|
Plagegeister aller Art und deren Bekämpfung: Lollipop Virus doch nicht gelöscht? Weitere Viren...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.02.2014, 00:03 | #1 |
| Lollipop Virus doch nicht gelöscht? Weitere Viren... Hallo durch meine eigene Dummheit hat mich der Lollipop Virus erwischt. Ich wollte mir OpenOffice runterladen, habe aber wohl auf den falschn Link geklickt und beim Donwolad ein Virus bekommen. Norton warnet mich schon beim Download und versuchte Zugriffe zu blockieren. Ich hatte innerhalb einer Minute übr 10 blockierte Zugriffe. Nun so ganz hat es aber dann nicht geklappt. Das erste Anzeichen war eine auftauchende Verknüpfung auf dm Desktop von dem Spiel Goodgame Empire und als nächstes sah ich unten den Button von Lollipop. Lollipop.exe konnte ich dann mit hilfe von Norton Secure Ereaser deinstalieren. Jedoch wunderte mich dise untypische Goodgame verknüpfung und ich habe Sorge das dahinter noch mehr steckt. Ein vollständiger Systemscan läuft noch. Leider habe ich in den nächsten 3 Wochen nicht wirklich Zeit den Laptop neu aufzusetzen und bin doch auf ihn angewiesen. Kann mich hier einer vielleicht beruhigen, oder sagen welche Schritte ich noch unternehmen soll? |
01.02.2014, 01:10 | #2 |
Ruhe in Frieden † 2019 | Lollipop Virus doch nicht gelöscht? Weitere Viren...Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld Bitte mache einen Scan mit FRST Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
01.02.2014, 11:39 | #3 |
| Lollipop Virus doch nicht gelöscht? Weitere Viren... Hallo,
__________________danke für deine Hilfe. FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2014 03 Ran by Kaja (administrator) on KAJA-PC on 01-02-2014 11:28:00 Running from C:\Users\Kaja\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe (IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe (ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe (Hewlett-Packard Company) C:\WINDOWS\System32\hpservice.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe () C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe () C:\Program Files\Hotspot Shield\bin\hsswd.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe ( ) C:\WINDOWS\System32\lxbkcoms.exe (Symantec Corporation) C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe () C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (Symantec Corporation) C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe () C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe () C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe () C:\WINDOWS\SMINST\BLService.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe () C:\Program Files\ResultsAlpha\updateResultsAlpha.exe () C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\HSSCP.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-30] (Cisco Systems, Inc.) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-21] (IDT, Inc.) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {4274526b-78f7-11e1-84d6-002186800399} - H:\LaunchU3.exe -a HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {427d9b78-e1c9-11df-b8b7-002186800399} - I:\LaunchU3.exe -a HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {b699f5c1-a5e6-11df-a3af-002186800399} - Menu.exe HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {f3eac8cc-a330-11df-a77d-806e6f6e6963} - F:\start.bat ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb SearchScopes: HKLM - DefaultScope {4A5F884C-84B0-47E6-8669-2B0A785983E1} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de SearchScopes: HKLM - {36A2122C-DDE0-4F56-AA5B-9CC54C3A1016} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 SearchScopes: HKLM - {4A5F884C-84B0-47E6-8669-2B0A785983E1} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de SearchScopes: HKCU - DefaultScope {4A5F884C-84B0-47E6-8669-2B0A785983E1} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus SearchScopes: HKCU - {36A2122C-DDE0-4F56-AA5B-9CC54C3A1016} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 SearchScopes: HKCU - {4A5F884C-84B0-47E6-8669-2B0A785983E1} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus SearchScopes: HKCU - {DC9C1377-3A2D-42CB-A9FE-C27B185B6A3F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default FF user.js: detected! => C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\user.js FF Homepage: hxxp://count.manror.de/index.php?day=02&month=08&year=2013&hour=06&minute=55&second=00 FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: vis - C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2014-01-31] FF Extension: Snip-Me - C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\Extensions\addon@snip-me.de.xpi [2013-03-12] FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26] FF Extension: Adblock Plus - C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-16] FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2013-12-20] FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2013-12-20] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-26] FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF [2013-10-10] FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-26] Chrome: ======= CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-12-20] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2013-02-09] ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] () R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.) R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [831272 2013-06-21] (AnchorFree Inc.) S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-06-21] () R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [548136 2013-06-21] () R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [537256 2008-02-19] ( ) R2 N360; C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292248 2008-05-14] () R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116112 2008-05-14] () R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] () R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe [221266 2009-07-21] (IDT, Inc.) R2 Update ResultsAlpha; C:\Program Files\ResultsAlpha\updateResultsAlpha.exe [103200 2014-01-30] () R2 Util ResultsAlpha; C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe [103200 2014-01-31] () R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-08-30] (Cisco Systems, Inc.) ==================== Drivers (Whitelisted) ==================== S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2013-08-30] (Cisco Systems, Inc.) S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2013-08-30] (Cisco Systems, Inc.) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [106432 2010-04-23] (SlySoft, Inc.) R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG) R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [11984 2007-02-16] (Elaborate Bytes AG) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41160 2013-06-21] (AnchorFree Inc.) R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140130.001\IDSvix86.sys [394456 2014-01-19] (Symantec Corporation) S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI) S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys [17536 2006-10-09] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140131.002\NAVENG.SYS [93272 2014-01-06] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140131.002\NAVEX15.SYS [1612376 2014-01-06] (Symantec Corporation) R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [54368 2004-09-03] (Protection Technology) R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [115680 2004-09-03] (Protection Technology) R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [7040 2004-07-19] (Protection Technology) S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation) R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH) R3 SRTSP; C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360\0604010.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360\0604010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2013-02-07] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [149624 2011-11-16] (Symantec Corporation) R1 SYMTDIv; C:\Windows\System32\Drivers\N360\0604010.00E\SYMTDIV.SYS [345208 2011-11-16] (Symantec Corporation) S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-05-16] (AnchorFree Inc) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-06-21] (Anchorfree Inc.) U1 eabfiltr; S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 massfilter; system32\drivers\massfilter.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-01 11:18 - 2014-02-01 11:28 - 00024979 _____ () C:\Users\Kaja\Desktop\FRST.txt 2014-02-01 11:18 - 2014-02-01 11:18 - 00000000 ____D () C:\FRST 2014-02-01 11:17 - 2014-02-01 11:17 - 01137152 _____ (Farbar) C:\Users\Kaja\Desktop\FRST.exe 2014-02-01 00:12 - 2014-02-01 00:12 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\OpenOffice 2014-01-31 23:52 - 2014-01-31 23:52 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2014-01-31 23:48 - 2014-01-31 23:50 - 00000000 ____D () C:\Program Files\OpenOffice 4 2014-01-31 23:45 - 2014-01-31 23:45 - 00000000 ____D () C:\Users\Kaja\Desktop\OpenOffice 4.0.1 (de) Installation Files 2014-01-31 23:18 - 2014-01-31 23:37 - 00000000 ____D () C:\Users\Kaja\AppData\Local\NPE 2014-01-31 22:54 - 2014-02-01 02:24 - 00000000 ____D () C:\Program Files\ResultsAlpha 2014-01-31 22:54 - 2014-01-31 22:54 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Windows Net Data 2014-01-31 22:42 - 2014-01-31 22:43 - 00000000 ____D () C:\Users\Kaja\AppData\Local\DownloadGuide 2014-01-28 12:32 - 2014-01-28 12:33 - 00000000 ____D () C:\Users\Kaja\Desktop\Bad Blood 2014-01-20 15:10 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-01-20 15:10 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-20 15:10 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-20 15:10 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-20 15:08 - 2014-01-20 15:10 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-15 11:54 - 2014-01-26 13:16 - 00000000 ____D () C:\Users\Kaja\Desktop\Literatur fotos 2014-01-12 12:51 - 2014-01-12 12:51 - 41887786 _____ () C:\Users\Kaja\Desktop\Bad Blood.zip 2014-01-11 13:18 - 2014-01-11 13:18 - 00000000 ____D () C:\Users\Kaja\Desktop\Dance Mania 2014-01-11 13:15 - 2014-01-11 13:15 - 00000000 ____D () C:\Users\Kaja\Desktop\20 '1 Hits (2006) 2014-01-03 13:26 - 2014-01-03 13:28 - 00000000 ____D () C:\Users\Kaja\Desktop\Neue Musik ==================== One Month Modified Files and Folders ======= 2014-02-01 11:28 - 2014-02-01 11:18 - 00024979 _____ () C:\Users\Kaja\Desktop\FRST.txt 2014-02-01 11:25 - 2010-08-08 21:09 - 01762684 _____ () C:\Windows\WindowsUpdate.log 2014-02-01 11:22 - 2010-08-16 13:33 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-01 11:22 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-01 11:22 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-01 11:22 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-01 11:20 - 2008-06-02 02:19 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-02-01 11:20 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-01 11:18 - 2014-02-01 11:18 - 00000000 ____D () C:\FRST 2014-02-01 11:17 - 2014-02-01 11:17 - 01137152 _____ (Farbar) C:\Users\Kaja\Desktop\FRST.exe 2014-02-01 11:17 - 2006-11-02 11:33 - 01648794 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-01 11:12 - 2010-08-08 22:20 - 00077920 _____ () C:\Users\Kaja\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-01 11:10 - 2006-11-02 13:47 - 00326544 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-01 11:09 - 2008-01-21 03:47 - 01040758 _____ () C:\Windows\PFRO.log 2014-02-01 02:24 - 2014-01-31 22:54 - 00000000 ____D () C:\Program Files\ResultsAlpha 2014-02-01 01:32 - 2010-08-16 13:33 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-01 01:05 - 2012-04-01 12:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-01 00:12 - 2014-02-01 00:12 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\OpenOffice 2014-01-31 23:52 - 2014-01-31 23:52 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2014-01-31 23:50 - 2014-01-31 23:48 - 00000000 ____D () C:\Program Files\OpenOffice 4 2014-01-31 23:45 - 2014-01-31 23:45 - 00000000 ____D () C:\Users\Kaja\Desktop\OpenOffice 4.0.1 (de) Installation Files 2014-01-31 23:37 - 2014-01-31 23:18 - 00000000 ____D () C:\Users\Kaja\AppData\Local\NPE 2014-01-31 23:18 - 2010-08-12 08:43 - 00000000 ____D () C:\ProgramData\Norton 2014-01-31 22:57 - 2010-08-13 12:22 - 00000000 ____D () C:\Users\Kaja\AppData\Local\CrashDumps 2014-01-31 22:54 - 2014-01-31 22:54 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Windows Net Data 2014-01-31 22:43 - 2014-01-31 22:42 - 00000000 ____D () C:\Users\Kaja\AppData\Local\DownloadGuide 2014-01-30 17:45 - 2013-10-30 21:42 - 00000000 ____D () C:\Users\Kaja\Documents\Documents\Methoden der Sozialwissenschaft 2014-01-30 16:39 - 2010-08-08 23:39 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Adobe 2014-01-30 16:33 - 2012-04-01 12:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-01-30 16:33 - 2011-05-19 14:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-01-28 12:33 - 2014-01-28 12:32 - 00000000 ____D () C:\Users\Kaja\Desktop\Bad Blood 2014-01-26 13:16 - 2014-01-15 11:54 - 00000000 ____D () C:\Users\Kaja\Desktop\Literatur fotos 2014-01-20 19:33 - 2013-10-31 20:24 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-20 15:10 - 2014-01-20 15:08 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-20 15:10 - 2008-06-02 04:15 - 00000000 ____D () C:\Program Files\Java 2014-01-15 12:44 - 2008-06-02 03:46 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-01-15 12:42 - 2013-07-29 22:34 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-15 12:37 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-01-15 12:07 - 2010-09-02 21:33 - 00000000 ____D () C:\Users\Kaja\.gimp-2.6 2014-01-15 11:50 - 2011-10-07 21:44 - 00014693 _____ () C:\Windows\setupact.log 2014-01-12 12:51 - 2014-01-12 12:51 - 41887786 _____ () C:\Users\Kaja\Desktop\Bad Blood.zip 2014-01-11 13:18 - 2014-01-11 13:18 - 00000000 ____D () C:\Users\Kaja\Desktop\Dance Mania 2014-01-11 13:15 - 2014-01-11 13:15 - 00000000 ____D () C:\Users\Kaja\Desktop\20 '1 Hits (2006) 2014-01-03 13:28 - 2014-01-03 13:26 - 00000000 ____D () C:\Users\Kaja\Desktop\Neue Musik Files to move or delete: ==================== C:\ProgramData\ezsid.dat C:\ProgramData\hpe5006.dll Some content of TEMP: ==================== C:\Users\Kaja\AppData\Local\Temp\First15.exe C:\Users\Kaja\AppData\Local\Temp\VP6Install.exe C:\Users\Kaja\AppData\Local\Temp\VP6VFW.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-01 11:28 ==================== End Of Log ============================ --- --- --- Und hier die Adittion: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2014 03 Ran by Kaja at 2014-02-01 11:28:32 Running from C:\Users\Kaja\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton 360 Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (Version: - Microsoft) 32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden 4500_G510nz_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510nz (Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510nz_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden 7-Zip 9.20 (Version: - ) Activation Assistant for the 2007 Microsoft Office suites (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated) Adobe Flash Player ActiveX (Version: 9.0.115.0 - Adobe Systems Incorporated) Adobe Help Center 2.1 (Version: 2.1 - Adobe Systems) Hidden Adobe Photoshop 7.0 (Version: 7.0 - Adobe Systems, Inc.) Adobe Photoshop Elements 5.0 (Version: 5.0 - Adobe Systems, Inc.) Adobe Photoshop Elements 5.0 (Version: 5.0 - Adobe Systems, Inc.) Hidden Adobe Reader X (10.1.9) - Deutsch (Version: 10.1.9 - Adobe Systems Incorporated) Adobe Shockwave Player (Version: 10.2.0.023 - Adobe Systems, Inc.) Adobe Shockwave Player 11.6 (Version: 11.6.8.638 - Adobe Systems, Inc.) AIM (Version: - ) AnimePalace - Der Anime & Manga Chat (Version: - ) AnyDVD (Version: 6.6.4.2 - SlySoft) Atheros Driver Installation Program (Version: 5.0 - Atheros) ATI Catalyst Install Manager (Version: 3.0.664.0 - ATI Technologies, Inc.) Audiograbber 1.83 SE (Version: 1.83 SE - Audiograbber) Audiograbber MP3-Plugin (Version: 1.0 - AG) Avanquest update (Version: 1.31 - Avanquest Software) Avira SearchFree Toolbar (Version: 12.10.0.2948 - APN, LLC) BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Catalyst Control Center Core Implementation (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Chinese Standard (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Chinese Traditional (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Czech (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Danish (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Dutch (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Finnish (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization French (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization German (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Greek (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Hungarian (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Italian (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Japanese (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Korean (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Norwegian (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Polish (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Portuguese (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Russian (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Spanish (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Swedish (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Thai (Version: 2008.0508.2151.37248 - ATI) Hidden Catalyst Control Center Localization Turkish (Version: 2008.0508.2151.37248 - ATI) Hidden CCC Help Chinese Standard (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Chinese Traditional (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Czech (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Danish (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Dutch (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help English (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Finnish (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help French (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help German (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Greek (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Hungarian (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Italian (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Japanese (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Korean (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Norwegian (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Polish (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Portuguese (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Russian (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Spanish (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Swedish (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Thai (Version: 2008.0508.2150.37248 - ATI) Hidden CCC Help Turkish (Version: 2008.0508.2150.37248 - ATI) Hidden ccc-core-static (Version: 2008.0508.2151.37248 - Ihr Firmenname) Hidden ccc-utility (Version: 2008.0508.2151.37248 - ATI) Hidden Cisco AnyConnect Secure Mobility Client (Version: 3.1.04066 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (Version: 3.1.04066 - Cisco Systems, Inc.) Hidden Cisco EAP-FAST Module (Version: 2.1.6 - Cisco Systems, Inc.) Cisco LEAP Module (Version: 1.0.12 - Cisco Systems, Inc.) Cisco PEAP Module (Version: 1.0.13 - Cisco Systems, Inc.) CloneDVD2 (Version: - Elaborate Bytes) Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink DVD Suite (Version: 5.5.1519 - CyberLink Corp.) CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden DHTML Editing Component (Version: 6.02.0001 - Microsoft Corporation) Die Sims 2 (Version: - ) Die Sims 2: Nightlife (Version: - ) Die Sims 2: Wilde Campus-Jahre (Version: - ) Die Sims™ 2 Apartment-Leben (Version: - Electronic Arts) Die Sims™ 2 Haustiere (Version: - ) Die Sims™ 2 IKEA® Home-Accessoires (Version: - Electronic Arts) Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (Version: - Electronic Arts) dm-Fotowelt (Version: - ) DocMgr (Version: 130.0.000.000 - Ihr Firmenname) Hidden DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden ElsterFormular (Version: 11.5.1.4843 - Landesfinanzdirektion Thüringen) ElsterFormular für Unternehmer (Version: 12.0.0.5880u - Landesfinanzdirektion Thüringen) Erste Hilfe Existenzgründung (Version: - ) Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden GIMP 2.6.10 (Version: 2.6.10 - The GIMP Team) Google Earth (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden Hotspot Shield 3.09 (Version: 3.09 - AnchorFree) HP Active Support Library (Version: 3.1.9.1 - Hewlett-Packard) HP Customer Participation Program 13.0 (Version: 13.0 - HP) HP Doc Viewer (Version: 1.01.0005 - Hewlett-Packard) HP Document Manager 2.0 (Version: 2.0 - HP) HP Easy Setup - Frontend (Version: 5.7.0.2630 - Hewlett-Packard) HP Help and Support (Version: 2.0.9.0 - Hewlett-Packard) HP Imaging Device Functions 13.0 (Version: 13.0 - HP) HP Integrated Module with Bluetooth wireless technology 6.0.1.6200 (Version: 6.0.1.6200 - HP) HP Officejet 4500 G510n-z (Version: 13.0 - HP) HP Quick Launch Buttons 6.40 D3 (Version: 6.40 D3 - Hewlett-Packard) HP QuickPlay 3.7 (Version: - ) HP QuickTouch 1.00 D2 (Version: 1.0.9 - Hewlett-Packard) HP Smart Web Printing 4.5 (Version: 4.5 - HP) HP Solution Center 13.0 (Version: 13.0 - HP) HP Total Care Advisor (Version: 2.1.3359.2635 - Hewlett-Packard) HP Update (Version: 5.002.007.004 - Hewlett-Packard) HP User Guides 0103 (Version: 1.01.0000 - Hewlett-Packard) HP Wireless Assistant (Version: 3.00 I2 - Hewlett-Packard) HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden IDT Audio (Version: 1.0.5893.0 - IDT) IrfanView (remove only) (Version: 4.27 - Irfan Skiljan) Java 7 Update 51 (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 5 (Version: 1.6.0.50 - Sun Microsystems, Inc.) JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation) JMicron JMB38X Flash Media Controller (Version: 1.00.11.02 - JMicron Technology Corp.) Lexmark X1100 Series (Version: - Lexmark International, Inc.) LightScribe System Software 1.12.33.2 (Version: 1.12.33.2 - LightScribe) Lollipop (HKCU Version: - Lollipop Network, S.L.) <==== ATTENTION MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 1.1 (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (Version: - ) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (Version: 9.7.0621 - Microsoft Corporation) Microsoft Zoo Tycoon (Version: - ) Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (Version: 26.0 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation) Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden Norton 360 (Version: 2.0.0.242 - Symantec Corporation) Hidden Norton 360 (Version: 6.4.1.14 - Symantec Corporation) Oblivion (Version: 1.2.0416 - Bethesda Softworks) OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP) OpenOffice 4.0.1 (Version: 4.01.9714 - Apache Software Foundation) Pidgin (Version: 2.7.9 - ) Power2Go (Version: 5.6.3919 - CyberLink Corp.) PowerDirector (Version: 6.5.2719 - CyberLink Corp.) PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden ProtectSmart Hard Drive Protection (Version: 3.10 A7 - Hewlett-Packard) QuickTime (Version: 7.65.17.80 - Apple Inc.) Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000 - Realtek) ResultsAlpha (Version: 2014.01.29.231828 - ResultsAlpha) Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden Schüco PlanSoft 3.2 (Version: - ) Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden Skins (Version: 2008.0508.2151.37248 - ATI) Hidden Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.) SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden Sony Ericsson PC Suite 6.012.00 (Version: 6.012.00 - Sony Ericsson) Sony Ericsson Update Engine (Version: 2.11.12.9 - Sony Ericsson Mobile Communications AB) Sony PC Companion 2.10.094 (Version: 2.10.094 - Sony) Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated) T-Online 6.0 (Version: - ) T-Online WLAN-Access Finder (Version: - ) Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft) VarioPlus Creator (HKCU Version: - Peter Hormanns) Viewpoint Media Player (Version: - ) VirtualCloneDrive (Version: - Elaborate Bytes) VIS (Version: - ) <==== ATTENTION VLC media player 2.1.0 (Version: 2.1.0 - VideoLAN) WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 21-12-2013 20:07:48 Geplanter Prüfpunkt 24-12-2013 17:43:45 Geplanter Prüfpunkt 03-01-2014 12:59:51 Geplanter Prüfpunkt 06-01-2014 21:58:42 Geplanter Prüfpunkt 07-01-2014 19:04:42 Geplanter Prüfpunkt 12-01-2014 18:31:21 Geplanter Prüfpunkt 13-01-2014 19:57:04 Geplanter Prüfpunkt 14-01-2014 20:49:50 Geplanter Prüfpunkt 15-01-2014 11:37:01 Windows Update 17-01-2014 19:03:25 Geplanter Prüfpunkt 19-01-2014 20:07:06 Geplanter Prüfpunkt 20-01-2014 14:05:10 Installed Java 7 Update 51 22-01-2014 18:13:15 Geplanter Prüfpunkt 26-01-2014 18:33:18 Geplanter Prüfpunkt 28-01-2014 20:43:09 Geplanter Prüfpunkt 29-01-2014 21:56:17 Geplanter Prüfpunkt 31-01-2014 21:40:34 Geplanter Prüfpunkt 31-01-2014 22:29:58 Norton_Power_Eraser_20140131232958493 31-01-2014 22:47:43 OpenOffice 4.0.1 wird installiert ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {040B68F3-9E3F-4399-9BD0-740A459F204B} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {0CF7F025-79CD-4881-A1E9-C2B809C82F99} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kaja => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation) Task: {19E20916-6705-4362-AF11-8867A6747404} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\6.4.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2A6F2986-E00C-403D-BA3B-C985B550C6D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-16] (Google Inc.) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {757E927F-7AD7-4019-A153-F3F62D62E6CA} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {AC89C091-5476-40C5-89A5-3D8153FB624F} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard) Task: {CEF5135D-2F7F-4BD4-BEE6-76E9756DC840} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {D08786F2-1E78-4790-8421-A558FBB826E5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-30] (Adobe Systems Incorporated) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {F0F81287-A56B-4A44-A14C-A69765F09E1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-16] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2008-05-08 23:14 - 2008-05-08 23:14 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll 2013-08-30 23:11 - 2013-08-30 23:11 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2013-06-21 01:46 - 2013-06-21 01:46 - 00749352 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll 2008-02-27 13:48 - 2008-02-27 13:48 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2013-12-20 16:47 - 2013-12-20 16:47 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= Name: Microsoft Tun-Miniportadapter #2 Description: Microsoft Tun-Miniportadapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Officejet 4500 G510n-z Description: Officejet 4500 G510n-z Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Hewlett-Packard Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet 4500 G510n-z Description: Officejet 4500 G510n-z Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/01/2014 11:23:37 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/01/2014 11:20:20 AM) (Source: EventSystem) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (02/01/2014 11:11:35 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/31/2014 11:37:35 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/31/2014 11:33:19 PM) (Source: EventSystem) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (01/31/2014 11:22:37 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/31/2014 11:19:32 PM) (Source: EventSystem) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (01/31/2014 10:55:59 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung FlashPlayerPlugin_12_0_0_43.exe, Version 12.0.0.43, Zeitstempel 0x52cb9138, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x70534618, Prozess-ID 0x784, Anwendungsstartzeit FlashPlayerPlugin_12_0_0_43.exe0. Error: (01/31/2014 05:01:31 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/30/2014 11:00:10 PM) (Source: EventSystem) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} System errors: ============= Error: (02/01/2014 11:23:37 AM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (02/01/2014 11:23:35 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (02/01/2014 11:22:22 AM) (Source: Microsoft-Windows-ResourcePublication) (User: NT-AUTORITÄT) Description: Provider\Microsoft.Base.Publication/Publication/Computer Error: (02/01/2014 11:20:17 AM) (Source: DCOM) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (02/01/2014 11:12:26 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (02/01/2014 11:11:36 AM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (02/01/2014 00:13:53 AM) (Source: VDS Dynamic Provider) (User: ) Description: Der Anbieter konnte Benachrichtigungen nicht speichern, die vom Treiber stammen. Der Dienst für virtuelle Datenträger muss neu gestartet werden. hr=80042505 Error: (01/31/2014 11:49:13 PM) (Source: VDS Dynamic Provider) (User: ) Description: Der Anbieter konnte Benachrichtigungen nicht speichern, die vom Treiber stammen. Der Dienst für virtuelle Datenträger muss neu gestartet werden. hr=80042505 Error: (01/31/2014 11:38:00 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (01/31/2014 11:37:35 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Microsoft Office Sessions: ========================= Error: (03/08/2011 02:13:05 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1165 seconds with 1020 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-08-23 10:40:35.987 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-23 10:40:35.425 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-23 10:40:34.879 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-23 10:40:34.193 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-02-07 22:35:11.778 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Symantec\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-02-07 22:35:11.343 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Symantec\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-02-07 22:35:10.880 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Symantec\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-02-07 22:35:10.425 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Symantec\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-02-07 22:35:09.866 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-02-07 22:35:09.414 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 37% Total physical RAM: 3068.9 MB Available physical RAM: 1922.07 MB Total Pagefile: 6360.31 MB Available Pagefile: 5235.88 MB Total Virtual: 2047.88 MB Available Virtual: 1898.9 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:224.04 GB) (Free:89.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:232.88 GB) (Free:108.16 GB) NTFS Drive e: (HP_RECOVERY) (Fixed) (Total:8.84 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (14 Nov 2013) (CDROM) (Total:0.64 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 233 GB) (Disk ID: 234B5336) Partition 1: (Active) - (Size=224 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: E6C50D39) Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Sieht irgendwie nicht gut aus. So viele Errors |
02.02.2014, 08:49 | #4 | |
Ruhe in Frieden † 2019 | Lollipop Virus doch nicht gelöscht? Weitere Viren... Hallo kemb, Zitat:
Kannst du mir etwas zu der Datei start.bat sagen? Schritt 1 Bitte deinstalliere folgende Programme: Avira SearchFree Toolbar Lollipop VIS Dazu gehe auf Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> suche das Programm in der Liste --> entfernen Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4 Starte noch einmal FRST.
|
02.02.2014, 13:55 | #5 |
| Lollipop Virus doch nicht gelöscht? Weitere Viren... Ich kann dir leider nichts zu start.bat sagen. Hier die Scans: Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 02/02/2014 um 12:53:47 # Updated 28/01/2014 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzername : Kaja - KAJA-PC # Gestartet von : C:\Users\Kaja\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\apn Ordner Gelöscht : C:\ProgramData\Viewpoint Ordner Gelöscht : C:\Program Files\Viewpoint Ordner Gelöscht : C:\Users\Kaja\AppData\Local\DownloadGuide Ordner Gelöscht : C:\Users\Kaja\AppData\Local\Temp\apn Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Datei Gelöscht : C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\foxydeal.sqlite Datei Gelöscht : C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\user.js ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : HKCU\Software\anchorfree Schlüssel Gelöscht : HKCU\Software\powerpack Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKLM\Software\MetaStream Schlüssel Gelöscht : HKLM\Software\Viewpoint Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer ***** [ Browser ] ***** -\\ Internet Explorer v9.0.8112.16526 -\\ Mozilla Firefox v26.0 (de) [ Datei : C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\prefs.js ] Zeile gelöscht : user_pref("plugin.blocklisted.npviewpoint", true); -\\ Google Chrome v [ Datei : C:\Users\Kaja\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4649 octets] - [02/02/2014 12:52:46] AdwCleaner[S0].txt - [4500 octets] - [02/02/2014 12:53:47] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4560 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows Vista (TM) Home Premium x86 Ran by Kaja on 02.02.2014 at 13:02:16,15 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Failed to stop: [Service] hshld Successfully stopped: [Service] hsstrayservice Successfully deleted: [Service] hsstrayservice Successfully stopped: [Service] hsswd Successfully deleted: [Service] hsswd Failed to stop: [Service] update resultsalpha Failed to stop: [Service] util resultsalpha ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2228149092-2432111156-2657452413-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshield Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36A2122C-DDE0-4F56-AA5B-9CC54C3A1016} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{36A2122C-DDE0-4F56-AA5B-9CC54C3A1016} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4A5F884C-84B0-47E6-8669-2B0A785983E1} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBAB673A-A480-4050-BD2B-5DE24A7A0282} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\hotspot shield" Successfully deleted: [Folder] "C:\Program Files\hotspot shield" Failed to delete: [Folder] "C:\Program Files\resultsalpha" ~~~ FireFox Emptied folder: C:\Users\Kaja\AppData\Roaming\mozilla\firefox\profiles\6lex0m77.default\minidumps [302 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02.02.2014 at 13:10:03,99 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2014 03 Ran by Kaja (administrator) on KAJA-PC on 02-02-2014 13:12:25 Running from C:\Users\Kaja\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe (IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe (ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe (Hewlett-Packard Company) C:\WINDOWS\System32\hpservice.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe () C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe ( ) C:\WINDOWS\System32\lxbkcoms.exe (Symantec Corporation) C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe () C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (Symantec Corporation) C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe () C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe () C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe () C:\WINDOWS\SMINST\BLService.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe () C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Microsoft Corporation) C:\WINDOWS\System32\conime.exe () C:\Program Files\ResultsAlpha\updateResultsAlpha.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-30] (Cisco Systems, Inc.) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-21] (IDT, Inc.) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {4274526b-78f7-11e1-84d6-002186800399} - H:\LaunchU3.exe -a HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {427d9b78-e1c9-11df-b8b7-002186800399} - I:\LaunchU3.exe -a HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {b699f5c1-a5e6-11df-a3af-002186800399} - Menu.exe HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {f3eac8cc-a330-11df-a77d-806e6f6e6963} - F:\start.bat ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {4A5F884C-84B0-47E6-8669-2B0A785983E1} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus SearchScopes: HKCU - {DC9C1377-3A2D-42CB-A9FE-C27B185B6A3F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default FF Homepage: hxxp://count.manror.de/index.php?day=02&month=08&year=2013&hour=06&minute=55&second=00 FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Snip-Me - C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\Extensions\addon@snip-me.de.xpi [2013-03-12] FF Extension: Adblock Plus - C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-16] FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2013-12-20] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-26] FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF [2013-10-10] FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-26] Chrome: ======= CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2013-02-09] ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] () R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation) R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [537256 2008-02-19] ( ) R2 N360; C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292248 2008-05-14] () R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116112 2008-05-14] () R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] () R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe [221266 2009-07-21] (IDT, Inc.) R2 Update ResultsAlpha; C:\Program Files\ResultsAlpha\updateResultsAlpha.exe [103200 2014-01-30] () R2 Util ResultsAlpha; C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe [103200 2014-01-31] () R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-08-30] (Cisco Systems, Inc.) S2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [x] ==================== Drivers (Whitelisted) ==================== S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2013-08-30] (Cisco Systems, Inc.) S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2013-08-30] (Cisco Systems, Inc.) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [106432 2010-04-23] (SlySoft, Inc.) R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG) R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [11984 2007-02-16] (Elaborate Bytes AG) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41160 2013-06-21] (AnchorFree Inc.) R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140131.001\IDSvix86.sys [394456 2014-01-19] (Symantec Corporation) S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI) S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys [17536 2006-10-09] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140131.002\NAVENG.SYS [93272 2014-01-06] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140131.002\NAVEX15.SYS [1612376 2014-01-06] (Symantec Corporation) R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [54368 2004-09-03] (Protection Technology) R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [115680 2004-09-03] (Protection Technology) R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [7040 2004-07-19] (Protection Technology) S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation) R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH) R3 SRTSP; C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360\0604010.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360\0604010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2013-02-07] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [149624 2011-11-16] (Symantec Corporation) R1 SYMTDIv; C:\Windows\System32\Drivers\N360\0604010.00E\SYMTDIV.SYS [345208 2011-11-16] (Symantec Corporation) S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-05-16] (AnchorFree Inc) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-06-21] (Anchorfree Inc.) U1 eabfiltr; S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 massfilter; system32\drivers\massfilter.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-02 13:10 - 2014-02-02 13:10 - 00003210 _____ () C:\Users\Kaja\Desktop\JRT.txt 2014-02-02 13:02 - 2014-02-02 13:02 - 00000000 ____D () C:\Windows\ERUNT 2014-02-02 13:01 - 2014-02-02 13:01 - 01037068 _____ (Thisisu) C:\Users\Kaja\Desktop\JRT.exe 2014-02-02 12:58 - 2014-02-02 12:58 - 00004640 _____ () C:\Users\Kaja\Desktop\AdwCleaner[S0].txt 2014-02-02 12:52 - 2014-02-02 12:53 - 00000000 ____D () C:\AdwCleaner 2014-02-02 12:51 - 2014-02-02 12:52 - 01166132 _____ () C:\Users\Kaja\Desktop\adwcleaner.exe 2014-02-01 11:28 - 2014-02-01 11:30 - 00034744 _____ () C:\Users\Kaja\Desktop\Addition.txt 2014-02-01 11:18 - 2014-02-02 13:12 - 00021407 _____ () C:\Users\Kaja\Desktop\FRST.txt 2014-02-01 11:18 - 2014-02-02 13:12 - 00000000 ____D () C:\FRST 2014-02-01 11:17 - 2014-02-01 11:17 - 01137152 _____ (Farbar) C:\Users\Kaja\Desktop\FRST.exe 2014-02-01 00:12 - 2014-02-01 00:12 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\OpenOffice 2014-01-31 23:52 - 2014-01-31 23:52 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2014-01-31 23:48 - 2014-01-31 23:50 - 00000000 ____D () C:\Program Files\OpenOffice 4 2014-01-31 23:45 - 2014-01-31 23:45 - 00000000 ____D () C:\Users\Kaja\Desktop\OpenOffice 4.0.1 (de) Installation Files 2014-01-31 23:18 - 2014-01-31 23:37 - 00000000 ____D () C:\Users\Kaja\AppData\Local\NPE 2014-01-31 22:54 - 2014-02-02 13:04 - 00000000 ____D () C:\Program Files\ResultsAlpha 2014-01-28 12:32 - 2014-01-28 12:33 - 00000000 ____D () C:\Users\Kaja\Desktop\Bad Blood 2014-01-20 15:10 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-01-20 15:10 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-20 15:10 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-20 15:10 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-20 15:08 - 2014-01-20 15:10 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-15 11:54 - 2014-01-26 13:16 - 00000000 ____D () C:\Users\Kaja\Desktop\Literatur fotos 2014-01-12 12:51 - 2014-01-12 12:51 - 41887786 _____ () C:\Users\Kaja\Desktop\Bad Blood.zip 2014-01-11 13:18 - 2014-01-11 13:18 - 00000000 ____D () C:\Users\Kaja\Desktop\Dance Mania 2014-01-11 13:15 - 2014-01-11 13:15 - 00000000 ____D () C:\Users\Kaja\Desktop\20 '1 Hits (2006) 2014-01-03 13:26 - 2014-01-03 13:28 - 00000000 ____D () C:\Users\Kaja\Desktop\Neue Musik ==================== One Month Modified Files and Folders ======= 2014-02-02 13:12 - 2014-02-01 11:18 - 00021407 _____ () C:\Users\Kaja\Desktop\FRST.txt 2014-02-02 13:12 - 2014-02-01 11:18 - 00000000 ____D () C:\FRST 2014-02-02 13:10 - 2014-02-02 13:10 - 00003210 _____ () C:\Users\Kaja\Desktop\JRT.txt 2014-02-02 13:05 - 2012-04-01 12:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-02 13:04 - 2014-01-31 22:54 - 00000000 ____D () C:\Program Files\ResultsAlpha 2014-02-02 13:04 - 2006-11-02 11:33 - 01648794 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-02 13:02 - 2014-02-02 13:02 - 00000000 ____D () C:\Windows\ERUNT 2014-02-02 13:01 - 2014-02-02 13:01 - 01037068 _____ (Thisisu) C:\Users\Kaja\Desktop\JRT.exe 2014-02-02 13:00 - 2010-08-08 21:09 - 01815820 _____ () C:\Windows\WindowsUpdate.log 2014-02-02 12:58 - 2014-02-02 12:58 - 00004640 _____ () C:\Users\Kaja\Desktop\AdwCleaner[S0].txt 2014-02-02 12:57 - 2010-08-16 13:33 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-02 12:56 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-02 12:56 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-02 12:56 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-02 12:54 - 2008-06-02 02:19 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-02-02 12:54 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-02 12:53 - 2014-02-02 12:52 - 00000000 ____D () C:\AdwCleaner 2014-02-02 12:52 - 2014-02-02 12:51 - 01166132 _____ () C:\Users\Kaja\Desktop\adwcleaner.exe 2014-02-02 12:32 - 2010-08-16 13:33 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-01 11:30 - 2014-02-01 11:28 - 00034744 _____ () C:\Users\Kaja\Desktop\Addition.txt 2014-02-01 11:17 - 2014-02-01 11:17 - 01137152 _____ (Farbar) C:\Users\Kaja\Desktop\FRST.exe 2014-02-01 11:12 - 2010-08-08 22:20 - 00077920 _____ () C:\Users\Kaja\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-01 11:10 - 2006-11-02 13:47 - 00326544 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-01 11:09 - 2008-01-21 03:47 - 01040758 _____ () C:\Windows\PFRO.log 2014-02-01 00:12 - 2014-02-01 00:12 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\OpenOffice 2014-01-31 23:52 - 2014-01-31 23:52 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2014-01-31 23:50 - 2014-01-31 23:48 - 00000000 ____D () C:\Program Files\OpenOffice 4 2014-01-31 23:45 - 2014-01-31 23:45 - 00000000 ____D () C:\Users\Kaja\Desktop\OpenOffice 4.0.1 (de) Installation Files 2014-01-31 23:37 - 2014-01-31 23:18 - 00000000 ____D () C:\Users\Kaja\AppData\Local\NPE 2014-01-31 23:18 - 2010-08-12 08:43 - 00000000 ____D () C:\ProgramData\Norton 2014-01-31 22:57 - 2010-08-13 12:22 - 00000000 ____D () C:\Users\Kaja\AppData\Local\CrashDumps 2014-01-30 17:45 - 2013-10-30 21:42 - 00000000 ____D () C:\Users\Kaja\Documents\Documents\Methoden der Sozialwissenschaft 2014-01-30 16:39 - 2010-08-08 23:39 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Adobe 2014-01-30 16:33 - 2012-04-01 12:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-01-30 16:33 - 2011-05-19 14:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-01-28 12:33 - 2014-01-28 12:32 - 00000000 ____D () C:\Users\Kaja\Desktop\Bad Blood 2014-01-26 13:16 - 2014-01-15 11:54 - 00000000 ____D () C:\Users\Kaja\Desktop\Literatur fotos 2014-01-20 19:33 - 2013-10-31 20:24 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-20 15:10 - 2014-01-20 15:08 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-20 15:10 - 2008-06-02 04:15 - 00000000 ____D () C:\Program Files\Java 2014-01-15 12:44 - 2008-06-02 03:46 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-01-15 12:42 - 2013-07-29 22:34 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-15 12:37 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-01-15 12:07 - 2010-09-02 21:33 - 00000000 ____D () C:\Users\Kaja\.gimp-2.6 2014-01-15 11:50 - 2011-10-07 21:44 - 00014693 _____ () C:\Windows\setupact.log 2014-01-12 12:51 - 2014-01-12 12:51 - 41887786 _____ () C:\Users\Kaja\Desktop\Bad Blood.zip 2014-01-11 13:18 - 2014-01-11 13:18 - 00000000 ____D () C:\Users\Kaja\Desktop\Dance Mania 2014-01-11 13:15 - 2014-01-11 13:15 - 00000000 ____D () C:\Users\Kaja\Desktop\20 '1 Hits (2006) 2014-01-03 13:28 - 2014-01-03 13:26 - 00000000 ____D () C:\Users\Kaja\Desktop\Neue Musik Files to move or delete: ==================== C:\ProgramData\ezsid.dat C:\ProgramData\hpe5006.dll Some content of TEMP: ==================== C:\Users\Kaja\AppData\Local\Temp\First15.exe C:\Users\Kaja\AppData\Local\Temp\Quarantine.exe C:\Users\Kaja\AppData\Local\Temp\VP6Install.exe C:\Users\Kaja\AppData\Local\Temp\VP6VFW.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-02 13:02 ==================== End Of Log ============================ Danke für deine Hilfe |
02.02.2014, 22:18 | #6 | |
Ruhe in Frieden † 2019 | Lollipop Virus doch nicht gelöscht? Weitere Viren... Hallo kemb, Zitat:
Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter () C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe () C:\Program Files\ResultsAlpha\updateResultsAlpha.exe SearchScopes: HKLM - DefaultScope value is missing. FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" R2 Update ResultsAlpha; C:\Program Files\ResultsAlpha\updateResultsAlpha.exe [103200 2014-01-30] () R2 Util ResultsAlpha; C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe [103200 2014-01-31] () C:\Program Files\ResultsAlpha File: C:\ProgramData\hpe5006.dll Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
__________________ --> Lollipop Virus doch nicht gelöscht? Weitere Viren... |
04.02.2014, 21:29 | #7 |
| Lollipop Virus doch nicht gelöscht? Weitere Viren... Also Hotspot Shield ist ein Programm, dass ich vor ca einem Jahr intstalliert habe um US Serien zu schauen. Es gibt quasi vor, dass dr PC in den USA steht. Ich hatte eigentlich keine Probleme damit, aber wenn s weg soll, dann kann es auch weg. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2014 03 Ran by Kaja at 2014-02-04 20:59:34 Run:1 Running from C:\Users\Kaja\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** () C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe () C:\Program Files\ResultsAlpha\updateResultsAlpha.exe SearchScopes: HKLM - DefaultScope value is missing. FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" R2 Update ResultsAlpha; C:\Program Files\ResultsAlpha\updateResultsAlpha.exe [103200 2014-01-30] () R2 Util ResultsAlpha; C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe [103200 2014-01-31] () C:\Program Files\ResultsAlpha File: C:\ProgramData\hpe5006.dll ***************** [3060] C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe => Process closed successfully. [2908] C:\Program Files\ResultsAlpha\updateResultsAlpha.exe => Process closed successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. Firefox Proxy settings were reset. Update ResultsAlpha => Service deleted successfully. Util ResultsAlpha => Service deleted successfully. C:\Program Files\ResultsAlpha => Moved successfully. ========================= File: C:\ProgramData\hpe5006.dll ======================== MD5: CBF470B77B2DB2F25C56E05CE391F18A Creation and modification date: 2010-09-19 20:01 - 2010-09-19 20:01 Size: 0148736 Attributes: ----A Company Name: Avanquest Software Internal Name: hpe.dll Original Name: hpe.dll Product Name: Description: IElevator Class Container File Version: 1.0.0.1 Product Version: 1.0.0.1 Copyright: (c) Avanquest Software. All rights reserved. ====== End Of File: ====== ==== End of Fixlog ==== Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.04.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Kaja :: KAJA-PC [Administrator] 04.02.2014 21:03:21 mbam-log-2014-02-04 (21-03-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 218999 Laufzeit: 13 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 6 HKCR\CLSID\{cbab673a-a480-4050-bd2b-5de24a7a0282} (PUP.Optional.ResultsAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{f631e34d-23d3-4ed2-8942-631b8aaf9ea4} (PUP.Optional.ResultsAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{B01A1DA4-813F-44BD-B544-77E5DA7EB5A8} (PUP.Optional.ResultsAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBAB673A-A480-4050-BD2B-5DE24A7A0282} (PUP.Optional.ResultsAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\ResultsAlpha (PUP.Optional.ResultsAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\ResultsAlpha (PUP.Optional.ResultsAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Public\Documents\Games.exe (Worm.AutoRun) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Wie es aussieht, hat Malwarebytes es auch geschafft noch zu löschen. Schritt 3 und 4 poste ich morgen, da ich es heute nicht mehr schaffe. |
Themen zu Lollipop Virus doch nicht gelöscht? Weitere Viren... |
button, dahinter, desktop, download, falsch, gelöscht, goodgame, goodgame verknüpfung, konnte, laptop, link, link geklickt, minute, neu, norton, office, runterladen, secure, sorge, spiel, unternehmen, verknüpfung, virus, wirklich, woche, wochen, wunder, zeichen |