Trojanerbefall mit Trojan.Zeroaccess.C

Raufbold · 25.11.2013, 06:03

Hallo Leo,

beim Starten von FRST kamm die Nachricht, dass das Programm veraltet ist und wir einen
Update machen sollen.
Haben wir nicht gemacht . Ist das so ok ?

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2013 03
Ran by Henning at 2013-11-24 19:50:32 Run:1
Running from C:\Users\Henning\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
2013-11-24 09:28 - 2013-11-24 09:28 - 00000000 ____D C:\Users\Henning\AppData\Roaming\0D0S1L2Z1P1B
2013-11-24 09:26 - 2013-11-24 09:25 - 00680560 _____ C:\Users\Henning\Downloads\ZipExtractorSetup-1.exe
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
         
*****************

C:\Users\Henning\AppData\Roaming\0D0S1L2Z1P1B => Moved successfully.
C:\Users\Henning\Downloads\ZipExtractorSetup-1.exe => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\de-DE" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.24.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Henning :: HENNING-PC [Administrator]

Schutz: Aktiviert

24.11.2013 20:01:48
mbam-log-2013-11-24 (20-01-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 256907
Laufzeit: 6 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Windows\Installer\b3fde6.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\b3fdf9.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=58da43ff7f35d544b074f91c3cf98c07
# engine=16009
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-25 03:03:49
# local_time=2013-11-25 04:03:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3592 16777213 100 93 2313199 136039925 0 0
# compatibility_mode=5892 16776574 100 100 12402916 222881357 0 0
# scanned=623108
# found=1
# cleaned=0
# scan_time=27734
sh=2587B2A16644839CBF08F2943FA21CC0C8DD6E5D ft=1 fh=1aeb32f3d5992c2a vn="Win32/Conedex.T trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{5eb00754-7274-ecab-2731-8b37b3a38837}\0103~1\7154~1\CFFE~1\{5eb00754-7274-ecab-2731-8b37b3a38837}\U\00000008.@.vir"

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2013 03
Ran by Henning (administrator) on HENNING-PC on 25-11-2013 05:55:41
Running from C:\Users\Henning\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(AHEAD Software) C:\Program Files\Ahead\InCD\incdsrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Nalpeiron Ltd.) C:\Windows\System32\nlssrv32.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink) C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Spotify Ltd) C:\Users\Henning\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Adobe Systems Incorporated) C:\Users\Henning\Desktop\Bildbearbeitung\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712 2007-10-08] (Intel Corporation)
HKLM\...\Run: [CLMLServer] - C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6724128 2009-02-03] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [1848648 2008-03-17] (CANON INC.)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-02-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Henning\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Henning\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-09] (Spotify Ltd)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Henning_2\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Henning_2\...\Run: [BullGuard] - "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=20.4.0.40
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\lyvxu0zx.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\lyvxu0zx.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Adblock Plus - C:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\lyvxu0zx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: AutoPager - C:\Program Files\Mozilla Firefox\extensions\autopager@mozilla.org
FF Extension: COMPUTER BILD Fox Config Helper - C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de
FF Extension: Personal Menu - C:\Program Files\Mozilla Firefox\extensions\CompactMenuCE@Merci.chao
FF Extension: Lazarus: Form Recovery - C:\Program Files\Mozilla Firefox\extensions\lazarus@interclue.com
FF Extension: Metaswitcher - C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de
FF Extension: printpdf - C:\Program Files\Mozilla Firefox\extensions\printpdf@pavlov.net
FF Extension: Forecastfox - C:\Program Files\Mozilla Firefox\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: ColorfulTabs - C:\Program Files\Mozilla Firefox\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF Extension: 瀏覽頁組管理員 - C:\Program Files\Mozilla Firefox\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF Extension: Site Launcher - C:\Program Files\Mozilla Firefox\extensions\{20291fcc-1471-46c8-8213-5911f5ce6d67}
FF Extension: Split Browser - C:\Program Files\Mozilla Firefox\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF Extension: Minimap Addon - C:\Program Files\Mozilla Firefox\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: CoolPreviews - C:\Program Files\Mozilla Firefox\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF Extension: BetterPrivacy - C:\Program Files\Mozilla Firefox\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF Extension: DownThemAll! - C:\Program Files\Mozilla Firefox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF Extension: FoxTab - C:\Program Files\Mozilla Firefox\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF Extension: GooglePreview - C:\Program Files\Mozilla Firefox\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Users\Henning\Desktop\Bildbearbeitung\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 InCDsrv; C:\Program Files\Ahead\InCD\InCDsrv.exe [794686 2003-08-07] (AHEAD Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [247152 2009-02-25] ()
S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435008 2012-10-10] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604488 2010-02-15] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1052480 2011-11-21] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2009-05-30] ()
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131114.001\BHDrvx86.sys [1096280 2013-10-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-05-22] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131122.001\IDSvix86.sys [393816 2013-10-28] (Symantec Corporation)
R4 InCDfs; C:\Windows\System32\Drivers\InCDfs.sys [87872 2003-08-07] ()
R1 InCDPass; C:\Windows\System32\DRIVERS\InCDPass.sys [28464 2003-08-07] (Ahead Software)
U1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [5264 2003-08-07] (Ahead Software AG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2009-05-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131124.007\NAVENG.SYS [93272 2013-11-23] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131124.007\NAVEX15.SYS [1612376 2013-11-23] (Symantec Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-04] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [36512 2013-03-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-24] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2010-02-25] (TuneUp Software)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files\HomeCinema\PowerDVD9\000.fcl [87536 2009-03-30] (CyberLink Corp.)
U3 mbr; C:\Users\Henning\AppData\Local\Temp\mbr.sys [25088 2013-11-24] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Profos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys [x]
S3 SYMFW; \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [x]
S3 Trufos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-25 05:55 - 2013-11-25 05:55 - 00020327 _____ C:\Users\Henning\Desktop\FRST.txt
2013-11-24 19:56 - 2013-11-24 19:56 - 00000870 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-24 19:56 - 2013-11-24 19:56 - 00000000 ____D C:\Users\Henning\AppData\Roaming\Malwarebytes
2013-11-24 19:56 - 2013-11-24 19:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-24 19:56 - 2013-11-24 19:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-24 19:56 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-24 18:29 - 2013-11-24 12:52 - 01091525 _____ (Farbar) C:\Users\Henning\Desktop\FRST.exe
2013-11-24 17:54 - 2013-11-24 17:54 - 00015099 _____ C:\ComboFix.txt
2013-11-24 17:28 - 2013-11-24 17:54 - 00000000 ____D C:\ComboFix
2013-11-24 17:28 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-24 17:28 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-24 17:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-24 17:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-24 17:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-24 17:28 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-24 17:28 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-24 17:28 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-24 17:27 - 2013-11-24 17:54 - 00000000 ____D C:\Qoobox
2013-11-24 17:27 - 2013-11-24 17:53 - 00000000 ____D C:\Windows\erdnt
2013-11-24 17:24 - 2013-11-24 17:06 - 01091882 _____ C:\Users\Henning\Desktop\adwcleaner.exe
2013-11-24 17:21 - 2013-11-24 17:06 - 05149261 ____R (Swearware) C:\Users\Henning\Desktop\ComboFix.exe
2013-11-24 17:13 - 2013-11-24 17:25 - 00000000 ____D C:\AdwCleaner
2013-11-24 13:50 - 2013-11-24 13:50 - 00013662 _____ C:\Users\Henning\Documents\Gmer.txt
2013-11-24 13:15 - 2013-11-24 13:15 - 00000000 ____D C:\FRST
2013-11-24 13:12 - 2013-11-24 13:12 - 00000000 _____ C:\Users\Henning\defogger_reenable
2013-11-24 12:53 - 2013-11-24 12:52 - 01091525 _____ (Farbar) C:\Users\Henning\Downloads\FRST.bin
2013-11-24 12:53 - 2013-11-24 12:52 - 00377856 _____ C:\Users\Henning\Downloads\gmer_2.bin
2013-11-24 12:39 - 2013-11-24 20:12 - 00000000 ____D C:\Users\Henning\Downloads\HIV
2013-11-24 12:26 - 2013-11-24 12:25 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Henning\Downloads\tdsskiller.bin
2013-11-24 12:17 - 2013-11-24 12:17 - 00000341 _____ C:\Users\Henning\Desktop\Henning - Verknüpfung.lnk
2013-11-24 10:10 - 2013-11-24 10:10 - 00000104 _____ C:\Users\Henning\Desktop\Internet - Verknüpfung.lnk
2013-11-24 09:37 - 2013-11-24 09:36 - 00050477 _____ C:\Users\Henning\Downloads\Defogger.bin
2013-11-23 17:16 - 2013-11-24 09:50 - 00000000 ____D C:\Program Files\Vertus Fluid Mask 3
2013-11-14 22:01 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 22:01 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 22:01 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 22:01 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 22:01 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 22:01 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 22:01 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 22:01 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 22:01 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 22:01 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 22:01 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 22:01 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 22:01 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 22:01 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 22:01 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 22:01 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 15:36 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 15:36 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 15:36 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-14 15:36 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 15:36 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-05 13:26 - 2013-11-05 13:44 - 00012072 _____ C:\Users\Henning\Documents\UMSATZ INSGESAMT.xlsx
2013-10-28 18:23 - 2013-10-28 18:23 - 00000000 ____D C:\Users\Henning\AppData\Roaming\NVIDIA
2013-10-27 22:12 - 2013-10-27 22:12 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-27 22:07 - 2013-10-16 01:41 - 22933280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 15858664 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 10378528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-27 22:07 - 2013-10-16 01:41 - 09516872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 09472600 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 02946848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 02747168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 01049888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3233158.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 00893728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3233158.dll
2013-10-27 22:07 - 2013-10-16 01:41 - 00018174 _____ C:\Windows\system32\nvinfo.pb
2013-10-27 22:03 - 2013-10-27 22:03 - 00000000 ____D C:\ff30b1098de6f36159d7d76f53b1fb7a
2013-10-27 22:01 - 2013-10-27 22:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-27 21:55 - 2013-10-27 22:06 - 197692208 _____ (NVIDIA Corporation) C:\Users\Henning\Downloads\331.58-desktop-win8-win7-winvista-32bit-international-whql.exe
2013-10-27 18:05 - 2013-10-27 18:05 - 00000000 ____D C:\Users\Henning\AppData\Roaming\SuperEasy Software

==================== One Month Modified Files and Folders =======

2013-11-25 05:55 - 2013-11-25 05:55 - 00020327 _____ C:\Users\Henning\Desktop\FRST.txt
2013-11-25 05:46 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-25 05:46 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-25 04:10 - 2009-05-28 17:12 - 01475716 _____ C:\Windows\WindowsUpdate.log
2013-11-25 03:23 - 2013-07-07 18:43 - 00000000 ____D C:\Windows\tracing
2013-11-24 21:32 - 2010-01-06 19:19 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-24 20:14 - 2006-11-02 11:33 - 01452714 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-24 20:12 - 2013-11-24 12:39 - 00000000 ____D C:\Users\Henning\Downloads\HIV
2013-11-24 19:56 - 2013-11-24 19:56 - 00000870 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-24 19:56 - 2013-11-24 19:56 - 00000000 ____D C:\Users\Henning\AppData\Roaming\Malwarebytes
2013-11-24 19:56 - 2013-11-24 19:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-24 19:56 - 2013-11-24 19:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-24 17:54 - 2013-11-24 17:54 - 00015099 _____ C:\ComboFix.txt
2013-11-24 17:54 - 2013-11-24 17:28 - 00000000 ____D C:\ComboFix
2013-11-24 17:54 - 2013-11-24 17:27 - 00000000 ____D C:\Qoobox
2013-11-24 17:53 - 2013-11-24 17:27 - 00000000 ____D C:\Windows\erdnt
2013-11-24 17:47 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-11-24 17:46 - 2011-12-04 16:46 - 00042858 _____ C:\Windows\PFRO.log
2013-11-24 17:46 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 17:45 - 2006-11-02 14:01 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-24 17:25 - 2013-11-24 17:13 - 00000000 ____D C:\AdwCleaner
2013-11-24 17:06 - 2013-11-24 17:24 - 01091882 _____ C:\Users\Henning\Desktop\adwcleaner.exe
2013-11-24 17:06 - 2013-11-24 17:21 - 05149261 ____R (Swearware) C:\Users\Henning\Desktop\ComboFix.exe
2013-11-24 16:32 - 2010-01-06 19:19 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-24 16:18 - 2012-04-13 14:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-24 13:50 - 2013-11-24 13:50 - 00013662 _____ C:\Users\Henning\Documents\Gmer.txt
2013-11-24 13:15 - 2013-11-24 13:15 - 00000000 ____D C:\FRST
2013-11-24 13:12 - 2013-11-24 13:12 - 00000000 _____ C:\Users\Henning\defogger_reenable
2013-11-24 13:12 - 2009-05-28 17:16 - 00000000 ____D C:\Users\Henning
2013-11-24 12:52 - 2013-11-24 18:29 - 01091525 _____ (Farbar) C:\Users\Henning\Desktop\FRST.exe
2013-11-24 12:52 - 2013-11-24 12:53 - 01091525 _____ (Farbar) C:\Users\Henning\Downloads\FRST.bin
2013-11-24 12:52 - 2013-11-24 12:53 - 00377856 _____ C:\Users\Henning\Downloads\gmer_2.bin
2013-11-24 12:28 - 2010-05-13 16:31 - 00000000 ____D C:\Users\Henning\KATJA
2013-11-24 12:25 - 2013-11-24 12:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Henning\Downloads\tdsskiller.bin
2013-11-24 12:17 - 2013-11-24 12:17 - 00000341 _____ C:\Users\Henning\Desktop\Henning - Verknüpfung.lnk
2013-11-24 12:16 - 2011-01-11 17:00 - 00000000 ____D C:\Users\Henning\Desktop\Bildbearbeitung
2013-11-24 10:10 - 2013-11-24 10:10 - 00000104 _____ C:\Users\Henning\Desktop\Internet - Verknüpfung.lnk
2013-11-24 10:06 - 2013-07-12 07:01 - 00000680 _____ C:\Users\Henning\AppData\Local\d3d9caps.dat
2013-11-24 10:03 - 2009-05-28 17:15 - 00000868 _____ C:\Windows\Tasks\Google Software Updater.job
2013-11-24 09:56 - 2009-06-04 17:10 - 00000000 ____D C:\Users\Katy\AppData\Roaming\Adobe
2013-11-24 09:55 - 2009-06-26 18:54 - 00000000 ____D C:\Users\Katy\AppData\Local\Adobe
2013-11-24 09:50 - 2013-11-23 17:16 - 00000000 ____D C:\Program Files\Vertus Fluid Mask 3
2013-11-24 09:46 - 2009-05-28 17:17 - 00000913 _____ C:\Users\Henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-24 09:36 - 2013-11-24 09:37 - 00050477 _____ C:\Users\Henning\Downloads\Defogger.bin
2013-11-24 09:28 - 2009-05-28 20:20 - 00000000 ____D C:\Users\Henning\AppData\Local\Google
2013-11-24 09:27 - 2011-06-20 15:09 - 00000000 ____D C:\Users\Henning\AppData\Local\CrashDumps
2013-11-23 22:26 - 2009-06-02 16:12 - 00002593 _____ C:\Users\Henning\Desktop\Microsoft Office Excel 2007.lnk
2013-11-23 21:47 - 2012-08-09 17:09 - 00006204 _____ C:\Windows\setupact.log
2013-11-23 17:31 - 2009-05-28 17:15 - 00000000 ____D C:\Program Files\Google
2013-11-23 13:41 - 2009-06-04 15:38 - 00000000 ____D C:\Users\Henning\AppData\Local\Adobe
2013-11-23 12:55 - 2009-06-03 16:03 - 00039936 _____ C:\Users\Henning\Documents\Mitsubishi.xls
2013-11-17 19:48 - 2013-05-29 16:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 09:36 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-15 09:18 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-14 22:01 - 2009-04-02 15:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 22:00 - 2013-08-14 20:52 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:56 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-13 17:22 - 2009-06-02 16:12 - 00002591 _____ C:\Users\Henning\Desktop\Microsoft Office Word 2007.lnk
2013-11-06 16:15 - 2012-05-06 13:09 - 00011367 _____ C:\Users\Henning\Documents\Hyundai.xlsx
2013-11-05 17:35 - 2009-06-03 16:16 - 00000000 ____D C:\Users\Henning\Documents\Vorlagen privat
2013-11-05 13:44 - 2013-11-05 13:26 - 00012072 _____ C:\Users\Henning\Documents\UMSATZ INSGESAMT.xlsx
2013-10-30 17:52 - 2009-06-03 16:02 - 00030208 _____ C:\Users\Henning\Documents\Lohn.xls
2013-10-28 18:23 - 2013-10-28 18:23 - 00000000 ____D C:\Users\Henning\AppData\Roaming\NVIDIA
2013-10-28 16:35 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-27 22:15 - 2013-10-27 22:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-27 22:12 - 2013-10-27 22:12 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-27 22:06 - 2013-10-27 21:55 - 197692208 _____ (NVIDIA Corporation) C:\Users\Henning\Downloads\331.58-desktop-win8-win7-winvista-32bit-international-whql.exe
2013-10-27 22:03 - 2013-10-27 22:03 - 00000000 ____D C:\ff30b1098de6f36159d7d76f53b1fb7a
2013-10-27 22:01 - 2009-04-17 14:56 - 00000000 ____D C:\NVIDIA
2013-10-27 18:05 - 2013-10-27 18:05 - 00000000 ____D C:\Users\Henning\AppData\Roaming\SuperEasy Software

Some content of TEMP:
====================
C:\Users\Henning\AppData\Local\temp\catchme.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-24 17:56

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Trojanerbefall mit Trojan.Zeroaccess.C

Log-Analyse und Auswertung: Trojanerbefall mit Trojan.Zeroaccess.C

Trojanerbefall mit Trojan.Zeroaccess.C

Ähnliche Themen: Trojanerbefall mit Trojan.Zeroaccess.C