Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254.

Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254.


Plagegeister aller Art und deren Bekämpfung: Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.12.2013, 22:47   #1
dstar
 
Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254. - Standard

Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254.


Hallo leider habe ich vor einigen tagen das untenstehende spam mail geöffnet.

Norton zeigt mir an, dass der Computer nicht infiziert ist.

könnt ihr mir bitte dennoch eure Erfahrung mitteilen u. ggf. sagen was zu tun ist?

vielen dank!!

Telekom Deutschland GmbH [post@soeren-kosanke.de]

Sehr geehrte Kundin,
sehr geehrter Kunde

Im Anhang finden Sie die gewünschten Dokumente und Daten zu Ihrer Telekom Mobilfunk RechnungOnline für Geschäftskunden vom Monat November. Zum Umgang mit verschlüsselten Dateien finden Sie bei Bedarf Hinweise unter:

https://rechnungonline-business.t-mobile.de

Mit freundlichen Grüßen,
Geschäftskundenservice

Telekom Deutschland GmbH
Aufsichtsrat: Timotheus Höttges Vorsitzender
Geschäftsführung: Niek Jan van Damme Sprecher, Thomas Dannenfeldt, Thomas Freude, Michael Hagspihl, Dr. Bruno Jacobfeuerborn, Dietmar Welslau, Dr. Dirk Wössner
Eintrag: Amtsgericht Bonn, HRB 59 19, Sitz der Gesellschaft Bonn
USt-Id.Nr.: DE 122265872
WEEE-Reg.-Nr.: 60800328

Alt 29.12.2013, 22:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254. - Standard

Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254.


Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 30.12.2013, 23:20   #3
dstar
 
Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254. - Standard

Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254.


hallo Cosinus,
vielen dank, für deine ausführliche antwort mit der guten Beschreibung!
und vorallem für deine Hilfsbereitschaft!!!

ich bin wie beschrieben vorgegangen und poste dir untenstehend die logfiles.
vom gestrigen scan mit Norton Security Scan habe ich leider keinen log. das spuckt Norton nicht aus....

hoffentlich ist alles okay u. ich freu mich nochmal von dir zu hören!

danke für dein Bemühen!!

lg,
dstar


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-12-2013 01
Ran by Hansjörg (administrator) on HANSJÖRG-PC on 30-12-2013 23:02:36
Running from C:\Users\Hansjörg\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\AirPort\APAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Octoshape ApS) C:\Users\Hansjörg\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(A-Trust GmbH) C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(A-Trust GmbH) C:\Program Files\A-Trust GmbH\a.sign Client\acLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Symantec Corporation) C:\Program Files\Norton Security Scan\Engine\4.0.1.16\Nss.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1312848 2010-01-27] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2010-06-03] (Realtek Semiconductor)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [AirPort Base Station Agent] - C:\Program Files\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-09-08] (RealNetworks, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-06-03] (Google Inc.)
HKCU\...\Run: [Octoshape Streaming Services] - C:\Users\Hansjörg\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [70936 2009-01-08] (Octoshape ApS)
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [acSecurityLayer] - C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe [3605664 2012-04-13] (A-Trust GmbH)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKCU\...\Run: [AppleIEDAV] - C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
MountPoints2: {63da64cb-1fb1-11e0-8cd6-001d60f7c0c4} - I:\AutoRun.exe
MountPoints2: {f80ec887-9983-11df-a432-001d60f7c0c4} - "E:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\Hansjörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x701F7A7D2E03CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - {98FDCB7B-B758-4969-8215-C7C1CF5B7372} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^AT&apn_uid=1B861855-85B5-41EA-B722-784438352011&apn_sauid=4D03A505-184F-4670-8CDF-91508C394B9E
BHO: Snapform Viewer PlugIn for IE - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Program Files\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{FA1EDC55-E63C-4BEB-A901-477A6F3B7F03}: [NameServer]213.33.99.70,80.120.17.70

FireFox:
========
FF ProfilePath: C:\Users\Hansjörg\AppData\Roaming\Mozilla\Firefox\Profiles\53gr55qm.default
FF SearchEngineOrder.1: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\Hansjörg\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Users\Hansjörg\AppData\Roaming\Mozilla\Firefox\Profiles\53gr55qm.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ask Toolbar - C:\Users\Hansjörg\AppData\Roaming\Mozilla\Firefox\Profiles\53gr55qm.default\Extensions\toolbar@ask.com
FF Extension: a.trust Certificate Manager - C:\Users\Hansjörg\AppData\Roaming\Mozilla\Firefox\Profiles\53gr55qm.default\Extensions\{1156EFC8-E9C8-495B-BB8E-63FF5EA5E4F5}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask
CHR DefaultSearchURL: hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=1B861855-85B5-41EA-B722-784438352011&apn_ptnrs=U3&apn_sauid=4D03A505-184F-4670-8CDF-91508C394B9E&apn_dtid=OSJ000YYAT&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Octoshape Streaming Services) - C:\Users\Hansj\u00F6rg\AppData\Roaming\Mozilla\plugins\npoctoshape.dll No File
CHR Plugin: (Octoshape Streaming Services) - C:\Users\Hansj\u00F6rg\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll No File
CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Ask Toolbar) - C:\Users\Hansjörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Hansjörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Hansjörg\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

========================== Services (Whitelisted) =================

R2 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-06-15] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [356864 2009-08-20] (Aladdin Knowledge Systems Ltd.)
R3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.)
R3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [89600 2009-08-10] (Gemalto)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-11-10] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-30 23:02 - 2013-12-30 23:03 - 00020499 _____ C:\Users\Hansjörg\Downloads\FRST.txt
2013-12-30 23:02 - 2013-12-30 23:02 - 00000000 ____D C:\FRST
2013-12-30 22:50 - 2013-12-30 23:02 - 01064199 _____ (Farbar) C:\Users\Hansjörg\Downloads\FRST.exe
2013-12-20 20:32 - 2013-12-20 20:45 - 00000000 ___HD C:\Users\Hansjörg\AppData\Roaming\C75C1745
2013-12-20 08:37 - 2013-12-20 08:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-17 13:05 - 2013-12-17 13:05 - 00002170 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-12 07:53 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 19:27 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 19:27 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 19:27 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 19:27 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 19:27 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 19:27 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 19:27 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 19:27 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 19:27 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 19:27 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 19:27 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 19:27 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 19:27 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 19:27 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 19:27 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 19:27 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 19:27 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 19:27 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 19:27 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 19:22 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 19:22 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 07:06 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 07:06 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 07:06 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 07:06 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 07:06 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 07:06 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 07:05 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 07:05 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 07:05 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 07:05 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 17:26 - 2013-12-10 17:26 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-10 17:26 - 2013-12-10 17:26 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-10 17:26 - 2013-12-10 17:26 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-10 17:26 - 2013-12-10 17:26 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-10 17:26 - 2013-12-10 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-10 17:26 - 2013-12-10 17:26 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-10 17:26 - 2013-12-10 17:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-10 17:26 - 2013-12-10 17:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-10 17:26 - 2013-12-10 17:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-10 17:26 - 2013-12-10 17:26 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-10 17:23 - 2013-12-10 17:29 - 00011272 _____ C:\Windows\IE11_main.log
2013-12-06 12:47 - 2013-12-06 12:47 - 00000702 _____ C:\Users\Hansjörg\Desktop\Bibliotheken - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2013-12-30 23:03 - 2013-12-30 23:02 - 00020499 _____ C:\Users\Hansjörg\Downloads\FRST.txt
2013-12-30 23:03 - 2010-06-03 18:42 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-30 23:02 - 2013-12-30 23:02 - 00000000 ____D C:\FRST
2013-12-30 23:02 - 2013-12-30 22:50 - 01064199 _____ (Farbar) C:\Users\Hansjörg\Downloads\FRST.exe
2013-12-30 22:53 - 2009-07-14 05:34 - 00014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-30 22:53 - 2009-07-14 05:34 - 00014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-30 22:51 - 2010-06-03 14:41 - 01721218 _____ C:\Windows\WindowsUpdate.log
2013-12-30 22:40 - 2013-09-25 22:15 - 00000000 ____D C:\Users\Hansjörg\AppData\Local\C82657B9-D454-4F58-A797-005C24FE596A.aplzod
2013-12-30 22:39 - 2010-06-03 18:42 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-30 22:39 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-30 22:39 - 2009-07-14 05:39 - 00146699 _____ C:\Windows\setupact.log
2013-12-30 20:15 - 2012-04-03 10:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-30 16:46 - 2013-09-09 07:07 - 00000412 ____H C:\Windows\Tasks\Norton Security Scan for Hansjörg.job
2013-12-23 14:47 - 2012-05-03 21:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 22:01 - 2010-09-07 15:27 - 00000000 ____D C:\Schreiben private
2013-12-20 20:45 - 2013-12-20 20:32 - 00000000 ___HD C:\Users\Hansjörg\AppData\Roaming\C75C1745
2013-12-20 08:37 - 2013-12-20 08:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-19 15:08 - 2011-07-06 13:53 - 00000711 _____ C:\Users\Hansjörg\Snapform Viewer.log
2013-12-18 07:12 - 2010-06-03 14:53 - 01621244 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-18 06:54 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-17 16:58 - 2013-03-03 21:42 - 00000522 _____ C:\Users\Hansjörg\Desktop\Oberbank - Ein bisschen mehr als eine Bank..website
2013-12-17 13:05 - 2013-12-17 13:05 - 00002170 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-17 13:04 - 2010-06-03 18:41 - 00000000 ____D C:\Program Files\Google
2013-12-13 20:00 - 2010-06-03 18:42 - 00000000 ____D C:\Users\Hansjörg\AppData\Local\Google
2013-12-13 12:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-12-12 17:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-11 20:13 - 2009-07-14 05:33 - 00412800 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 19:26 - 2010-06-03 15:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 19:25 - 2013-08-14 22:36 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 19:23 - 2010-06-03 16:12 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-11 09:15 - 2012-04-03 10:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 09:15 - 2011-05-17 07:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 17:29 - 2013-12-10 17:23 - 00011272 _____ C:\Windows\IE11_main.log
2013-12-10 17:26 - 2013-12-10 17:26 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-10 17:26 - 2013-12-10 17:26 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-10 17:26 - 2013-12-10 17:26 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-10 17:26 - 2013-12-10 17:26 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-10 17:26 - 2013-12-10 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-10 17:26 - 2013-12-10 17:26 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-10 17:26 - 2013-12-10 17:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-10 17:26 - 2013-12-10 17:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-10 17:26 - 2013-12-10 17:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-10 17:26 - 2013-12-10 17:26 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-10 17:26 - 2013-12-10 17:26 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-10 16:24 - 2013-03-01 19:50 - 00000476 _____ C:\Users\Hansjörg\Desktop\land-oberoesterreich.gv.at.website
2013-12-10 10:31 - 2009-07-14 09:57 - 00000000 ____D C:\Windows\ShellNew
2013-12-10 10:31 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-09 15:20 - 2012-08-08 08:35 - 00000854 _____ C:\Users\Hansjörg\Desktop\Heizöl-News vom 08.08.2012 Heizöl-Markt aktuell Rohöl verteuert sich weiter!.website
2013-12-06 12:47 - 2013-12-06 12:47 - 00000702 _____ C:\Users\Hansjörg\Desktop\Bibliotheken - Verknüpfung.lnk
2013-12-05 15:01 - 2013-04-29 06:31 - 00002121 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-03 12:22 - 2011-08-04 22:55 - 00000684 _____ C:\Users\Hansjörg\Desktop\Gloria.tv ›the more catholic the better‹.website

Some content of TEMP:
====================
C:\Users\Hansjörg\AppData\Local\Temp\ApnStub.exe
C:\Users\Hansjörg\AppData\Local\Temp\asignbku_setup.exe
C:\Users\Hansjörg\AppData\Local\Temp\aswV5Hlp.dll
C:\Users\Hansjörg\AppData\Local\Temp\contentDATs.exe
C:\Users\Hansjörg\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Hansjörg\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Hansjörg\AppData\Local\Temp\Hansjörg-PC_1358422823254_SERVER.dll
C:\Users\Hansjörg\AppData\Local\Temp\i4jdel0.exe
C:\Users\Hansjörg\AppData\Local\Temp\jna2267736005875547809.dll
C:\Users\Hansjörg\AppData\Local\Temp\jna652989422472195564.dll
C:\Users\Hansjörg\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Hansjörg\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Hansjörg\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Hansjörg\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Hansjörg\AppData\Local\Temp\octoinstalljni5184730573577712209.dll
C:\Users\Hansjörg\AppData\Local\Temp\octosetup10810211711699100109110114104106109117971101139912098999999119981191121181111131071001103896896197331115818.exe
C:\Users\Hansjörg\AppData\Local\Temp\ose00000.exe
C:\Users\Hansjörg\AppData\Local\Temp\ResetDevice.exe
C:\Users\Hansjörg\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Hansjörg\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Hansjörg\AppData\Local\Temp\spp_100004b.exe
C:\Users\Hansjörg\AppData\Local\Temp\spp_100006f.exe
C:\Users\Hansjörg\AppData\Local\Temp\spp_100009c.exe
C:\Users\Hansjörg\AppData\Local\Temp\spp_2000067.exe
C:\Users\Hansjörg\AppData\Local\Temp\stubhelper.dll
C:\Users\Hansjörg\AppData\Local\Temp\Update.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 16:48

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-12-2013 01
Ran by Hansjörg at 2013-12-30 23:07:36
Running from C:\Users\Hansjörg\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
7-Zip 9.20 (Version:  - )
a.sign Bürgerkartensoftware 1.4.1.9 (Version: 1.4.1.9 - A-Trust GmbH)
a.sign Client 1.2.8.0 (Version: 1.2.8.0 - A-Trust GmbH)
a.sign PDF 1.11.0.0 (Version: 1.11.0.0 - A-Trust)
Adobe AIR (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated)
AirPort (Version: 5.6.1.2 - Apple Inc.)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
asignPDFverify 1.0.5.0 (Version: 1.0.5.0 - A-Trust)
Ask Toolbar (Version: 1.15.23.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION
AXIS Media Control SDK 5.90 (Version: 5.90 - Axis Communications)
bob internet (Version:  - mobilkom austria AG)
bob internet (Version: 1.0.0.139 - mobilkom austria AG)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Camera Window DS (Version: 5.0 - Canon)
Canon Camera Window DS for ZoomBrowser EX (Version: 5.0 - Canon)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.4.1.9 - Canon Inc.)
Canon PhotoRecord (Version: 02.01.00069 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (Version: 1.2 - Canon)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.1 - Canon)
Canon Utilities CameraWindow (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities MyCamera (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch 3.1 (Version: 3.1.14 - Canon)
Canon Utilities ZoomBrowser EX (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.3.0.4 - Canon Inc.)
CDBurnerXP (Version: 4.2.1.919 - CDBurnerXP)
ELBA5 (C:\Programme\ELBA5) (Version: 5.4.1.0 - RACON Software GmbH)
ElsterFormular 2008 - 2009 (Version: 2008-2009 - Landesfinanzdirektion Thüringen)
eReg (Version: 1.20.138.34 - Logitech, Inc.)
Feedback Tool (Version: 1.2.0 - Microsoft Corporation)
Foxit Reader (Version: 3.1.4.1125 - Foxit Software Company)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Earth (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.)
iCloud (Version: 3.1.0.40 - Apple Inc.)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 21 (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.)
Java(TM) 6 Update 37 (Version: 6.0.370 - Oracle)
Logitech SetPoint 6.0 (Version: 6.00.68 - Logitech)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation)
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (Version: 2.0.5050.0 - Microsoft Corp.)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0 - Microsoft Corp.)
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft)
Norton Security Scan (Version: 4.0.1.16 - Symantec Corporation)
NVIDIA Display Control Panel (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Grafiktreiber 307.83 (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation)
NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation)
Octoshape Streaming Services (Version:  - Octoshape ApS)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation)
PC-CCID (Version: 2.0.0 - Gemalto)
Personal Backup 4.5 (Version:  - J. Rathlev)
PhotoStitch (Version: 3.1.14 - Canon)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
RAW Image Task 1.2 (Version: 1.2 - Canon)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc)
RealPlayer (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.)
RemoteCapture Task 1.1 (Version: 1.1 - Canon)
RZLWin (Netzarbeitsplatz) (Version: 1.50.4 - RZL Software GmbH)
Safari (Version: 5.34.57.2 - Apple Inc.)
Snapform Viewer 1.7.32 (Version: 1.7.32 - Ringler Informatik AG)
TeamViewer 5 (Version: 5.0.7687  - TeamViewer GmbH)
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
Windows Live Anmelde-Assistent (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)

==================== Restore Points  =========================

16-12-2013 06:39:10 Windows Update
20-12-2013 06:38:31 Windows Update
23-12-2013 21:26:12 Windows Update
29-12-2013 21:32:44 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D131036-1AE6-4BDE-BD2A-AB85467EA050} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1972268296-754176849-3029469841-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2688EC42-B983-43B6-B454-C4BB01241D81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-03] (Google Inc.)
Task: {37333332-8606-4C05-B6B4-CAB7FBE7D759} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1972268296-754176849-3029469841-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {62716D70-DE97-47F2-A476-1863B5C40F75} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1972268296-754176849-3029469841-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {878D568A-A1CF-4D54-BCCE-1179D4124209} - System32\Tasks\{BF13838C-D5B6-416D-A922-C684B3F369E2} => R:\RZLWin\Bil.exe
Task: {8DEB5D06-BAD7-4E60-B79C-7A38DBB42C2E} - System32\Tasks\{01E25AC3-CA02-437E-9F7D-D391E99F5CF9} => R:\RZLWin\Bil.exe
Task: {95986C16-01F4-448C-AA8E-C2E12AA48E06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-03] (Google Inc.)
Task: {969BE6F6-6DCB-458B-A1D8-33522FFA5416} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-03-31] ()
Task: {976C388A-1CBD-4330-A0ED-724A04CD556B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A72AA467-E8ED-4353-9441-B6A6AA492EEE} - System32\Tasks\Norton Security Scan for Hansjörg => C:\Program Files\Norton Security Scan\Engine\4.0.1.16\Nss.exe [2013-10-10] (Symantec Corporation)
Task: {CC04BB50-9A9F-4158-BB17-AA1BB6AB8576} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1972268296-754176849-3029469841-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {DCB5B66F-8730-4DC5-AD8D-466277D4BB6F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {F6B29515-D4E0-472B-A5FE-8857C281C486} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Hansjörg.job => C:\PROGRA~1\NORTON~2\Engine\401~1.16\Nss.exe

==================== Loaded Modules (whitelisted) =============

2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-04-13 12:27 - 2012-04-13 12:27 - 02393248 _____ () C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\Xalan-C_1_10.dll
2012-04-13 12:27 - 2012-04-13 12:27 - 00007328 _____ () C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\XalanMessages_1_10.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2013 04:52:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/30/2013 04:50:18 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/30/2013 04:50:11 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/30/2013 04:39:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5008

Error: (12/30/2013 04:39:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5008

Error: (12/30/2013 04:39:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/30/2013 04:39:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009

Error: (12/30/2013 04:39:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4009

Error: (12/30/2013 04:39:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/30/2013 04:39:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011


System errors:
=============
Error: (12/30/2013 04:39:24 PM) (Source: SCardSvr) (User: )
Description: Zugriff verweigertGemplus USB Smart Card Reader 0

Error: (12/30/2013 04:39:24 PM) (Source: SCardSvr) (User: )
Description: Zugriff verweigert

Error: (12/30/2013 04:09:18 PM) (Source: SCardSvr) (User: )
Description: Zugriff verweigertGemplus USB Smart Card Reader 0

Error: (12/30/2013 04:09:17 PM) (Source: SCardSvr) (User: )
Description: Zugriff verweigert

Error: (12/30/2013 03:39:09 PM) (Source: SCardSvr) (User: )
Description: Zugriff verweigertGemplus USB Smart Card Reader 0

Error: (12/30/2013 03:39:08 PM) (Source: SCardSvr) (User: )
Description: Zugriff verweigert

Error: (12/30/2013 03:08:45 PM) (Source: SCardSvr) (User: )
Description: Zugriff verweigertGemplus USB Smart Card Reader 0

Error: (12/30/2013 03:08:45 PM) (Source: SCardSvr) (User: )
Description: Zugriff verweigert

Error: (12/30/2013 02:37:58 PM) (Source: SCardSvr) (User: )
Description: Zugriff verweigertGemplus USB Smart Card Reader 0

Error: (12/30/2013 02:37:58 PM) (Source: SCardSvr) (User: )
Description: Zugriff verweigert


Microsoft Office Sessions:
=========================
Error: (12/20/2013 01:06:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 19803 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2013 11:02:23 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 10856 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (12/09/2013 03:40:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 17273 seconds with 1260 seconds of active time.  This session ended with a crash.

Error: (12/09/2013 10:52:38 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2446 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (11/29/2013 00:40:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 11785 seconds with 1740 seconds of active time.  This session ended with a crash.

Error: (11/14/2013 08:00:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 39623 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (10/25/2013 11:15:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 11798 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (09/19/2013 09:43:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6679.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7940 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (09/12/2013 04:43:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6679.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 25675 seconds with 540 seconds of active time.  This session ended with a crash.

Error: (09/02/2013 03:49:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 24929 seconds with 1620 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 57%
Total physical RAM: 2047.24 MB
Available physical RAM: 866.24 MB
Total Pagefile: 4094.48 MB
Available Pagefile: 2664.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:33.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: ECBDECBD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
__________________
Alt 31.12.2013, 15:49   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254. - Standard

Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254.


Zitat:
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
a.sign Bürgerkartensoftware 1.4.1.9 (Version: 1.4.1.9 - A-Trust GmbH)
Ist das ein gewerblich genutztes System?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254.
anhang, compu, computer, dateien, daten, deutschland, dokumente, erfahrung, freude, hinweise, infiziert, mail, mobilfunk, rechnungonline, spam, spam mail, stehe, tagen, teile, teilen, telekom, telekom trojaner, thomas, umgang, verschlüsselte


« Nationzoom Problem, Windows 7 64 Bit | Werbanner mit PC Leistung verbessern,updates usw. »


Ähnliche Themen: Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254.


  1. Ihre Telekom Mobilfunk Rechnung Online ...
    Plagegeister aller Art und deren Bekämpfung - 07.02.2014 (14)
  2. Virenverdacht: Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 441457467125403501 vom 14.01.2014
    Plagegeister aller Art und deren Bekämpfung - 03.02.2014 (11)
  3. Virenverdacht: Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden ... Notebook
    Log-Analyse und Auswertung - 02.02.2014 (1)
  4. Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 186908786699659659 vom 13.01.2014 des Kundenkontos 975871876876.
    Plagegeister aller Art und deren Bekämpfung - 25.01.2014 (12)
  5. Ihre Telekom Mobilfunk RechnungOnline
    Plagegeister aller Art und deren Bekämpfung - 24.01.2014 (13)
  6. Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 528908555434859859 vom 13.01.2014
    Plagegeister aller Art und deren Bekämpfung - 22.01.2014 (9)
  7. Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 528908947402206206 vom 10.01.2014 des Kundenkontos 783600704704
    Plagegeister aller Art und deren Bekämpfung - 17.01.2014 (11)
  8. Telekom Deutschland GmbH Spam: Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden
    Diskussionsforum - 17.01.2014 (15)
  9. Telekom Mobilfunk RechnungOnline für Geschäftskunden
    Plagegeister aller Art und deren Bekämpfung - 14.01.2014 (3)
  10. Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 402873682992836836 vom 09.01.2014 des Kundenkontos 741600929929
    Plagegeister aller Art und deren Bekämpfung - 10.01.2014 (17)
  11. Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 126569526535459903.... Link auf ausländische Seite
    Plagegeister aller Art und deren Bekämpfung - 10.01.2014 (1)
  12. Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 402873682992836836 vom 09.01.2014 des Kundenkontos 741600929929.
    Plagegeister aller Art und deren Bekämpfung - 09.01.2014 (1)
  13. rechnungonline.@telekom.de zip-file geöffnet
    Log-Analyse und Auswertung - 01.10.2013 (1)
  14. telekom.de Spam: RechnungOnline Monat April 2013 648148
    Diskussionsforum - 16.05.2013 (0)
  15. Mail mit schädlichen Anhang von rechnungonline.@telekom.de
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (21)
  16. Telekom Spam: RechnungOnline Monat Februar 2013 Buchungskonto
    Diskussionsforum - 22.02.2013 (1)
  17. Telekom Spam: RechnungOnline Monat
    Diskussionsforum - 21.02.2013 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254. - Hallo leider habe ich vor einigen tagen das untenstehende spam mail geöffnet. Norton zeigt mir an, dass der Computer nicht infiziert ist. könnt ihr mir bitte dennoch eure Erfahrung mitteilen - Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254....
Archiv
Du betrachtest: Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 729123725580459555 vom 19.12.2013 des Kundenkontos 221221679254. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19