C:\AdwCleaner
2013-10-21 20:07 - 2012-04-15 21:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-21 20:00 - 2011-03-03 03:06 - 00025658 _____ C:\Windows\PFRO.log
2013-10-21 19:59 - 2013-10-21 19:59 - 00003503 _____ C:\Users\Franz\Desktop\malware.txt
2013-10-21 19:43 - 2013-10-21 19:43 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 19:43 - 2011-05-28 14:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-21 19:41 - 2013-10-21 19:42 - 01033335 _____ (Thisisu) C:\Users\Franz\Desktop\JRT.exe
2013-10-21 19:40 - 2013-10-21 19:40 - 01060070 _____ C:\Users\Franz\Desktop\adwcleaner.exe
2013-10-21 19:39 - 2013-10-21 19:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Franz\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-20 20:44 - 2013-10-20 20:44 - 00028767 _____ C:\ComboFix.txt
2013-10-20 20:44 - 2013-10-20 20:29 - 00000000 ____D C:\Qoobox
2013-10-20 20:44 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-20 20:42 - 2013-10-20 20:29 - 00000000 ____D C:\Windows\erdnt
2013-10-20 20:41 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-20 20:29 - 2013-10-20 20:29 - 00000000 ____D C:\Users\Franz\AppData\Roaming\GetRightToGo
2013-10-20 20:28 - 2013-10-20 20:28 - 00368256 _____ (RegNow.com) C:\Users\Franz\Desktop\Download_MaxSDDMnew.exe
2013-10-20 20:19 - 2013-10-20 20:19 - 05135479 ____R (Swearware) C:\Users\Franz\Downloads\ComboFix.exe
2013-10-20 20:00 - 2013-10-20 20:00 - 05135479 _____ (Swearware) C:\Users\Franz\Desktop\ComboFix.exe.part
2013-10-20 18:43 - 2013-10-20 18:43 - 00026322 _____ C:\Users\Franz\Desktop\Addition.txt
2013-10-20 18:42 - 2013-10-20 18:42 - 00000000 ____D C:\FRST
2013-10-20 18:12 - 2013-10-20 17:46 - 00124174 _____ C:\Users\Franz\Desktop\OTL.Txt
2013-10-20 17:30 - 2013-10-20 17:30 - 00602112 _____ (OldTimer Tools) C:\Users\Franz\Desktop\OTL.exe
2013-10-20 17:25 - 2011-03-03 20:10 - 00000000 ____D C:\Users\Franz
2013-10-20 17:23 - 2010-12-01 02:02 - 00000000 ____D C:\ProgramData\Norton
2013-10-20 17:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-10-17 00:17 - 2011-10-18 22:25 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-17 00:16 - 2011-10-18 22:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-17 00:16 - 2011-10-18 22:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-12 17:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 16:25 - 2010-07-12 23:48 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-10-11 16:25 - 2010-07-12 23:48 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-10-11 16:25 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 16:18 - 2009-07-14 06:45 - 01923272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 16:14 - 2012-05-12 19:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 16:14 - 2012-05-12 19:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 08:47 - 2013-08-13 08:58 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 08:44 - 2011-12-04 10:28 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 21:07 - 2012-04-15 21:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 21:07 - 2012-04-15 21:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 21:07 - 2011-12-12 21:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-06 23:52 - 2012-04-08 18:49 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFRANZ-HP$
2013-10-06 23:52 - 2012-04-08 18:49 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForFRANZ-HP$.job
2013-10-05 18:16 - 2012-12-15 19:38 - 00000000 ____D C:\Users\Franz\Desktop\Zeichnungen
2013-10-05 18:09 - 2012-03-30 18:11 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFranz
2013-10-05 18:09 - 2012-03-30 18:11 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForFranz.job
2013-09-23 01:28 - 2013-10-11 08:55 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-11 08:55 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 01:27 - 2013-10-11 08:55 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-11 08:55 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-11 08:55 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 00:55 - 2013-10-11 08:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:55 - 2013-10-11 08:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-11 08:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 00:54 - 2013-10-11 08:55 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-11 08:55 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-11 08:55 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-21 05:38 - 2013-10-11 08:56 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-11 08:56 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-11 08:56 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-11 08:56 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
ZeroAccess:
C:\Users\Franz\AppData\Local\74fbc95f
C:\Users\Franz\AppData\Local\74fbc95f\@
Files to move or delete:
====================
C:\ProgramData\hpeE649.dll
Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
LastRegBack: 2013-10-12 16:59
==================== End Of Log ============================
|
|
22.10.2013, 13:29
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 - BKA TROJANER Österreich - LogfileanalyseESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.10.2013, 09:41
| #9 |
| |  Windows 7 - BKA TROJANER Österreich - Logfileanalyse Hallo, kurze Zwischenfrage: Dauert es immer so lange bis der ESET den scan beendet hat? Habe ihn über Nacht laufen lassen und heute in der Früh war er bei 33% ... BIS jetzt gab es keine Probleme mehr. Vielen DANK nochmals!!! Ich poste die LOGS dann am Abend. |
|
23.10.2013, 14:58
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7 - BKA TROJANER Österreich - Logfileanalyse Der dauert normal schon en paar Stunden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.10.2013, 21:39
| #11 |
| | Windows 7 - BKA TROJANER Österreich - LogfileanalyseCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=030049ae247f7142aa968af81d9dc2bd
# engine=15590
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-23 08:24:43
# local_time=2013-10-23 10:24:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3588 16777214 85 79 32751898 86452689 0 0
# compatibility_mode=5893 16776574 100 94 8998393 134189733 0 0
# scanned=263132
# found=2
# cleaned=0
# scan_time=7469
sh=E92F0A6B9D7BEEB8EE4791F2820D47F285A4C56E ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Franz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\c255e4c-503affde"
sh=E9729E5A943791558DD59B036883330DDB1807F8 ft=0 fh=0000000000000000 vn="a variant of Java/Agent.DU trojan" ac=I fn="C:\Users\Franz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\6c2d36f7-15e25d9b"
Code:
ATTFilter Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Norton Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 TuneUp Utilities 2013 TuneUp Utilities Language Pack (de-DE) Java(TM) 6 Update 20 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (24.0) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2013
Ran by Franz (administrator) on FRANZ-HP on 23-10-2013 22:37:11
Running from C:\Users\Franz\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1238016 2013-07-27] (Easybits)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6F48B164-2B38-452A-9325-FBE4E4B9B0AC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {67630CB6-0DB0-4315-9961-6F2CFBD11C5D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM - {818A0CD6-9369-47FB-8683-33CC265146B4} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {67630CB6-0DB0-4315-9961-6F2CFBD11C5D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKCU - DefaultScope {6F48B164-2B38-452A-9325-FBE4E4B9B0AC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {67630CB6-0DB0-4315-9961-6F2CFBD11C5D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2010-07-12] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{EEB8EAC9-FEEE-41BD-8735-FE65E71DF980}: [NameServer]195.34.133.21,195.34.133.22
FireFox:
========
FF ProfilePath: C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\searchplugins\winamp-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: adblockpopups - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: No Name - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-14] (TuneUp Software)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [1127032 2011-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-03-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2011-03-03] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110429.002\IDSvia64.sys [476792 2011-03-14] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110501.002\ENG64.SYS [117880 2011-03-31] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110501.002\EX64.SYS [1828984 2011-03-31] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-28] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-23 22:36 - 2013-10-23 22:36 - 01955374 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2013-10-22 20:16 - 2013-10-22 20:16 - 00891167 _____ C:\Users\Franz\Desktop\SecurityCheck.exe
2013-10-22 20:14 - 2013-10-22 20:14 - 02347384 _____ (ESET) C:\Users\Franz\Desktop\esetsmartinstaller_enu.exe
2013-10-22 20:14 - 2013-10-22 20:14 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-21 20:30 - 2013-10-21 20:30 - 00001659 _____ C:\Users\Franz\Desktop\JRT.txt
2013-10-21 20:20 - 2013-10-21 20:20 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 20:04 - 2013-10-21 20:13 - 00000000 ____D C:\AdwCleaner
2013-10-21 19:59 - 2013-10-21 19:59 - 00003503 _____ C:\Users\Franz\Desktop\malware.txt
2013-10-21 19:43 - 2013-10-21 19:43 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 19:42 - 2013-10-21 19:41 - 01033335 _____ (Thisisu) C:\Users\Franz\Desktop\JRT.exe
2013-10-21 19:40 - 2013-10-21 19:40 - 01060070 _____ C:\Users\Franz\Desktop\adwcleaner.exe
2013-10-21 19:39 - 2013-10-21 19:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Franz\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-20 20:44 - 2013-10-20 20:44 - 00028767 _____ C:\ComboFix.txt
2013-10-20 20:30 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-20 20:30 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-20 20:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-20 20:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-20 20:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-20 20:30 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-20 20:30 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-20 20:30 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-20 20:29 - 2013-10-20 20:44 - 00000000 ____D C:\Qoobox
2013-10-20 20:29 - 2013-10-20 20:42 - 00000000 ____D C:\Windows\erdnt
2013-10-20 20:29 - 2013-10-20 20:29 - 00000000 ____D C:\Users\Franz\AppData\Roaming\GetRightToGo
2013-10-20 20:28 - 2013-10-20 20:28 - 00368256 _____ (RegNow.com) C:\Users\Franz\Desktop\Download_MaxSDDMnew.exe
2013-10-20 20:19 - 2013-10-20 20:19 - 05135479 ____R (Swearware) C:\Users\Franz\Downloads\ComboFix.exe
2013-10-20 20:00 - 2013-10-20 20:00 - 05135479 _____ (Swearware) C:\Users\Franz\Desktop\ComboFix.exe.part
2013-10-20 18:43 - 2013-10-20 18:43 - 00026322 _____ C:\Users\Franz\Desktop\Addition.txt
2013-10-20 18:42 - 2013-10-20 18:42 - 00000000 ____D C:\FRST
2013-10-20 17:46 - 2013-10-20 18:12 - 00124174 _____ C:\Users\Franz\Desktop\OTL.Txt
2013-10-20 17:30 - 2013-10-20 17:30 - 00602112 _____ (OldTimer Tools) C:\Users\Franz\Desktop\OTL.exe
2013-10-11 08:56 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 08:56 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 08:56 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 08:56 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 08:56 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 08:56 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 08:56 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 08:55 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 08:55 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 08:55 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 08:55 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 08:55 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 08:55 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 08:55 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 08:55 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 08:55 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 08:55 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 08:35 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 08:35 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 08:35 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 08:35 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-11 08:35 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 08:35 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 08:35 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 08:35 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-11 08:35 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 08:35 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-11 08:35 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-11 08:35 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-11 08:35 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-11 08:35 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-11 08:35 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-11 08:35 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-11 08:35 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-11 08:35 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-11 08:35 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-11 08:35 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 08:35 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-11 08:35 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 08:35 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 08:35 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 08:35 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 08:35 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-11 08:35 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-11 08:35 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 08:35 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-11 08:35 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 08:35 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 08:35 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 08:35 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 08:35 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 08:35 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 08:35 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 08:35 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 08:35 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 08:35 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 08:35 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 08:35 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 08:35 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 08:35 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 08:34 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 08:34 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 08:34 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:34 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
==================== One Month Modified Files and Folders =======
2013-10-23 22:36 - 2013-10-23 22:36 - 01955374 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2013-10-23 22:22 - 2010-12-01 01:47 - 01795971 _____ C:\Windows\WindowsUpdate.log
2013-10-23 22:09 - 2012-04-15 21:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-23 00:11 - 2009-07-14 06:51 - 00103719 _____ C:\Windows\setupact.log
2013-10-22 20:16 - 2013-10-22 20:16 - 00891167 _____ C:\Users\Franz\Desktop\SecurityCheck.exe
2013-10-22 20:14 - 2013-10-22 20:14 - 02347384 _____ (ESET) C:\Users\Franz\Desktop\esetsmartinstaller_enu.exe
2013-10-22 20:14 - 2013-10-22 20:14 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-22 20:08 - 2010-07-12 23:48 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-10-22 20:08 - 2010-07-12 23:48 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-10-22 20:08 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-22 20:03 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-22 20:03 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-22 19:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-21 20:30 - 2013-10-21 20:30 - 00001659 _____ C:\Users\Franz\Desktop\JRT.txt
2013-10-21 20:20 - 2013-10-21 20:20 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 20:13 - 2013-10-21 20:04 - 00000000 ____D C:\AdwCleaner
2013-10-21 20:00 - 2011-03-03 03:06 - 00025658 _____ C:\Windows\PFRO.log
2013-10-21 19:59 - 2013-10-21 19:59 - 00003503 _____ C:\Users\Franz\Desktop\malware.txt
2013-10-21 19:43 - 2013-10-21 19:43 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 19:43 - 2011-05-28 14:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-21 19:41 - 2013-10-21 19:42 - 01033335 _____ (Thisisu) C:\Users\Franz\Desktop\JRT.exe
2013-10-21 19:40 - 2013-10-21 19:40 - 01060070 _____ C:\Users\Franz\Desktop\adwcleaner.exe
2013-10-21 19:39 - 2013-10-21 19:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Franz\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-20 20:44 - 2013-10-20 20:44 - 00028767 _____ C:\ComboFix.txt
2013-10-20 20:44 - 2013-10-20 20:29 - 00000000 ____D C:\Qoobox
2013-10-20 20:44 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-20 20:42 - 2013-10-20 20:29 - 00000000 ____D C:\Windows\erdnt
2013-10-20 20:41 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-20 20:29 - 2013-10-20 20:29 - 00000000 ____D C:\Users\Franz\AppData\Roaming\GetRightToGo
2013-10-20 20:28 - 2013-10-20 20:28 - 00368256 _____ (RegNow.com) C:\Users\Franz\Desktop\Download_MaxSDDMnew.exe
2013-10-20 20:19 - 2013-10-20 20:19 - 05135479 ____R (Swearware) C:\Users\Franz\Downloads\ComboFix.exe
2013-10-20 20:00 - 2013-10-20 20:00 - 05135479 _____ (Swearware) C:\Users\Franz\Desktop\ComboFix.exe.part
2013-10-20 18:43 - 2013-10-20 18:43 - 00026322 _____ C:\Users\Franz\Desktop\Addition.txt
2013-10-20 18:42 - 2013-10-20 18:42 - 00000000 ____D C:\FRST
2013-10-20 18:12 - 2013-10-20 17:46 - 00124174 _____ C:\Users\Franz\Desktop\OTL.Txt
2013-10-20 17:30 - 2013-10-20 17:30 - 00602112 _____ (OldTimer Tools) C:\Users\Franz\Desktop\OTL.exe
2013-10-20 17:25 - 2011-03-03 20:10 - 00000000 ____D C:\Users\Franz
2013-10-20 17:23 - 2010-12-01 02:02 - 00000000 ____D C:\ProgramData\Norton
2013-10-20 17:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-10-17 00:17 - 2011-10-18 22:25 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-17 00:16 - 2011-10-18 22:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-17 00:16 - 2011-10-18 22:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-12 17:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 16:18 - 2009-07-14 06:45 - 01923272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 16:14 - 2012-05-12 19:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 16:14 - 2012-05-12 19:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 08:47 - 2013-08-13 08:58 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 08:44 - 2011-12-04 10:28 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 21:07 - 2012-04-15 21:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 21:07 - 2012-04-15 21:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 21:07 - 2011-12-12 21:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-06 23:52 - 2012-04-08 18:49 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFRANZ-HP$
2013-10-06 23:52 - 2012-04-08 18:49 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForFRANZ-HP$.job
2013-10-05 18:16 - 2012-12-15 19:38 - 00000000 ____D C:\Users\Franz\Desktop\Zeichnungen
2013-10-05 18:09 - 2012-03-30 18:11 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFranz
2013-10-05 18:09 - 2012-03-30 18:11 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForFranz.job
2013-09-23 01:28 - 2013-10-11 08:55 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-11 08:55 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-11 08:56 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 01:27 - 2013-10-11 08:55 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-11 08:55 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-11 08:55 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 00:55 - 2013-10-11 08:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:55 - 2013-10-11 08:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-11 08:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-11 08:56 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 00:54 - 2013-10-11 08:55 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-11 08:55 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-11 08:55 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
ZeroAccess:
C:\Users\Franz\AppData\Local\74fbc95f
C:\Users\Franz\AppData\Local\74fbc95f\@
Files to move or delete:
====================
C:\ProgramData\hpeE649.dll
Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
LastRegBack: 2013-10-21 23:08
==================== End Of Log ============================
|
|
24.10.2013, 10:43
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7 - BKA TROJANER Österreich - Logfileanalyse Java und Adobe updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ZeroAccess:
C:\Users\Franz\AppData\Local\74fbc95f
C:\Users\Franz\AppData\Local\74fbc95f\@
DeleteJunctionsIndirectory: C:\Windows\system64
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.10.2013, 17:41
| #13 |
| | Windows 7 - BKA TROJANER Österreich - LogfileanalyseCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013
Ran by Franz at 2013-10-24 18:26:47 Run:1
Running from C:\Users\Franz\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ZeroAccess:
C:\Users\Franz\AppData\Local\74fbc95f
C:\Users\Franz\AppData\Local\74fbc95f\@
DeleteJunctionsIndirectory: C:\Windows\system64
*****************
C:\Users\Franz\AppData\Local\74fbc95f => Moved successfully.
"C:\Users\Franz\AppData\Local\74fbc95f\@" => File/Directory not found.
"C:\Windows\system64" => Deleting reparse point and unlocking started.
"C:\Windows\system64" => Deleting reparse point and unlocking done.
"C:\Windows\system64" => Deleting reparse point and unlocking completed.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by Franz (administrator) on FRANZ-HP on 24-10-2013 18:27:30
Running from C:\Users\Franz\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1238016 2013-07-27] (Easybits)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6F48B164-2B38-452A-9325-FBE4E4B9B0AC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {67630CB6-0DB0-4315-9961-6F2CFBD11C5D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM - {818A0CD6-9369-47FB-8683-33CC265146B4} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {67630CB6-0DB0-4315-9961-6F2CFBD11C5D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKCU - DefaultScope {6F48B164-2B38-452A-9325-FBE4E4B9B0AC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {67630CB6-0DB0-4315-9961-6F2CFBD11C5D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2010-07-12] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{EEB8EAC9-FEEE-41BD-8735-FE65E71DF980}: [NameServer]195.34.133.21,195.34.133.22
FireFox:
========
FF ProfilePath: C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\searchplugins\winamp-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: adblockpopups - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: No Name - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\gk4zqspb.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-14] (TuneUp Software)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [1127032 2011-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-03-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2011-03-03] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110429.002\IDSvia64.sys [476792 2011-03-14] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110501.002\ENG64.SYS [117880 2011-03-31] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110501.002\EX64.SYS [1828984 2011-03-31] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-28] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-24 18:25 - 2013-10-24 18:25 - 01955412 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2013-10-24 18:14 - 2013-10-24 18:14 - 00448512 _____ (OldTimer Tools) C:\Users\Franz\Desktop\TFC.exe
2013-10-22 20:16 - 2013-10-22 20:16 - 00891167 _____ C:\Users\Franz\Desktop\SecurityCheck.exe
2013-10-22 20:14 - 2013-10-22 20:14 - 02347384 _____ (ESET) C:\Users\Franz\Desktop\esetsmartinstaller_enu.exe
2013-10-22 20:14 - 2013-10-22 20:14 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-21 20:30 - 2013-10-21 20:30 - 00001659 _____ C:\Users\Franz\Desktop\JRT.txt
2013-10-21 20:20 - 2013-10-21 20:20 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 20:04 - 2013-10-21 20:13 - 00000000 ____D C:\AdwCleaner
2013-10-21 19:59 - 2013-10-21 19:59 - 00003503 _____ C:\Users\Franz\Desktop\malware.txt
2013-10-21 19:43 - 2013-10-21 19:43 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 19:42 - 2013-10-21 19:41 - 01033335 _____ (Thisisu) C:\Users\Franz\Desktop\JRT.exe
2013-10-21 19:40 - 2013-10-21 19:40 - 01060070 _____ C:\Users\Franz\Desktop\adwcleaner.exe
2013-10-21 19:39 - 2013-10-21 19:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Franz\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-20 20:44 - 2013-10-20 20:44 - 00028767 _____ C:\ComboFix.txt
2013-10-20 20:30 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-20 20:30 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-20 20:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-20 20:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-20 20:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-20 20:30 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-20 20:30 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-20 20:30 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-20 20:29 - 2013-10-20 20:44 - 00000000 ____D C:\Qoobox
2013-10-20 20:29 - 2013-10-20 20:42 - 00000000 ____D C:\Windows\erdnt
2013-10-20 20:29 - 2013-10-20 20:29 - 00000000 ____D C:\Users\Franz\AppData\Roaming\GetRightToGo
2013-10-20 20:28 - 2013-10-20 20:28 - 00368256 _____ (RegNow.com) C:\Users\Franz\Desktop\Download_MaxSDDMnew.exe
2013-10-20 20:19 - 2013-10-20 20:19 - 05135479 ____R (Swearware) C:\Users\Franz\Downloads\ComboFix.exe
2013-10-20 20:00 - 2013-10-20 20:00 - 05135479 _____ (Swearware) C:\Users\Franz\Desktop\ComboFix.exe.part
2013-10-20 18:43 - 2013-10-20 18:43 - 00026322 _____ C:\Users\Franz\Desktop\Addition.txt
2013-10-20 18:42 - 2013-10-20 18:42 - 00000000 ____D C:\FRST
2013-10-20 17:46 - 2013-10-20 18:12 - 00124174 _____ C:\Users\Franz\Desktop\OTL.Txt
2013-10-20 17:30 - 2013-10-20 17:30 - 00602112 _____ (OldTimer Tools) C:\Users\Franz\Desktop\OTL.exe
2013-10-11 08:56 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 08:56 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 08:56 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 08:56 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 08:56 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 08:56 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 08:56 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 08:56 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 08:56 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 08:55 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 08:55 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 08:55 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 08:55 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 08:55 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 08:55 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 08:55 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 08:55 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 08:55 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 08:55 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 08:35 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 08:35 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 08:35 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 08:35 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-11 08:35 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 08:35 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 08:35 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 08:35 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-11 08:35 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 08:35 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-11 08:35 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-11 08:35 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-11 08:35 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-11 08:35 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-11 08:35 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-11 08:35 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-11 08:35 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-11 08:35 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-11 08:35 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-11 08:35 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 08:35 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-11 08:35 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 08:35 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 08:35 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 08:35 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 08:35 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-11 08:35 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-11 08:35 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 08:35 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-11 08:35 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 08:35 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 08:35 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 08:35 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 08:35 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 08:35 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 08:35 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 08:35 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 08:35 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 08:35 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 08:35 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 08:35 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 08:35 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 08:35 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 08:34 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 08:34 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 08:34 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:34 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
==================== One Month Modified Files and Folders =======
2013-10-24 18:25 - 2013-10-24 18:25 - 01955412 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2013-10-24 18:14 - 2013-10-24 18:14 - 00448512 _____ (OldTimer Tools) C:\Users\Franz\Desktop\TFC.exe
2013-10-24 18:07 - 2012-04-15 21:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-24 17:51 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-24 17:51 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-24 17:49 - 2010-12-01 01:47 - 01815783 _____ C:\Windows\WindowsUpdate.log
2013-10-24 17:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-24 17:44 - 2009-07-14 06:51 - 00103775 _____ C:\Windows\setupact.log
2013-10-22 20:16 - 2013-10-22 20:16 - 00891167 _____ C:\Users\Franz\Desktop\SecurityCheck.exe
2013-10-22 20:14 - 2013-10-22 20:14 - 02347384 _____ (ESET) C:\Users\Franz\Desktop\esetsmartinstaller_enu.exe
2013-10-22 20:14 - 2013-10-22 20:14 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-22 20:08 - 2010-07-12 23:48 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-10-22 20:08 - 2010-07-12 23:48 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-10-22 20:08 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-21 20:30 - 2013-10-21 20:30 - 00001659 _____ C:\Users\Franz\Desktop\JRT.txt
2013-10-21 20:20 - 2013-10-21 20:20 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 20:13 - 2013-10-21 20:04 - 00000000 ____D C:\AdwCleaner
2013-10-21 20:00 - 2011-03-03 03:06 - 00025658 _____ C:\Windows\PFRO.log
2013-10-21 19:59 - 2013-10-21 19:59 - 00003503 _____ C:\Users\Franz\Desktop\malware.txt
2013-10-21 19:43 - 2013-10-21 19:43 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 19:43 - 2011-05-28 14:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-21 19:41 - 2013-10-21 19:42 - 01033335 _____ (Thisisu) C:\Users\Franz\Desktop\JRT.exe
2013-10-21 19:40 - 2013-10-21 19:40 - 01060070 _____ C:\Users\Franz\Desktop\adwcleaner.exe
2013-10-21 19:39 - 2013-10-21 19:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Franz\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-20 20:44 - 2013-10-20 20:44 - 00028767 _____ C:\ComboFix.txt
2013-10-20 20:44 - 2013-10-20 20:29 - 00000000 ____D C:\Qoobox
2013-10-20 20:44 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-20 20:42 - 2013-10-20 20:29 - 00000000 ____D C:\Windows\erdnt
2013-10-20 20:41 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-20 20:29 - 2013-10-20 20:29 - 00000000 ____D C:\Users\Franz\AppData\Roaming\GetRightToGo
2013-10-20 20:28 - 2013-10-20 20:28 - 00368256 _____ (RegNow.com) C:\Users\Franz\Desktop\Download_MaxSDDMnew.exe
2013-10-20 20:19 - 2013-10-20 20:19 - 05135479 ____R (Swearware) C:\Users\Franz\Downloads\ComboFix.exe
2013-10-20 20:00 - 2013-10-20 20:00 - 05135479 _____ (Swearware) C:\Users\Franz\Desktop\ComboFix.exe.part
2013-10-20 18:43 - 2013-10-20 18:43 - 00026322 _____ C:\Users\Franz\Desktop\Addition.txt
2013-10-20 18:42 - 2013-10-20 18:42 - 00000000 ____D C:\FRST
2013-10-20 18:12 - 2013-10-20 17:46 - 00124174 _____ C:\Users\Franz\Desktop\OTL.Txt
2013-10-20 17:30 - 2013-10-20 17:30 - 00602112 _____ (OldTimer Tools) C:\Users\Franz\Desktop\OTL.exe
2013-10-20 17:25 - 2011-03-03 20:10 - 00000000 ____D C:\Users\Franz
2013-10-20 17:23 - 2010-12-01 02:02 - 00000000 ____D C:\ProgramData\Norton
2013-10-20 17:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-10-17 00:17 - 2011-10-18 22:25 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-17 00:16 - 2011-10-18 22:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-17 00:16 - 2011-10-18 22:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-12 17:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 16:18 - 2009-07-14 06:45 - 01923272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 16:14 - 2012-05-12 19:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 16:14 - 2012-05-12 19:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 08:47 - 2013-08-13 08:58 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 08:44 - 2011-12-04 10:28 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 21:07 - 2012-04-15 21:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 21:07 - 2012-04-15 21:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 21:07 - 2011-12-12 21:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-06 23:52 - 2012-04-08 18:49 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFRANZ-HP$
2013-10-06 23:52 - 2012-04-08 18:49 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForFRANZ-HP$.job
2013-10-05 18:16 - 2012-12-15 19:38 - 00000000 ____D C:\Users\Franz\Desktop\Zeichnungen
2013-10-05 18:09 - 2012-03-30 18:11 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFranz
2013-10-05 18:09 - 2012-03-30 18:11 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForFranz.job
Files to move or delete:
====================
C:\ProgramData\hpeE649.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-21 23:08
==================== End Of Log ============================
|
|
25.10.2013, 09:55
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7 - BKA TROJANER Österreich - Logfileanalyse Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.10.2013, 18:55
| #15 |
| | Windows 7 - BKA TROJANER Österreich - Logfileanalyse Hallo Schrauber, VIELEN DANK für die tolle Hilfe. Habe mir alles besorgt was du vorgeschlagen hast, habe aber noch eine Frage zum WOT: Was mache ich mit der datei, wenn es entpackt ist? Was ist eine .xpi Datei? Danke mfg hardXtimes |
|
| Themen zu Windows 7 - BKA TROJANER Österreich - Logfileanalyse |
| adware.clickpotato, adware.questscan, adware.softomate, applaus, autorun, bho, bingbar, browser.exe, canon, converter, diner dash, failed, firefox, flash player, iexplore.exe, install.exe, launch, malware.trace, microsoft office starter 2010, mozilla, mp3, plug-in, pup.offerbundler.st, pup.optional.opencandy, realtek, richtlinie, schannel.dll, security, software, symantec, system error, tablet, trojaner, windows |
Linear-Darstellung
