| |
| |||||||
Log-Analyse und Auswertung: Trojanerbefall mit Trojan.Zeroaccess.CWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
24.11.2013, 16:43
| #1 |
| |  Trojanerbefall mit Trojan.Zeroaccess.C Sorry, war ein Fehler beim Rüberkopieren. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2013 03
Ran by Henning (administrator) on HENNING-PC on 24-11-2013 13:15:50
Running from C:\Users\Henning\Downloads\HIV
Windows Vista (TM) Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712 2007-10-08] (Intel Corporation)
HKLM\...\Run: [CLMLServer] - C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6724128 2009-02-03] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [1848648 2008-03-17] (CANON INC.)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-02-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Henning\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Henning\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-09] (Spotify Ltd)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
MountPoints2: {28a038ef-4ba0-11de-a5ab-806e6f6e6963} - E:\shelexec.exe .\starter.html
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Henning_2\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Henning_2\...\Run: [BullGuard] - "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe"
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=b5290a1d-5ca8-4174-a1ca-5b5ae6957579&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=12/06/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=b5290a1d-5ca8-4174-a1ca-5b5ae6957579&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=12/06/2013&type=hp1000
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=20.4.0.40
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385281685&from=cor&uid=HitachiXHDT721010SLA360_STF605MH2KGGSK2KGGSKX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1385281685&from=cor&uid=HitachiXHDT721010SLA360_STF605MH2KGGSK2KGGSKX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1385281685&from=cor&uid=HitachiXHDT721010SLA360_STF605MH2KGGSK2KGGSKX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385281685&from=cor&uid=HitachiXHDT721010SLA360_STF605MH2KGGSK2KGGSKX&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=b5290a1d-5ca8-4174-a1ca-5b5ae6957579&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=12/06/2013&type=hp1000
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385281685&from=cor&uid=HitachiXHDT721010SLA360_STF605MH2KGGSK2KGGSKX&q={searchTerms}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={9E21B237-B25D-4344-A25A-932CAF4150DC}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=b5290a1d-5ca8-4174-a1ca-5b5ae6957579&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=12/06/2013&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=b5290a1d-5ca8-4174-a1ca-5b5ae6957579&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=12/06/2013&type=hp1000
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121562&babsrc=SP_ss_din2g&mntrId=CEDA002243724B07
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=DE&ver=5
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={9E21B237-B25D-4344-A25A-932CAF4150DC}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\lyvxu0zx.default
FF user.js: detected! => C:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\lyvxu0zx.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\lyvxu0zx.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\lyvxu0zx.default\searchplugins\SweetIM Search.xml
FF SearchPlugin: C:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\lyvxu0zx.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\lyvxu0zx.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\lyvxu0zx.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Adblock Plus - C:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\lyvxu0zx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\lyvxu0zx.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF Extension: AutoPager - C:\Program Files\Mozilla Firefox\extensions\autopager@mozilla.org
FF Extension: COMPUTER BILD Fox Config Helper - C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de
FF Extension: Personal Menu - C:\Program Files\Mozilla Firefox\extensions\CompactMenuCE@Merci.chao
FF Extension: Lazarus: Form Recovery - C:\Program Files\Mozilla Firefox\extensions\lazarus@interclue.com
FF Extension: Metaswitcher - C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de
FF Extension: printpdf - C:\Program Files\Mozilla Firefox\extensions\printpdf@pavlov.net
FF Extension: Forecastfox - C:\Program Files\Mozilla Firefox\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: ColorfulTabs - C:\Program Files\Mozilla Firefox\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF Extension: 瀏覽頁組管理員 - C:\Program Files\Mozilla Firefox\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF Extension: Site Launcher - C:\Program Files\Mozilla Firefox\extensions\{20291fcc-1471-46c8-8213-5911f5ce6d67}
FF Extension: Split Browser - C:\Program Files\Mozilla Firefox\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF Extension: Minimap Addon - C:\Program Files\Mozilla Firefox\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: CoolPreviews - C:\Program Files\Mozilla Firefox\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF Extension: BetterPrivacy - C:\Program Files\Mozilla Firefox\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF Extension: DownThemAll! - C:\Program Files\Mozilla Firefox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF Extension: FoxTab - C:\Program Files\Mozilla Firefox\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF Extension: GooglePreview - C:\Program Files\Mozilla Firefox\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
========================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Users\Henning\Desktop\Bildbearbeitung\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 InCDsrv; C:\Program Files\Ahead\InCD\InCDsrv.exe [794686 2003-08-07] (AHEAD Software)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [247152 2009-02-25] ()
S2 SharedAccess; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435008 2012-10-10] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604488 2010-02-15] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1052480 2011-11-21] (TuneUp Software)
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2009-05-30] ()
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131114.001\BHDrvx86.sys [1096280 2013-10-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-05-22] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131122.001\IDSvix86.sys [393816 2013-10-28] (Symantec Corporation)
R4 InCDfs; C:\Windows\System32\Drivers\InCDfs.sys [87872 2003-08-07] ()
R1 InCDPass; C:\Windows\System32\DRIVERS\InCDPass.sys [28464 2003-08-07] (Ahead Software)
U1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [5264 2003-08-07] (Ahead Software AG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2009-05-30] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131123.001\NAVENG.SYS [93272 2013-11-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131123.001\NAVEX15.SYS [1612376 2013-11-20] (Symantec Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-04] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [36512 2013-03-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-24] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2010-02-25] (TuneUp Software)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files\HomeCinema\PowerDVD9\000.fcl [87536 2009-03-30] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Profos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys [x]
S3 SYMFW; \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [x]
S3 Trufos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-24 13:15 - 2013-11-24 13:15 - 00000000 ____D C:\FRST
2013-11-24 13:12 - 2013-11-24 13:12 - 00000000 _____ C:\Users\Henning\defogger_reenable
2013-11-24 12:53 - 2013-11-24 12:52 - 01091525 _____ (Farbar) C:\Users\Henning\Downloads\FRST.bin
2013-11-24 12:53 - 2013-11-24 12:52 - 00377856 _____ C:\Users\Henning\Downloads\gmer_2.bin
2013-11-24 12:39 - 2013-11-24 13:15 - 00000000 ____D C:\Users\Henning\Downloads\HIV
2013-11-24 12:26 - 2013-11-24 12:25 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Henning\Downloads\tdsskiller.bin
2013-11-24 12:17 - 2013-11-24 12:17 - 00000341 _____ C:\Users\Henning\Desktop\Henning - Verknüpfung.lnk
2013-11-24 10:10 - 2013-11-24 10:10 - 00000104 _____ C:\Users\Henning\Desktop\Internet - Verknüpfung.lnk
2013-11-24 09:37 - 2013-11-24 09:36 - 00050477 _____ C:\Users\Henning\Downloads\Defogger.bin
2013-11-24 09:33 - 2013-11-24 09:33 - 00000000 ____D C:\Users\Henning\Documents\PC Speed Maximizer
2013-11-24 09:28 - 2013-11-24 09:28 - 00000000 ____D C:\Users\Henning\AppData\Roaming\0D0S1L2Z1P1B
2013-11-24 09:27 - 2013-11-24 09:47 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-11-24 09:26 - 2013-11-24 09:25 - 00680560 _____ C:\Users\Henning\Downloads\ZipExtractorSetup-1.exe
2013-11-23 17:16 - 2013-11-24 09:50 - 00000000 ____D C:\Program Files\Vertus Fluid Mask 3
2013-11-14 22:01 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 22:01 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 22:01 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 22:01 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 22:01 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 22:01 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 22:01 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 22:01 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 22:01 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 22:01 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 22:01 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 22:01 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 22:01 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 22:01 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 22:01 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 22:01 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 15:36 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 15:36 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 15:36 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-14 15:36 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 15:36 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-05 13:26 - 2013-11-05 13:44 - 00012072 _____ C:\Users\Henning\Documents\UMSATZ INSGESAMT.xlsx
2013-10-28 18:23 - 2013-10-28 18:23 - 00000000 ____D C:\Users\Henning\AppData\Roaming\NVIDIA
2013-10-27 22:12 - 2013-10-27 22:12 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-27 22:07 - 2013-10-16 01:41 - 22933280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 15858664 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 10378528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-27 22:07 - 2013-10-16 01:41 - 09516872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 09472600 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 02946848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 02747168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 01049888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3233158.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 00893728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3233158.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 00018174 _____ C:\Windows\system32\nvinfo.pb
2013-10-27 22:03 - 2013-10-27 22:03 - 00000000 ____D C:\ff30b1098de6f36159d7d76f53b1fb7a
2013-10-27 22:01 - 2013-10-27 22:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-27 21:55 - 2013-10-27 22:06 - 197692208 _____ (NVIDIA Corporation) C:\Users\Henning\Downloads\331.58-desktop-win8-win7-winvista-32bit-international-whql.exe
2013-10-27 18:05 - 2013-10-27 18:05 - 00000000 ____D C:\Users\Henning\AppData\Roaming\SuperEasy Software
==================== One Month Modified Files and Folders =======
2013-11-24 13:15 - 2013-11-24 13:15 - 00000000 ____D C:\FRST
2013-11-24 13:15 - 2013-11-24 12:39 - 00000000 ____D C:\Users\Henning\Downloads\HIV
2013-11-24 13:12 - 2013-11-24 13:12 - 00000000 _____ C:\Users\Henning\defogger_reenable
2013-11-24 13:12 - 2009-05-28 17:16 - 00000000 ____D C:\Users\Henning
2013-11-24 12:52 - 2013-11-24 12:53 - 01091525 _____ (Farbar) C:\Users\Henning\Downloads\FRST.bin
2013-11-24 12:52 - 2013-11-24 12:53 - 00377856 _____ C:\Users\Henning\Downloads\gmer_2.bin
2013-11-24 12:32 - 2010-01-06 19:19 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-24 12:28 - 2010-05-13 16:31 - 00000000 ____D C:\Users\Henning\KATJA
2013-11-24 12:25 - 2013-11-24 12:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Henning\Downloads\tdsskiller.bin
2013-11-24 12:18 - 2012-04-13 14:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-24 12:17 - 2013-11-24 12:17 - 00000341 _____ C:\Users\Henning\Desktop\Henning - Verknüpfung.lnk
2013-11-24 12:16 - 2011-01-11 17:00 - 00000000 ____D C:\Users\Henning\Desktop\Bildbearbeitung
2013-11-24 11:55 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-24 11:55 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-24 10:10 - 2013-11-24 10:10 - 00000104 _____ C:\Users\Henning\Desktop\Internet - Verknüpfung.lnk
2013-11-24 10:06 - 2013-07-12 07:01 - 00000680 _____ C:\Users\Henning\AppData\Local\d3d9caps.dat
2013-11-24 10:06 - 2010-01-06 19:19 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-24 10:03 - 2009-05-28 17:15 - 00000868 _____ C:\Windows\Tasks\Google Software Updater.job
2013-11-24 09:59 - 2009-05-28 17:12 - 01087811 _____ C:\Windows\WindowsUpdate.log
2013-11-24 09:56 - 2009-06-04 17:10 - 00000000 ____D C:\Users\Katy\AppData\Roaming\Adobe
2013-11-24 09:55 - 2009-06-26 18:54 - 00000000 ____D C:\Users\Katy\AppData\Local\Adobe
2013-11-24 09:55 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 09:54 - 2011-12-04 16:46 - 00042300 _____ C:\Windows\PFRO.log
2013-11-24 09:52 - 2006-11-02 14:01 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-24 09:50 - 2013-11-23 17:16 - 00000000 ____D C:\Program Files\Vertus Fluid Mask 3
2013-11-24 09:47 - 2013-11-24 09:27 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-11-24 09:46 - 2009-05-28 17:17 - 00000913 _____ C:\Users\Henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-24 09:36 - 2013-11-24 09:37 - 00050477 _____ C:\Users\Henning\Downloads\Defogger.bin
2013-11-24 09:33 - 2013-11-24 09:33 - 00000000 ____D C:\Users\Henning\Documents\PC Speed Maximizer
2013-11-24 09:28 - 2013-11-24 09:28 - 00000000 ____D C:\Users\Henning\AppData\Roaming\0D0S1L2Z1P1B
2013-11-24 09:28 - 2009-05-28 20:20 - 00000000 ____D C:\Users\Henning\AppData\Local\Google
2013-11-24 09:27 - 2011-06-20 15:09 - 00000000 ____D C:\Users\Henning\AppData\Local\CrashDumps
2013-11-24 09:25 - 2013-11-24 09:26 - 00680560 _____ C:\Users\Henning\Downloads\ZipExtractorSetup-1.exe
2013-11-23 22:26 - 2009-06-02 16:12 - 00002593 _____ C:\Users\Henning\Desktop\Microsoft Office Excel 2007.lnk
2013-11-23 21:47 - 2012-08-09 17:09 - 00006204 _____ C:\Windows\setupact.log
2013-11-23 17:31 - 2009-05-28 17:15 - 00000000 ____D C:\Program Files\Google
2013-11-23 13:41 - 2009-06-04 15:38 - 00000000 ____D C:\Users\Henning\AppData\Local\Adobe
2013-11-23 12:55 - 2009-06-03 16:03 - 00039936 _____ C:\Users\Henning\Documents\Mitsubishi.xls
2013-11-23 12:24 - 2006-11-02 11:33 - 01452904 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-21 21:19 - 2013-07-07 18:43 - 00000000 ____D C:\Windows\tracing
2013-11-17 19:48 - 2013-05-29 16:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 09:36 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-15 09:18 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-14 22:01 - 2009-04-02 15:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 22:00 - 2013-08-14 20:52 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:56 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-13 17:22 - 2009-06-02 16:12 - 00002591 _____ C:\Users\Henning\Desktop\Microsoft Office Word 2007.lnk
2013-11-06 16:15 - 2012-05-06 13:09 - 00011367 _____ C:\Users\Henning\Documents\Hyundai.xlsx
2013-11-05 17:35 - 2009-06-03 16:16 - 00000000 ____D C:\Users\Henning\Documents\Vorlagen privat
2013-11-05 13:44 - 2013-11-05 13:26 - 00012072 _____ C:\Users\Henning\Documents\UMSATZ INSGESAMT.xlsx
2013-10-30 17:52 - 2009-06-03 16:02 - 00030208 _____ C:\Users\Henning\Documents\Lohn.xls
2013-10-28 18:23 - 2013-10-28 18:23 - 00000000 ____D C:\Users\Henning\AppData\Roaming\NVIDIA
2013-10-28 16:35 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-27 22:15 - 2013-10-27 22:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-27 22:12 - 2013-10-27 22:12 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-27 22:06 - 2013-10-27 21:55 - 197692208 _____ (NVIDIA Corporation) C:\Users\Henning\Downloads\331.58-desktop-win8-win7-winvista-32bit-international-whql.exe
2013-10-27 22:03 - 2013-10-27 22:03 - 00000000 ____D C:\ff30b1098de6f36159d7d76f53b1fb7a
2013-10-27 22:01 - 2009-04-17 14:56 - 00000000 ____D C:\NVIDIA
2013-10-27 18:05 - 2013-10-27 18:05 - 00000000 ____D C:\Users\Henning\AppData\Roaming\SuperEasy Software
ZeroAccess:
C:\Users\Henning\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
Some content of TEMP:
====================
C:\Users\Henning\AppData\Local\Temp\377.5789522852455_Update.exe
C:\Users\Henning\AppData\Local\Temp\955.276187821656_Update.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-11-24 10:02
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2013 03
Ran by Henning at 2013-11-24 13:17:10
Running from C:\Users\Henning\Downloads\HIV
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 3.5.0.1060)
Adobe Download Assistant (Version: 1.2.3)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Photoshop Elements 11 (Version: 11.0)
Adobe Reader 9.5.2 - Deutsch (Version: 9.5.2)
Adobe Shockwave Player 11.5 (Version: 11.5)
Adobe SVG Viewer 3.0 (Version: 3.0)
Ahead InCD
Akamai NetSession Interface
Anti-Twin (Installation 17.09.2009)
Apple Application Support (Version: 1.0)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.1.116)
Ashampoo Photo Commander 6.40 (Version: 6.40)
Bonjour (Version: 1.0.106)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MOV Decoder (Version: 1.3.0.14)
Canon MOV Encoder (Version: 1.1.0.18)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.1.0.27)
Canon MP Navigator EX 2.0
Canon MP540 series Benutzerregistrierung
Canon MP540 series MP Drivers
Canon Utilities CameraWindow (Version: 7.2.0.2)
Canon Utilities CameraWindow DC (Version: 7.4.0.9)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.5.0.3)
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities MyCamera (Version: 7.2.0.4)
Canon Utilities MyCamera DC (Version: 7.2.0.5)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.8.0.1)
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX (Version: 6.3.0.7)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11)
CCleaner (remove only)
CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009)
Choice Guard (Version: 1.2.87.0)
Cleaning Suite v1.3
ColorKey 1
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Corel MediaOne (Version: 2.100.0000)
CorelDRAW Essential Edition 3 (Version: 3.0)
CyberLink LabelPrint (Version: 2.5.1616)
CyberLink MediaShow (Version: 4.1.2609)
CyberLink PhotoNow (Version: 1.1.5615)
CyberLink Power2Go (Version: 6.1.2806)
CyberLink PowerDirector (Version: 7.0.2718)
CyberLink PowerDVD 9 (Version: 9.0.1531)
CyberLink PowerDVD Copy (Version: 1.0.5611)
CyberLink PowerProducer (Version: 5.0.1.1412)
Data Download Utility (Version: 1.2.15.40)
DE (Version: 3.0)
DIE SIEDLER - Aufstieg eines Königreichs (Version: 1.00.0000)
Die Sims™ 3 (Version: 1.2.7)
Digital Image Recovery 1.47
Dynamic-Photo HDR Trial 4.2
EA Download Manager (Version: 5.0.0.288)
Elements 11 Organizer (Version: 11.0)
Elements+ for PSE 8 (demo)
Firebird SQL Server - MAGIX Edition (Version: 2.1.26.0)
FotoSketcher 1.98
Free DVD Creator version 2.0 (Version: 2.0)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
Google Updater (Version: 2.4.2432.1652)
Intel(R) Matrix Storage Manager
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 14.0.8050.1202)
LightScribe System Software (Version: 1.18.1.1)
locr GPS Photo (Version: 1.2.4)
MAGIX 3D Maker (embeded) (Version: 6.0.0.8)
MAGIX Fotobuch 3.6 (Version: 3.6)
MAGIX Fotos auf CD & DVD 9 deluxe Download-Version 9.0.0.19 (D) (Version: 9.0.0.19)
MAGIX Online Druck Service (Version: 3.4.3.0)
MAGIX Screenshare (Version: 4.3.6.1987)
MCE Software Encoder 1.1 (Version: 1.1.0.1918)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Camera Codec Pack (Version: 16.4.1734.1104)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyFreeCodec
NAVIGON Fresh 3.4.1 (Version: 3.4.1)
Nero Burning ROM - Express
Norton 360 (Version: 20.4.0.40)
NVIDIA Drivers (Version: 1.3)
NVIDIA PhysX (Version: 9.09.0203)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PDF Settings CS6 (Version: 11.0)
phonostar-Player Version 2.01.5
Photomatix Pro version 4.0.2 (Version: 4.0.2)
Photomizer (Version: 1.0.10.0827)
PhotoScape
Picasa 3 (Version: 3.9)
Pixum EasyBook
Pixum Fotobuch
PL-2303 Vista Driver Installer (Version: 3.2.0.0)
PSE11 STI Installer (Version: 11.0)
QuickTime (Version: 7.64.17.73)
RealNetworks - Microsoft Visual C++ 2005 Runtime (Version: 8.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5783)
Samsung Kies (Version: 2.3.2.12064_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0)
Servicepack Datumsaktualisierung (Version: 1.00.00.0005)
ShiftN 3.6 (Version: 3.6)
Silver Efex Pro 2 (Version: 2.0.0.6)
Skype Toolbars (Version: 5.3.7555)
Skype™ 5.10 (Version: 5.10.116)
SMPlayer 0.6.8 (Version: 0.6.8)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
SweetIM for Messenger 3.6 (Version: 3.6.0003)
SweetIM Toolbar for Internet Explorer 4.2 (Version: 4.2.0004)
t@x 2013 (Version: 20.00.8137)
Tinypic 3.14 (Version: Tinypic 3.14)
TuneUp Utilities (Version: 9.0.6030.1)
TuneUp Utilities 2009 (Version: 8.0.3310.3)
TuneUp Utilities Language Pack (de-DE) (Version: 9.0.6030.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update Manager (Version: 4.60)
VLC media player 1.1.5 (Version: 1.1.5)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Fotogalerie (Version: 14.0.8051.1204)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Writer (Version: 14.0.8050.1202)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
WinRAR archiver
XnView 1.98.5 (Version: 1.98.5)
Zip Extractor Packages
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0783323F-E08C-4ED4-BA83-A53D431F5523} - System32\Tasks\Real Networks Scheduler => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-23] (RealNetworks, Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4259795E-358B-4231-BBA3-0E78310111C7} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {60124213-62D8-4F33-94EA-63A34A11429E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files\TuneUp Utilities 2010\OneClick.exe [2011-11-21] (TuneUp Software)
Task: {67B544CB-2FD6-4061-9B0A-8FD98262E7C6} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-20] (Google)
Task: {7555C7A1-EAA5-4C67-A589-E69202AC8CA3} - System32\Tasks\SuperEasyDriverUpdaterRunAtStartup => C:\Program Files\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {761EFB18-20A4-4E8A-B0C6-2114E1E4E84D} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11] (Adobe Systems Incorporated)
Task: {79A44288-98FB-41FA-8E20-C23B5F7FA8FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {7E6AAC00-A837-4943-BF11-10F31960E1BE} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {8E89C278-A72A-4166-B9EF-3E5440118CB0} - System32\Tasks\Update Manager => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
Task: {902B40AD-CCC9-4312-900A-8C40EB38B40C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {987C1C73-7837-426E-8089-73739874560C} - System32\Tasks\{97F2AC85-2343-40C4-9B48-D8D5113AC038} => C:\Program Files\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {AC5F9D5E-B28A-46D5-BFBD-7467BDC82980} - System32\Tasks\AdobeAAMUpdater-1.0-Henning-PC-Henning => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {B35B1F5F-F43F-4B0C-88B9-9C7916B529EE} - System32\Tasks\Google Updater and Installer => C:\Users\Henning\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {B3EDCAA1-B7CD-482E-A213-47AA6896074E} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {CDF866E1-4D01-4B1A-A8AD-31B003D27535} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {DD0FB0F5-415C-4E45-A337-A229F9672ABF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {E4FE3C4F-3059-4425-BC12-7B3DE6C6E70C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EB2E1DDC-EC83-467F-9DD6-18AC8BE43813} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:7631EA83
AlternateDataStreams: C:\Users\Henning\Documents\TuneUp.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Could not list Devices. Check WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/24/2013 09:55:29 AM) (Source: WinMgmt) (User: )
Description: 0x8007007e
Error: (11/24/2013 09:29:07 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Das erforderliche "name"-Attribut fehlt im assemblyIdentity-Element.
Error: (11/24/2013 09:27:58 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Das erforderliche "name"-Attribut fehlt im assemblyIdentity-Element.
Error: (11/24/2013 09:27:15 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung wajam_validate.exe, Version 0.0.0.0, Zeitstempel 0x520bdc41, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18704, Zeitstempel 0x5065ccb6, Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fc16,
Prozess-ID 0x15f8, Anwendungsstartzeit wajam_validate.exe0.
Error: (11/24/2013 08:49:03 AM) (Source: WinMgmt) (User: )
Description: 0x8007007e
Error: (11/23/2013 11:30:28 PM) (Source: System Restore) (User: )
Description: Fehler beim Initiieren der Systemwiederherstellung (Geplanter Prüfpunkt).
Error: (11/23/2013 11:26:48 PM) (Source: System Restore) (User: )
Description: Fehler beim Initiieren der Systemwiederherstellung (Geplanter Prüfpunkt).
Error: (11/23/2013 06:57:52 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e
Error: (11/23/2013 06:06:58 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e
Error: (11/23/2013 05:52:14 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e
System errors:
=============
Error: (11/19/2013 09:15:54 PM) (Source: DCOM) (User: Henning-PC)
Description: AnwendungsspezifischLokalAktivierung{A47979D2-C419-11D9-A5B4-001185AD2B89}Henning-PCHenningS-1-5-21-2002357204-1554889832-2669662630-1000LocalHost (unter Verwendung von LRPC)
Error: (11/13/2013 10:28:31 PM) (Source: DCOM) (User: Henning-PC)
Description: AnwendungsspezifischLokalAktivierung{A47979D2-C419-11D9-A5B4-001185AD2B89}Henning-PCHenningS-1-5-21-2002357204-1554889832-2669662630-1000LocalHost (unter Verwendung von LRPC)
Error: (11/12/2013 09:15:31 PM) (Source: DCOM) (User: Henning-PC)
Description: AnwendungsspezifischLokalAktivierung{A47979D2-C419-11D9-A5B4-001185AD2B89}Henning-PCHenningS-1-5-21-2002357204-1554889832-2669662630-1000LocalHost (unter Verwendung von LRPC)
Error: (11/11/2013 09:31:03 PM) (Source: DCOM) (User: Henning-PC)
Description: AnwendungsspezifischLokalAktivierung{A47979D2-C419-11D9-A5B4-001185AD2B89}Henning-PCHenningS-1-5-21-2002357204-1554889832-2669662630-1000LocalHost (unter Verwendung von LRPC)
Error: (11/10/2013 04:03:54 PM) (Source: Service Control Manager) (User: )
Description: 30000Wlansvc
Error: (11/05/2013 10:04:40 PM) (Source: DCOM) (User: Henning-PC)
Description: AnwendungsspezifischLokalAktivierung{A47979D2-C419-11D9-A5B4-001185AD2B89}Henning-PCHenningS-1-5-21-2002357204-1554889832-2669662630-1000LocalHost (unter Verwendung von LRPC)
Error: (11/05/2013 10:04:10 PM) (Source: DCOM) (User: Henning-PC)
Description: AnwendungsspezifischLokalAktivierung{A47979D2-C419-11D9-A5B4-001185AD2B89}Henning-PCHenningS-1-5-21-2002357204-1554889832-2669662630-1000LocalHost (unter Verwendung von LRPC)
Error: (10/27/2013 09:20:14 PM) (Source: Service Control Manager) (User: )
Description: 30000N360
Error: (10/22/2013 04:37:53 PM) (Source: Service Control Manager) (User: )
Description: Windows-Bilderfassung1
Error: (10/21/2013 09:24:27 PM) (Source: DCOM) (User: Henning-PC)
Description: AnwendungsspezifischLokalAktivierung{A47979D2-C419-11D9-A5B4-001185AD2B89}Henning-PCHenningS-1-5-21-2002357204-1554889832-2669662630-1000LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-11-24 13:16:50.810
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-24 13:16:50.358
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-24 13:16:49.905
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-24 13:16:49.468
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-24 13:16:46.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131114.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-24 13:16:45.990
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131114.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-24 13:16:45.584
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131114.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-24 13:16:45.147
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131114.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-25 10:23:16.844
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-25 10:23:16.516
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 61%
Total physical RAM: 3325.27 MB
Available physical RAM: 1270.34 MB
Total Pagefile: 6856.52 MB
Available Pagefile: 4941.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1880.94 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:911.51 GB) (Free:445.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:8.94 GB) FAT32
Drive e: (SoHe CFV) (CDROM) (Total:7.08 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: F98D6E74)
Partition 1: (Active) - (Size=912 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
| Themen zu Trojanerbefall mit Trojan.Zeroaccess.C |
| aartemis, aartemis entfernen, bitte um hilfe, checkliste, hilfe, immer wieder, logfiles, neustarts, norton, pup.optional.sweetim, scan, troja, trojan.zeroaccess.c, trojanerbefall, virenscan, virenscanner, vorne, win32/conedex.t, wirklich |
Hybrid-Darstellung
