Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Ihavenet Trojaner auf dem rechner

Ihavenet Trojaner auf dem rechner


Log-Analyse und Auswertung: Ihavenet Trojaner auf dem rechner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 13.12.2013, 20:31   #1
schrauber
/// the machine
/// TB-Ausbilder
 
Ihavenet Trojaner auf dem rechner - Standard

Ihavenet Trojaner auf dem rechner


Zitat:
Davon schläfst du täglich 8 Stunden
5
Zitat:
Du hast täglich 8 Stunden frei
Studium und 2 Nebenjobs, und aktiv an 30 Foren, alleine hier 200 User täglich
Zitat:
52 Sonntage hat das Jahr, es bleiben 69 Tage. Samstags wird nachmittags auch nicht gearbeitet, das sind 52 halbe, oder 26 ganze Tage, bleibt ein Rest von 43 Tagen; Du rechnest doch mit, nicht wahr? Täglich hast du eine Stunde Tischzeit, brauchst jährlich 16 Tage zum Essen. Rest: 27 Tage
Sa und So wird immer gearbeitet, essen dauert 20 min


so und jetzt kommst Du!
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.12.2013, 10:59   #2
MaladiA
 
Ihavenet Trojaner auf dem rechner - Standard

Ihavenet Trojaner auf dem rechner


Zitat:
Zitat von schrauber Beitrag anzeigen
5

Studium und 2 Nebenjobs, und aktiv an 30 Foren, alleine hier 200 User täglich

Sa und So wird immer gearbeitet, essen dauert 20 min


so und jetzt kommst Du!
naja den Namen haste dir selbst ausgesucht oder? der sagt alles :-9
... was mich betrift, ich hab Urlaub, reglich verdient!

Mein Hirn ist dauer AFK, es werden nur kurzfristig notwendige Impulse an die Extremitäten gesendet um den Trojaner zu entfernen ... dann wieder Ruhemodus!

Aufgaben erfüllt hoffe ich, hier die Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.16.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Günni :: GÜNNI-PC [Administrator]

Schutz: Deaktiviert

16.12.2013 10:33:51
mbam-log-2013-12-16 (10-33-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 269597
Laufzeit: 1 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ATTFilter
# AdwCleaner v3.015 - Bericht erstellt am 16/12/2013 um 10:42:03
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Günni - GÜNNI-PC
# Gestartet von : C:\Users\Günni\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : BCUService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Program Files (x86)\DeviceVM
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Günni\AppData\Roaming\dvdvideosoftiehelpers
Datei Gelöscht : C:\Users\Günni\AppData\Roaming\Mozilla\Firefox\Profiles\xl3g10tr.default\searchplugins\Askcom.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Wert Gelöscht : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Schlüssel Gelöscht : HKCU\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v9.0.1 (de)

[ Datei : C:\Users\Günni\AppData\Roaming\Mozilla\Firefox\Profiles\xl3g10tr.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");

*************************

AdwCleaner[R0].txt - [2664 octets] - [16/12/2013 10:41:37]
AdwCleaner[S0].txt - [2542 octets] - [16/12/2013 10:42:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2602 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Gnni on 16.12.2013 at 10:45:51,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7BE438C0-A634-4214-A63F-EBB13590503C}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.12.2013 at 10:49:25,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-12-2013 02
Ran by Günni (administrator) on GÜNNI-PC on 16-12-2013 10:51:07
Running from C:\Users\Günni\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) X:\Norton360\Engine\21.1.0.18\N360.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TuneUp Software) X:\TuneUp2012\TuneUpUtilitiesService64.exe
(TuneUp Software) X:\TuneUp2012\TuneUpUtilitiesApp64.exe
(Symantec Corporation) X:\Norton360\Engine\21.1.0.18\N360.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Razer USA Ltd) X:\Razer\BlackWidowUltimateTray.exe
() X:\razerhid.exe
(Elaborate Bytes AG) X:\CloneDrive\VirtualCloneDrive\VCDDaemon.exe
() X:\razertra.exe
(Razer Inc.) X:\razerofa.exe
() X:\vdDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [3DG4me] - C:\Windows\system\3DG4me.exe [126976 2010-04-23] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {42a7f143-391b-11e1-bf8f-806e6f6e6963} - G:\Msetup4.exe
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [Razer Blackwidow Driver] - X:\Razer\BlackWidowUltimateTray.exe [887712 2011-05-16] (Razer USA Ltd)
HKLM-x32\...\Run: [DeathAdder] - X:\razerhid.exe [248320 2011-03-21] ()
HKLM-x32\...\Run: [VirtualCloneDrive] - X:\CloneDrive\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9DF1081E30CDCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {7354E2F6-E1A3-41cf-9368-0E864006166B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - X:\Norton360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - X:\Adobe MC\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - X:\Norton360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - X:\Norton360\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - X:\Norton360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - X:\Adobe MC\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - X:\Norton360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Günni\AppData\Roaming\Mozilla\Firefox\Profiles\xl3g10tr.default
FF Homepage: www.google.de
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - X:\PicasaNew\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Günni\AppData\Roaming\Mozilla\Firefox\Profiles\xl3g10tr.default\Extensions\ich@maltegoetz.de
FF Extension: YouTube Unblocker - C:\Users\Günni\AppData\Roaming\Mozilla\Firefox\Profiles\xl3g10tr.default\Extensions\youtubeunblocker@unblocker.yt
FF Extension: jid0-XqoEmbljazD2VbaY0XOyJcV2E64 - C:\Users\Günni\AppData\Roaming\Mozilla\Firefox\Profiles\xl3g10tr.default\Extensions\jid0-XqoEmbljazD2VbaY0XOyJcV2E64@jetpack.xpi
FF Extension: No Name - C:\Users\Günni\AppData\Roaming\Mozilla\Firefox\Profiles\xl3g10tr.default\Extensions\{3e95674b-b98f-4d5c-bcfe-373ebfe39c6e}.xpi
FF Extension: DVDVideoSoft Menu - C:\Users\Günni\AppData\Roaming\Mozilla\Firefox\Profiles\xl3g10tr.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Adblock Plus - C:\Users\Günni\AppData\Roaming\Mozilla\Firefox\Profiles\xl3g10tr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: greasemonkey - C:\Users\Günni\AppData\Roaming\Mozilla\Firefox\Profiles\xl3g10tr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: prefs.jsUT	 - C:\Users\Günni\AppData\Roaming\Mozilla\Firefox\Profiles\xl3g10tr.default\Extensions\{f0c84cc6-a8e6-4591-9982-f94d09b145d9}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - X:\Adobe MC\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - X:\Adobe MC\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF StartMenuInternet: FIREFOX.EXE - X:\FireFox\firefox.exe

==================== Services (Whitelisted) =================

R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [121456 2010-06-30] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; X:\Norton360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3969336 2012-04-05] (INCA Internet Co., Ltd.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-31] ()
R2 TuneUp.UtilitiesSvc; X:\TuneUp2012\TuneUpUtilitiesService64.exe [2123584 2011-12-14] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; X:\Norton360\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-24] (Symantec Corporation)
R1 IDSVia64; X:\Norton360\NortonData\21.1.0.18\Definitions\IPSDefs\20131213.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; X:\Norton360\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\ENG64.SYS [126040 2013-11-20] (Symantec Corporation)
R3 NAVEX15; X:\Norton360\NortonData\21.1.0.18\Definitions\VirusDefs\20131215.005\EX64.SYS [2099288 2013-11-20] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20592 2010-04-16] (Portrait Displays, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [154624 2011-05-12] (Razer USA Ltd)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; X:\TuneUp2012\TuneUpUtilitiesDriver64.sys [11856 2011-12-12] (TuneUp Software)
R3 USBADVAU; C:\Windows\System32\drivers\cm11264.sys [1308160 2010-04-23] (C-Media Electronics Inc)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-16 10:51 - 2013-12-16 10:51 - 00016222 ____C C:\Users\Günni\Downloads\FRST.txt
2013-12-16 10:50 - 2013-12-16 10:50 - 00000000 ___DC C:\Users\Günni\Downloads\FRST-OlderVersion
2013-12-16 10:49 - 2013-12-16 10:49 - 00000772 ____C C:\Users\Günni\Desktop\JRT.txt
2013-12-16 10:45 - 2013-12-16 10:45 - 00000000 ___DC C:\Windows\ERUNT
2013-12-16 10:43 - 2013-12-16 10:43 - 00002682 ____C C:\Users\Günni\Desktop\AdwCleaner[S0].txt
2013-12-16 10:41 - 2013-12-16 10:42 - 00000000 ___DC C:\AdwCleaner
2013-12-16 10:39 - 2013-12-16 10:39 - 01034531 ____C (Thisisu) C:\Users\Günni\Downloads\JRT.exe
2013-12-16 10:38 - 2013-12-16 10:38 - 01226750 ____C C:\Users\Günni\Downloads\adwcleaner.exe
2013-12-16 10:28 - 2013-12-16 10:28 - 00001116 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-16 10:28 - 2013-12-16 10:28 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-16 10:28 - 2013-04-04 14:50 - 00025928 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-16 10:13 - 2013-12-16 10:13 - 00000000 ___DC C:\Users\Günni\AppData\Roaming\Malwarebytes
2013-12-16 10:13 - 2013-12-16 10:13 - 00000000 ___DC C:\ProgramData\Malwarebytes
2013-12-16 10:12 - 2013-12-16 10:12 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\Günni\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-16 01:51 - 2013-12-16 01:51 - 00007602 ____C C:\Users\Günni\AppData\Local\Resmon.ResmonCfg
2013-12-11 12:25 - 2013-12-16 10:50 - 01927940 ____C (Farbar) C:\Users\Günni\Downloads\FRST64.exe
2013-12-11 12:25 - 2013-12-16 10:50 - 00000000 ___DC C:\FRST
2013-12-11 11:38 - 2013-12-11 11:38 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 11:38 - 2013-12-11 11:38 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 11:38 - 2013-12-11 11:38 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 11:38 - 2013-12-11 11:38 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 11:37 - 2013-12-11 11:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 11:37 - 2013-12-11 11:38 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 11:37 - 2013-12-11 11:38 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 11:37 - 2013-12-11 11:38 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 11:37 - 2013-12-11 11:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 11:37 - 2013-12-11 11:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 11:37 - 2013-12-11 11:38 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 11:37 - 2013-12-11 11:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 11:36 - 2013-12-11 11:38 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 11:36 - 2013-12-11 11:38 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 11:36 - 2013-12-11 11:38 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 11:36 - 2013-12-11 11:38 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 11:36 - 2013-12-11 11:38 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 11:36 - 2013-12-11 11:38 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 11:36 - 2013-12-11 11:38 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 11:36 - 2013-12-11 11:37 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 11:36 - 2013-12-11 11:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 11:36 - 2013-12-11 11:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 11:36 - 2013-12-11 11:37 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 11:36 - 2013-12-11 11:37 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 11:36 - 2013-12-11 11:37 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 11:36 - 2013-12-11 11:37 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 11:36 - 2013-12-11 11:37 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 11:36 - 2013-12-11 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 11:36 - 2013-12-11 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 11:36 - 2013-10-04 03:16 - 00116736 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 11:36 - 2013-10-04 02:36 - 00230400 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-05 12:53 - 2013-11-04 17:38 - 00820736 ____C C:\Users\Günni\Desktop\pbsetup.exe
2013-11-23 11:10 - 2013-11-23 11:10 - 00000000 ___DC C:\ProgramData\CanonIJPLM
2013-11-23 10:49 - 2013-11-23 10:49 - 00000000 __HDC C:\ProgramData\CanonIJQuickMenu
2013-11-23 10:30 - 2013-12-01 12:10 - 00000000 ___DC C:\Users\Günni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2013-11-23 10:29 - 2013-11-23 10:29 - 00000000 __HDC C:\ProgramData\CanonIJEGV
2013-11-23 10:07 - 2013-11-23 10:07 - 00003826 ____C C:\Users\Günni\Documents\G
2013-11-22 14:21 - 2013-11-22 14:21 - 00000000 ___DC C:\Windows\System32\Tasks\Norton 360
2013-11-19 21:48 - 2013-11-14 12:56 - 30361888 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 25257248 ____C (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 22951200 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 18208624 ____C (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 17560352 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 15862272 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 12613408 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-19 21:48 - 2013-11-14 12:56 - 11600432 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 11514624 ____C (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 09691888 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 09619872 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 03132704 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 03125024 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 02947872 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 02747680 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 01884448 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 01511712 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 01242400 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 00707360 ____C (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 00657184 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 00609568 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 00562464 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 00317472 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-11-19 21:48 - 2013-11-14 12:56 - 00266984 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-11-19 20:14 - 2013-11-19 20:14 - 00000000 ___DC C:\Users\Günni\AppData\Local\NVIDIA Corporation
2013-11-17 10:51 - 2013-12-16 10:43 - 02648842 ____C C:\Windows\PFRO.log
2013-11-16 16:24 - 2013-11-16 16:24 - 00001438 ____C C:\Users\Günni\Desktop\Ghosts SP.lnk
2013-11-16 16:24 - 2013-11-16 16:23 - 00001438 ____C C:\Users\Günni\Desktop\Ghosts MP.lnk
2013-11-16 09:06 - 2013-12-16 10:43 - 00008971 ____C C:\Windows\setupact.log

==================== One Month Modified Files and Folders =======

2013-12-16 10:51 - 2013-12-16 10:51 - 00016222 ____C C:\Users\Günni\Downloads\FRST.txt
2013-12-16 10:50 - 2013-12-16 10:50 - 00000000 ___DC C:\Users\Günni\Downloads\FRST-OlderVersion
2013-12-16 10:50 - 2013-12-11 12:25 - 01927940 ____C (Farbar) C:\Users\Günni\Downloads\FRST64.exe
2013-12-16 10:50 - 2013-12-11 12:25 - 00000000 ___DC C:\FRST
2013-12-16 10:50 - 2009-07-14 05:45 - 00018816 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-16 10:50 - 2009-07-14 05:45 - 00018816 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-16 10:49 - 2013-12-16 10:49 - 00000772 ____C C:\Users\Günni\Desktop\JRT.txt
2013-12-16 10:49 - 2012-01-07 20:33 - 00699432 ____C C:\Windows\system32\perfh007.dat
2013-12-16 10:49 - 2012-01-07 20:33 - 00149572 ____C C:\Windows\system32\perfc007.dat
2013-12-16 10:49 - 2009-07-14 06:13 - 01620684 ____C C:\Windows\system32\PerfStringBackup.INI
2013-12-16 10:46 - 2013-01-12 12:35 - 00000306 ____C C:\Windows\Tasks\Aegykiny.job
2013-12-16 10:45 - 2013-12-16 10:45 - 00000000 ___DC C:\Windows\ERUNT
2013-12-16 10:43 - 2013-12-16 10:43 - 00002682 ____C C:\Users\Günni\Desktop\AdwCleaner[S0].txt
2013-12-16 10:43 - 2013-11-17 10:51 - 02648842 ____C C:\Windows\PFRO.log
2013-12-16 10:43 - 2013-11-16 09:06 - 00008971 ____C C:\Windows\setupact.log
2013-12-16 10:43 - 2012-01-07 12:22 - 00000000 ___DC C:\ProgramData\NVIDIA
2013-12-16 10:43 - 2009-07-14 06:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2013-12-16 10:42 - 2013-12-16 10:41 - 00000000 ___DC C:\AdwCleaner
2013-12-16 10:42 - 2012-01-07 11:39 - 01633792 ____C C:\Windows\WindowsUpdate.log
2013-12-16 10:39 - 2013-12-16 10:39 - 01034531 ____C (Thisisu) C:\Users\Günni\Downloads\JRT.exe
2013-12-16 10:38 - 2013-12-16 10:38 - 01226750 ____C C:\Users\Günni\Downloads\adwcleaner.exe
2013-12-16 10:32 - 2012-04-09 08:46 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-16 10:28 - 2013-12-16 10:28 - 00001116 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-16 10:28 - 2013-12-16 10:28 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-16 10:13 - 2013-12-16 10:13 - 00000000 ___DC C:\Users\Günni\AppData\Roaming\Malwarebytes
2013-12-16 10:13 - 2013-12-16 10:13 - 00000000 ___DC C:\ProgramData\Malwarebytes
2013-12-16 10:12 - 2013-12-16 10:12 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\Günni\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-16 02:03 - 2012-01-14 18:54 - 00214392 ____C C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-16 02:00 - 2012-01-14 17:42 - 00000000 ___DC C:\Users\Günni\AppData\Local\Adobe
2013-12-16 01:51 - 2013-12-16 01:51 - 00007602 ____C C:\Users\Günni\AppData\Local\Resmon.ResmonCfg
2013-12-16 01:03 - 2012-01-14 18:54 - 00214392 ____C C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-15 23:24 - 2012-01-07 14:50 - 00000000 ___DC C:\Users\Günni\AppData\Roaming\TS3Client
2013-12-12 10:22 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 23:27 - 2012-01-28 01:17 - 00000000 ___DC C:\Users\Günni\AppData\Local\CrashDumps
2013-12-11 20:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-11 14:32 - 2012-04-09 08:46 - 00692616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 14:32 - 2012-04-09 08:46 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 14:32 - 2012-01-07 12:49 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 11:44 - 2009-07-14 05:45 - 11636928 ____C C:\Windows\system32\FNTCACHE.DAT
2013-12-11 11:38 - 2013-12-11 11:38 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 11:38 - 2013-12-11 11:38 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 11:38 - 2013-12-11 11:38 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 11:38 - 2013-12-11 11:38 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 11:38 - 2013-12-11 11:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 11:38 - 2013-12-11 11:37 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 11:38 - 2013-12-11 11:37 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 11:38 - 2013-12-11 11:37 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 11:38 - 2013-12-11 11:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 11:38 - 2013-12-11 11:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 11:38 - 2013-12-11 11:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 11:38 - 2013-12-11 11:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 11:38 - 2013-12-11 11:36 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 11:38 - 2013-12-11 11:36 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 11:38 - 2013-12-11 11:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 11:38 - 2013-12-11 11:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 11:38 - 2013-12-11 11:36 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 11:38 - 2013-12-11 11:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 11:38 - 2013-12-11 11:36 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 11:37 - 2013-12-11 11:36 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 11:37 - 2013-12-11 11:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 11:37 - 2013-12-11 11:36 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 11:37 - 2013-12-11 11:36 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 11:37 - 2013-12-11 11:36 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 11:37 - 2013-12-11 11:36 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 11:37 - 2013-12-11 11:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 11:37 - 2013-12-11 11:36 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 11:37 - 2013-12-11 11:36 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 11:37 - 2013-12-11 11:36 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 11:37 - 2012-01-08 02:14 - 90708896 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-03 18:14 - 2012-01-14 17:50 - 00000000 ___DC C:\ProgramData\Origin
2013-12-01 12:10 - 2013-11-23 10:30 - 00000000 ___DC C:\Users\Günni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2013-11-28 21:09 - 2012-01-15 00:07 - 00000000 ___DC C:\Program Files (x86)\Battlelog Web Plugins
2013-11-28 20:01 - 2013-10-31 16:15 - 01594028 ____C C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-26 12:33 - 2012-01-14 23:27 - 00000000 ___DC C:\Users\Günni\AppData\Roaming\NVIDIA
2013-11-25 21:22 - 2012-02-28 20:27 - 00001456 ____C C:\Users\Günni\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2013-11-25 10:35 - 2012-01-07 11:39 - 00000000 ___DC C:\Users\Günni
2013-11-23 11:18 - 2012-01-07 13:56 - 00000000 ___DC C:\Program Files (x86)\Canon
2013-11-23 11:10 - 2013-11-23 11:10 - 00000000 ___DC C:\ProgramData\CanonIJPLM
2013-11-23 11:07 - 2012-01-07 14:00 - 00000000 ___DC C:\ProgramData\CanonIJWSpt
2013-11-23 10:51 - 2012-06-19 15:33 - 00000000 __HDC C:\ProgramData\CanonIJScan
2013-11-23 10:51 - 2012-06-19 15:33 - 00000000 ___DC C:\Users\Günni\AppData\Roaming\Canon
2013-11-23 10:49 - 2013-11-23 10:49 - 00000000 __HDC C:\ProgramData\CanonIJQuickMenu
2013-11-23 10:35 - 2009-07-14 06:32 - 00000000 ___DC C:\Windows\system32\FxsTmp
2013-11-23 10:29 - 2013-11-23 10:29 - 00000000 __HDC C:\ProgramData\CanonIJEGV
2013-11-23 10:19 - 2012-01-07 13:57 - 00000000 ___DC C:\Windows\system32\STRING
2013-11-23 10:19 - 2009-07-14 04:20 - 00000000 _RSDC C:\Windows\Media
2013-11-23 10:07 - 2013-11-23 10:07 - 00003826 ____C C:\Users\Günni\Documents\G
2013-11-22 14:21 - 2013-11-22 14:21 - 00000000 ___DC C:\Windows\System32\Tasks\Norton 360
2013-11-22 14:16 - 2012-05-06 08:10 - 00003164 ____C C:\Windows\System32\Tasks\Norton WSC Integration
2013-11-22 14:16 - 2012-01-07 14:45 - 00001022 ____C C:\Users\Public\Desktop\Norton 360.lnk
2013-11-22 14:16 - 2012-01-07 14:45 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2013-11-21 13:20 - 2012-01-07 14:45 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-11-21 13:20 - 2012-01-07 14:45 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-11-21 13:20 - 2012-01-07 14:40 - 00000000 ___DC C:\ProgramData\Norton
2013-11-21 13:14 - 2012-01-07 14:40 - 00000000 ___DC C:\Users\Public\Downloads\Norton
2013-11-19 21:49 - 2012-01-07 12:22 - 00000000 ___DC C:\Program Files (x86)\NVIDIA Corporation
2013-11-19 20:14 - 2013-11-19 20:14 - 00000000 ___DC C:\Users\Günni\AppData\Local\NVIDIA Corporation
2013-11-16 16:24 - 2013-11-16 16:24 - 00001438 ____C C:\Users\Günni\Desktop\Ghosts SP.lnk
2013-11-16 16:23 - 2013-11-16 16:24 - 00001438 ____C C:\Users\Günni\Desktop\Ghosts MP.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 20:07

==================== End Of Log ============================
--- --- ---


INFO: wärend ADW Cleaner auf der Suche war, hat sich mein Norton 360 eingeklingt, sagte hat iwas entdeckt und entfernt, ging aber alles zu schnell für mich um sagen zu können was es genau war ...

Schöne Woche!
Grüße Günni
__________________
Antwort

Themen zu Ihavenet Trojaner auf dem rechner
antworten, arbeit, bestes, ihavenet, leute, natürlich, party, problem, rechner, schei, super, troja, trojaner, undbedingt, verbreitet, wirklich, worte


« HTML/FakeAlert.AP von Avira gefunden | Snap.do und viele weitere Infektionen »


Ähnliche Themen: Ihavenet Trojaner auf dem rechner


  1. Ihavenet-Trojaner eingefangen
    Log-Analyse und Auswertung - 18.11.2013 (11)
  2. Wie entferne ich den ihavenet-Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (25)
  3. ihavenet Trojaner
    Log-Analyse und Auswertung - 12.09.2013 (33)
  4. 2x ihavenet immer noch auf meinem Rechner
    Mülltonne - 08.09.2013 (1)
  5. ihavenet Trojaner auf meinem PC
    Plagegeister aller Art und deren Bekämpfung - 05.09.2013 (29)
  6. Mein Rechner ist vom Virus IHAVENET befallen - wie beseitige ich diesen?
    Log-Analyse und Auswertung - 02.09.2013 (39)
  7. Ihavenet Virus auf dem Rechner
    Plagegeister aller Art und deren Bekämpfung - 30.08.2013 (3)
  8. ihavenet trojaner WINDOWS7
    Log-Analyse und Auswertung - 29.08.2013 (9)
  9. habe vermutlich "ihavenet" auf dem Rechner
    Plagegeister aller Art und deren Bekämpfung - 18.08.2013 (8)
  10. Ihavenet Trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (13)
  11. Ihavenet-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.08.2013 (34)
  12. ihavenet.com Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (7)
  13. IHAVENET Trojaner !
    Log-Analyse und Auswertung - 12.03.2013 (32)
  14. Ihavenet Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  15. Ihavenet Trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (7)
  16. ihavenet trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (21)
  17. Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com)
    Log-Analyse und Auswertung - 21.11.2012 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Ihavenet Trojaner auf dem rechner - Zitat: Davon schläfst du täglich 8 Stunden 5 Zitat: Du hast täglich 8 Stunden frei Studium und 2 Nebenjobs, und aktiv an 30 Foren, alleine hier 200 User täglich Zitat: - Ihavenet Trojaner auf dem rechner...
Archiv
Du betrachtest: Ihavenet Trojaner auf dem rechner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131