Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung

Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung


Log-Analyse und Auswertung: Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.03.2014, 09:57   #1
Max Frisch
 
Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung - Standard

Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung


Lieber Helferinnen, liebe Helfer,

ich wende mich an Euch mit der Bitte um Hilfe.

Ich benutze Windows Home 7 Premium in einer 64bit Version.
Bei dem Versuch Java Runtime auf den neusten Stand zu bringen, gab es ein Problem (welches ich inzwischen lösen konnte, indem ich JRE komplett deinstalliert und dann neu installiert habe). JAVA forderte mich auf das Fixit Programm von Microsoft auszuführen (MicrosoftFixit.ProgramInstallUninstall.RNP.Run). Dabei bekomme ich jedoch folgende Fehlermeldung:
We're sorry, but the program encountered an erro trying to contact the server. Please try again later. [Code 8004FE2C]
Eine kurze Google-Suche deutet in mehreren Fällen auf eine Infizierung des Systems mit Schadsoftware. Um diese Situation bei mir ausschließen zu können, wende ich mich an Euch.

Ich habe versucht, mich an die "Für alle Hilfesuchenden!"-Regeln zu halten, defogger, FRST und GMER installiert und ausgeführt, es folgt der jeweilige Inhalt der jeweiligen Textdateien .

Ich bin sehr froh über die Möglichkeit, die mir dieses Forum bietet, bin mir dabei völlig im Klaren, dass jegliche Hilfe alles andere als eine Selbstverständlichkeit ist und danke Euch deshalb schon im Voraus für Eure Mühe.

Viele Grüße

Max

defogger_disable.log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:20 on 16/03/2014 (Alex)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Alex (administrator) on MOSES on 16-03-2014 09:20:46
Running from C:\Users\Alex\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Message Controller\AsMessageController.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\EeeManager.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\AsShellApplication.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\EMOSDControl\EMOSDControl.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\EMMessageParser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11048040 2010-07-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2103912 2010-07-22] (Realtek Semiconductor)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [OOBESetup] - C:\Program Files (x86)\asus\OOBERegBackup\OOBERegBackup.exe [334848 2009-11-12] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [AsShellApplication] - C:\Program Files (x86)\ASUS\Eee Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCInstallQueue] - rundll32 netman.dll,ProcessQueue [360448 2009-07-14] (Microsoft Corporation)
HKU\.DEFAULT\...\Policies\system: [LogonHoursAction] 2
HKU\.DEFAULT\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Run: [CTZDetec.exe] - C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe [368640 2008-04-24] (Creative Technology Ltd.)
HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\login\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\login\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\login\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\schtasks.lnk
ShortcutTarget: schtasks.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1000\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fm4.orf.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCACA911FDE26CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=DCC000FF046C4137&affID=119557&tt=070813_wc1&tsp=4970
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
BHO-x32: SaveByclick - {54DF9152-A1C9-25FF-CAFE-1F9FB5F3B5C1} - C:\ProgramData\SaveByclick\5102497f92a47.dll ()
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF Homepage: hxxp://fm4.orf.at/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdrmv2.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwmsdrm.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SaveByclick - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\5102497f928b4@5102497f928ef.com [2013-01-25]
FF Extension: German Dictionary - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-15]
FF Extension: Zotero Word for Windows Integration - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\zoteroWinWordIntegration@zotero.org [2013-12-12]
FF Extension: Hide My Ass Proxy Extension - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\extension@hidemyass.com.xpi [2011-09-10]
FF Extension: Stealthy - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\stealthyextension@gmail.com.xpi [2011-09-10]
FF Extension: TrackMeNot - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2011-06-01]
FF Extension: Zotero - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\zotero@chnm.gmu.edu.xpi [2014-03-10]
FF Extension: NoScript - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-08-01]
FF Extension: Adblock Plus - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-01]
FF Extension: BetterPrivacy - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-07-01]
FF Extension: vshare Add-On - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2011-09-13]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF [2013-12-28]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\ []

Chrome: 
=======
CHR Extension: (SaveByclick) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\malimhenbijpbhhahdbcfjehicncoknh [2013-01-25]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-01-31]

==================== Services (Whitelisted) =================

R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-06-03] (The OpenVPN Project)

==================== Drivers (Whitelisted) ====================

R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-06-11] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140314.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20140315.009\ENG64.SYS [126040 2014-03-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20140315.009\EX64.SYS [2099288 2014-03-10] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-12-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R3 USTOR2K; C:\Windows\System32\DRIVERS\ustor2k.sys [52224 2010-02-22] (Genesys Logic)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 kxddypow; \??\C:\Users\Alex\AppData\Local\Temp\kxddypow.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-16 09:20 - 2014-03-16 09:20 - 00021188 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-03-16 09:20 - 2014-03-16 09:20 - 00000470 _____ () C:\Users\Alex\Desktop\defogger_disable.log
2014-03-16 09:19 - 2014-03-16 08:42 - 02157056 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-03-16 09:19 - 2014-03-16 08:42 - 00380416 _____ () C:\Users\Alex\Desktop\xpcnmm1p.exe
2014-03-16 09:19 - 2014-03-16 08:42 - 00050477 _____ () C:\Users\Alex\Desktop\Defogger.exe
2014-03-16 09:04 - 2014-03-16 09:20 - 00000000 ____D () C:\FRST
2014-03-16 09:04 - 2014-03-16 09:04 - 00000168 _____ () C:\Users\Alex\defogger_reenable
2014-03-16 08:30 - 2014-03-16 08:30 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-16 08:30 - 2014-03-16 08:30 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-16 08:30 - 2014-03-16 08:30 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-16 08:30 - 2014-03-16 08:30 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-13 20:49 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 20:49 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 20:49 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 20:49 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 20:49 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 20:49 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 20:49 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 20:49 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 20:49 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 20:49 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 20:49 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 20:49 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 20:49 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 20:49 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 20:49 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 20:49 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 20:49 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 20:49 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 20:49 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 20:49 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 20:49 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 20:49 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 20:49 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 20:49 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 20:49 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 20:49 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 20:49 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 20:49 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 20:49 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 20:49 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 20:49 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 20:49 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 20:49 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 20:49 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 20:49 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 20:49 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 20:49 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 20:49 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 20:49 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 20:49 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 20:49 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 20:49 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 20:49 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 20:49 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 20:49 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 20:49 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 20:49 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 20:49 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-06 08:47 - 2014-03-06 08:46 - 05426640 _____ () C:\Users\Alex\Desktop\Newold.tif
2014-02-28 09:18 - 2014-02-28 09:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-28 09:18 - 2014-02-28 09:18 - 00000000 ____D () C:\Users\Alex\AppData\Local\Skype
2014-02-22 21:16 - 2014-02-22 21:16 - 00173454 _____ () C:\Users\Andy\Desktop\handschuh ferse.bmp
2014-02-16 13:53 - 2014-02-16 13:53 - 00058516 _____ () C:\Users\Alex\Documents\ESt2013_Minius_Andreea.elfo
2014-02-16 13:18 - 2014-02-16 13:18 - 00056575 _____ () C:\Users\Alex\Documents\ESt2013_Koplenig_Alexander.elfo
2014-02-15 17:19 - 2014-02-15 17:19 - 00001237 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-02-15 17:19 - 2014-02-15 17:19 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-02-15 17:18 - 2014-02-15 17:18 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Andy\Downloads\ElsterFormular-15.0.20140212p(1).exe
2014-02-15 17:17 - 2014-02-15 17:18 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Andy\Downloads\ElsterFormular-15.0.20140212p.exe
2014-02-15 16:29 - 2014-02-15 16:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-16 09:20 - 2014-03-16 09:20 - 00021188 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-03-16 09:20 - 2014-03-16 09:20 - 00000470 _____ () C:\Users\Alex\Desktop\defogger_disable.log
2014-03-16 09:20 - 2014-03-16 09:04 - 00000000 ____D () C:\FRST
2014-03-16 09:14 - 2012-04-13 17:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-16 09:06 - 2013-01-16 19:27 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Skype
2014-03-16 09:04 - 2014-03-16 09:04 - 00000168 _____ () C:\Users\Alex\defogger_reenable
2014-03-16 09:04 - 2011-05-31 16:59 - 00000000 ____D () C:\Users\Alex
2014-03-16 08:53 - 2011-05-31 16:57 - 01099312 _____ () C:\Windows\WindowsUpdate.log
2014-03-16 08:43 - 2011-06-09 18:26 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-03-16 08:42 - 2014-03-16 09:19 - 02157056 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-03-16 08:42 - 2014-03-16 09:19 - 00380416 _____ () C:\Users\Alex\Desktop\xpcnmm1p.exe
2014-03-16 08:42 - 2014-03-16 09:19 - 00050477 _____ () C:\Users\Alex\Desktop\Defogger.exe
2014-03-16 08:33 - 2011-08-14 14:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-16 08:33 - 2011-06-02 09:41 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-16 08:30 - 2014-03-16 08:30 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-16 08:30 - 2014-03-16 08:30 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-16 08:30 - 2014-03-16 08:30 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-16 08:30 - 2014-03-16 08:30 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-16 08:30 - 2013-10-17 12:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-16 08:20 - 2012-01-17 17:16 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Dropbox
2014-03-16 08:03 - 2009-07-14 05:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 08:03 - 2009-07-14 05:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 07:58 - 2012-01-23 10:30 - 00000000 ____D () C:\Users\Alex\AppData\Local\FreePDF_XP
2014-03-16 07:58 - 2011-08-14 14:17 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-16 07:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-16 07:56 - 2009-07-14 05:51 - 00177420 _____ () C:\Windows\setupact.log
2014-03-15 16:38 - 2009-08-29 02:51 - 00713958 _____ () C:\Windows\system32\perfh007.dat
2014-03-15 16:38 - 2009-08-29 02:51 - 00154074 _____ () C:\Windows\system32\perfc007.dat
2014-03-15 16:38 - 2009-07-14 06:13 - 01648656 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-15 16:33 - 2009-07-14 05:45 - 00425240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 21:59 - 2012-10-23 10:51 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Skype
2014-03-13 20:43 - 2012-07-01 14:34 - 00000000 ____D () C:\Users\Andy\AppData\Local\FreePDF_XP
2014-03-12 19:14 - 2012-04-13 17:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 19:14 - 2012-04-13 17:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 19:14 - 2011-05-31 18:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-10 09:24 - 2012-03-10 10:16 - 00000000 ____D () C:\Users\Alex\AppData\Local\Deployment
2014-03-10 09:03 - 2013-12-07 08:54 - 00000000 ____D () C:\Users\Alex\Documents\Sammelband BZV
2014-03-10 09:03 - 2013-12-07 08:54 - 00000000 ____D () C:\Users\Alex\Documents\Datenanalyse-Einführung_2013
2014-03-10 09:02 - 2013-12-07 08:54 - 00000000 ____D () C:\Users\Alex\Documents\Burmesisch
2014-03-08 18:13 - 2012-02-17 09:26 - 00000000 ____D () C:\Users\Alex\AppData\Local\FE1A721D-403E-4008-A26F-F1182F15E75C.aplzod
2014-03-06 09:42 - 2013-07-31 08:22 - 00002046 ____H () C:\Users\Alex\Documents\Default.rdp
2014-03-06 08:46 - 2014-03-06 08:47 - 05426640 _____ () C:\Users\Alex\Desktop\Newold.tif
2014-03-02 15:15 - 2013-03-17 16:13 - 00000000 ____D () C:\Windows\rescache
2014-03-01 07:05 - 2014-03-13 20:49 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 20:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 20:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 20:49 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 20:49 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 20:49 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 20:49 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 20:49 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 20:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 20:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 20:49 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 20:49 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 20:49 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 20:49 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 20:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 20:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 20:49 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 20:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 20:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 20:49 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 20:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 20:49 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 20:49 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 20:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 20:49 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 20:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 20:49 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 20:49 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 20:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 20:49 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 20:49 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 20:49 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 20:49 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 20:49 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 20:49 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 20:49 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 20:49 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 20:49 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 20:49 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 09:18 - 2014-02-28 09:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-28 09:18 - 2014-02-28 09:18 - 00000000 ____D () C:\Users\Alex\AppData\Local\Skype
2014-02-28 09:18 - 2011-07-21 16:39 - 00000000 ____D () C:\ProgramData\Skype
2014-02-26 12:49 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-25 20:20 - 2011-09-09 11:41 - 01622000 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 19:26 - 2011-05-19 00:53 - 01293224 _____ () C:\Windows\PFRO.log
2014-02-22 21:16 - 2014-02-22 21:16 - 00173454 _____ () C:\Users\Andy\Desktop\handschuh ferse.bmp
2014-02-21 14:28 - 2011-08-14 14:17 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-21 14:28 - 2011-08-14 14:17 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-21 13:20 - 2014-01-09 13:06 - 00000000 ____D () C:\Users\Alex\AppData\Local\CrashDumps
2014-02-21 13:20 - 2013-01-27 09:13 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\vlc
2014-02-17 20:14 - 2013-08-15 13:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 20:12 - 2011-09-09 09:56 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 13:53 - 2014-02-16 13:53 - 00058516 _____ () C:\Users\Alex\Documents\ESt2013_Minius_Andreea.elfo
2014-02-16 13:18 - 2014-02-16 13:18 - 00056575 _____ () C:\Users\Alex\Documents\ESt2013_Koplenig_Alexander.elfo
2014-02-16 12:53 - 2012-02-12 12:24 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\elsterformular
2014-02-16 11:56 - 2012-12-26 19:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 17:20 - 2013-02-07 20:19 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\elsterformular
2014-02-15 17:19 - 2014-02-15 17:19 - 00001237 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-02-15 17:19 - 2014-02-15 17:19 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-02-15 17:18 - 2014-02-15 17:18 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Andy\Downloads\ElsterFormular-15.0.20140212p(1).exe
2014-02-15 17:18 - 2014-02-15 17:17 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Andy\Downloads\ElsterFormular-15.0.20140212p.exe
2014-02-15 16:29 - 2014-02-15 16:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Files to move or delete:
====================
C:\Users\Alex\AppData\Roaming\CamLayout.ini
C:\Users\Alex\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Alex\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-03-02 15:08

==================== End Of Log ============================
Gmer.txt
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-16 09:38:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3750528AS rev.CC46 698.64GB
Running: xpcnmm1p.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxddypow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                          00000000766e1465 2 bytes [6E, 76]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                         00000000766e14bb 2 bytes [6E, 76]
.text    ...                                                                                                                                                                                                                      * 2
.text    C:\Users\login\AppData\Roaming\Dropbox\bin\Dropbox.exe[3940] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                     00000000766e1465 2 bytes [6E, 76]
.text    C:\Users\login\AppData\Roaming\Dropbox\bin\Dropbox.exe[3940] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                    00000000766e14bb 2 bytes [6E, 76]
.text    ...                                                                                                                                                                                                                      * 2
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                                                00000000778ffcb0 5 bytes JMP 000000010032091c
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                              00000000778ffe14 5 bytes JMP 0000000100320048
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                                                                                       00000000778ffea8 5 bytes JMP 00000001003202ee
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                                    0000000077900004 5 bytes JMP 00000001003204b2
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                                            0000000077900038 5 bytes JMP 00000001003209fe
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                                                                    0000000077900068 5 bytes JMP 0000000100320ae0
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                                                 0000000077900084 5 bytes JMP 0000000100020050
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                                                                    000000007790079c 5 bytes JMP 000000010032012a
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                                                        000000007790088c 5 bytes JMP 0000000100320758
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                                  00000000779008a4 5 bytes JMP 0000000100320676
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                                      0000000077900df4 5 bytes JMP 00000001003203d0
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                                                                0000000077901920 5 bytes JMP 0000000100320594
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                                            0000000077901be4 5 bytes JMP 000000010032083a
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                                                                   0000000077901d70 5 bytes JMP 000000010032020c
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                                                                                  00000000757d524f 7 bytes JMP 0000000100320f52
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                                                                                      00000000757d53d0 7 bytes JMP 0000000100330210
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                                                                                     00000000757d5677 1 byte JMP 0000000100330048
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                                                                                     00000000757d5679 5 bytes {JMP 0xffffffff8ab5a9d1}
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                                                                            00000000757d589a 7 bytes JMP 0000000100320ca6
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                                                                            00000000757d5a1d 7 bytes JMP 00000001003303d8
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                                                                                       00000000757d5c9b 7 bytes JMP 000000010033012c
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                                                                                         00000000757d5d87 7 bytes JMP 00000001003302f4
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                                                                                        00000000757d7240 7 bytes JMP 0000000100320e6e
.text    C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                                                                                       0000000075731492 7 bytes JMP 00000001003304bc
---- Processes - GMER 2.1 ----

Library  C:\Users\login\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2252] (Dropbox Shell Extension/Dropbox, Inc.)(2011-12-05 19:17:22)                                        0000000010000000
Library  C:\Users\login\AppData\Roaming\Dropbox\bin\MSVCR71.dll (*** suspicious ***) @ C:\Users\login\AppData\Roaming\Dropbox\bin\Dropbox.exe [3940] (Microsoft® C Runtime Library/Microsoft Corporation)(2007-07-18 21:33:54)    000000007c340000
Library  C:\Users\login\AppData\Roaming\Dropbox\bin\MSVCP71.dll (*** suspicious ***) @ C:\Users\login\AppData\Roaming\Dropbox\bin\Dropbox.exe [3940] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2011-09-29 00:53:44)  000000007c3a0000

---- EOF - GMER 2.1 ----

 

Themen zu Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung
.dll, administrator, adobe, bonjour, browser, combofix, explorer, fehlermeldung, fix it fixit 8004fe2c, flash player, focus, home, homepage, mozilla, ntdll.dll, problem, programm, proxy, realtek, registry, rootkit, rundll, security, svchost.exe, symantec, temp, windows, winlogon.exe


« Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? | Conduit Search »


Ähnliche Themen: Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung


  1. Kein Updates Windows 7 u. Avira mehr möglich Hinweis!
    Plagegeister aller Art und deren Bekämpfung - 16.09.2015 (1)
  2. Hinweis zur Reparatur von Windows
    Log-Analyse und Auswertung - 26.10.2014 (18)
  3. Windows 8.1: Trojaner - Hinweis durch Online-Banking
    Log-Analyse und Auswertung - 05.06.2014 (6)
  4. Windows 7 64 bit: Windows Updates werden nicht installiert (Fehler: Code 80246008)
    Log-Analyse und Auswertung - 08.01.2014 (1)
  5. Vista Home Premium SP2: Fehlermeldung bei Aufruf von allen exe-Dateien: "xxx.exe - Ungültiges Bild"
    Log-Analyse und Auswertung - 13.11.2013 (9)
  6. Weißer Bildschirm nach Windows-Start (Windows 7 Premium Home)
    Plagegeister aller Art und deren Bekämpfung - 28.08.2013 (13)
  7. Weißer Bildschirm beim Start von Windows 7 mit Bundespolizei Hinweis
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (18)
  8. Microsoft-Update schlägt fehl (Secunia Fehlermeldung)
    Alles rund um Windows - 02.04.2013 (2)
  9. Windows7 Home Premium Update Fehler. Error Code: 80070643 und 80071A91; Mic.Answers vermutet Befall
    Log-Analyse und Auswertung - 05.04.2012 (20)
  10. Windows 7 blockiert beim Starten mit Hinweis "Achtung Windows wurde gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (9)
  11. Microsoft veröffentlicht Code-Sample-Katalog
    Nachrichten - 25.02.2011 (0)
  12. Logfile nach Infizierung durch Microsoft Security Essentials Alert und soo -.-
    Log-Analyse und Auswertung - 15.01.2011 (58)
  13. Fünf Mal "Remote Code Execution" zum Microsoft Patchday
    Nachrichten - 04.09.2009 (0)
  14. Fehlermeldung Microsoft Visual C++ Debug Library
    Mülltonne - 03.10.2008 (1)
  15. Microsoft Office Outlook 2003 Fehlermeldung
    Alles rund um Windows - 03.01.2008 (2)
  16. Windows Logon - Hinweis auf neue Mails
    Alles rund um Windows - 30.07.2005 (5)
  17. hinweis zum windows xp sp1a
    Alles rund um Windows - 09.02.2003 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung - Lieber Helferinnen, liebe Helfer, ich wende mich an Euch mit der Bitte um Hilfe. Ich benutze Windows Home 7 Premium in einer 64bit Version. Bei dem Versuch Java Runtime auf - Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung...
Archiv
Du betrachtest: Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131