|
Log-Analyse und Auswertung: Angriff von Sweet Orange Exploit KIt WebsiteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.12.2013, 16:56 | #1 |
| Angriff von Sweet Orange Exploit KIt Website Hallo, Mein Norton hat einen Angriff von Sweet Orange Exploit KIt Website geblockt. Nach dem Verlaufsprotokoll wurde er verursacht durch \DEVICE\\Harddiskvolume2\Program FFiles (x86)\MOZILLA FIREFOX.EXE. (siehe Anhang) Vorher wurde das neue Firefox über ein automatisches update installiert. Firefox habe ich ursprünglich über die Mozilla-Seite installiert, also mit automatischer update-Einstellung. Norton hat nach einem scan zwar keine Risiken gefunden. Ich kenne mich mit Viren aber nicht so gut aus. ISt mein System jetzt wirklich sicher und vor weiteren Angriffen geschützt? Wenn ich das richtig verstehe, ist doch diese FIREFOX.EXE-Datei eine Anwendung die das neue Firefox installiert hat, oder? Aber müsste die nicht eben Sicherheitslücken schließen und nicht neue schaffen? Habe ein OTL-Log erstellen lassen: OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.12.2013 10:54:27 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,97% Memory free 7,93 Gb Paging File | 6,48 Gb Available in Paging File | 81,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 374,39 Gb Free Space | 80,40% Space Free | Partition Type: NTFS Drive D: | 2,52 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.12.21 10:08:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL(1).exe PRC - [2013.10.08 13:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe PRC - [2013.05.21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe ========== Modules (No Company Name) ========== MOD - [2012.05.30 15:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.4.0.10\wincfi39.dll MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.11.26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.12.20 11:47:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.10.08 13:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe -- (NIS) SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013.05.21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe -- (NCO) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.12.13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.10.30 12:03:57 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013.09.27 04:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Sy mEFA64.sys -- (SymEFA) DRV:64bit: - [2013.09.27 03:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Ir onx64.sys -- (SymIRON) DRV:64bit: - [2013.09.27 03:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\sr tsp64.sys -- (SRTSP) DRV:64bit: - [2013.09.26 04:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\sy mnets.sys -- (SymNetS) DRV:64bit: - [2013.09.26 03:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\cc Setx64.sys -- (ccSet_NIS) DRV:64bit: - [2013.09.10 03:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Sy mDS64.sys -- (SymDS) DRV:64bit: - [2013.09.10 02:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\sr tspx64.sys -- (SRTSPX) DRV:64bit: - [2013.04.16 03:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD04000.00A\c csetx64.sys -- (ccSet_NST) DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.10 15:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.06.26 15:14:30 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.06.26 15:14:30 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.05.18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.08.25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.07.22 12:37:32 | 000,125,888 | ---- | M] (SlSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\An.sys -- (An) DRV:64bit: - [2010.03.22 17:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.01 18:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Vlone.sys -- (Vlone) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.10.21 10:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) DRV:64bit: - [2008.10.21 10:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex) DRV:64bit: - [2008.10.21 10:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) DRV:64bit: - [2008.10.21 10:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm) DRV:64bit: - [2008.10.21 10:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) DRV:64bit: - [2008.10.21 10:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl) DRV:64bit: - [2008.10.21 10:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) DRV:64bit: - [2008.06.16 18:02:16 | 000,015,408 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BS_I2cIo.sys -- (BS_I2cIo) DRV:64bit: - [2006.10.31 08:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS) DRV - [2013.12.20 11:10:46 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDef s\20131220.008\EX64.SYS -- (NAVEX15) DRV - [2013.12.20 11:10:46 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDef s\20131220.008\ENG64.SYS -- (NAVENG) DRV - [2013.12.13 10:16:22 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\ 20131220.001\IDSvia64.sys -- (IDSVia64) DRV - [2013.12.03 19:27:32 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs \20131203.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.11.21 09:55:49 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013.11.21 09:55:49 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010.07.22 12:37:32 | 000,125,888 | ---- | M] (SlSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\An.sys -- (An) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.06.16 09:02:34 | 000,017,024 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BS_I2cIo.sys -- (BS_I2cIo) DRV - [2006.10.31 08:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-90666532-1920636458-2999453760-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-90666532-1920636458-2999453760-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-90666532-1920636458-2999453760-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-90666532-1920636458-2999453760-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 DC FC 6E 1C 45 CE 01 [binary data] IE - HKU\S-1-5-21-90666532-1920636458-2999453760-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-90666532-1920636458-2999453760-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-90666532-1920636458-2999453760-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google" FF - prefs.js..extensions.enabledAddons: DailymotionVideoDownloader%40PeterOlayev.com:1.0.5 FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:3.1.1030 FF - prefs.js..extensions.enabledAddons: YoutubeDownloader%40PeterOlayev.com:2.2.2 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.7 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.6.2.3 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.4.5%20-%201 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_90 0_170.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_90 0_170.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144 .dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.1.33\coFFPlgn\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2013.12.21 10:02:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013.10.30 12:05:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 11:47:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 11:47:07 | 000,000,000 | ---D | M] [2013.01.16 13:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.12.17 20:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profi les\bzcbaizw.default\extensions [2013.04.08 09:19:10 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profi les\bzcbaizw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013.12.14 00:24:31 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profi les\bzcbaizw.default\extensions\donottrackplus@abi ne.com [2013.10.29 09:04:40 | 000,020,469 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\extensions\DailymotionVideoDo wnloader@PeterOlayev.com.xpi [2013.06.07 17:00:27 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\extensions\elemhidehelper@adb lockplus.org.xpi [2013.11.06 16:23:28 | 001,338,622 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\extensions\firefox@ghostery.c om.xpi [2013.08.18 15:55:20 | 000,217,068 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\extensions\spam@trashmail.net .xpi [2013.12.17 20:29:56 | 000,072,921 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\extensions\YoutubeDownloader@ PeterOlayev.com.xpi [2013.12.03 20:43:40 | 000,535,138 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.10.10 12:47:08 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\prof iles\bzcbaizw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.06.07 20:57:44 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.12.20 13:07:08 | 000,002,482 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\searchplugins\safesearch.xml [2013.12.20 11:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.12.20 11:47:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.12.21 10:02:49 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\COFFPLGN [2013.10.30 12:05:51 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation) O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe () O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{51AF53B7-ABE9-430B-97A3-D7FE4AB677FD}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DL L (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DL L (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.06.25 15:26:00 | 000,192,512 | R--- | M] () - D:\AutoStarter.exe -- [ CDFS ] O32 - AutoRun File - [2006.04.24 10:57:26 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2006.06.15 12:47:56 | 000,578,656 | R--- | M] () - D:\autostart.bmp -- [ CDFS ] O32 - AutoRun File - [2006.07.06 15:10:28 | 000,001,502 | R--- | M] () - D:\autostart.dat -- [ CDFS ] O32 - AutoRun File - [2006.06.14 07:26:50 | 000,001,132 | R--- | M] () - D:\autostart.ini -- [ CDFS ] O33 - MountPoints2\{a6048c25-3057-11e0-a2d9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a6048c25-3057-11e0-a2d9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoStarter.exe -- [2007.06.25 15:26:00 | 000,192,512 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrvonServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.12.21 10:53:54 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\*** [2013.12.20 12:29:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\*** [2013.12.20 11:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.12.10 12:55:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Foxit Reader [2013.11.29 14:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother [2013.11.29 14:35:35 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll [2013.11.29 14:35:35 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll [2013.11.29 14:35:35 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll [2013.11.29 14:35:35 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll [2013.11.29 14:35:32 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll [2013.11.29 14:33:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield [2013.11.29 13:43:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\kochen [2013.11.27 12:58:52 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2013.11.25 16:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013.11.25 16:56:19 | 000,110,264 | ---- | C] (pdfforge GmbH) -- C:\Windows\SysNative\pdfcmon.dll [2013.11.25 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2013.11.25 16:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PDF Architect [2013.11.25 16:12:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PDF Architect ========== Files - Modified Within 30 Days ========== [2013.12.21 10:08:39 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.12.21 10:08:39 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.12.21 10:01:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.12.21 10:01:04 | 3193,888,768 | -HS- | M] () -- C:\hiberfil.sys [2013.12.13 15:24:05 | 001,620,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.12.13 15:24:05 | 000,699,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.12.13 15:24:05 | 000,654,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.12.13 15:24:05 | 000,149,572 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.12.13 15:24:05 | 000,122,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.12.11 16:28:14 | 000,367,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.12.05 16:42:38 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.11.29 14:36:49 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk [2013.11.29 14:36:23 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf08b.dat [2013.11.29 12:41:40 | 000,002,403 | ---- | M] () -- C:\Users\***\Desktop\Druckausgabe anzeigen - Verknüpfung.lnk [2013.11.28 11:42:40 | 001,594,028 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.11.25 16:56:22 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013.11.25 11:06:11 | 000,618,912 | ---- | M] () -- C:\Users\***\Desktop\AdwCleaner - CHIP-Downloader.exe ========== Files Created - No Company Name ========== [2013.12.05 16:42:38 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.11.29 14:36:49 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk [2013.11.29 12:41:40 | 000,002,403 | ---- | C] () -- C:\Users\***\Desktop\Druckausgabe anzeigen - Verknüpfung.lnk [2013.11.27 13:01:43 | 001,594,028 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.11.25 16:56:22 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013.11.25 11:06:10 | 000,618,912 | ---- | C] () -- C:\Users\***\Desktop\AdwCleaner - CHIP-Downloader.exe [2013.06.02 11:32:03 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\Morrowind.ini [2013.02.02 23:30:28 | 000,007,602 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2013.01.20 22:14:29 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.04 16:53:55 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.05.17 22:51:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2011.04.21 11:00:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2013.12.05 16:42:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2011.04.04 12:22:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2012.06.24 14:32:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NewsLeecher [2013.11.25 16:12:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect [2011.02.27 14:56:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Writer [2013.12.03 20:49:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2011.04.04 12:12:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft [2011.09.25 16:50:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\simon4 [2011.04.04 12:22:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softi Software [2012.06.24 13:12:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011.04.04 12:20:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon ========== Purity Check ========== < End of report > und Malewarebytes hat nichts gefunden: PHP-Code: Bitte um Hilfe. Lilly |
21.12.2013, 17:12 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Angriff von Sweet Orange Exploit KIt Website Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
21.12.2013, 22:29 | #3 | |
| Angriff von Sweet Orange Exploit KIt Website Hallo Cosinus,
__________________danke für den netten Willkommensgruß! Zitat:
Hier das Ergebnis von FRST: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02 Ran by *** (administrator) on *** on 21-12-2013 21:43:48 Running from C:\Users\***\Downloads Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10806816 2010-04-30] (Realtek Semiconductor) HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) MountPoints2: {a6048c25-3057-11e0-a2d9-806e6f6e6963} - D:\AUTOSTARTER.EXE HKLM-x32\...\Run: [BiosNotice] - C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe [994304 2010-06-15] () HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG) HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation) HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x06DCFC6E1C45CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM - DefaultScope value is missing. BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default FF SelectedSearchEngine: Google FF Homepage: google FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\searchplugins\safesearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\donottrackplus@abine.com FF Extension: Bitdefender QuickScan - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\elemhidehelper@adblockplus.org.xpi FF Extension: Ghostery - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\firefox@ghostery.com.xpi FF Extension: TrashMail.net - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\spam@trashmail.net.xpi FF Extension: 1-Click YouTube Video Downloader - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi FF Extension: NoScript - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: BetterPrivacy - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.1.33\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF ==================== Services (Whitelisted) ================= R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== R3 An; C:\Windows\System32\Drivers\An.sys [125888 2010-07-22] (SlSoft, Inc.) R3 An; C:\Windows\SysWow64\Drivers\An.sys [125888 2010-07-22] (SlSoft, Inc.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-06-26] () R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation) R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2006-10-31] (BIOSTAR Group) R1 BIOS; C:\Windows\SysWow64\drivers\BIOS64.sys [14136 2006-10-31] (BIOSTAR Group) R1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2cIo.sys [15408 2008-06-16] (BIOSTAR Group) R1 BS_I2cIo; C:\Windows\SysWow64\drivers\BS_I2cIo.sys [17024 2008-06-16] (BIOSTAR Group) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131220.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-06-26] () R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131220.008\ENG64.SYS [126040 2013-12-20] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131220.008\EX64.SYS [2099288 2013-12-20] (Symantec Corporation) S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation) S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation) S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation) S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-30] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-21 21:43 - 2013-12-21 21:44 - 00014346 _____ C:\Users\***\Downloads\FRST.txt 2013-12-21 21:43 - 2013-12-21 21:43 - 00000000 ____D C:\FRST 2013-12-21 21:38 - 2013-12-21 21:38 - 02193141 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe 2013-12-21 14:14 - 2013-12-21 14:14 - 00005484 _____ C:\Users\***\Downloads\Hattenrod.html 2013-12-21 10:53 - 2013-12-21 10:53 - 00000000 ____D C:\Users\***\Documents\mflpro_c1 2013-12-21 10:08 - 2013-12-21 10:08 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(1).exe 2013-12-20 12:29 - 2013-12-20 12:29 - 00000000 ____D C:\Users\***\Documents\*** 2013-12-20 11:47 - 2013-12-20 11:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-20 07:48 - 2013-12-20 07:48 - 03053496 ____N (Symantec Corporation) C:\Users\***\Downloads\NPE(6).exe 2013-12-20 07:47 - 2013-12-20 10:57 - 266104016 _____ C:\Users\***\Downloads\20131219-023-v5i64(1).exe 2013-12-18 11:17 - 2013-12-18 11:17 - 00407262 _____ C:\Users\***\Downloads\*** 2013-12-18 11:17 - 2013-12-18 11:17 - 00406533 _____ C:\Users\***\Downloads\*** 2013-12-17 14:50 - 2013-12-17 14:50 - 00003970 _____ C:\Users\***\Downloads\*** 2013-12-14 00:32 - 2013-12-14 00:32 - 00910992 _____ (Symantec Corporation) C:\Users\***\Downloads\AutoDetectPkg(2).exe 2013-12-13 21:15 - 2013-12-13 21:15 - 00004148 _____ C:\Users\***\Downloads\*** 2013-12-11 15:19 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-11 15:19 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-11 15:19 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-11 15:19 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-11 15:17 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-11 15:17 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-11 15:17 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-11 15:17 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-11 15:17 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-11 15:17 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-11 15:17 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-11 15:17 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-11 15:17 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-11 15:17 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-11 15:17 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-11 15:17 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-11 15:17 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-11 15:17 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-11 15:17 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-11 15:17 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-11 15:17 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-11 15:17 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-11 15:17 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-11 15:17 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-11 15:17 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-11 15:17 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-11 15:17 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-11 15:17 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-11 15:16 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-11 15:16 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-11 15:16 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-11 15:16 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-11 15:16 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-11 15:16 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-11 15:16 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-11 15:12 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-11 15:12 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-11 15:11 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-11 15:11 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-11 15:11 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-11 15:11 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-11 15:11 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-11 15:11 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-11 15:11 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-11 15:11 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-11 15:11 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-11 15:11 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-11 15:11 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-11 15:11 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-11 15:11 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-11 15:11 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-11 15:11 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-11 15:11 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-11 15:11 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-10 12:55 - 2013-12-10 12:55 - 00000000 ____D C:\Users\***\AppData\Local\Foxit Reader 2013-12-05 16:42 - 2013-12-05 16:42 - 00002050 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2013-12-05 16:40 - 2013-12-05 16:40 - 33809000 _____ (Foxit Corporation ) C:\Users\***\Downloads\FoxitReader611.1025_L10N_Setup.exe 2013-12-03 21:46 - 2013-12-03 21:46 - 03057128 ____N (Symantec Corporation) C:\Users\***\Downloads\NPE(5).exe 2013-12-03 21:04 - 2013-12-03 21:04 - 01110034 _____ C:\Users\***\Downloads\adwcleaner.exe 2013-11-29 14:36 - 2013-11-29 14:36 - 00002140 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk 2013-11-29 14:35 - 2008-06-17 15:33 - 00167936 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll 2013-11-29 14:35 - 2007-12-13 22:16 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll 2013-11-29 14:35 - 2007-12-13 22:16 - 00005632 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll 2013-11-29 14:35 - 2007-12-13 22:16 - 00003072 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll 2013-11-29 14:35 - 2006-12-28 13:39 - 00176128 ____N (Brother Industries, Ltd.) C:\Windows\SysWOW64\BroSNMP.dll 2013-11-29 14:33 - 2013-11-29 14:33 - 00000000 ____D C:\Users\***\AppData\Roaming\InstallShield 2013-11-29 14:26 - 2013-11-29 14:26 - 00454399 _____ (A.I.SOFT,INC.) C:\Users\***\Downloads\delinf_10160.EXE 2013-11-29 14:25 - 2013-11-29 14:25 - 45604003 _____ (A.I.SOFT,INC.) C:\Users\***\Downloads\385-INST-WIN7-A.EXE 2013-11-29 13:43 - 2013-12-02 11:21 - 00000000 ____D C:\Users\***\Documents\*** 2013-11-29 12:41 - 2013-11-29 12:41 - 00002403 _____ C:\Users\***\Desktop\Druckausgabe anzeigen - Verknüpfung.lnk 2013-11-27 13:01 - 2013-11-28 11:42 - 01594028 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-11-25 16:56 - 2013-11-25 16:56 - 00001031 _____ C:\Users\Public\Desktop\PDFCreator.lnk 2013-11-25 16:56 - 2013-11-25 16:56 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-11-25 16:56 - 2013-04-09 15:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2013-11-25 16:56 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX 2013-11-25 16:56 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2013-11-25 16:56 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2013-11-25 16:56 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2013-11-25 16:56 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL 2013-11-25 16:56 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL 2013-11-25 16:12 - 2013-11-25 16:12 - 00000000 ____D C:\Users\***\AppData\Roaming\PDF Architect 2013-11-25 16:00 - 2013-11-25 16:00 - 17810632 _____ (pdfforge GmbH) C:\Users\***\Downloads\PDFCreator-1_7_1_setup(2).exe 2013-11-25 11:18 - 2013-11-25 11:18 - 03057128 ____N (Symantec Corporation) C:\Users\***\Downloads\NPE(4).exe 2013-11-25 11:06 - 2013-11-25 11:06 - 00618912 _____ C:\Users\***\Desktop\AdwCleaner - CHIP-Downloader.exe ==================== One Month Modified Files and Folders ======= 2013-12-21 21:44 - 2013-12-21 21:43 - 00014346 _____ C:\Users\***\Downloads\FRST.txt 2013-12-21 21:43 - 2013-12-21 21:43 - 00000000 ____D C:\FRST 2013-12-21 21:38 - 2013-12-21 21:38 - 02193141 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe 2013-12-21 21:24 - 2013-05-07 12:44 - 00000000 ____D C:\Users\***\Documents\*** 2013-12-21 21:11 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-21 21:11 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-21 21:08 - 2011-02-04 13:26 - 01584586 _____ C:\Windows\WindowsUpdate.log 2013-12-21 21:07 - 2009-07-14 05:51 - 00208778 _____ C:\Windows\setupact.log 2013-12-21 21:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-21 16:33 - 2013-08-20 12:25 - 00075756 _____ C:\Users\***\Downloads\OTL.Txt 2013-12-21 15:09 - 2013-03-29 17:22 - 00000000 ____D C:\Users\***\AppData\Roaming\QuickScan 2013-12-21 14:14 - 2013-12-21 14:14 - 00005484 _____ C:\Users\***\Downloads\*** 2013-12-21 13:57 - 2013-09-15 17:37 - 00000000 ____D C:\AdwCleaner 2013-12-21 10:53 - 2013-12-21 10:53 - 00000000 ____D C:\Users\***\Documents\mflpro_c1 2013-12-21 10:08 - 2013-12-21 10:08 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(1).exe 2013-12-20 13:35 - 2012-03-22 22:45 - 00000000 ____D C:\Users\***\AppData\Local\NPE 2013-12-20 13:30 - 2013-07-07 16:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-20 12:29 - 2013-12-20 12:29 - 00000000 ____D C:\Users\***\Documents\*** 2013-12-20 12:28 - 2013-07-26 13:01 - 00000000 ____D C:\Users\***\Documents\*** 2013-12-20 11:47 - 2013-12-20 11:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-20 10:57 - 2013-12-20 07:47 - 266104016 _____ C:\Users\***\Downloads\20131219-023-v5i64(1).exe 2013-12-20 07:48 - 2013-12-20 07:48 - 03053496 ____N (Symantec Corporation) C:\Users\***\Downloads\NPE(6).exe 2013-12-18 12:31 - 2013-09-17 11:28 - 00000000 ____D C:\Users\***\Documents\*** 2013-12-18 11:17 - 2013-12-18 11:17 - 00407262 _____ C:\Users\***\Downloads\*** 2013-12-18 11:17 - 2013-12-18 11:17 - 00406533 _____ C:\Users\***\Downloads\*** 2013-12-17 18:54 - 2011-02-04 13:38 - 04478526 _____ C:\Windows\PFRO.log 2013-12-17 14:50 - 2013-12-17 14:50 - 00003970 _____ C:\Users\***\Downloads\*** 2013-12-14 00:32 - 2013-12-14 00:32 - 00910992 _____ (Symantec Corporation) C:\Users\***\Downloads\AutoDetectPkg(2).exe 2013-12-14 00:28 - 2013-08-11 17:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-14 00:28 - 2013-08-11 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-14 00:28 - 2013-06-29 21:57 - 00000000 ____D C:\Users\***\AppData\Local\Adobe 2013-12-14 00:08 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-13 21:15 - 2013-12-13 21:15 - 00004148 _____ C:\Users\***\Downloads\*** 2013-12-13 15:35 - 2013-02-18 22:56 - 00000000 ____D C:\Users\***\Documents\*** 2013-12-13 15:24 - 2009-07-14 18:58 - 00699432 _____ C:\Windows\system32\perfh007.dat 2013-12-13 15:24 - 2009-07-14 18:58 - 00149572 _____ C:\Windows\system32\perfc007.dat 2013-12-13 15:24 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-13 13:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-12-12 23:30 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-12-11 16:28 - 2009-07-14 05:45 - 00367224 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-11 15:18 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini 2013-12-11 15:16 - 2013-07-12 08:10 - 00000000 ____D C:\Windows\system32\MRT 2013-12-11 15:14 - 2011-02-04 14:14 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-10 12:55 - 2013-12-10 12:55 - 00000000 ____D C:\Users\***\AppData\Local\Foxit Reader 2013-12-07 11:48 - 2013-05-23 08:58 - 00000000 ____D C:\Users\***\Documents\*** 2013-12-05 16:42 - 2013-12-05 16:42 - 00002050 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2013-12-05 16:42 - 2013-01-27 11:25 - 00000000 ____D C:\Users\***\AppData\Roaming\Foxit Software 2013-12-05 16:42 - 2011-02-04 17:15 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2013-12-05 16:40 - 2013-12-05 16:40 - 33809000 _____ (Foxit Corporation ) C:\Users\***\Downloads\FoxitReader611.1025_L10N_Setup.exe 2013-12-05 16:39 - 2013-01-16 13:56 - 00000000 ____D C:\ProgramData\Adobe 2013-12-05 16:14 - 2011-02-04 13:42 - 00000000 ____D C:\Users\***\AppData\Roaming\Adobe 2013-12-03 21:46 - 2013-12-03 21:46 - 03057128 ____N (Symantec Corporation) C:\Users\***\Downloads\NPE(5).exe 2013-12-03 21:04 - 2013-12-03 21:04 - 01110034 _____ C:\Users\***\Downloads\adwcleaner.exe 2013-12-02 11:21 - 2013-11-29 13:43 - 00000000 ____D C:\Users\***\Documents\*** 2013-12-01 17:27 - 2013-03-09 18:35 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc 2013-11-29 14:36 - 2013-11-29 14:36 - 00002140 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk 2013-11-29 14:36 - 2011-02-16 21:14 - 00000050 _____ C:\Windows\system32\bridf08b.dat 2013-11-29 14:35 - 2011-02-16 21:14 - 00000000 ____D C:\Program Files (x86)\Brother 2013-11-29 14:35 - 2011-02-04 13:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-11-29 14:33 - 2013-11-29 14:33 - 00000000 ____D C:\Users\***\AppData\Roaming\InstallShield 2013-11-29 14:26 - 2013-11-29 14:26 - 00454399 _____ (A.I.SOFT,INC.) C:\Users\***\Downloads\delinf_10160.EXE 2013-11-29 14:25 - 2013-11-29 14:25 - 45604003 _____ (A.I.SOFT,INC.) C:\Users\***\Downloads\385-INST-WIN7-A.EXE 2013-11-29 12:41 - 2013-11-29 12:41 - 00002403 _____ C:\Users\***\Desktop\*** 2013-11-28 11:42 - 2013-11-27 13:01 - 01594028 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-11-26 12:54 - 2013-12-11 15:17 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-26 11:19 - 2013-12-11 15:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-26 11:18 - 2013-12-11 15:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-11-26 11:11 - 2013-12-11 15:16 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-26 10:48 - 2013-12-11 15:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-26 10:46 - 2013-12-11 15:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-11-26 10:41 - 2013-12-11 15:17 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-26 10:29 - 2013-12-11 15:17 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-26 10:27 - 2013-12-11 15:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-26 10:23 - 2013-12-11 15:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-26 10:21 - 2013-12-11 15:17 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-26 10:18 - 2013-12-11 15:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-11-26 10:18 - 2013-12-11 15:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-11-26 10:16 - 2013-12-11 15:17 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-11-26 09:57 - 2013-12-11 15:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-26 09:38 - 2013-12-11 15:17 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-26 09:38 - 2013-12-11 15:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-26 09:35 - 2013-12-11 15:16 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-26 09:32 - 2013-12-11 15:17 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-26 09:28 - 2013-12-11 15:17 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-11-26 09:16 - 2013-12-11 15:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-26 09:02 - 2013-12-11 15:16 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-11-26 08:48 - 2013-12-11 15:16 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-26 08:32 - 2013-12-11 15:16 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-11-26 08:26 - 2013-12-11 15:16 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-26 08:07 - 2013-12-11 15:17 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-26 07:40 - 2013-12-11 15:17 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-26 07:34 - 2013-12-11 15:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-11-26 07:34 - 2013-12-11 15:17 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-11-26 07:33 - 2013-12-11 15:17 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-26 07:27 - 2013-12-11 15:17 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-25 16:56 - 2013-11-25 16:56 - 00001031 _____ C:\Users\Public\Desktop\PDFCreator.lnk 2013-11-25 16:56 - 2013-11-25 16:56 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-11-25 16:12 - 2013-11-25 16:12 - 00000000 ____D C:\Users\***\AppData\Roaming\PDF Architect 2013-11-25 16:00 - 2013-11-25 16:00 - 17810632 _____ (pdfforge GmbH) C:\Users\***\Downloads\PDFCreator-1_7_1_setup(2).exe 2013-11-25 11:18 - 2013-11-25 11:18 - 03057128 ____N (Symantec Corporation) C:\Users\***\Downloads\NPE(4).exe 2013-11-25 11:06 - 2013-11-25 11:06 - 00618912 _____ C:\Users\***\Desktop\AdwCleaner - CHIP-Downloader.exe 2013-11-23 19:26 - 2013-12-11 15:11 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-11-23 18:47 - 2013-12-11 15:11 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll Some content of TEMP: ==================== C:\Users\***\AppData\Local\Temp\AutoRun.exe C:\Users\***\AppData\Local\Temp\AutoRunGUI.dll C:\Users\***\AppData\Local\Temp\Checkupdate.exe C:\Users\***\AppData\Local\Temp\eauninstall.exe C:\Users\***\AppData\Local\Temp\First15.exe C:\Users\***\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\***\AppData\Local\Temp\Foxit Updater.exe C:\Users\***\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\***\AppData\Local\Temp\gcapi_dll.dll C:\Users\***\AppData\Local\Temp\gtapi_signed.dll C:\Users\***\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\***\AppData\Local\Temp\SkypeSetup.exe C:\Users\***\AppData\Local\Temp\The Sims 2_uninst.exe C:\Users\***\AppData\Local\Temp\VP6Install.exe C:\Users\***\AppData\Local\Temp\VP6VFW.dll C:\Users\***\AppData\Local\Temp\_is6E52.exe C:\Users\***\AppData\Local\Temp\_isA273.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-21 15:40 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- und addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2013 02 Ran by *** at 2013-12-21 21:44:25 Running from C:\Users\***\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170) Adobe Shockwave Player 12.0 (x32 Version: 12.0.4.144) Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17) BIOS Update (x32) BiosNotice (x32) Black & White® 2 (x32 Version: 1.00.0000) Brother MFL-Pro Suite DCP-385C (x32 Version: 1.0.1.0) Bullzip PDF Printer 7.1.0.1212 CloneDVD2 (x32 Version: 2.9.2.8) CloudReading (x32 Version: 1.0.27.1025) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000) D3DX10 (x32 Version: 15.4.2368.0902) Fotogalerie (x32 Version: 16.4.3505.0912) Foxit Reader (x32 Version: 6.1.1.1025) Geheimakte Tunguska (x32 Version: 1.03.02) GPL Ghostscript Lite 8.70 (x32) Junk Mail filter update (x32 Version: 16.4.3505.0912) Maniac Mansion Deluxe (x32) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938) Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Corporation (Version: 9.1.0.0) Microsoft Corporation (x32 Version: 9.1.0.0) Microsoft IntelliPoint 8.2 (Version: 8.20.468.0) Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0) Microsoft LifeCam (Version: 3.60.253.0) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1) Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000) Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) Movie Maker (x32 Version: 16.4.3505.0912) Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0) Mozilla Maintenance Service (x32 Version: 26.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Nero 8 Micro 8.3.6.0 (x32 Version: 8.3.6.0) Norton Identity Safe (x32 Version: 2013.4.0.10) Norton Internet Security (x32 Version: 21.1.0.18) NVIDIA PhysX (x32 Version: 9.09.0428) OpenAL (x32) PDFCreator (x32 Version: 1.7.1) Photo Gallery (x32 Version: 16.4.3505.0912) Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.18.322.2010) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6101) ScanSoft OmniPage 16 (x32 Version: 16.1.0000) swMSM (x32 Version: 12.0.0.1) VirtualCloneDrive (x32) VLC media player 2.0.6 (x32 Version: 2.0.6) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live Family Safety (Version: 16.4.3505.0912) Windows Live Family Safety (x32 Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Mail (x32 Version: 16.4.3505.0912) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) Windows Live Writer (x32 Version: 16.4.3505.0912) Windows Live Writer Resources (x32 Version: 16.4.3505.0912) WinRAR ==================== Restore Points ========================= 28-11-2013 10:38:27 Windows Update 29-11-2013 13:29:09 Entfernt MFL-Pro Suite 29-11-2013 13:34:16 Installiert MFL-Pro Suite 03-12-2013 19:53:13 Removed Java 7 Update 45 05-12-2013 15:38:28 Removed Adobe Reader XI (11.0.05) - Deutsch. 11-12-2013 14:12:37 Windows Update 21-12-2013 14:47:30 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1E25A00F-CB9C-47BA-89DC-CE44F8E9E373} - System32\Tasks\{3BE94CBC-6039-4F0D-9115-C89B681F4D19} => C:\Program Files (x86)\Deep Silver\Geheimakte Tunguska\AutoStarter.exe [2007-06-25] () Task: {1F1454B9-218A-4F7E-B0E3-5E1DD17B1249} - System32\Tasks\{618A86B2-3C45-4998-8275-F53AF1DE5F71} => C:\Program Files (x86)\Maxis\Die Sims\Sims.exe Task: {20635A3F-8385-4CDC-87A7-8DF9E331B22E} - System32\Tasks\{9444B45B-29C1-4EF1-95CF-32E0FB22D56D} => C:\Program Files (x86)\Maxis\Die Sims\Sims.exe Task: {20B8EC00-E00B-48FE-9F15-B289ADB1978C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation) Task: {2B906CD8-FF84-480E-805C-040140F96933} - System32\Tasks\{8D53F3DE-2FF7-49A5-83D0-A528E3B373A6} => C:\Program Files (x86)\Maxis\Die Sims\Sims.exe Task: {33B4B245-6747-420F-882A-2B8533F5206F} - System32\Tasks\{2334656E-1A58-420F-896F-F1A551CE3766} => C:\Program Files (x86)\EA GAMES\Die Sims 2 Wilde Campus-Jahre\TSBin\Sims2EP1.exe Task: {38A71003-A295-4AB3-9E74-9B4B942F7B56} - System32\Tasks\{FC53C629-39C0-4C6D-BD05-EF87531FBCE3} => Firefox.exe Task: {4AE7704A-9342-4E2F-9968-CF66EB7AA649} - System32\Tasks\{97A1270B-0EE4-4A9E-B8E8-884E697A8062} => C:\Program Files (x86)\Maxis\Die Sims\Sims.exe Task: {5CE7EB17-8153-48B0-8055-7CE0CC5F0110} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\symerr.exe [2013-05-29] (Symantec Corporation) Task: {6056EE90-BE83-4CB3-BAA4-AA932974074B} - System32\Tasks\{090E355A-6F78-4D76-B6F8-53B1981617D7} => C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind Launcher.exe Task: {6629154C-9DCC-4121-A835-AF76B6D2B158} - System32\Tasks\{95C69943-2913-452B-82D8-8FB8E651BDF0} => C:\Program Files (x86)\Firefly Studios\Space Colony\Space Colony.exe Task: {95961AD6-1C6E-4DF5-B56F-75E933FC4206} - System32\Tasks\{8FE772D7-AE59-4D8F-922E-B23607BD3451} => C:\Program Files (x86)\EA GAMES\Die Sims 2\TSBin\Sims2.exe Task: {A48E50F3-6F47-4227-8D1C-D331B1273DFD} - System32\Tasks\{553B154C-EF8E-4AE2-BCE3-32E8FA772D33} => C:\Program Files (x86)\Maxis\Die Sims\Sims.exe Task: {ACBB0A5A-2BB5-45D5-801C-2FFC0377EB56} - System32\Tasks\{4AEA1B90-ECDE-4F2B-8131-4846248D6684} => Firefox.exe Task: {ADC6913D-6A96-4057-9FAD-56AC32FA2F95} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01] (Microsoft Corporation) Task: {BBA5E870-8A35-4BFA-834E-29BAB6F14992} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation) Task: {C4AF0DFF-B493-4427-9BF1-C51B561BFE47} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation) Task: {CCEB6E21-9A16-4A86-9EA3-3F5EDF4B29C5} - System32\Tasks\{C45B0D8F-17D8-489C-8F6F-104BC22C04AF} => C:\Program Files (x86)\PDFCreator\PDFCreator.exe [2013-11-25] (pdfforge GmbH) Task: {DA1F8386-538E-4CF2-9B09-274D74121759} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\symerr.exe [2013-05-29] (Symantec Corporation) Task: {FDE3C828-2765-4FA8-A274-FA258CB76DC4} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10] (Microsoft Corporation) ==================== Loaded Modules (whitelisted) ============= 2013-06-18 22:12 - 2012-05-30 15:51 - 00699280 ____R () C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll 2013-06-18 22:12 - 2012-05-30 15:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.4.0.10\wincfi39.dll 2013-11-29 14:35 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2013-12-20 11:47 - 2013-12-20 11:47 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-12-14 00:28 - 2013-12-14 00:28 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2-Maus Description: Microsoft PS/2-Maus Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (12/21/2013 10:53:13 AM) (Source: Application Hang) (User: ) Description: Programm OTL(1).exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1e0 Startzeit: 01cefe2c84361eb3 Endzeit: 31 Anwendungspfad: C:\Users\***\Downloads\OTL(1).exe Berichts-ID: Error: (12/17/2013 02:53:34 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 11.0.8407.0, Zeitstempel: 0x521bd0da Name des fehlerhaften Moduls: WINWORD.EXE, Version: 11.0.8407.0, Zeitstempel: 0x521bd0da Ausnahmecode: 0xc0000005 Fehleroffset: 0x001afc14 ID des fehlerhaften Prozesses: 0xa24 Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0 Pfad der fehlerhaften Anwendung: WINWORD.EXE1 Pfad des fehlerhaften Moduls: WINWORD.EXE2 Berichtskennung: WINWORD.EXE3 Error: (12/17/2013 01:30:14 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2013/12/17 13:30:14.366]: [00003372]: Initialize TwdsMain Class failed! Error: (12/17/2013 01:30:14 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2013/12/17 13:30:14.366]: [00003372]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (12/17/2013 01:30:14 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2013/12/17 13:30:14.350]: [00003372]: GetDeviceList Failed! pStiInfo = 0x0.. Error: (12/17/2013 01:29:43 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2013/12/17 13:29:43.410]: [00000764]: Initialize TwdsMain Class failed! Error: (12/17/2013 01:29:43 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2013/12/17 13:29:43.410]: [00000764]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (12/17/2013 01:29:43 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2013/12/17 13:29:43.410]: [00000764]: GetDeviceList Failed! pStiInfo = 0x0.. Error: (12/17/2013 01:29:13 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2013/12/17 13:29:13.691]: [00000704]: Initialize TwdsMain Class failed! Error: (12/17/2013 01:29:13 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2013/12/17 13:29:13.691]: [00000704]: ##### Fatal ERROR!! Create STI-device failed! ##### System errors: ============= Error: (12/14/2013 04:44:08 AM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (12/13/2013 00:58:32 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error: (12/12/2013 10:15:11 PM) (Source: DCOM) (User: ) Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58} Error: (12/11/2013 04:26:00 PM) (Source: DCOM) (User: ) Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} Error: (12/11/2013 04:25:14 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error: (12/11/2013 04:25:14 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (12/09/2013 01:20:44 AM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (12/08/2013 01:58:35 AM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (12/05/2013 01:12:16 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (12/05/2013 01:12:14 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Microsoft Office Sessions: ========================= Error: (12/21/2013 10:53:13 AM) (Source: Application Hang)(User: ) Description: OTL(1).exe3.2.69.01e001cefe2c84361eb331C:\Users\***\Downloads\OTL(1).exe Error: (12/17/2013 02:53:34 PM) (Source: Application Error)(User: ) Description: WINWORD.EXE11.0.8407.0521bd0daWINWORD.EXE11.0.8407.0521bd0dac0000005001afc14a2401cefb2b66381a7eC:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE9e6fb990-6722-11e3-967d-0030679554e4 Error: (12/17/2013 01:30:14 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2013/12/17 13:30:14.366]: [00003372]: Initialize TwdsMain Class failed! Error: (12/17/2013 01:30:14 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2013/12/17 13:30:14.366]: [00003372]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (12/17/2013 01:30:14 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2013/12/17 13:30:14.350]: [00003372]: GetDeviceList Failed! pStiInfo = 0x0.. Error: (12/17/2013 01:29:43 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2013/12/17 13:29:43.410]: [00000764]: Initialize TwdsMain Class failed! Error: (12/17/2013 01:29:43 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2013/12/17 13:29:43.410]: [00000764]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (12/17/2013 01:29:43 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2013/12/17 13:29:43.410]: [00000764]: GetDeviceList Failed! pStiInfo = 0x0.. Error: (12/17/2013 01:29:13 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2013/12/17 13:29:13.691]: [00000704]: Initialize TwdsMain Class failed! Error: (12/17/2013 01:29:13 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2013/12/17 13:29:13.691]: [00000704]: ##### Fatal ERROR!! Create STI-device failed! ##### ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 4061.24 MB Available physical RAM: 2241.94 MB Total Pagefile: 8120.66 MB Available Pagefile: 6086.71 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:375.08 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 3826559E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Lilly |
22.12.2013, 22:28 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Angriff von Sweet Orange Exploit KIt WebsiteZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
26.12.2013, 10:13 | #5 | |
| Angriff von Sweet Orange Exploit KIt Website Hallo cosinus, frohe Weihnachten! Zitat:
Ist es für Private eher ungeeignet oder anfälliger für Viren? Sollte ich mir ein anderes kaufen? Ach, und hat der Log irgendetwas ergeben? Viele Grüße Lilly |
26.12.2013, 17:50 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Angriff von Sweet Orange Exploit KIt Website Weil für private Zwecke ein Win7 Ultimate und ein Professional Office unüblich ist. Man muss schon einen guten Grund haben, um mehrere Hundert EUR mehr zu bezahlen nur um ein Win7 Ultimate und Professional Office zu haben. Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Angriff von Sweet Orange Exploit KIt Website |
02.01.2014, 14:48 | #7 |
| Angriff von Sweet Orange Exploit KIt Website Frohes neues Jahr! Habe malewarebytes anti-rootkit durchlaufen lassen. Ergebnis: Congratulations, no cleanup is required! Scan finished: No maleware found! Da scheint ja alles noch mal gut gegangen zu sein, oder? Viele Grüße Lilly |
02.01.2014, 15:04 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Angriff von Sweet Orange Exploit KIt Website Log bitte posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
02.01.2014, 21:43 | #9 |
| Angriff von Sweet Orange Exploit KIt Website Hier der Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008 www.malwarebytes.org Database version: v2014.01.02.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 *** :: *** [administrator] 02.01.2014 13:49:55 mbar-log-2014-01-02 (13-49-55).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 227271 Time elapsed: 23 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
03.01.2014, 11:54 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Angriff von Sweet Orange Exploit KIt Website Gut, MBAR war auch aktuell Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Angriff von Sweet Orange Exploit KIt Website |
application/pdf:, autorun, bho, bios, dateien, defender, excel, explorer, format, logfile, malwarebytes, microsoft, mozilla, programme, realtek, registry, scan, schließen, security, software, spam, symantec, system, viren, windows, winlogon |