Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Im IE und firefox ist Startseite Nationzoom.com und nicht veränderbar, viele popups

Im IE und firefox ist Startseite Nationzoom.com und nicht veränderbar, viele popups


Log-Analyse und Auswertung: Im IE und firefox ist Startseite Nationzoom.com und nicht veränderbar, viele popups

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.03.2014, 10:37   #6
utetommy
 
Im IE und firefox ist Startseite Nationzoom.com und nicht veränderbar, viele popups - Standard

Im IE und firefox ist Startseite Nationzoom.com und nicht veränderbar, viele popups


OK, das war ein Versehen. Hier nun die FRST Version


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01
Ran by Saskia (administrator) on SASKIAS-PC on 08-03-2014 17:07:51
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Panicware, Inc.) C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16334368 2009-07-23] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-11-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-05-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1238016 2013-07-26] (Easybits)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3556447884-3779751430-648500920-1000\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-3556447884-3779751430-648500920-1000\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-3556447884-3779751430-648500920-1000\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-05-04] ()
HKU\S-1-5-21-3556447884-3779751430-648500920-1000\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [955792 2012-05-04] (Samsung)
HKU\S-1-5-21-3556447884-3779751430-648500920-1000\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3556447884-3779751430-648500920-1000\...\Run: [PopUpStopperFreeEdition] - C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe [536576 2005-03-17] (Panicware, Inc.)
HKU\S-1-5-21-3556447884-3779751430-648500920-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3556447884-3779751430-648500920-1000\...\Policies\system: [DisableChangePassword] 0
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Saskia\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {51B14B24-9C85-4157-9507-9D15323F1D81} URL = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {8052D26F-D682-4C96-B556-61B735ECD9C8} URL = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
SearchScopes: HKCU - {A8E35C74-0D1B-43BB-80AF-1EA828869ED4} URL = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Media Player - {2c1e0e0d-e06c-4dfb-884f-d517e604c6ee} - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha5343\ie\MediaPlayerV1alpha5343.dll No File
BHO-x32: Media Viewer - {4440e3ff-3d00-40f0-a7c9-f72c0e5293e5} - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha260\ie\MediaViewerV1alpha260.dll ()
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Media View - {e95f2282-9e89-4f46-a224-3e32d44ed86b} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8248\ie\MediaViewV1alpha8248.dll ()
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-11-09] (EasyBits Software Corp.)
ShellExecuteHooks-x32:  - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{59F19E66-210B-49FD-B159-46455A949359}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{B6093F21-B156-4A77-B7D8-1F623E7A7B3A}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{E8289A3F-7707-40CD-B15E-905AAE83E47E}: [NameServer]193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\Saskia\AppData\Roaming\Mozilla\Firefox\Profiles\ze4dah08.default
FF DefaultSearchEngine: StartWeb
FF SearchEngineOrder.1: Ask Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Saskia\AppData\Roaming\Mozilla\Firefox\Profiles\ze4dah08.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Saskia\AppData\Roaming\Mozilla\Firefox\Profiles\ze4dah08.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Saskia\AppData\Roaming\Mozilla\Firefox\Profiles\ze4dah08.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Saskia\AppData\Roaming\Mozilla\Firefox\Profiles\ze4dah08.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\Saskia\AppData\Roaming\Mozilla\Firefox\Profiles\ze4dah08.default\Extensions\toolbar@web.de.xpi [2012-06-04]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Saskia\AppData\Roaming\Mozilla\Firefox\Profiles\ze4dah08.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-22]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF Extension: Norton IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2014-03-08]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-25]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha5343.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha5343\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha260.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha260\ff
FF Extension: Media Viewer - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha260\ff [2014-02-24]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha8248.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8248\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8248\ff [2014-03-08]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-25]

Chrome: 
=======
CHR Extension: (Media Viewer) - C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\debpnmfgmgoccmgpbjddadeladoacpjp [2014-03-01]
CHR Extension: (Video Player) - C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhcdjeefeijohkjkflaenfedflcpbmjj [2014-01-25]
CHR Extension: (Skype Click to Call) - C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-01]
CHR Extension: (Media View) - C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhmfeoolaglliijacfniglncgipendei [2014-03-08]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-05-09]
CHR Extension: (Google Wallet) - C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Saskia\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-20]
CHR HKLM-x32\...\Chrome\Extension: [debpnmfgmgoccmgpbjddadeladoacpjp] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha260\ch\MediaViewerV1alpha260.crx [2014-02-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [nhmfeoolaglliijacfniglncgipendei] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8248\ch\MediaViewV1alpha8248.crx [2014-02-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2013-04-08] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [126400 2011-08-04] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe [240640 2009-08-13] (IDT, Inc.)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx64.sys [942640 2010-05-22] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-04] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-06-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2010-06-19] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100709.001\IDSvia64.sys [463408 2010-05-28] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100710.004\ENG64.SYS [117808 2010-07-10] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100710.004\EX64.SYS [1773104 2010-07-10] (Symantec Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-22] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-22] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-05-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-29] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-22] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-08 17:01 - 2014-03-08 17:01 - 00004072 _____ () C:\Users\Saskia\Desktop\JRT.txt
2014-03-08 16:46 - 2014-03-08 16:46 - 00000000 ____D () C:\Windows\ERUNT
2014-03-08 16:39 - 2014-03-08 16:40 - 00000000 ____D () C:\AdwCleaner
2014-03-08 16:32 - 2014-03-08 16:32 - 00003354 _____ () C:\Windows\System32\Tasks\Install_SSD
2014-03-08 15:38 - 2014-03-08 16:29 - 00000000 ___SD () C:\ComboFix
2014-03-08 15:37 - 2014-03-08 15:38 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-08 15:26 - 2014-03-08 15:27 - 00535768 _____ () C:\Windows\Minidump\030814-58734-01.dmp
2014-03-08 13:48 - 2014-03-08 17:07 - 00000000 ____D () C:\FRST
2014-03-08 13:41 - 2014-03-08 13:41 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-03-08 13:18 - 2014-03-08 13:18 - 00000000 _____ () C:\Users\Saskia\defogger_reenable
2014-03-08 12:47 - 2014-03-08 12:47 - 00668800 _____ ( ) C:\Users\Saskia\Downloads\ZipExtractorSetup(2).exe
2014-03-08 12:46 - 2014-03-08 12:46 - 00668800 _____ ( ) C:\Users\Saskia\Downloads\ZipExtractorSetup(1).exe
2014-03-08 12:45 - 2014-03-08 12:45 - 00668800 _____ ( ) C:\Users\Saskia\Downloads\ZipExtractorSetup.exe
2014-02-27 13:31 - 2014-02-27 17:13 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-24 15:24 - 2014-02-24 15:24 - 00000000 ____D () C:\Program Files (x86)\MediaViewerV1
2014-02-16 22:00 - 2014-02-16 22:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 21:32 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-16 21:32 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-16 21:32 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-16 21:32 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-16 21:32 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-16 21:32 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-16 21:32 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-16 21:32 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-16 21:32 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-16 21:32 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-16 21:32 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-16 21:32 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-16 21:32 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-16 21:32 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-16 21:32 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-16 21:32 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-16 21:32 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-16 21:32 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-16 21:31 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-16 21:31 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-16 21:31 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-16 21:31 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-16 21:31 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-16 21:31 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-16 21:31 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-16 21:31 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-16 21:31 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-16 21:31 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-16 20:33 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-16 20:33 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-16 20:32 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-16 20:32 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-16 20:32 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-16 20:32 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-16 20:32 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-16 20:32 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-16 20:32 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-16 20:32 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-16 20:32 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-16 20:32 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-16 20:32 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-16 20:32 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-16 20:32 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-16 20:32 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-16 20:32 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-16 20:32 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-16 20:32 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-16 20:32 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-16 20:32 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-16 20:32 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-16 20:32 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-16 20:32 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-16 20:32 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-16 20:32 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-16 20:32 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-16 20:32 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-16 20:32 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-16 20:32 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-16 20:32 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-16 20:32 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-16 20:32 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-16 20:32 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-16 20:32 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-16 20:32 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-16 20:32 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-16 20:32 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-16 20:32 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-16 20:32 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-16 20:32 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

==================== One Month Modified Files and Folders =======

2014-03-08 17:07 - 2014-03-08 13:48 - 00000000 ____D () C:\FRST
2014-03-08 17:01 - 2014-03-08 17:01 - 00004072 _____ () C:\Users\Saskia\Desktop\JRT.txt
2014-03-08 16:52 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-08 16:52 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-08 16:50 - 2009-11-09 20:55 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-03-08 16:50 - 2009-11-09 20:55 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-03-08 16:50 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-08 16:49 - 2011-05-02 21:57 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-08 16:49 - 2009-11-05 01:28 - 01878541 _____ () C:\Windows\WindowsUpdate.log
2014-03-08 16:48 - 2009-07-14 05:51 - 00172487 _____ () C:\Windows\setupact.log
2014-03-08 16:46 - 2014-03-08 16:46 - 00000000 ____D () C:\Windows\ERUNT
2014-03-08 16:44 - 2011-05-02 21:57 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-08 16:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-08 16:41 - 2012-10-09 19:48 - 00000000 ____D () C:\Program Files (x86)\PC Tools
2014-03-08 16:41 - 2009-11-05 01:25 - 00145994 _____ () C:\Windows\PFRO.log
2014-03-08 16:40 - 2014-03-08 16:39 - 00000000 ____D () C:\AdwCleaner
2014-03-08 16:40 - 2012-09-15 12:53 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-08 16:40 - 2011-12-06 18:57 - 00001074 _____ () C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk
2014-03-08 16:40 - 2011-12-06 18:57 - 00001044 _____ () C:\Users\Saskia\Desktop\WEB.DE.lnk
2014-03-08 16:40 - 2011-12-06 18:57 - 00001044 _____ () C:\Users\Saskia\Desktop\Amazon.lnk
2014-03-08 16:40 - 2010-05-10 17:16 - 00000997 _____ () C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-08 16:33 - 2014-01-31 19:10 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-03-08 16:32 - 2014-03-08 16:32 - 00003354 _____ () C:\Windows\System32\Tasks\Install_SSD
2014-03-08 16:31 - 2012-10-09 19:45 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-08 16:29 - 2014-03-08 15:38 - 00000000 ___SD () C:\ComboFix
2014-03-08 15:42 - 2012-05-08 13:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-08 15:38 - 2014-03-08 15:37 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-08 15:38 - 2012-10-11 19:10 - 00000000 ____D () C:\Qoobox
2014-03-08 15:27 - 2014-03-08 15:26 - 00535768 _____ () C:\Windows\Minidump\030814-58734-01.dmp
2014-03-08 15:26 - 2011-01-08 16:15 - 662617164 _____ () C:\Windows\MEMORY.DMP
2014-03-08 15:26 - 2011-01-08 16:15 - 00000000 ____D () C:\Windows\Minidump
2014-03-08 13:41 - 2014-03-08 13:41 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-03-08 13:18 - 2014-03-08 13:18 - 00000000 _____ () C:\Users\Saskia\defogger_reenable
2014-03-08 13:18 - 2010-05-10 17:04 - 00000000 ____D () C:\Users\Saskia
2014-03-08 12:47 - 2014-03-08 12:47 - 00668800 _____ ( ) C:\Users\Saskia\Downloads\ZipExtractorSetup(2).exe
2014-03-08 12:46 - 2014-03-08 12:46 - 00668800 _____ ( ) C:\Users\Saskia\Downloads\ZipExtractorSetup(1).exe
2014-03-08 12:45 - 2014-03-08 12:45 - 00668800 _____ ( ) C:\Users\Saskia\Downloads\ZipExtractorSetup.exe
2014-03-01 21:35 - 2012-07-27 13:40 - 00000000 ____D () C:\Users\Saskia\AppData\Roaming\Dropbox
2014-03-01 21:31 - 2012-07-27 13:53 - 00000000 ___RD () C:\Users\Saskia\Dropbox
2014-02-27 17:13 - 2014-02-27 13:31 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-24 15:42 - 2012-05-08 13:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-24 15:42 - 2012-05-08 13:08 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-24 15:42 - 2011-10-01 22:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-24 15:24 - 2014-02-24 15:24 - 00000000 ____D () C:\Program Files (x86)\MediaViewerV1
2014-02-21 16:44 - 2012-05-12 14:53 - 00000000 ____D () C:\Users\Saskia\Documents\Jugendausschuss
2014-02-19 13:44 - 2011-05-02 21:57 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-19 13:44 - 2011-05-02 21:57 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 12:53 - 2013-08-14 22:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 12:50 - 2012-01-16 17:54 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 12:00 - 2010-05-10 19:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-17 12:00 - 2010-05-10 19:26 - 00000000 ____D () C:\ProgramData\Skype
2014-02-17 11:51 - 2012-05-06 10:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 22:00 - 2014-02-16 22:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-06 13:16 - 2014-02-16 20:32 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-16 20:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-16 20:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-16 20:32 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-16 20:32 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-16 20:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-16 20:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-16 20:32 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-16 20:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-16 20:32 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-16 20:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-16 20:32 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-16 20:32 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-16 20:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-16 20:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-16 20:32 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-16 20:32 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-16 20:32 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-16 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-16 20:32 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-16 20:32 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-16 20:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-16 20:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-16 20:32 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-16 20:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-16 20:32 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-16 20:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-16 20:32 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-16 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-16 20:32 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-16 20:32 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-16 20:32 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-16 20:32 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-16 20:32 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-16 20:32 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-16 20:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-16 20:32 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-16 20:32 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-16 20:32 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Saskia\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 14:01

==================== End Of Log ============================
--- --- ---
 

Themen zu Im IE und firefox ist Startseite Nationzoom.com und nicht veränderbar, viele popups
adware.installbrain, ask toolbar, browser guard, dmuninstaller, iminent, marketresearch, nationzoom.com, pc tools spyware doctor, plus-hd-1.2, pup.optional.babylon.a, pup.optional.bundleinstaller.a, pup.optional.installcore, pup.optional.installmonetizer, pup.optional.mediaview.a, pup.optional.mediaviewer.a, pup.optional.nationzoom.a, pup.optional.softonic, pup.optional.softonic.a, pup.optional.wpmanager, re-markit, regclean pro, rightsurf, software version updater, trojan.ransom, video player, viele popups


« Windows 7 // Firefox 27.0.1 Final // unerwünschte Pop-Ups und grüne hinterlegte Hyperlinks | Grüne Würter doppelt understrichen mit Werbung »


Ähnliche Themen: Im IE und firefox ist Startseite Nationzoom.com und nicht veränderbar, viele popups


  1. TR/MSIL.Agent.defh und Startseite IE auf nationzoom
    Log-Analyse und Auswertung - 16.04.2014 (9)
  2. Nationzoom als Startseite nicht wegzubekommen und ständig eigenständig öffnende Tabs
    Plagegeister aller Art und deren Bekämpfung - 24.03.2014 (9)
  3. nationzoom startseite bei firefox lässt sich nicht ändern
    Log-Analyse und Auswertung - 21.01.2014 (1)
  4. Startseite bei firefox ist immer nationzoom
    Log-Analyse und Auswertung - 21.01.2014 (1)
  5. Vista (Home Premium) - Malware von nationzoom - Symtome: Startseite vom Browser (Firefox)
    Log-Analyse und Auswertung - 21.01.2014 (14)
  6. Mozilla firefox: viele Popups (Werbung, updates), related search sites bei jeder neu geöffneten Internetseite
    Log-Analyse und Auswertung - 16.01.2014 (10)
  7. Startseite ist immer NationZoom und lässt sich nicht ändern
    Plagegeister aller Art und deren Bekämpfung - 08.01.2014 (26)
  8. Nationzoom als Startseite und dauernd Werbung!
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (5)
  9. Nationzoom als Startseite lässt sich nicht ändern/entfernen
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (1)
  10. Firefox macht sich selbständig (extrem viele Fenster, plötzlich öffnende Startseite)
    Plagegeister aller Art und deren Bekämpfung - 23.11.2013 (21)
  11. Startseite protectedsearch nicht veränderbar
    Log-Analyse und Auswertung - 05.12.2011 (15)
  12. Firefox viele Seiten funktionieren nicht.
    Log-Analyse und Auswertung - 16.03.2011 (1)
  13. Desktopbild nicht veränderbar
    Alles rund um Windows - 15.09.2007 (4)
  14. Internet Startseite nicht veränderbar
    Log-Analyse und Auswertung - 07.02.2007 (2)
  15. IE 6.0 Startseite nicht veränderbar
    Log-Analyse und Auswertung - 17.07.2006 (5)
  16. IE Startseite nicht veränderbar
    Log-Analyse und Auswertung - 10.07.2006 (24)
  17. IE Startseite nicht mehr veränderbar
    Log-Analyse und Auswertung - 25.11.2005 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Im IE und firefox ist Startseite Nationzoom.com und nicht veränderbar, viele popups - OK, das war ein Versehen. Hier nun die FRST Version FRST Logfile: Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01 Ran - Im IE und firefox ist Startseite Nationzoom.com und nicht veränderbar, viele popups...
Archiv
Du betrachtest: Im IE und firefox ist Startseite Nationzoom.com und nicht veränderbar, viele popups auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131