| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
03.03.2014, 11:48
| #1 |
 |  Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Hallo, seit einiger Zeit braucht mein laptop EEEEEEWIG sich zu booten, seit kurzem hab ich ständig Fehlermeldungen bei t-online-email und Aufhänger. Seit ein paar Tagen öffnen sich willkürlich pop-up-Fenster und das laptop hängt sich auf....auch ohne pop ups. Hier mal die Vorarbeit und schon mal VIELEN DANK für die Hilfe. LG Mundi defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:56 on 03/03/2014 (Raimund)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014
Ran by Raimund (administrator) on RAIMUND-PC on 03-03-2014 10:57:37
Running from C:\Users\Raimund\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Deutsche Telekom AG) C:\Users\Raimund\AppData\Local\DTAG\Dtor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
() C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
(Axentra Corporation) C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-06-08] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-06-08] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.)
HKLM\...\Run: [ToADiMon.exe] - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [286720 2010-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKLM\...\Run: [Memeo Instant Backup] - C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-13] (Memeo Inc.)
HKLM\...\Run: [Memeo AutoSync] - C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-13] (Memeo Inc.)
HKLM\...\Run: [Seagate Dashboard] - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-02] ()
HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM\...\Run: [Sweetpacks Communicator] - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKU\.DEFAULT\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-03-17] (Hewlett-Packard Company)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [Adobe Reader Synchronizer] - C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272704 2013-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [DTAGSSDVDReport] - C:\Users\Raimund\AppData\Local\Dtag\Dtor.exe [4960192 2012-10-17] (Deutsche Telekom AG)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\MountPoints2: {e634a84b-2703-11df-b15a-806e6f6e6963} - G:\Menu.exe
Startup: C:\Users\Raimund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-9.html
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={BCE9DD1B-3643-11E2-90E0-001377D48AE0}
URLSearchHook: HKLM - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)
URLSearchHook: HKCU - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {EF986012-BAC9-477D-B337-8A2C55A9753B} URL =
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={BCE9DD1B-3643-11E2-90E0-001377D48AE0}
SearchScopes: HKCU - DefaultScope {EF986012-BAC9-477D-B337-8A2C55A9753B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297969&CUI=UN22117582881162115&UM=1
SearchScopes: HKCU - {5119FB30-9FFF-47B4-8A80-19A544DEC875} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKCU - {68B6BBB4-2B92-42B8-9071-45F275E0AF04} URL = hxxp://rover.ebay.com/rover/1/707-1403-276402/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={sear chTerms}
SearchScopes: HKCU - {7956413B-17A5-4099-912A-FA61DDCBE3C3} URL = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKCU - {DD1D79C2-C6C2-4E82-8BD6-C2A07E973047} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={BCE9DD1B-3643-11E2-90E0-001377D48AE0}
SearchScopes: HKCU - {EF986012-BAC9-477D-B337-8A2C55A9753B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297969&CUI=UN22117582881162115&UM=1
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)
BHO: LyricsPal - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - C:\Program Files\XingHaoLyrics\lrcspal.dll No File
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKCU - FileConverter 1.3 B2 Toolbar - {99A9C3BA-07F6-4699-BC81-65CAB16E204B} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Internet Shortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - C:\Windows\System32\ieframe.dll [9739264 2014-02-05] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
========================== Services (Whitelisted) =================
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-13] (Memeo)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [191080 2010-03-22] (NVIDIA)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] ()
R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-02] (Memeo)
R2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [195176 2009-11-06] (NVIDIA)
==================== Drivers (Whitelisted) ====================
S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [83880 2008-01-18] (MCCI Corporation)
S3 a016mdfl; C:\Windows\System32\DRIVERS\a016mdfl.sys [15016 2008-01-18] (MCCI Corporation)
S3 a016mdm; C:\Windows\System32\DRIVERS\a016mdm.sys [110504 2008-01-18] (MCCI Corporation)
S3 a016mgmt; C:\Windows\System32\DRIVERS\a016mgmt.sys [104488 2008-01-18] (MCCI Corporation)
S3 a016obex; C:\Windows\System32\DRIVERS\a016obex.sys [100648 2008-01-18] (MCCI Corporation)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-13] (Symantec Corporation)
S3 GWHid; C:\Windows\System32\DRIVERS\GWHid.sys [18992 2008-10-31] (Microsoft Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140228.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-05-23] (SAMSUNG ELECTRONICS CO., LTD.)
S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140302.024\NAVENG.SYS [93272 2013-12-13] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140302.024\NAVEX15.SYS [1612376 2013-12-13] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-07-31] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\NIS\1501000.012\SYMTDIV.SYS [383576 2013-09-26] (Symantec Corporation)
S3 VL807; C:\Windows\System32\DRIVERS\VL807.sys [27184 2008-10-31] ()
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242560 2008-04-05] (Vimicro Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 netr28u; system32\DRIVERS\netr28u.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 PCASp50; System32\Drivers\PCASp50.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-03 10:57 - 2014-03-03 10:59 - 00017858 _____ () C:\Users\Raimund\Desktop\FRST.txt
2014-03-03 10:57 - 2014-03-03 10:57 - 00000000 ____D () C:\FRST
2014-03-03 10:56 - 2014-03-03 10:56 - 00000476 _____ () C:\Users\Raimund\Desktop\defogger_disable.log
2014-03-03 10:56 - 2014-03-03 10:56 - 00000000 _____ () C:\Users\Raimund\defogger_reenable
2014-03-03 10:52 - 2014-03-03 10:52 - 00380416 _____ () C:\Users\Raimund\Desktop\Gmer-19357.exe
2014-03-03 10:51 - 2014-03-03 10:51 - 01145344 _____ (Farbar) C:\Users\Raimund\Desktop\FRST.exe
2014-03-03 10:50 - 2014-03-03 10:50 - 00050477 _____ () C:\Users\Raimund\Desktop\Defogger.exe
2014-03-02 00:39 - 2014-03-02 00:41 - 00000000 ____D () C:\Users\Raimund\Documents\Intelli-studio
2014-02-20 11:08 - 2014-03-02 00:41 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Intelli-studio
2014-02-20 11:08 - 2014-02-20 11:20 - 00001865 _____ () C:\Users\Public\Desktop\Intelli-studio.lnk
2014-02-15 15:26 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-15 15:26 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-15 15:26 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-15 15:26 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-15 15:26 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-15 15:26 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-15 15:26 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-15 15:26 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-15 15:26 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-15 15:26 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-15 15:26 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-15 15:26 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-15 15:26 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-15 15:26 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-15 15:26 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-15 15:26 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 15:07 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
==================== One Month Modified Files and Folders =======
2014-03-03 10:59 - 2014-03-03 10:57 - 00017858 _____ () C:\Users\Raimund\Desktop\FRST.txt
2014-03-03 10:57 - 2014-03-03 10:57 - 00000000 ____D () C:\FRST
2014-03-03 10:56 - 2014-03-03 10:56 - 00000476 _____ () C:\Users\Raimund\Desktop\defogger_disable.log
2014-03-03 10:56 - 2014-03-03 10:56 - 00000000 _____ () C:\Users\Raimund\defogger_reenable
2014-03-03 10:56 - 2008-12-04 23:31 - 00000000 ____D () C:\Users\Raimund
2014-03-03 10:52 - 2014-03-03 10:52 - 00380416 _____ () C:\Users\Raimund\Desktop\Gmer-19357.exe
2014-03-03 10:51 - 2014-03-03 10:51 - 01145344 _____ (Farbar) C:\Users\Raimund\Desktop\FRST.exe
2014-03-03 10:50 - 2014-03-03 10:50 - 00050477 _____ () C:\Users\Raimund\Desktop\Defogger.exe
2014-03-03 10:33 - 2008-09-18 01:46 - 02009085 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 10:30 - 2009-11-03 22:40 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-03 10:29 - 2008-12-04 23:31 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-03 10:29 - 2008-07-08 15:39 - 00109085 _____ () C:\ProgramData\nvModes.dat
2014-03-03 10:29 - 2008-07-08 15:39 - 00109085 _____ () C:\ProgramData\nvModes.001
2014-03-03 10:29 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-03 10:29 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 10:29 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-03 00:09 - 2008-07-09 07:09 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-03 00:09 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-03 00:03 - 2012-12-12 16:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-02 00:41 - 2014-03-02 00:39 - 00000000 ____D () C:\Users\Raimund\Documents\Intelli-studio
2014-03-02 00:41 - 2014-02-20 11:08 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Intelli-studio
2014-02-27 14:05 - 2006-11-02 11:33 - 01619710 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 23:54 - 2010-06-08 20:30 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Skype
2014-02-20 22:03 - 2012-12-12 16:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-20 22:03 - 2012-12-12 16:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 11:20 - 2014-02-20 11:08 - 00001865 _____ () C:\Users\Public\Desktop\Intelli-studio.lnk
2014-02-20 11:16 - 2006-11-02 13:52 - 00108264 _____ () C:\Windows\setupact.log
2014-02-20 11:07 - 2008-07-08 15:23 - 00000000 ____D () C:\Program Files\Samsung
2014-02-17 14:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-15 15:40 - 2013-08-15 14:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 15:34 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-05 09:58 - 2014-02-15 15:26 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-15 15:26 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-15 15:26 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-15 15:26 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-15 15:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-15 15:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-15 15:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-15 15:26 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-15 15:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-15 15:26 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-15 15:26 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-15 15:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-15 15:26 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-15 15:26 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-15 15:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-15 15:26 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-03 19:51 - 2008-01-21 03:47 - 01245526 _____ () C:\Windows\PFRO.log
Some content of TEMP:
====================
C:\Users\Raimund\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\Raimund\AppData\Local\Temp\ose00000.exe
C:\Users\Raimund\AppData\Local\Temp\_is2FA7.exe
C:\Users\Raimund\AppData\Local\Temp\_is3EE3.exe
C:\Users\Raimund\AppData\Local\Temp\_is3F9.exe
C:\Users\Raimund\AppData\Local\Temp\_is74B2.exe
C:\Users\Raimund\AppData\Local\Temp\_isA9B.exe
C:\Users\Raimund\AppData\Local\Temp\_isAA62.exe
C:\Users\Raimund\AppData\Local\Temp\_isAFE1.exe
C:\Users\Raimund\AppData\Local\Temp\_isB46.exe
C:\Users\Raimund\AppData\Local\Temp\_isBB05.exe
C:\Users\Raimund\AppData\Local\Temp\_isBE8D.exe
C:\Users\Raimund\AppData\Local\Temp\_isCD7B.exe
C:\Users\Raimund\AppData\Local\Temp\_isE733.exe
C:\Users\Raimund\AppData\Local\Temp\_isF4AB.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-03 10:35
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-03-2014
Ran by Raimund at 2014-03-03 10:59:21
Running from C:\Users\Raimund\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Apple Software Update (HKLM\...\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}) (Version: 2.0.2.92 - Apple Inc.)
Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Bundled software uninstaller (HKLM\...\bi_uninstaller) (Version: - ) <==== ATTENTION
C4700 (Version: 130.0.373.000 - Hewlett-Packard) Hidden
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2403 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.0.3825 - CyberLink Corp.)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die ersten 10 Jahre (HKLM\...\{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}) (Version: 1.00.0000 - )
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname)
Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.0 - )
FileConverter 1.3 B2 Toolbar (HKLM\...\FileConverter_1.3_B2 Toolbar) (Version: 6.12.0.11 - FileConverter 1.3 B2)
FILEminimizer Pictures (HKLM\...\FILEminimizer Pictures_is1) (Version: - balesio AG)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{2012D762-5DCA-455A-B5FE-EDF79BC93E18}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Internet Explorer (Version: 9 - Microsoft Corporation) Hidden
Internet Explorer Toolbar 4.6 by SweetPacks (HKLM\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: .2406 - CyberLink Corp.)
LightScribe System Software 1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
LyricsPal (HKLM\...\lrcspal@xinghao.net) (Version: - XingHao Software) <==== ATTENTION
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Memeo AutoSync (HKLM\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)
Memeo Instant Backup (HKLM\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Works Suite-Add-Ins für Microsoft Word (HKLM\...\{25F60491-F5AB-4985-9354-37C146783F35}) (Version: 2.0.0.0000 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Norton Internet Security (HKLM\...\NIS) (Version: 21.1.0.18 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Performance (HKLM\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Performance (Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA System Monitor (HKLM\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA System Update (HKLM\...\InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}) (Version: 3.00 - NVIDIA Corporation)
NVIDIA System Update (Version: 3.00 - NVIDIA Corporation) Hidden
PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.50 - Ihr Firmenname)
Play AVStation (Version: 4.1.20.50 - Ihr Firmenname) Hidden
PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.7 - )
PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 5.0.3927 - CyberLink Corp.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corp.)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 085120(3.7)_Vista_SSPC - CyberLink Corp.)
PS_AIO_06_C4700_SW_Min (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Q-plus Bridge 10 (HKLM\...\Q-plus Bridge 10) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
Reclams Kreuzworträtsellexikon (HKLM\...\Reclams Kreuzworträtsellexikon) (Version: - )
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.5 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Seagate Dashboard (HKLM\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Shockwave (HKLM\...\Shockwave) (Version: - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SweetIM for Messenger 3.7 (HKLM\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetPacks bundle uninstaller (HKLM\...\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}) (Version: 1.0.0001 - SweetIM Technologies Ltd.) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Telefonauskunft und Rückwärtssuche auf CD-ROM (HKLM\...\{42F81BE4-63FC-455C-8F80-2158612EDA9E}) (Version: 1.00.0000 - telegate MEDIA AG)
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version: - )
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version: - )
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
USB FLYING STICK (HKLM\...\FT7195) (Version: - )
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.)
Works Suite-Betriebssystem-Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works-Synchronisierung (Version: 1.0.0.0000 - Firmenname) Hidden
==================== Restore Points =========================
14-09-2013 12:58:04 Windows Update
16-10-2013 12:14:51 Windows Update
14-11-2013 14:14:59 Windows Update
14-12-2013 14:31:52 Windows Update
16-01-2014 08:54:29 Windows Update
29-01-2014 13:32:04 Windows Update
15-02-2014 14:20:27 Windows Update
27-02-2014 12:58:14 Windows Update
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {04699375-5AFB-4BAF-9F2A-09D8C0497F4E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {1C1403F7-AA79-4AEB-B025-B6645E4819B1} - System32\Tasks\{5DE02A4D-873C-479A-83A9-AEEDE6DE5690} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {206E3C38-F33B-415D-9450-1CD60B8135E8} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation) <==== ATTENTION
Task: {3048F55A-A266-40E3-8960-C82CC5E9F0A2} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-04] (Samsung Electronics Co., Ltd.) <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3DFD267D-6C28-4D9F-9B75-BDF1CC00D3CC} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation) <==== ATTENTION
Task: {3E21E1AC-D61F-4D06-85AE-7BA3CE25479D} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.) <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {46A2672D-D19D-4A06-92B0-76E399E1AFAE} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {492B8F7F-EE8B-4BD2-96F0-3CD390189FA9} - System32\Tasks\Microsoft\Windows\MUI\Mcbuilder => C:\Windows\System32\mcbuilder.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\system32\BthUdTask.exe [2009-04-11] (Microsoft Corporation) <==== ATTENTION
Task: {557A9153-8060-4500-85DA-841BFEE856A2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) <==== ATTENTION
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs [2008-01-21] () <==== ATTENTION
Task: {56FC5C7B-173D-4CF6-8A5E-EACC301EBB6F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics) <==== ATTENTION
Task: {57030356-4699-4E1F-9939-F9D4460CD4DA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {5936C79A-731F-4716-BE59-35B58194ECE5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {601584B6-D7D9-4A55-AB93-0E04245E4CF8} - System32\Tasks\{D59EAB00-DDF4-401D-A6F0-FD1318A8749C} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION
Task: {6FA7AB56-F5FB-4F1B-85A9-EF399DDC1807} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation) <==== ATTENTION
Task: {77DFA1C0-895B-437F-ADEA-FA41F08AA14D} - System32\Tasks\{DF54DA06-F274-4D0E-9C61-9805C7A90D51} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION
Task: {78DABEC8-68B8-4590-81BD-4532D98F07C2} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {7B50DB5F-DB88-4F32-93EF-7D1870D6D1DC} - System32\Tasks\{07FD2472-DFFD-4A34-9BEB-67BC0F5F1AE5} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION
Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe [2009-04-11] (Microsoft Corporation) <==== ATTENTION
Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {8EBE5DF9-0174-4C6E-9167-772BB0717C65} - System32\Tasks\Microsoft\Windows\RestartManager\{3054AEBE-DDE9-49f7-94D3-B64A2AD72371} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) <==== ATTENTION
Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.) <==== ATTENTION
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {B018E776-CC9A-4984-BA5D-7C8A743A6DBE} - System32\Tasks\User_Feed_Synchronization-{F96F0F53-13D2-475D-B150-9A388DCD819E} => C:\Windows\system32\msfeedssync.exe [2012-07-01] (Microsoft Corporation) <==== ATTENTION
Task: {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {C7A04EA0-1AFF-4F27-BE45-EA5FEA5CBA37} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Raimund => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) <==== ATTENTION
Task: {CB742042-B33B-4C37-8B78-850310DE2EDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated) <==== ATTENTION
Task: {CBD7E95B-A075-44E2-BBE3-E5FCD4C7688A} - System32\Tasks\{1A0563EE-C4EE-4504-82C5-85208CF9817E} => C:\Program Files\Skype\Phone\Skype.exe [2013-04-19] (Skype Technologies S.A.) <==== ATTENTION
Task: {CE3C7B64-1AB7-4FA9-83BD-864EC211E4D1} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.) <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () <==== ATTENTION
Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => Sc.exe config upnphost start= auto <==== ATTENTION
Task: {F6C840F6-CE8D-462C-8D55-120313D3D39D} - System32\Tasks\{336BC3DC-756E-41D4-86F0-869C4B6BF4E0} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION
Task: {F8015734-01C2-441E-B19B-54B7A1112A9F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29] (Apple Inc.) <==== ATTENTION
Task: {F887B50F-E636-4A82-A80A-3D80F59A5956} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2010-03-03 22:28 - 2009-08-20 01:19 - 00074984 _____ () C:\Program Files\FILEminimizer Pictures\FILEMShell.dll
2008-07-08 15:32 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2008-07-08 15:31 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2008-07-08 15:31 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll
2007-07-12 05:55 - 2007-07-12 05:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 05:59 - 2007-08-14 05:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 05:55 - 2007-07-12 05:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2011-06-02 00:06 - 2011-06-02 00:06 - 00108296 _____ () C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
2011-06-02 00:11 - 2011-06-02 00:11 - 00030984 _____ () C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2011-06-02 00:10 - 2011-06-02 00:10 - 00011016 _____ () C:\Program Files\Seagate\Seagate Dashboard\Plugins\de-DE\Memeo.Dashboard.SeagateSharePlusPlugin.resources.dll
2008-07-08 15:26 - 2006-12-19 14:23 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2011-05-13 00:44 - 2011-05-13 00:44 - 00325344 _____ () C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
2011-05-13 00:45 - 2011-05-13 00:45 - 02896608 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
2011-05-13 00:45 - 2011-05-13 00:45 - 00027360 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2011-05-13 00:45 - 2011-05-13 00:45 - 00028672 _____ () C:\Program Files\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll
2010-03-22 23:59 - 2010-03-22 23:59 - 00504293 _____ () C:\Program Files\Memeo\AutoBackup\sqlite3.dll
2011-06-01 17:16 - 2011-06-01 17:16 - 00241664 _____ () C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2011-06-01 17:16 - 2011-06-01 17:16 - 00971776 _____ () C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/03/2014 10:30:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/03/2014 10:29:41 AM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/02/2014 08:14:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/02/2014 08:14:39 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/02/2014 06:13:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/02/2014 06:13:37 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/01/2014 04:16:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/01/2014 04:15:41 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (02/28/2014 02:14:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/28/2014 02:14:17 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
System errors:
=============
Error: (03/03/2014 10:33:52 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (03/03/2014 10:30:03 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (03/03/2014 10:30:03 AM) (Source: Service Control Manager) (User: )
Description: PCASp50 NDIS Protocol Driver%%2
Error: (03/02/2014 08:17:43 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (03/02/2014 08:14:58 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (03/02/2014 08:14:58 PM) (Source: Service Control Manager) (User: )
Description: PCASp50 NDIS Protocol Driver%%2
Error: (03/02/2014 06:16:35 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (03/02/2014 06:13:53 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (03/02/2014 06:13:53 PM) (Source: Service Control Manager) (User: )
Description: PCASp50 NDIS Protocol Driver%%2
Error: (03/01/2014 04:18:51 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-02-10 19:36:27.988
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 19:36:26.970
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 19:36:26.656
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 19:36:26.335
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 19:33:09.428
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 19:33:08.434
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 19:33:08.068
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 19:33:07.636
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-01 19:52:04.922
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-01 19:52:04.615
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 40%
Total physical RAM: 3065.88 MB
Available physical RAM: 1817.85 MB
Total Pagefile: 6352.15 MB
Available Pagefile: 5103.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.17 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:144.09 GB) (Free:30.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:144 GB) (Free:143.9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: B6394A61)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-03 11:35:55
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2SS0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Raimund\AppData\Local\Temp\pxliqfoc.sys
---- System - GMER 2.1 ----
SSDT 8782D038 ZwAlertResumeThread
SSDT 8782D0D0 ZwAlertThread
SSDT 8751FCE8 ZwAllocateVirtualMemory
SSDT 871CFB18 ZwAlpcConnectPort
SSDT 873C2EA0 ZwAssignProcessToJobObject
SSDT 872DFE30 ZwCreateMutant
SSDT 873C2C98 ZwCreateSymbolicLinkObject
SSDT 87621A78 ZwCreateThread
SSDT 873C2F38 ZwDebugActiveProcess
SSDT 872DF090 ZwDuplicateObject
SSDT 876A2CB8 ZwFreeVirtualMemory
SSDT 872DFED8 ZwImpersonateAnonymousToken
SSDT 872DFF70 ZwImpersonateThread
SSDT 8709E330 ZwLoadDriver
SSDT 8741C490 ZwMapViewOfSection
SSDT 872DFD98 ZwOpenEvent
SSDT 873C20C0 ZwOpenProcess
SSDT 8751FD70 ZwOpenProcessToken
SSDT 872DFC68 ZwOpenSection
SSDT 872DF118 ZwOpenThread
SSDT 873C2DF8 ZwProtectVirtualMemory
SSDT 8782D168 ZwResumeThread
SSDT 8782D330 ZwSetContextThread
SSDT 8741C350 ZwSetInformationProcess
SSDT 873C2FD0 ZwSetSystemInformation
SSDT 872DFD00 ZwSuspendProcess
SSDT 8782D200 ZwSuspendThread
SSDT 873B1C28 ZwTerminateProcess
SSDT 8782D298 ZwTerminateThread
SSDT 8741C3F8 ZwUnmapViewOfSection
SSDT 876A2D60 ZwWriteVirtualMemory
SSDT 873C2D40 ZwCreateThreadEx
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!KeInsertQueue + 30D 82081814 8 Bytes [38, D0, 82, 87, D0, D0, 82, ...]
.text ntoskrnl.exe!KeInsertQueue + 321 82081828 4 Bytes [E8, FC, 51, 87]
.text ntoskrnl.exe!KeInsertQueue + 32D 82081834 4 Bytes [18, FB, 1C, 87] {SBB BL, BH; SBB AL, 0x87}
.text ntoskrnl.exe!KeInsertQueue + 381 82081888 4 Bytes [A0, 2E, 3C, 87]
.text ntoskrnl.exe!KeInsertQueue + 3E5 820818EC 4 Bytes [30, FE, 2D, 87]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9100C340, 0x3E9407, 0xE8000020]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002787923ce
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027879245e
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0002787923ce (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027879245e (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
03.03.2014, 11:55
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
03.03.2014, 12:06
| #3 |
| | Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Hallo cosinus,
__________________leider nicht, mein Norton hat nicht ausgeschlagen und mir ist nur das aufgefallen, was ich gepostet habe....sorry. LG |
|
03.03.2014, 14:41
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.03.2014, 10:32
| #5 |
| | Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Hallo, habe das Programm nun mehrfach gestartet, leider hängt es sich immer und immer wieder an der selben Stelle auf, was nun? Danke für Deine Hilfe, LG |
|
04.03.2014, 21:21
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Hast du per Rechtsklick => als Administrator ausgeführt?
__________________ --> Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr |
|
04.03.2014, 22:35
| #7 |
| | Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Hallo, habe beides mehrfach versucht...immer hängt es dann...hab dann auch mal über ne Stunde gewartet. .. LG |
|
04.03.2014, 23:14
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Norton IS komplett deaktiviert?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.03.2014, 07:53
| #9 |
| | Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Guten Morgen, yep, ist komplett raus. LG |
|
05.03.2014, 10:12
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Dann bitte mal ein Log mit CF machen Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.03.2014, 12:21
| #11 |
| | Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Hallo, hier die Datei, beim ersten Versuch hatte sich auch CF aufgehängt..... Code:
ATTFilter ComboFix 14-03-04.03 - Raimund 05.03.2014 12:03:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1747 [GMT 1:00]
ausgeführt von:: c:\users\Raimund\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-02-05 bis 2014-03-05 ))))))))))))))))))))))))))))))
.
.
2014-03-05 11:12 . 2014-03-05 11:13 -------- d-----w- c:\users\Raimund\AppData\Local\temp
2014-03-05 11:12 . 2014-03-05 11:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-05 08:25 . 2014-03-05 08:25 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-03-04 17:41 . 2014-03-04 17:41 -------- d-----w- c:\windows\system32\Adobe
2014-03-04 17:28 . 2014-03-04 17:28 -------- d-----w- c:\users\Raimund\AppData\Local\WindowsUpdate
2014-03-04 17:27 . 2014-03-04 17:27 -------- d-----w- c:\users\Raimund\AppData\Local\Secunia PSI
2014-03-04 17:27 . 2014-03-04 17:27 -------- d-----w- c:\program files\Secunia
2014-03-04 07:56 . 2014-03-04 07:56 -------- d-----w- c:\programdata\Malwarebytes
2014-03-04 07:56 . 2014-03-05 08:28 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-04 07:56 . 2014-03-05 08:17 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-04 07:53 . 2014-03-04 07:53 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-03 09:57 . 2014-03-03 10:01 -------- d-----w- C:\FRST
2014-02-20 10:08 . 2014-03-01 23:41 -------- d-----w- c:\users\Raimund\AppData\Roaming\Intelli-studio
2014-02-14 14:07 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-20 21:03 . 2012-12-12 15:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 21:03 . 2012-12-12 15:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-06 14:47 . 2013-12-06 14:47 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{99a9c3ba-07f6-4699-bc81-65cab16e204b}"= "c:\program files\FileConverter_1.3_B2\prxtbFile.dll" [2013-04-10 231712]
.
[HKEY_CLASSES_ROOT\clsid\{99a9c3ba-07f6-4699-bc81-65cab16e204b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{99a9c3ba-07f6-4699-bc81-65cab16e204b}]
2013-04-10 10:19 231712 ----a-w- c:\program files\FileConverter_1.3_B2\prxtbFile.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{99a9c3ba-07f6-4699-bc81-65cab16e204b}"= "c:\program files\FileConverter_1.3_B2\prxtbFile.dll" [2013-04-10 231712]
.
[HKEY_CLASSES_ROOT\clsid\{99a9c3ba-07f6-4699-bc81-65cab16e204b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{99A9C3BA-07F6-4699-BC81-65CAB16E204B}"= "c:\program files\FileConverter_1.3_B2\prxtbFile.dll" [2013-04-10 231712]
.
[HKEY_CLASSES_ROOT\clsid\{99a9c3ba-07f6-4699-bc81-65cab16e204b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2013-12-18 1272704]
"DTAGSSDVDReport"="c:\users\Raimund\AppData\Local\Dtag\Dtor.exe" [2012-10-17 4960192]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-08 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-08 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"ToADiMon.exe"="c:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2010-04-08 286720]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2009-04-29 268800]
.
c:\users\Raimund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 08:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-12 21:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={BCE9DD1B-3643-11E2-90E0-001377D48AE0}
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Sweetpacks Communicator - c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-03-05 12:13
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-03-05 12:18:16
ComboFix-quarantined-files.txt 2014-03-05 11:18
.
Vor Suchlauf: 16 Verzeichnis(se), 32.783.806.464 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 52.745.187.328 Bytes frei
.
- - End Of File - - 2F7E780611BDBFAEA6B3BE5C7C743801
61A349592C4728853F4A90FF78F7628E
Mundi |
|
05.03.2014, 12:45
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.03.2014, 12:38
| #13 |
| | Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Hallo cosinus, anbei die gewünschten Dateien...allerdings mit (leider) einem großen ABER: der erste Versuch endete damit, daß adw und jrt durchliefen und das FRST sich aufhängte...mein Vater, dem dieses laptop gehört war der Meinung dann nochmal ALLES starten zu müssen....JRT ist aus dem 2.Versuch, adw ist laut ihm der 1. und FRST dann der, der geklappt hat. SORRY und LG ADW Code:
ATTFilter # AdwCleaner v3.020 - Bericht erstellt am 05/03/2014 um 13:15:20
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Raimund - RAIMUND-PC
# Gestartet von : C:\Users\Raimund\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Program Files\FileConverter_1.3_B2
Ordner Gelöscht : C:\Users\Raimund\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Raimund\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\Raimund\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Raimund\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Raimund\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Raimund\AppData\LocalLow\FileConverter_1.3_B2
Ordner Gelöscht : C:\Users\Raimund\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Raimund\AppData\Roaming\Systweak
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3297969
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99A9C3BA-07F6-4699-BC81-65CAB16E204B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5AEA34E-7BA3-42F6-9AF8-4A5F97BB53AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99A9C3BA-07F6-4699-BC81-65CAB16E204B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99A9C3BA-07F6-4699-BC81-65CAB16E204B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5AEA34E-7BA3-42F6-9AF8-4A5F97BB53AB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99A9C3BA-07F6-4699-BC81-65CAB16E204B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5AEA34E-7BA3-42F6-9AF8-4A5F97BB53AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{917FA563-AD66-4693-8E74-42B400DC020D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A840F179-E355-4089-A259-6BBBB8588095}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99A9C3BA-07F6-4699-BC81-65CAB16E204B}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{99A9C3BA-07F6-4699-BC81-65CAB16E204B}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{99A9C3BA-07F6-4699-BC81-65CAB16E204B}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{99A9C3BA-07F6-4699-BC81-65CAB16E204B}]
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FileConverter_1.3_B2
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\FileConverter_1.3_B2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileConverter_1.3_B2 Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FileConverter_1.3_B2 Toolbar
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16533
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
*************************
AdwCleaner[R0].txt - [9772 octets] - [05/03/2014 13:14:31]
AdwCleaner[S0].txt - [9632 octets] - [05/03/2014 13:15:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9692 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Raimund on 05.03.2014 at 19:52:52,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.03.2014 at 19:55:01,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014
Ran by Raimund (administrator) on RAIMUND-PC on 05-03-2014 19:39:37
Running from C:\Users\Raimund\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Deutsche Telekom AG) C:\Users\Raimund\AppData\Local\DTAG\Dtor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-06-08] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-06-08] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [ToADiMon.exe] - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [286720 2010-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKU\.DEFAULT\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-03-17] (Hewlett-Packard Company)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [Adobe Reader Synchronizer] - C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272704 2013-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [DTAGSSDVDReport] - C:\Users\Raimund\AppData\Local\Dtag\Dtor.exe [4960192 2012-10-17] (Deutsche Telekom AG)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\Raimund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {5119FB30-9FFF-47B4-8A80-19A544DEC875} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKCU - {7956413B-17A5-4099-912A-FA61DDCBE3C3} URL = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKCU - {DD1D79C2-C6C2-4E82-8BD6-C2A07E973047} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Internet Shortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - C:\Windows\System32\ieframe.dll [9739264 2014-02-05] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
========================== Services (Whitelisted) =================
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [191080 2010-03-22] (NVIDIA)
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [195176 2009-11-06] (NVIDIA)
==================== Drivers (Whitelisted) ====================
S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [83880 2008-01-18] (MCCI Corporation)
S3 a016mdfl; C:\Windows\System32\DRIVERS\a016mdfl.sys [15016 2008-01-18] (MCCI Corporation)
S3 a016mdm; C:\Windows\System32\DRIVERS\a016mdm.sys [110504 2008-01-18] (MCCI Corporation)
S3 a016mgmt; C:\Windows\System32\DRIVERS\a016mgmt.sys [104488 2008-01-18] (MCCI Corporation)
S3 a016obex; C:\Windows\System32\DRIVERS\a016obex.sys [100648 2008-01-18] (MCCI Corporation)
S3 GWHid; C:\Windows\System32\DRIVERS\GWHid.sys [18992 2008-10-31] (Microsoft Corporation)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-05-23] (SAMSUNG ELECTRONICS CO., LTD.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-03-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107224 2014-03-05] (Malwarebytes Corporation)
S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
S3 VL807; C:\Windows\System32\DRIVERS\VL807.sys [27184 2008-10-31] ()
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242560 2008-04-05] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Raimund\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 netr28u; system32\DRIVERS\netr28u.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 PCASp50; System32\Drivers\PCASp50.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-05 13:22 - 2014-03-05 13:22 - 00000000 ____D () C:\Windows\ERUNT
2014-03-05 13:14 - 2014-03-05 19:32 - 00000000 ____D () C:\AdwCleaner
2014-03-05 13:13 - 2014-03-05 13:13 - 01244192 _____ () C:\Users\Raimund\Desktop\adwcleaner.exe
2014-03-05 13:13 - 2014-03-05 13:13 - 01037734 _____ (Thisisu) C:\Users\Raimund\Desktop\JRT.exe
2014-03-05 12:47 - 2014-03-05 19:36 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-05 12:18 - 2014-03-05 12:18 - 00008981 _____ () C:\ComboFix.txt
2014-03-05 11:50 - 2014-03-05 12:18 - 00000000 ____D () C:\Qoobox
2014-03-05 11:50 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-05 11:50 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-05 11:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-05 11:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-05 11:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-05 11:50 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-05 11:50 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-05 11:50 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-05 11:48 - 2014-03-05 12:16 - 00000000 ____D () C:\Windows\erdnt
2014-03-05 11:22 - 2014-03-05 11:22 - 05186850 ____R (Swearware) C:\Users\Raimund\Desktop\ComboFix.exe
2014-03-05 09:25 - 2014-03-05 09:25 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-03-05 09:25 - 2014-03-05 09:25 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-03-04 18:41 - 2014-03-04 18:41 - 00000000 ____D () C:\Windows\system32\Adobe
2014-03-04 18:28 - 2014-03-04 18:28 - 00000000 ____D () C:\Users\Raimund\AppData\Local\WindowsUpdate
2014-03-04 18:27 - 2014-03-04 18:27 - 00000000 ____D () C:\Users\Raimund\AppData\Local\Secunia PSI
2014-03-04 18:27 - 2014-03-04 18:27 - 00000000 ____D () C:\Program Files\Secunia
2014-03-04 18:25 - 2014-03-04 18:26 - 05329480 _____ (Secunia) C:\Users\Raimund\Downloads\PSISetup_3.0.0.9016.exe
2014-03-04 08:56 - 2014-03-05 09:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-04 08:56 - 2014-03-05 09:17 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-04 08:56 - 2014-03-04 08:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-04 08:53 - 2014-03-05 09:16 - 00000000 ____D () C:\Users\Raimund\Desktop\mbar
2014-03-04 08:53 - 2014-03-04 08:53 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-04 08:52 - 2014-03-04 08:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Raimund\Desktop\mbar-1.07.0.1009.exe
2014-03-03 11:35 - 2014-03-03 11:35 - 00005976 _____ () C:\Users\Raimund\Desktop\Gmer.log
2014-03-03 11:04 - 2014-03-03 11:05 - 00143376 _____ () C:\Windows\Minidump\Mini030314-01.dmp
2014-03-03 10:59 - 2014-03-03 11:01 - 00044220 _____ () C:\Users\Raimund\Desktop\Addition.txt
2014-03-03 10:57 - 2014-03-05 19:39 - 00010173 _____ () C:\Users\Raimund\Desktop\FRST.txt
2014-03-03 10:57 - 2014-03-05 13:25 - 00000000 ____D () C:\FRST
2014-03-03 10:56 - 2014-03-03 10:56 - 00000476 _____ () C:\Users\Raimund\Desktop\defogger_disable.log
2014-03-03 10:56 - 2014-03-03 10:56 - 00000000 _____ () C:\Users\Raimund\defogger_reenable
2014-03-03 10:52 - 2014-03-03 10:52 - 00380416 _____ () C:\Users\Raimund\Desktop\Gmer-19357.exe
2014-03-03 10:51 - 2014-03-03 10:51 - 01145344 _____ (Farbar) C:\Users\Raimund\Desktop\FRST.exe
2014-03-03 10:50 - 2014-03-03 10:50 - 00050477 _____ () C:\Users\Raimund\Desktop\Defogger.exe
2014-03-02 00:39 - 2014-03-02 00:41 - 00000000 ____D () C:\Users\Raimund\Documents\Intelli-studio
2014-02-20 11:08 - 2014-03-02 00:41 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Intelli-studio
2014-02-15 15:26 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-15 15:26 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-15 15:26 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-15 15:26 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-15 15:26 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-15 15:26 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-15 15:26 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-15 15:26 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-15 15:26 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-15 15:26 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-15 15:26 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-15 15:26 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-15 15:26 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-15 15:26 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-15 15:26 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-15 15:26 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 15:07 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
==================== One Month Modified Files and Folders =======
2014-03-05 19:43 - 2014-03-03 10:57 - 00010173 _____ () C:\Users\Raimund\Desktop\FRST.txt
2014-03-05 19:36 - 2014-03-05 12:47 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-05 19:36 - 2008-09-18 01:46 - 01885886 _____ () C:\Windows\WindowsUpdate.log
2014-03-05 19:35 - 2008-07-08 15:39 - 00109085 _____ () C:\ProgramData\nvModes.dat
2014-03-05 19:35 - 2008-07-08 15:39 - 00109085 _____ () C:\ProgramData\nvModes.001
2014-03-05 19:35 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-05 19:35 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-05 19:35 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-05 19:34 - 2008-07-09 07:09 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-05 19:34 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-05 19:32 - 2014-03-05 13:14 - 00000000 ____D () C:\AdwCleaner
2014-03-05 19:03 - 2012-12-12 16:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 14:39 - 2008-12-04 23:35 - 00109880 _____ () C:\Users\Raimund\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-05 13:25 - 2014-03-03 10:57 - 00000000 ____D () C:\FRST
2014-03-05 13:22 - 2014-03-05 13:22 - 00000000 ____D () C:\Windows\ERUNT
2014-03-05 13:13 - 2014-03-05 13:13 - 01244192 _____ () C:\Users\Raimund\Desktop\adwcleaner.exe
2014-03-05 13:13 - 2014-03-05 13:13 - 01037734 _____ (Thisisu) C:\Users\Raimund\Desktop\JRT.exe
2014-03-05 12:55 - 2008-07-08 15:40 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-05 12:46 - 2006-11-02 13:47 - 00393680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-05 12:45 - 2008-01-21 03:47 - 01654448 _____ () C:\Windows\PFRO.log
2014-03-05 12:44 - 2008-12-07 14:25 - 00000000 ____D () C:\ProgramData\CyberLink
2014-03-05 12:44 - 2008-07-08 15:25 - 00000000 ____D () C:\Program Files\CyberLink
2014-03-05 12:44 - 2008-07-08 15:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-05 12:37 - 2008-12-19 21:41 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-03-05 12:18 - 2014-03-05 12:18 - 00008981 _____ () C:\ComboFix.txt
2014-03-05 12:18 - 2014-03-05 11:50 - 00000000 ____D () C:\Qoobox
2014-03-05 12:18 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-03-05 12:18 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-03-05 12:16 - 2014-03-05 11:48 - 00000000 ____D () C:\Windows\erdnt
2014-03-05 12:13 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-03-05 11:33 - 2008-07-08 15:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-05 11:31 - 2010-06-08 20:29 - 00000000 ___RD () C:\Program Files\Skype
2014-03-05 11:30 - 2010-06-08 20:29 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 11:22 - 2014-03-05 11:22 - 05186850 ____R (Swearware) C:\Users\Raimund\Desktop\ComboFix.exe
2014-03-05 11:04 - 2010-11-24 17:58 - 00003309 _____ () C:\ProgramData\hpzinstall.log
2014-03-05 11:04 - 2009-12-18 18:33 - 00000142 _____ () C:\Windows\ktel.ini
2014-03-05 11:03 - 2010-11-24 18:00 - 00000000 ____D () C:\Program Files\HP
2014-03-05 10:56 - 2010-01-17 21:49 - 00000000 ____D () C:\Users\Raimund\AppData\Local\CrashDumps
2014-03-05 10:54 - 2012-05-31 17:02 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Memeo
2014-03-05 10:43 - 2009-11-20 17:04 - 00000000 ____D () C:\ProgramData\Norton
2014-03-05 09:40 - 2010-06-08 20:30 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Skype
2014-03-05 09:28 - 2014-03-04 08:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-05 09:25 - 2014-03-05 09:25 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-03-05 09:25 - 2014-03-05 09:25 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-03-05 09:23 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-05 09:22 - 2008-12-30 22:12 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-03-05 09:17 - 2014-03-04 08:56 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-05 09:16 - 2014-03-04 08:53 - 00000000 ____D () C:\Users\Raimund\Desktop\mbar
2014-03-04 18:41 - 2014-03-04 18:41 - 00000000 ____D () C:\Windows\system32\Adobe
2014-03-04 18:28 - 2014-03-04 18:28 - 00000000 ____D () C:\Users\Raimund\AppData\Local\WindowsUpdate
2014-03-04 18:27 - 2014-03-04 18:27 - 00000000 ____D () C:\Users\Raimund\AppData\Local\Secunia PSI
2014-03-04 18:27 - 2014-03-04 18:27 - 00000000 ____D () C:\Program Files\Secunia
2014-03-04 18:26 - 2014-03-04 18:25 - 05329480 _____ (Secunia) C:\Users\Raimund\Downloads\PSISetup_3.0.0.9016.exe
2014-03-04 08:56 - 2014-03-04 08:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-04 08:53 - 2014-03-04 08:53 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-04 08:52 - 2014-03-04 08:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Raimund\Desktop\mbar-1.07.0.1009.exe
2014-03-03 11:35 - 2014-03-03 11:35 - 00005976 _____ () C:\Users\Raimund\Desktop\Gmer.log
2014-03-03 11:05 - 2014-03-03 11:04 - 00143376 _____ () C:\Windows\Minidump\Mini030314-01.dmp
2014-03-03 11:04 - 2012-12-12 15:31 - 346647914 _____ () C:\Windows\MEMORY.DMP
2014-03-03 11:04 - 2012-12-12 15:31 - 00000000 ____D () C:\Windows\Minidump
2014-03-03 11:01 - 2014-03-03 10:59 - 00044220 _____ () C:\Users\Raimund\Desktop\Addition.txt
2014-03-03 10:56 - 2014-03-03 10:56 - 00000476 _____ () C:\Users\Raimund\Desktop\defogger_disable.log
2014-03-03 10:56 - 2014-03-03 10:56 - 00000000 _____ () C:\Users\Raimund\defogger_reenable
2014-03-03 10:56 - 2008-12-04 23:31 - 00000000 ____D () C:\Users\Raimund
2014-03-03 10:52 - 2014-03-03 10:52 - 00380416 _____ () C:\Users\Raimund\Desktop\Gmer-19357.exe
2014-03-03 10:51 - 2014-03-03 10:51 - 01145344 _____ (Farbar) C:\Users\Raimund\Desktop\FRST.exe
2014-03-03 10:50 - 2014-03-03 10:50 - 00050477 _____ () C:\Users\Raimund\Desktop\Defogger.exe
2014-03-02 00:41 - 2014-03-02 00:39 - 00000000 ____D () C:\Users\Raimund\Documents\Intelli-studio
2014-03-02 00:41 - 2014-02-20 11:08 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Intelli-studio
2014-02-27 14:05 - 2006-11-02 11:33 - 01619710 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-20 22:03 - 2012-12-12 16:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-20 22:03 - 2012-12-12 16:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 11:16 - 2006-11-02 13:52 - 00108264 _____ () C:\Windows\setupact.log
2014-02-20 11:07 - 2008-07-08 15:23 - 00000000 ____D () C:\Program Files\Samsung
2014-02-17 14:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-15 15:40 - 2013-08-15 14:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 15:34 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-05 09:58 - 2014-02-15 15:26 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-15 15:26 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-15 15:26 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-15 15:26 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-15 15:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-15 15:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-15 15:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-15 15:26 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-15 15:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-15 15:26 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-15 15:26 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-15 15:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-15 15:26 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-15 15:26 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-15 15:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-15 15:26 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-05 19:41
==================== End Of Log ============================
|
|
06.03.2014, 12:48
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.03.2014, 19:33
| #15 |
| | Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Hallo, hier der eset-log: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=34aabef95546b64588c1a9133d2425e4
# engine=17343
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-06 06:21:59
# local_time=2014-03-06 07:21:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 95 53162866 231662847 0 0
# scanned=136487
# found=0
# cleaned=0
# scan_time=2981
Danke und Gruß Mundi |
|
| Themen zu Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr |
| bluescreen, booten, browser, browser.exe, device driver, error, excel, flash player, home, hängt, laptop hängt, monitor, object, performance, problem, realtek, registry, rundll, scan, security, software, stick, svchost.exe, symantec, system, vista, windows, wlan |
Hybrid-Darstellung
