| |
| |||||||
Log-Analyse und Auswertung: Verdacht eine verseuchte E-Mail geöffnet zu haben.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.03.2014, 14:47
| #1 |
| |  Verdacht eine verseuchte E-Mail geöffnet zu haben. E-Mail von einer Bekannten, mit sinnvollem Betreff erweist sich als Fake. Der Anhang wurde bereits heruntergeladen und geöffnet. PC ist seit längerem langsam und unternimmt Aktivitäten, die nicht nachvollziehbar sind. Angehängte Logs: Frst-txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Nasenhirsch (administrator) on NOBBI on 16-03-2014 13:04:46
Running from C:\Users\Nasenhirsch\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-14] (APN)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [Norton Download Manager{N360P202122-SHPD-FSD31014}] - C:\Users\Public\Downloads\Norton\{N360P202122-SHPD-FSD31014}\N360Downloader.exe [916616 2013-01-30] (Symantec Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\Run: [Google Update] - C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-17] (Google Inc.)
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: {15286aa8-17c8-11df-9da5-001636f061ef} - F:\installer.exe
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: {22bab632-b32c-11de-90a1-001636f061ef} - F:\installer.exe
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: {7c48f2ac-c85b-11de-8a2d-001636f061ef} - G:\LaunchU3.exe -a
==================== Internet (Whitelisted) ====================
ProxyServer: proxy.fh-muenster.de:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ecosia.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop
URLSearchHook: HKCU - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
SearchScopes: HKLM - {C34E0C95-69B8-4CC0-BA56-B7E865B71427} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {08B2520D-73E6-4F25-AE60-5C92FAE59C83} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0EB39B9B-F2E3-4BEF-995C-7B473D61F12D&apn_sauid=C5B3DBF5-46AC-4568-94B9-F75EB59269AF
SearchScopes: HKCU - {AF5E2404-1058-492C-82AC-A7334F8E5563} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
SearchScopes: HKCU - {BE9654C9-9D79-42ec-B55A-3CAEB12DBF58} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {C34E0C95-69B8-4CC0-BA56-B7E865B71427} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default
FF SearchEngineOrder.1: Ask.com
FF NetworkProxy: "backup.ftp", "proxy.fh-muenster.de"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "proxy.fh-muenster.de"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "proxy.fh-muenster.de"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "proxy.fh-muenster.de"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "proxy.fh-muenster.de"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.fh-muenster.de"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "proxy.fh-muenster.de"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin - C:\Program Files\Java\jre6\bin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Nasenhirsch\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Nasenhirsch\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Evernote Web Clipper - C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-01-16]
FF Extension: BibSonomy Buttons - C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\Extensions\buttons@bibsonomy.org.xpi [2012-12-06]
FF Extension: Google Toolbar for Firefox - C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}.xpi [2008-03-02]
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2014-02-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFF [2013-10-10]
Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-09-02]
CHR Extension: (Norton Identity Protection) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-08-29]
CHR Extension: (Google Wallet) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\Exts\Chrome.crx [2013-06-15]
CHR HKLM\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2014-02-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-14] (APN LLC.)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2006-11-25] ()
R2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2006-11-25] ()
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984 2006-12-04] (Hewlett-Packard)
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X]
S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
==================== Drivers (Whitelisted) ====================
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-06-28] (Hewlett-Packard Development Company, L.P.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-02] (Symantec Corporation)
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-19] (Conexant Systems Inc.)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [99968 2009-02-09] (Guillemot Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20140314.001\IDSvix86.sys [395992 2014-03-06] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20140315.009\NAVENG.SYS [93272 2014-03-03] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20140315.009\NAVEX15.SYS [1612376 2014-03-03] (Symantec Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (PixArt Imaging Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S3 usbsermpt; C:\Windows\System32\DRIVERS\usbsermpt.sys [22768 2007-03-03] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-16 13:05 - 2014-03-16 13:05 - 00380416 _____ () C:\Users\Nasenhirsch\Downloads\Gmer-19357.exe
2014-03-16 12:55 - 2014-03-16 13:04 - 00033099 _____ () C:\Users\Nasenhirsch\Downloads\Addition.txt
2014-03-16 12:53 - 2014-03-16 13:06 - 00020908 _____ () C:\Users\Nasenhirsch\Downloads\FRST.txt
2014-03-16 12:52 - 2014-03-16 13:04 - 00000000 ____D () C:\FRST
2014-03-16 12:51 - 2014-03-16 12:51 - 01145856 _____ (Farbar) C:\Users\Nasenhirsch\Downloads\FRST.exe
2014-03-16 12:48 - 2014-03-16 12:50 - 00000484 _____ () C:\Users\Nasenhirsch\Downloads\defogger_disable.log
2014-03-16 12:48 - 2014-03-16 12:48 - 00000000 _____ () C:\Users\Nasenhirsch\defogger_reenable
2014-03-16 12:47 - 2014-03-16 12:47 - 00050477 _____ () C:\Users\Nasenhirsch\Downloads\Defogger.exe
2014-03-16 12:39 - 2014-03-16 12:39 - 00000796 _____ () C:\Windows\setupact.log
2014-03-16 12:39 - 2014-03-16 12:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-16 09:46 - 2014-03-16 09:49 - 00000000 ____D () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333
2014-03-16 09:43 - 2014-03-16 09:43 - 00131402 _____ () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333.zip
2014-03-12 19:17 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 19:17 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 19:17 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 19:17 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 19:17 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 19:17 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 19:17 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-12 19:17 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 19:17 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 19:17 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 19:17 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 19:17 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 19:17 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-12 19:17 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 19:17 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-12 19:17 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 16:28 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 16:28 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 16:28 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 16:28 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-18 19:08 - 2014-02-18 19:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-03-16 13:06 - 2014-03-16 12:53 - 00020908 _____ () C:\Users\Nasenhirsch\Downloads\FRST.txt
2014-03-16 13:05 - 2014-03-16 13:05 - 00380416 _____ () C:\Users\Nasenhirsch\Downloads\Gmer-19357.exe
2014-03-16 13:04 - 2014-03-16 12:55 - 00033099 _____ () C:\Users\Nasenhirsch\Downloads\Addition.txt
2014-03-16 13:04 - 2014-03-16 12:52 - 00000000 ____D () C:\FRST
2014-03-16 12:51 - 2014-03-16 12:51 - 01145856 _____ (Farbar) C:\Users\Nasenhirsch\Downloads\FRST.exe
2014-03-16 12:50 - 2014-03-16 12:48 - 00000484 _____ () C:\Users\Nasenhirsch\Downloads\defogger_disable.log
2014-03-16 12:48 - 2014-03-16 12:48 - 00000000 _____ () C:\Users\Nasenhirsch\defogger_reenable
2014-03-16 12:48 - 2007-03-03 14:41 - 00000000 ____D () C:\Users\Nasenhirsch
2014-03-16 12:47 - 2014-03-16 12:47 - 00050477 _____ () C:\Users\Nasenhirsch\Downloads\Defogger.exe
2014-03-16 12:46 - 2012-07-18 07:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-16 12:41 - 2012-08-29 13:22 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000UA.job
2014-03-16 12:41 - 2007-03-04 06:26 - 01729787 _____ () C:\Windows\WindowsUpdate.log
2014-03-16 12:41 - 2006-11-02 11:33 - 01567294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 12:39 - 2014-03-16 12:39 - 00000796 _____ () C:\Windows\setupact.log
2014-03-16 12:39 - 2014-03-16 12:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-16 12:11 - 2010-02-04 17:46 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-16 12:09 - 2012-08-29 13:22 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000Core.job
2014-03-16 11:36 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 11:36 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 11:16 - 2012-04-13 08:10 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\LBV
2014-03-16 11:15 - 2012-08-29 13:27 - 00002064 _____ () C:\Users\Nasenhirsch\Desktop\Google Chrome.lnk
2014-03-16 09:49 - 2014-03-16 09:46 - 00000000 ____D () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333
2014-03-16 09:44 - 2010-02-04 17:46 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-16 09:43 - 2014-03-16 09:43 - 00131402 _____ () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333.zip
2014-03-13 19:46 - 2012-04-06 12:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-13 19:46 - 2011-05-21 19:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-13 11:53 - 2012-06-13 09:42 - 00002591 _____ () C:\Users\Nasenhirsch\Desktop\Microsoft Office Word 2007.lnk
2014-03-13 06:50 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-13 06:28 - 2011-06-20 18:07 - 00004892 _____ () C:\Users\Nasenhirsch\AppData\Local\d3d9caps.dat
2014-03-12 20:19 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-12 20:18 - 2006-11-02 13:47 - 00312720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 20:15 - 2008-09-25 07:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 20:15 - 2006-12-20 22:21 - 02164120 _____ () C:\Windows\PFRO.log
2014-03-12 19:38 - 2006-12-20 21:42 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-12 19:38 - 2006-11-02 14:01 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-12 19:32 - 2009-07-16 19:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 19:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-12 19:06 - 2009-10-28 20:13 - 00000000 ____D () C:\Users\Nasenhirsch\AppData\Roaming\Skype
2014-03-10 18:11 - 2010-06-25 15:52 - 00000000 ____D () C:\Users\Nasenhirsch\AppData\Local\Audible
2014-03-09 11:13 - 2012-06-13 09:41 - 00002633 _____ () C:\Users\Nasenhirsch\Desktop\Microsoft Office PowerPoint 2007.lnk
2014-03-08 08:41 - 2012-11-27 17:56 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\Mäusestrategie
2014-03-06 20:21 - 2007-03-03 15:55 - 00019860 _____ () C:\Users\Nasenhirsch\AppData\Roaming\wklnhst.dat
2014-03-01 16:18 - 2011-06-07 16:51 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\Studium
2014-02-28 08:16 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-23 17:56 - 2012-08-09 07:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-23 06:50 - 2014-03-12 19:17 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 06:47 - 2014-03-12 19:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 06:43 - 2014-03-12 19:17 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 06:41 - 2014-03-12 19:17 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 06:40 - 2014-03-12 19:17 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 06:39 - 2014-03-12 19:17 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 06:38 - 2014-03-12 19:17 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 06:38 - 2014-03-12 19:17 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 06:38 - 2014-03-12 19:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 06:37 - 2014-03-12 19:17 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 06:37 - 2014-03-12 19:17 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 06:37 - 2014-03-12 19:17 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 06:37 - 2014-03-12 19:17 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 06:36 - 2014-03-12 19:17 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 06:36 - 2014-03-12 19:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 06:35 - 2014-03-12 19:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-18 19:09 - 2014-02-18 19:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 04:17 - 2013-08-10 08:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 03:53 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
Some content of TEMP:
====================
C:\Users\Nasenhirsch\AppData\Local\Temp\ose00000.exe
C:\Users\Nasenhirsch\AppData\Local\Temp\_isA37A.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Nasenhirsch at 2014-03-16 13:09:35
Running from C:\Users\Nasenhirsch\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton 360 Premier Edition (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier Edition (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C0A03}) (Version: 12.10.3.28 - APN, LLC) <==== ATTENTION
ASL_HS_Installer32 (Version: 1.0.9 - Hewlett-Packard) Hidden
AudibleManager (HKLM\...\AudibleManager) (Version: 99881261.-2.2005037174.2005036188 - Audible, Inc.)
Christmas Eve (HKLM\...\Christmas Eve) (Version: - )
Citavi (HKLM\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.1.15.0 - Swiss Academic Software)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - )
Dia (nur entfernen) (HKLM\...\Dia) (Version: - )
Diagram Designer (HKLM\...\Diagram Designer) (Version: - )
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.2.0.0 - )
EPSON Easy Photo Print (HKLM\...\{B8890B12-4E4C-4E53-9ECB-96193BBA7767}) (Version: 1.4.0.0 - )
EPSON File Manager (HKLM\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON Print CD (HKLM\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.50.000 - )
EPSON PRINT Image Framer Tool (HKLM\...\{956673F5-0C6B-4428-A5D1-277AF533E098}) (Version: 3.2.0.0 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version: - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
ESPRX560_590 Benutzerhandbuch (HKLM\...\ESPRX560_590 Benutzerhandbuch) (Version: - )
Falk Navi-Manager (HKLM\...\{3222B0CE-59C5-4CA0-B545-2B88F200756B}) (Version: 2.8.0 - Falk Navigation GmbH)
Falk Navi-Manager (Version: 2.2.0.0 - Falk Navigation GmbH) Hidden
Free Xmas Screensaver 1.0 (HKLM\...\Free Xmas Screensaver_is1) (Version: - )
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Hewlett-Packard Active Check (Version: 1.1.4.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent (Version: 2.0.55.0 - HP) Hidden
HP Active Support Library (Version: 1.0.21 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP Help and Support (HKLM\...\{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}) (Version: 1.0.0 - Hewlett-Packard)
HP Quick Launch Buttons 6.10 B9 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.10 B9 - Hewlett-Packard)
HP QuickPlay 3.0 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.007 - Hewlett-Packard)
HP User Guide 0048 (HKLM\...\{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}) (Version: 1.02.0004 - Ihr Firmenname)
HP Wireless Assistant (HKLM\...\{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}) (Version: 3.00 B2 - Hewlett-Packard)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
iTunes (HKLM\...\{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}) (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version: - )
LevelOne Media Control Embedded (HKLM\...\LevelOne Media Control Embedded) (Version: 1.0.1.18 - )
LightScribe 1.4.124.1 (Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 Trial (HKLM\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Reader (HKLM\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - )
Microsoft Reader Text-to-Speech deutsch (HKLM\...\{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}) (Version: 01.00.0000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetObjects Fusion 12.0 (HKLM\...\{5434DE40-0848-49BF-8BDC-94BAE7A33041}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (Version: 12.00.5000.5041 - NetObjects) Hidden
Norton 360 Premier Edition (HKLM\...\N360) (Version: 20.4.0.40 - Symantec Corporation)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)
phase-6-basic 2.1.2.4b (HKLM\...\phase-6-basic) (Version: 2.1.2.4b - phase-6)
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synthesia (HKLM\...\Synthesia) (Version: 8.4 - Synthesia LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile® Device Handbook (HKLM\...\Windows Mobile Device Handbook) (Version: 1.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
==================== Restore Points =========================
08-02-2014 17:21:51 Norton 360 Registry Clean
14-02-2014 02:01:07 Windows Update
25-02-2014 16:24:46 Windows Update
27-02-2014 20:34:23 Windows Update
28-02-2014 06:20:37 Windows Update
12-03-2014 18:09:45 Windows Update
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0736AD87-88F2-4D1A-A9AA-F154A04BCFF7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000UA => C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3B7E399F-44BC-4BAF-9655-96A9DED46522} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000Core => C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {440FB657-B19B-46F8-9B15-AE1CF1E6857E} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {66B91388-8448-4F3E-8A95-532768A0F6D3} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {70E4AD9A-E437-407F-8E80-BF16EB7F09CE} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade
Task: {72E9C998-3454-4CCE-87AA-9D65C6AB8CE1} - System32\Tasks\{74BCCAEC-F60E-40BC-8E6E-1446A36020CD} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {8B2E00DF-4951-4337-B030-C49F443D3219} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: {9A9F7034-69AF-41CE-A4B5-CA09D08B85BD} - System32\Tasks\Datenträgerbereinigung => C:\Windows\System32\cleanmgr.exe [2006-11-02] (Microsoft Corporation)
Task: {A389AFAC-E184-4C7C-9FAA-0EE5CB4634A6} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {A78504D5-82C1-420D-B69D-C4C79DAD4EB5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {B9A443D6-0AF4-4441-B920-0BDBD863407A} - System32\Tasks\{EC42D3EA-239A-4518-B460-4DE913B419F3} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {B9E96C21-9F53-4688-88FD-6DE924BE01EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {D92F8D56-0C34-4250-A31D-F4B54B3520F7} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {DB38DD90-2678-45A2-B422-A708CCCFE061} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {FA0091BE-8CAC-485C-80BC-CF6F93DBC46D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000Core.job => C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000UA.job => C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-16 14:39:28
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHV2120BH_PL rev.892C 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\NASENH~1\AppData\Local\Temp\pxldqpog.sys
---- System - GMER 2.1 ----
SSDT 86A34E40 ZwAlertResumeThread
SSDT 86A34ED8 ZwAlertThread
SSDT 86A317A0 ZwAllocateVirtualMemory
SSDT 86A50008 ZwAlpcConnectPort
SSDT 86A348B8 ZwAssignProcessToJobObject
SSDT 86A34C68 ZwCreateMutant
SSDT 86A4DB08 ZwCreateSymbolicLinkObject
SSDT 86A2F198 ZwCreateThread
SSDT 86A34950 ZwDebugActiveProcess
SSDT 86A2D918 ZwDuplicateObject
SSDT 86A2F820 ZwFreeVirtualMemory
SSDT 86A34D10 ZwImpersonateAnonymousToken
SSDT 86A34DA8 ZwImpersonateThread
SSDT 86A50F90 ZwLoadDriver
SSDT 86A2F788 ZwMapViewOfSection
SSDT 86A34BD0 ZwOpenEvent
SSDT 86A4BE78 ZwOpenProcess
SSDT 86A2D470 ZwOpenProcessToken
SSDT 86A34AA0 ZwOpenSection
SSDT 86A4B608 ZwOpenThread
SSDT 86A34810 ZwProtectVirtualMemory
SSDT 86A34F70 ZwResumeThread
SSDT 86A34330 ZwSetContextThread
SSDT 86A343C8 ZwSetInformationProcess
SSDT 86A349E8 ZwSetSystemInformation
SSDT 86A34B38 ZwSuspendProcess
SSDT 86A34200 ZwSuspendThread
SSDT 86AB09A0 ZwTerminateProcess
SSDT 86A34298 ZwTerminateThread
SSDT 86A34450 ZwUnmapViewOfSection
SSDT 86A31970 ZwWriteVirtualMemory
SSDT 86A4DB90 ZwCreateThreadEx
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 826F0768 8 Bytes [40, 4E, A3, 86, D8, 4E, A3, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 826F077C 4 Bytes [A0, 17, A3, 86]
.text ntkrnlpa.exe!KeSetEvent + 13D 826F0788 4 Bytes [08, 00, A5, 86]
.text ntkrnlpa.exe!KeSetEvent + 191 826F07DC 4 Bytes [B8, 48, A3, 86]
.text ntkrnlpa.exe!KeSetEvent + 1F5 826F0840 4 Bytes [68, 4C, A3, 86]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641c78965
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641c78965 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
16.03.2014, 16:32
| #2 |
  | Verdacht eine verseuchte E-Mail geöffnet zu haben. Hallo, Flohspock und
__________________ Die FRST.txt und Additions.txt sind nicht komplett. Bitte poste das komplette Log. Falls sie zu groß sind, kannst du sie aufteilen. |
|
16.03.2014, 16:47
| #3 |
| | Verdacht eine verseuchte E-Mail geöffnet zu haben. Habe ich auch gerade gemerkt, sorry.
__________________Neue Frst: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Nasenhirsch (administrator) on NOBBI on 16-03-2014 16:22:57
Running from C:\Users\Nasenhirsch\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-14] (APN)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [Norton Download Manager{N360P202122-SHPD-FSD31014}] - C:\Users\Public\Downloads\Norton\{N360P202122-SHPD-FSD31014}\N360Downloader.exe [916616 2013-01-30] (Symantec Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\Run: [Google Update] - C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-17] (Google Inc.)
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: {15286aa8-17c8-11df-9da5-001636f061ef} - F:\installer.exe
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: {22bab632-b32c-11de-90a1-001636f061ef} - F:\installer.exe
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: {7c48f2ac-c85b-11de-8a2d-001636f061ef} - G:\LaunchU3.exe -a
==================== Internet (Whitelisted) ====================
ProxyServer: proxy.fh-muenster.de:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ecosia.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop
URLSearchHook: HKCU - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
SearchScopes: HKLM - {C34E0C95-69B8-4CC0-BA56-B7E865B71427} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {08B2520D-73E6-4F25-AE60-5C92FAE59C83} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0EB39B9B-F2E3-4BEF-995C-7B473D61F12D&apn_sauid=C5B3DBF5-46AC-4568-94B9-F75EB59269AF
SearchScopes: HKCU - {AF5E2404-1058-492C-82AC-A7334F8E5563} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
SearchScopes: HKCU - {BE9654C9-9D79-42ec-B55A-3CAEB12DBF58} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {C34E0C95-69B8-4CC0-BA56-B7E865B71427} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default
FF SearchEngineOrder.1: Ask.com
FF NetworkProxy: "backup.ftp", "proxy.fh-muenster.de"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "proxy.fh-muenster.de"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "proxy.fh-muenster.de"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "proxy.fh-muenster.de"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "proxy.fh-muenster.de"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.fh-muenster.de"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "proxy.fh-muenster.de"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin - C:\Program Files\Java\jre6\bin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Nasenhirsch\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Nasenhirsch\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Evernote Web Clipper - C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-01-16]
FF Extension: BibSonomy Buttons - C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\Extensions\buttons@bibsonomy.org.xpi [2012-12-06]
FF Extension: Google Toolbar for Firefox - C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}.xpi [2008-03-02]
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2014-02-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFF [2013-10-10]
Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-09-02]
CHR Extension: (Norton Identity Protection) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-08-29]
CHR Extension: (Google Wallet) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\Exts\Chrome.crx [2013-06-15]
CHR HKLM\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2014-02-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-14] (APN LLC.)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2006-11-25] ()
R2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2006-11-25] ()
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984 2006-12-04] (Hewlett-Packard)
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X]
S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
==================== Drivers (Whitelisted) ====================
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-06-28] (Hewlett-Packard Development Company, L.P.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-02] (Symantec Corporation)
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-19] (Conexant Systems Inc.)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [99968 2009-02-09] (Guillemot Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20140314.001\IDSvix86.sys [395992 2014-03-06] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20140315.009\NAVENG.SYS [93272 2014-03-03] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20140315.009\NAVEX15.SYS [1612376 2014-03-03] (Symantec Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (PixArt Imaging Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S3 usbsermpt; C:\Windows\System32\DRIVERS\usbsermpt.sys [22768 2007-03-03] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 pxldqpog; \??\C:\Users\NASENH~1\AppData\Local\Temp\pxldqpog.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-16 14:39 - 2014-03-16 14:39 - 00006621 _____ () C:\Users\Nasenhirsch\Downloads\gmer.log
2014-03-16 13:05 - 2014-03-16 13:05 - 00380416 _____ () C:\Users\Nasenhirsch\Downloads\Gmer-19357.exe
2014-03-16 12:55 - 2014-03-16 13:10 - 00021586 _____ () C:\Users\Nasenhirsch\Downloads\Addition.txt
2014-03-16 12:53 - 2014-03-16 16:23 - 00020655 _____ () C:\Users\Nasenhirsch\Downloads\FRST.txt
2014-03-16 12:52 - 2014-03-16 13:04 - 00000000 ____D () C:\FRST
2014-03-16 12:51 - 2014-03-16 12:51 - 01145856 _____ (Farbar) C:\Users\Nasenhirsch\Downloads\FRST.exe
2014-03-16 12:48 - 2014-03-16 12:50 - 00000484 _____ () C:\Users\Nasenhirsch\Downloads\defogger_disable.log
2014-03-16 12:48 - 2014-03-16 12:48 - 00000000 _____ () C:\Users\Nasenhirsch\defogger_reenable
2014-03-16 12:47 - 2014-03-16 12:47 - 00050477 _____ () C:\Users\Nasenhirsch\Downloads\Defogger.exe
2014-03-16 12:39 - 2014-03-16 12:39 - 00000796 _____ () C:\Windows\setupact.log
2014-03-16 12:39 - 2014-03-16 12:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-16 09:46 - 2014-03-16 09:49 - 00000000 ____D () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333
2014-03-16 09:43 - 2014-03-16 09:43 - 00131402 _____ () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333.zip
2014-03-12 19:17 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 19:17 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 19:17 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 19:17 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 19:17 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 19:17 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 19:17 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-12 19:17 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 19:17 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 19:17 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 19:17 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 19:17 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 19:17 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-12 19:17 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 19:17 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-12 19:17 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 16:28 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 16:28 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 16:28 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 16:28 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-18 19:08 - 2014-02-18 19:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-03-16 16:23 - 2014-03-16 12:53 - 00020655 _____ () C:\Users\Nasenhirsch\Downloads\FRST.txt
2014-03-16 16:11 - 2010-02-04 17:46 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-16 15:46 - 2012-07-18 07:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-16 15:41 - 2012-08-29 13:22 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000UA.job
2014-03-16 15:37 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 15:37 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 14:41 - 2007-03-04 06:26 - 01734099 _____ () C:\Windows\WindowsUpdate.log
2014-03-16 14:39 - 2014-03-16 14:39 - 00006621 _____ () C:\Users\Nasenhirsch\Downloads\gmer.log
2014-03-16 13:11 - 2006-11-02 11:33 - 01567294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 13:10 - 2014-03-16 12:55 - 00021586 _____ () C:\Users\Nasenhirsch\Downloads\Addition.txt
2014-03-16 13:05 - 2014-03-16 13:05 - 00380416 _____ () C:\Users\Nasenhirsch\Downloads\Gmer-19357.exe
2014-03-16 13:04 - 2014-03-16 12:52 - 00000000 ____D () C:\FRST
2014-03-16 12:51 - 2014-03-16 12:51 - 01145856 _____ (Farbar) C:\Users\Nasenhirsch\Downloads\FRST.exe
2014-03-16 12:50 - 2014-03-16 12:48 - 00000484 _____ () C:\Users\Nasenhirsch\Downloads\defogger_disable.log
2014-03-16 12:48 - 2014-03-16 12:48 - 00000000 _____ () C:\Users\Nasenhirsch\defogger_reenable
2014-03-16 12:48 - 2007-03-03 14:41 - 00000000 ____D () C:\Users\Nasenhirsch
2014-03-16 12:47 - 2014-03-16 12:47 - 00050477 _____ () C:\Users\Nasenhirsch\Downloads\Defogger.exe
2014-03-16 12:39 - 2014-03-16 12:39 - 00000796 _____ () C:\Windows\setupact.log
2014-03-16 12:39 - 2014-03-16 12:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-16 12:09 - 2012-08-29 13:22 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000Core.job
2014-03-16 11:16 - 2012-04-13 08:10 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\LBV
2014-03-16 11:15 - 2012-08-29 13:27 - 00002064 _____ () C:\Users\Nasenhirsch\Desktop\Google Chrome.lnk
2014-03-16 09:49 - 2014-03-16 09:46 - 00000000 ____D () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333
2014-03-16 09:44 - 2010-02-04 17:46 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-16 09:43 - 2014-03-16 09:43 - 00131402 _____ () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333.zip
2014-03-13 19:46 - 2012-04-06 12:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-13 19:46 - 2011-05-21 19:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-13 11:53 - 2012-06-13 09:42 - 00002591 _____ () C:\Users\Nasenhirsch\Desktop\Microsoft Office Word 2007.lnk
2014-03-13 06:50 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-13 06:28 - 2011-06-20 18:07 - 00004892 _____ () C:\Users\Nasenhirsch\AppData\Local\d3d9caps.dat
2014-03-12 20:19 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-12 20:18 - 2006-11-02 13:47 - 00312720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 20:15 - 2008-09-25 07:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 20:15 - 2006-12-20 22:21 - 02164120 _____ () C:\Windows\PFRO.log
2014-03-12 19:38 - 2006-12-20 21:42 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-12 19:38 - 2006-11-02 14:01 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-12 19:32 - 2009-07-16 19:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 19:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-12 19:06 - 2009-10-28 20:13 - 00000000 ____D () C:\Users\Nasenhirsch\AppData\Roaming\Skype
2014-03-10 18:11 - 2010-06-25 15:52 - 00000000 ____D () C:\Users\Nasenhirsch\AppData\Local\Audible
2014-03-09 11:13 - 2012-06-13 09:41 - 00002633 _____ () C:\Users\Nasenhirsch\Desktop\Microsoft Office PowerPoint 2007.lnk
2014-03-08 08:41 - 2012-11-27 17:56 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\Mäusestrategie
2014-03-06 20:21 - 2007-03-03 15:55 - 00019860 _____ () C:\Users\Nasenhirsch\AppData\Roaming\wklnhst.dat
2014-03-01 16:18 - 2011-06-07 16:51 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\Studium
2014-02-28 08:16 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-23 17:56 - 2012-08-09 07:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-23 06:50 - 2014-03-12 19:17 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 06:47 - 2014-03-12 19:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 06:43 - 2014-03-12 19:17 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 06:41 - 2014-03-12 19:17 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 06:40 - 2014-03-12 19:17 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 06:39 - 2014-03-12 19:17 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 06:38 - 2014-03-12 19:17 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 06:38 - 2014-03-12 19:17 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 06:38 - 2014-03-12 19:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 06:37 - 2014-03-12 19:17 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 06:37 - 2014-03-12 19:17 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 06:37 - 2014-03-12 19:17 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 06:37 - 2014-03-12 19:17 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 06:36 - 2014-03-12 19:17 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 06:36 - 2014-03-12 19:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 06:35 - 2014-03-12 19:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-18 19:09 - 2014-02-18 19:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 04:17 - 2013-08-10 08:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 03:53 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
Some content of TEMP:
====================
C:\Users\Nasenhirsch\AppData\Local\Temp\ose00000.exe
C:\Users\Nasenhirsch\AppData\Local\Temp\_isA37A.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-14 08:35
==================== End Of Log ============================
--- --- --- Neue addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Nasenhirsch at 2014-03-16 16:25:11
Running from C:\Users\Nasenhirsch\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton 360 Premier Edition (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier Edition (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C0A03}) (Version: 12.10.3.28 - APN, LLC) <==== ATTENTION
ASL_HS_Installer32 (Version: 1.0.9 - Hewlett-Packard) Hidden
AudibleManager (HKLM\...\AudibleManager) (Version: 99881261.-2.2005037174.2005036188 - Audible, Inc.)
Christmas Eve (HKLM\...\Christmas Eve) (Version: - )
Citavi (HKLM\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.1.15.0 - Swiss Academic Software)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - )
Dia (nur entfernen) (HKLM\...\Dia) (Version: - )
Diagram Designer (HKLM\...\Diagram Designer) (Version: - )
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.2.0.0 - )
EPSON Easy Photo Print (HKLM\...\{B8890B12-4E4C-4E53-9ECB-96193BBA7767}) (Version: 1.4.0.0 - )
EPSON File Manager (HKLM\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON Print CD (HKLM\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.50.000 - )
EPSON PRINT Image Framer Tool (HKLM\...\{956673F5-0C6B-4428-A5D1-277AF533E098}) (Version: 3.2.0.0 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version: - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
ESPRX560_590 Benutzerhandbuch (HKLM\...\ESPRX560_590 Benutzerhandbuch) (Version: - )
Falk Navi-Manager (HKLM\...\{3222B0CE-59C5-4CA0-B545-2B88F200756B}) (Version: 2.8.0 - Falk Navigation GmbH)
Falk Navi-Manager (Version: 2.2.0.0 - Falk Navigation GmbH) Hidden
Free Xmas Screensaver 1.0 (HKLM\...\Free Xmas Screensaver_is1) (Version: - )
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Hewlett-Packard Active Check (Version: 1.1.4.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent (Version: 2.0.55.0 - HP) Hidden
HP Active Support Library (Version: 1.0.21 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP Help and Support (HKLM\...\{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}) (Version: 1.0.0 - Hewlett-Packard)
HP Quick Launch Buttons 6.10 B9 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.10 B9 - Hewlett-Packard)
HP QuickPlay 3.0 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.007 - Hewlett-Packard)
HP User Guide 0048 (HKLM\...\{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}) (Version: 1.02.0004 - Ihr Firmenname)
HP Wireless Assistant (HKLM\...\{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}) (Version: 3.00 B2 - Hewlett-Packard)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
iTunes (HKLM\...\{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}) (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version: - )
LevelOne Media Control Embedded (HKLM\...\LevelOne Media Control Embedded) (Version: 1.0.1.18 - )
LightScribe 1.4.124.1 (Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 Trial (HKLM\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Reader (HKLM\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - )
Microsoft Reader Text-to-Speech deutsch (HKLM\...\{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}) (Version: 01.00.0000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetObjects Fusion 12.0 (HKLM\...\{5434DE40-0848-49BF-8BDC-94BAE7A33041}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (Version: 12.00.5000.5041 - NetObjects) Hidden
Norton 360 Premier Edition (HKLM\...\N360) (Version: 20.4.0.40 - Symantec Corporation)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)
phase-6-basic 2.1.2.4b (HKLM\...\phase-6-basic) (Version: 2.1.2.4b - phase-6)
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synthesia (HKLM\...\Synthesia) (Version: 8.4 - Synthesia LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile® Device Handbook (HKLM\...\Windows Mobile Device Handbook) (Version: 1.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
==================== Restore Points =========================
08-02-2014 17:21:51 Norton 360 Registry Clean
14-02-2014 02:01:07 Windows Update
25-02-2014 16:24:46 Windows Update
27-02-2014 20:34:23 Windows Update
28-02-2014 06:20:37 Windows Update
12-03-2014 18:09:45 Windows Update
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0736AD87-88F2-4D1A-A9AA-F154A04BCFF7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000UA => C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3B7E399F-44BC-4BAF-9655-96A9DED46522} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000Core => C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {440FB657-B19B-46F8-9B15-AE1CF1E6857E} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {66B91388-8448-4F3E-8A95-532768A0F6D3} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {70E4AD9A-E437-407F-8E80-BF16EB7F09CE} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade
Task: {72E9C998-3454-4CCE-87AA-9D65C6AB8CE1} - System32\Tasks\{74BCCAEC-F60E-40BC-8E6E-1446A36020CD} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {8B2E00DF-4951-4337-B030-C49F443D3219} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: {9A9F7034-69AF-41CE-A4B5-CA09D08B85BD} - System32\Tasks\Datenträgerbereinigung => C:\Windows\System32\cleanmgr.exe [2006-11-02] (Microsoft Corporation)
Task: {A389AFAC-E184-4C7C-9FAA-0EE5CB4634A6} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {A78504D5-82C1-420D-B69D-C4C79DAD4EB5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {B9A443D6-0AF4-4441-B920-0BDBD863407A} - System32\Tasks\{EC42D3EA-239A-4518-B460-4DE913B419F3} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {B9E96C21-9F53-4688-88FD-6DE924BE01EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {D92F8D56-0C34-4250-A31D-F4B54B3520F7} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {DB38DD90-2678-45A2-B422-A708CCCFE061} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {FA0091BE-8CAC-485C-80BC-CF6F93DBC46D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000Core.job => C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000UA.job => C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2006-12-20 22:27 - 2006-11-25 00:34 - 00270431 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
2006-12-20 22:27 - 2006-11-25 00:34 - 00233573 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2006-12-20 22:27 - 2006-11-25 00:34 - 00032768 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2006-12-20 22:27 - 2006-11-25 00:34 - 00118877 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
2006-12-20 22:27 - 2006-11-25 00:34 - 00114783 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2006-12-20 22:27 - 2006-11-25 00:34 - 00339968 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2013-06-15 19:44 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES\NORTON 360 PREMIER EDITION\ENGINE\20.4.0.40\wincfi39.dll
2006-11-06 10:05 - 2006-11-06 10:05 - 00061440 _____ () C:\Windows\system32\igfxTMM.dll
2014-02-18 19:08 - 2014-02-18 19:09 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-13 19:46 - 2014-03-13 19:46 - 16276872 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Windows\system32\msln.exe:18b736919bc84a34fc1d650471dcdee9
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/16/2014 01:49:39 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (03/16/2014 01:10:32 PM) (Source: Application Hang) (User: )
Description: Programm FRST.exe, Version 3.3.10.2 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1470
Anfangszeit: 01cf410e2ccf6290
Zeitpunkt der Beendigung: 60
Error: (03/14/2014 05:07:05 PM) (Source: MatSvc) (User: )
Description: Fehler der geplanten MATS-Aufgabe beim Sammeln von Konfigurationsdaten. hr=0xC004F00E
.
Error: (03/14/2014 05:07:04 PM) (Source: MatSvc) (User: )
Description: Webdienstfehler im MATS-Dienst. hr=0x80072EE7
Error: (03/14/2014 05:07:02 PM) (Source: MatSvc) (User: )
Description: Fehler der geplanten MATS-Aufgabe beim Sammeln von Konfigurationsdaten. hr=0xC004F00E
.
Error: (03/14/2014 05:07:00 PM) (Source: MatSvc) (User: )
Description: Webdienstfehler im MATS-Dienst. hr=0x80072EE7
Error: (03/07/2014 06:14:48 PM) (Source: MatSvc) (User: )
Description: Fehler der geplanten MATS-Aufgabe beim Sammeln von Konfigurationsdaten. hr=0xC004F00E
.
Error: (03/07/2014 06:14:22 PM) (Source: MatSvc) (User: )
Description: Webdienstfehler im MATS-Dienst. hr=0x801901F7
Error: (03/07/2014 06:13:43 PM) (Source: MatSvc) (User: )
Description: Fehler der geplanten MATS-Aufgabe beim Sammeln von Konfigurationsdaten. hr=0x80070005
.
Error: (03/06/2014 08:10:33 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung svchost.exe_Eventlog, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18551, Zeitstempel 0x4ee8cc5a, Ausnahmecode 0xc0000005, Fehleroffset 0x00009b4e,
Prozess-ID 0x410, Anwendungsstartzeit svchost.exe_Eventlog0.
System errors:
=============
Error: (03/16/2014 10:58:29 AM) (Source: Service Control Manager) (User: )
Description: 30000RapiMgr
Error: (03/14/2014 00:39:48 PM) (Source: Service Control Manager) (User: )
Description: 30000RapiMgr
Error: (03/14/2014 06:36:13 AM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection
Error: (03/13/2014 03:28:49 PM) (Source: Service Control Manager) (User: )
Description: 30000PlugPlay
Error: (03/12/2014 08:19:58 PM) (Source: Service Control Manager) (User: )
Description: Ricoh xD-Picture Card Driver%%1058
Error: (03/12/2014 08:19:58 PM) (Source: Service Control Manager) (User: )
Description: rimsptsk%%1058
Error: (03/12/2014 08:19:58 PM) (Source: Service Control Manager) (User: )
Description: rimmptsk%%1058
Error: (03/12/2014 08:19:58 PM) (Source: Service Control Manager) (User: )
Description: Automatisches LiveUpdate - Scheduler%%3
Error: (03/12/2014 08:19:58 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (03/12/2014 03:49:32 PM) (Source: Service Control Manager) (User: )
Description: 30000RapiMgr
Microsoft Office Sessions:
=========================
Error: (08/18/2012 08:37:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 139033 seconds with 36240 seconds of active time. This session ended with a crash.
Error: (11/18/2010 08:25:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 131408 seconds with 60 seconds of active time. This session ended with a crash.
Error: (05/18/2010 02:13:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/15/2010 07:24:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-03-16 16:23:52.175
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-16 16:23:50.318
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-16 16:23:48.368
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-16 16:23:46.450
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-16 16:23:35.062
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20140214.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-16 16:23:33.236
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20140214.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-16 16:23:31.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20140214.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-16 16:23:29.430
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20140214.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-16 13:17:09.595
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\NASENH~1\AppData\Local\Temp\tmp6AE9.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-16 13:17:07.848
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\NASENH~1\AppData\Local\Temp\tmp6AE9.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 2037.31 MB
Available physical RAM: 1153.67 MB
Total Pagefile: 4313.89 MB
Available Pagefile: 3092.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.43 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:106.62 GB) (Free:33.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:5.17 GB) (Free:1.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 112 GB) (Disk ID: 32D20E45)
Partition 1: (Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 Tschuldigung |
|
17.03.2014, 08:52
| #4 |
| | Verdacht eine verseuchte E-Mail geöffnet zu haben. Schritt 1 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
|
17.03.2014, 17:23
| #5 |
| | Verdacht eine verseuchte E-Mail geöffnet zu haben. MBAR-Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.03.17.05
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Nasenhirsch :: NOBBI [administrator]
17.03.2014 16:16:04
mbar-log-2014-03-17 (16-16-04).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 305900
Time elapsed: 54 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
18.03.2014, 08:36
| #6 |
| | Verdacht eine verseuchte E-Mail geöffnet zu haben. Wir sind fertig, wenn ich dir sage, dass wir fertig sind. Sieht außerdem nicht so schlimm aus. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter 2014-03-16 09:49 - 2014-03-16 09:46 - 00000000 ____D () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333
2014-03-16 09:43 - 2014-03-16 09:43 - 00131402 _____ () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333.zip
AlternateDataStreams: C:\Windows\system32\msln.exe:18b736919bc84a34fc1d650471dcdee9
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Klicke bitte auf den Windowsbutton in der Taskleiste und dort wiederum auf "Systemsteuerung". Wenn du hier angelangt bist, gehe auf "Programme deinstallieren" unter "Programme". Hier kannst du nun folgende Programm deinstallieren.
Schritt 3 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 4 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 5 ESET Online Scanner
Schritt 6 Starte noch einmal FRST.
|
|
18.03.2014, 16:46
| #7 |
| | Verdacht eine verseuchte E-Mail geöffnet zu haben. Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Nasenhirsch at 2014-03-18 09:36:32 Run:1
Running from C:\Users\Nasenhirsch\Downloads\FRST
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
2014-03-16 09:49 - 2014-03-16 09:46 - 00000000 ____D () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333
2014-03-16 09:43 - 2014-03-16 09:43 - 00131402 _____ () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333.zip
AlternateDataStreams: C:\Windows\system32\msln.exe:18b736919bc84a34fc1d650471dcdee9
*****************
C:\Users\Nasenhirsch\Downloads\attachments_20140316094333 => Moved successfully.
C:\Users\Nasenhirsch\Downloads\attachments_20140316094333.zip => Moved successfully.
C:\Windows\system32\msln.exe => ":18b736919bc84a34fc1d650471dcdee9" ADS removed successfully.
==== End of Fixlog ====
Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 18/03/2014 um 09:50:50
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Nasenhirsch - NOBBI
# Gestartet von : C:\Users\Nasenhirsch\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\icqtoolbar
Ordner Gelöscht : C:\Users\Nasenhirsch\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\NASENH~1\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Nasenhirsch\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Nasenhirsch\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Nasenhirsch_2\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Nasenhirsch_2\AppData\LocalLow\PriceGong
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\.autoreg
Datei Gelöscht : C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\searchplugins\Askcom.xml
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42EC-B55A-3CAEB12DBF58}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16540
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
[ Datei : C:\Users\Nasenhirsch_2\AppData\Roaming\Mozilla\Firefox\Profiles\1kzj89w8.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4181 octets] - [18/03/2014 09:45:01]
AdwCleaner[S0].txt - [3909 octets] - [18/03/2014 09:50:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3969 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.18.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Nasenhirsch :: NOBBI [Administrator] Schutz: Aktiviert 18.03.2014 10:16:09 mbam-log-2014-03-18 (10-16-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 301589 Laufzeit: 19 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fa60e315d3f0c64c8ba16e7eda4cb370
# engine=17489
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-18 02:40:34
# local_time=2014-03-18 03:40:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3592 16777213 100 93 2593723 145816130 0 0
# compatibility_mode=5892 16776574 100 100 115274393 232686362 0 0
# scanned=234550
# found=0
# cleaned=0
# scan_time=16227
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Nasenhirsch (administrator) on NOBBI on 18-03-2014 16:00:39 Running from C:\Users\Nasenhirsch\Downloads\FRST Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKU\.DEFAULT\...\Run: [Norton Download Manager{N360P202122-SHPD-FSD31014}] - C:\Users\Public\Downloads\Norton\{N360P202122-SHPD-FSD31014}\N360Downloader.exe [916616 2013-01-30] (Symantec Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\Run: [Google Update] - C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-17] (Google Inc.) HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: G - G:\LaunchU3.exe -a HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: {15286aa8-17c8-11df-9da5-001636f061ef} - F:\installer.exe HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: {22bab632-b32c-11de-90a1-001636f061ef} - F:\installer.exe HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: {7c48f2ac-c85b-11de-8a2d-001636f061ef} - G:\LaunchU3.exe -a ==================== Internet (Whitelisted) ==================== ProxyServer: proxy.fh-muenster.de:3128 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ecosia.de/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop URLSearchHook: HKCU - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {C34E0C95-69B8-4CC0-BA56-B7E865B71427} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {08B2520D-73E6-4F25-AE60-5C92FAE59C83} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0EB39B9B-F2E3-4BEF-995C-7B473D61F12D&apn_sauid=C5B3DBF5-46AC-4568-94B9-F75EB59269AF SearchScopes: HKCU - {AF5E2404-1058-492C-82AC-A7334F8E5563} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 SearchScopes: HKCU - {C34E0C95-69B8-4CC0-BA56-B7E865B71427} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default FF NetworkProxy: "backup.ftp", "proxy.fh-muenster.de" FF NetworkProxy: "backup.ftp_port", 3128 FF NetworkProxy: "backup.socks", "proxy.fh-muenster.de" FF NetworkProxy: "backup.socks_port", 3128 FF NetworkProxy: "backup.ssl", "proxy.fh-muenster.de" FF NetworkProxy: "backup.ssl_port", 3128 FF NetworkProxy: "ftp", "proxy.fh-muenster.de" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "http", "proxy.fh-muenster.de" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "proxy.fh-muenster.de" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "proxy.fh-muenster.de" FF NetworkProxy: "ssl_port", 3128 FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin - C:\Program Files\Java\jre6\bin\npDeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Nasenhirsch\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Nasenhirsch\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Evernote Web Clipper - C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-01-16] FF Extension: BibSonomy Buttons - C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\Extensions\buttons@bibsonomy.org.xpi [2012-12-06] FF Extension: Google Toolbar for Firefox - C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}.xpi [2008-03-02] FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2014-02-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [] FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFF [2013-10-10] Chrome: ======= CHR HomePage: CHR Plugin: (Shockwave Flash) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll No File CHR Plugin: (Skype Click to Call) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File CHR Plugin: (Norton Confidential) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Google Drive) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-09-02] CHR Extension: (Norton Identity Protection) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-08-29] CHR Extension: (Google Wallet) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\Exts\Chrome.crx [2013-06-15] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.) R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2006-11-25] () R2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2006-11-25] () R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984 2006-12-04] (Hewlett-Packard) S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X] S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X] ==================== Drivers (Whitelisted) ==================== R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-06-28] (Hewlett-Packard Development Company, L.P.) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-02] (Symantec Corporation) R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-19] (Conexant Systems Inc.) S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [99968 2009-02-09] (Guillemot Corporation) R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20140317.001\IDSvix86.sys [395992 2014-03-06] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20140318.001\NAVENG.SYS [93272 2014-03-03] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20140318.001\NAVEX15.SYS [1612376 2014-03-03] (Symantec Corporation) S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (PixArt Imaging Inc.) R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation) R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation) S3 usbsermpt; C:\Windows\System32\DRIVERS\usbsermpt.sys [22768 2007-03-03] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 clwvd; system32\DRIVERS\clwvd.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-18 10:54 - 2014-03-18 10:54 - 02347384 _____ (ESET) C:\Users\Nasenhirsch\Downloads\esetsmartinstaller_enu.exe 2014-03-18 10:09 - 2014-03-18 10:09 - 00000866 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-18 10:09 - 2014-03-18 10:09 - 00000000 ____D () C:\Users\Nasenhirsch\AppData\Roaming\Malwarebytes 2014-03-18 10:09 - 2014-03-18 10:09 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-18 10:09 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-18 10:05 - 2014-03-18 10:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nasenhirsch\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-18 09:44 - 2014-03-18 09:52 - 00000000 ____D () C:\AdwCleaner 2014-03-18 09:41 - 2014-03-18 09:41 - 01950720 _____ () C:\Users\Nasenhirsch\Desktop\adwcleaner.exe 2014-03-18 09:35 - 2014-03-18 16:00 - 00000000 ____D () C:\Users\Nasenhirsch\Downloads\FRST 2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-17 16:15 - 2014-03-17 17:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-17 16:13 - 2014-03-17 17:19 - 00000000 ____D () C:\Users\Nasenhirsch\Desktop\mbar 2014-03-17 16:13 - 2014-03-17 16:13 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-17 16:04 - 2014-03-17 16:05 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Nasenhirsch\Desktop\mbar-1.07.0.1009.exe 2014-03-16 14:39 - 2014-03-16 14:39 - 00006621 _____ () C:\Users\Nasenhirsch\Downloads\gmer.log 2014-03-16 13:05 - 2014-03-16 13:05 - 00380416 _____ () C:\Users\Nasenhirsch\Downloads\Gmer-19357.exe 2014-03-16 12:55 - 2014-03-16 16:40 - 00031522 _____ () C:\Users\Nasenhirsch\Downloads\Addition.txt 2014-03-16 12:52 - 2014-03-18 16:00 - 00000000 ____D () C:\FRST 2014-03-16 12:48 - 2014-03-16 12:50 - 00000484 _____ () C:\Users\Nasenhirsch\Downloads\defogger_disable.log 2014-03-16 12:48 - 2014-03-16 12:48 - 00000000 _____ () C:\Users\Nasenhirsch\defogger_reenable 2014-03-16 12:47 - 2014-03-16 12:47 - 00050477 _____ () C:\Users\Nasenhirsch\Downloads\Defogger.exe 2014-03-16 12:39 - 2014-03-16 12:39 - 00000796 _____ () C:\Windows\setupact.log 2014-03-16 12:39 - 2014-03-16 12:39 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-12 19:17 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-12 19:17 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-12 19:17 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-12 19:17 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-12 19:17 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-12 19:17 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-12 19:17 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-03-12 19:17 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-12 19:17 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-12 19:17 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-12 19:17 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-12 19:17 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-12 19:17 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-12 19:17 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-12 19:17 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-03-12 19:17 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-12 16:28 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 16:28 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 16:28 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 16:28 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-02-18 19:08 - 2014-02-18 19:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-03-18 16:00 - 2014-03-18 09:35 - 00000000 ____D () C:\Users\Nasenhirsch\Downloads\FRST 2014-03-18 16:00 - 2014-03-16 12:52 - 00000000 ____D () C:\FRST 2014-03-18 15:57 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-18 15:57 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-18 15:50 - 2011-10-31 17:02 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\Citavi 3 2014-03-18 15:46 - 2012-07-18 07:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-18 15:41 - 2012-08-29 13:22 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000UA.job 2014-03-18 15:11 - 2010-02-04 17:46 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-18 11:49 - 2007-03-04 06:26 - 01801016 _____ () C:\Windows\WindowsUpdate.log 2014-03-18 10:54 - 2014-03-18 10:54 - 02347384 _____ (ESET) C:\Users\Nasenhirsch\Downloads\esetsmartinstaller_enu.exe 2014-03-18 10:53 - 2006-11-02 11:33 - 01567294 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-18 10:09 - 2014-03-18 10:09 - 00000866 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-18 10:09 - 2014-03-18 10:09 - 00000000 ____D () C:\Users\Nasenhirsch\AppData\Roaming\Malwarebytes 2014-03-18 10:09 - 2014-03-18 10:09 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-18 10:06 - 2014-03-18 10:05 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nasenhirsch\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-18 10:02 - 2010-02-04 17:46 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-18 09:57 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-18 09:54 - 2006-12-20 21:42 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-03-18 09:54 - 2006-11-02 14:01 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-18 09:52 - 2014-03-18 09:44 - 00000000 ____D () C:\AdwCleaner 2014-03-18 09:41 - 2014-03-18 09:41 - 01950720 _____ () C:\Users\Nasenhirsch\Desktop\adwcleaner.exe 2014-03-18 09:35 - 2009-10-28 20:13 - 00000000 ____D () C:\Users\Nasenhirsch\AppData\Roaming\Skype 2014-03-18 09:27 - 2012-06-13 09:42 - 00002591 _____ () C:\Users\Nasenhirsch\Desktop\Microsoft Office Word 2007.lnk 2014-03-18 09:20 - 2012-04-13 08:10 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\LBV 2014-03-18 08:13 - 2006-12-20 22:21 - 02166094 _____ () C:\Windows\PFRO.log 2014-03-18 07:35 - 2013-08-10 08:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-18 07:28 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-17 17:41 - 2012-08-29 13:22 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000Core.job 2014-03-17 17:19 - 2014-03-17 16:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-17 17:19 - 2014-03-17 16:13 - 00000000 ____D () C:\Users\Nasenhirsch\Desktop\mbar 2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-17 16:13 - 2014-03-17 16:13 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-17 16:05 - 2014-03-17 16:04 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Nasenhirsch\Desktop\mbar-1.07.0.1009.exe 2014-03-16 16:40 - 2014-03-16 12:55 - 00031522 _____ () C:\Users\Nasenhirsch\Downloads\Addition.txt 2014-03-16 14:39 - 2014-03-16 14:39 - 00006621 _____ () C:\Users\Nasenhirsch\Downloads\gmer.log 2014-03-16 13:05 - 2014-03-16 13:05 - 00380416 _____ () C:\Users\Nasenhirsch\Downloads\Gmer-19357.exe 2014-03-16 12:50 - 2014-03-16 12:48 - 00000484 _____ () C:\Users\Nasenhirsch\Downloads\defogger_disable.log 2014-03-16 12:48 - 2014-03-16 12:48 - 00000000 _____ () C:\Users\Nasenhirsch\defogger_reenable 2014-03-16 12:48 - 2007-03-03 14:41 - 00000000 ____D () C:\Users\Nasenhirsch 2014-03-16 12:47 - 2014-03-16 12:47 - 00050477 _____ () C:\Users\Nasenhirsch\Downloads\Defogger.exe 2014-03-16 12:39 - 2014-03-16 12:39 - 00000796 _____ () C:\Windows\setupact.log 2014-03-16 12:39 - 2014-03-16 12:39 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-16 11:15 - 2012-08-29 13:27 - 00002064 _____ () C:\Users\Nasenhirsch\Desktop\Google Chrome.lnk 2014-03-13 19:46 - 2012-04-06 12:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-13 19:46 - 2011-05-21 19:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-13 06:50 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-03-13 06:28 - 2011-06-20 18:07 - 00004892 _____ () C:\Users\Nasenhirsch\AppData\Local\d3d9caps.dat 2014-03-12 20:18 - 2006-11-02 13:47 - 00312720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-12 20:15 - 2008-09-25 07:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-12 19:32 - 2009-07-16 19:55 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-12 19:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-03-10 18:11 - 2010-06-25 15:52 - 00000000 ____D () C:\Users\Nasenhirsch\AppData\Local\Audible 2014-03-09 11:13 - 2012-06-13 09:41 - 00002633 _____ () C:\Users\Nasenhirsch\Desktop\Microsoft Office PowerPoint 2007.lnk 2014-03-08 08:41 - 2012-11-27 17:56 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\Mäusestrategie 2014-03-06 20:21 - 2007-03-03 15:55 - 00019860 _____ () C:\Users\Nasenhirsch\AppData\Roaming\wklnhst.dat 2014-03-01 16:18 - 2011-06-07 16:51 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\Studium 2014-02-28 08:16 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-23 17:56 - 2012-08-09 07:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-23 06:50 - 2014-03-12 19:17 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-23 06:47 - 2014-03-12 19:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-23 06:43 - 2014-03-12 19:17 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-23 06:41 - 2014-03-12 19:17 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-23 06:40 - 2014-03-12 19:17 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-23 06:39 - 2014-03-12 19:17 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-23 06:38 - 2014-03-12 19:17 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-23 06:38 - 2014-03-12 19:17 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-23 06:38 - 2014-03-12 19:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-23 06:37 - 2014-03-12 19:17 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-23 06:37 - 2014-03-12 19:17 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-23 06:37 - 2014-03-12 19:17 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-23 06:37 - 2014-03-12 19:17 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-23 06:36 - 2014-03-12 19:17 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-23 06:36 - 2014-03-12 19:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-23 06:35 - 2014-03-12 19:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-18 19:09 - 2014-02-18 19:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox Some content of TEMP: ==================== C:\Users\Nasenhirsch\AppData\Local\Temp\ose00000.exe C:\Users\Nasenhirsch\AppData\Local\Temp\Quarantine.exe C:\Users\Nasenhirsch\AppData\Local\Temp\_isA37A.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-18 10:06 ==================== End Of Log ============================ --- --- --- Geändert von Flohspock (18.03.2014 um 10:04 Uhr) |
|
19.03.2014, 09:04
| #8 |
| | Verdacht eine verseuchte E-Mail geöffnet zu haben. Nur noch ein paar Reste. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter URLSearchHook: HKCU - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {08B2520D-73E6-4F25-AE60-5C92FAE59C83} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0EB39B9B-F2E3-4BEF-995C-7B473D61F12D&apn_sauid=C5B3DBF5-46AC-4568-94B9-F75EB59269AF
SearchScopes: HKCU - {AF5E2404-1058-492C-82AC-A7334F8E5563} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
Toolbar: HKCU - No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Starte noch einmal FRST.
Hast du jetzt noch irgendwelche Probleme? |
|
19.03.2014, 09:20
| #9 |
| | Verdacht eine verseuchte E-Mail geöffnet zu haben. Frst-Log: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Nasenhirsch at 2014-03-19 09:17:56 Run:2
Running from C:\Users\Nasenhirsch\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
URLSearchHook: HKCU - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {08B2520D-73E6-4F25-AE60-5C92FAE59C83} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0EB39B9B-F2E3-4BEF-995C-7B473D61F12D&apn_sauid=C5B3DBF5-46AC-4568-94B9-F75EB59269AF
SearchScopes: HKCU - {AF5E2404-1058-492C-82AC-A7334F8E5563} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
Toolbar: HKCU - No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5786d022-540e-4699-b350-b4be0ae94b79} => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{08B2520D-73E6-4F25-AE60-5C92FAE59C83} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{08B2520D-73E6-4F25-AE60-5C92FAE59C83} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AF5E2404-1058-492C-82AC-A7334F8E5563} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AF5E2404-1058-492C-82AC-A7334F8E5563} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5786D022-540E-4699-B350-B4BE0AE94B79} => Value deleted successfully.
HKCR\CLSID\{5786D022-540E-4699-B350-B4BE0AE94B79} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
==== End of Fixlog ====
Ich danke Dir ganz herzlich! Alleine hätte ich das nicht geschafft. |
|
19.03.2014, 09:24
| #10 |
| | Verdacht eine verseuchte E-Mail geöffnet zu haben. Brauch noch ein FRST Log, das ist nur das Fixlog. Wenn es passt gebe ich dir noch ein paar Tipps  |
|
19.03.2014, 10:00
| #11 |
| | Verdacht eine verseuchte E-Mail geöffnet zu haben. FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Nasenhirsch (administrator) on NOBBI on 19-03-2014 09:41:56 Running from C:\Users\Nasenhirsch\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKU\.DEFAULT\...\Run: [Norton Download Manager{N360P202122-SHPD-FSD31014}] - C:\Users\Public\Downloads\Norton\{N360P202122-SHPD-FSD31014}\N360Downloader.exe [916616 2013-01-30] (Symantec Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\Run: [Google Update] - C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-17] (Google Inc.) HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: G - G:\LaunchU3.exe -a HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: {15286aa8-17c8-11df-9da5-001636f061ef} - F:\installer.exe HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: {22bab632-b32c-11de-90a1-001636f061ef} - F:\installer.exe HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: {7c48f2ac-c85b-11de-8a2d-001636f061ef} - G:\LaunchU3.exe -a ==================== Internet (Whitelisted) ==================== ProxyServer: proxy.fh-muenster.de:3128 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ecosia.de/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {C34E0C95-69B8-4CC0-BA56-B7E865B71427} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 SearchScopes: HKCU - {C34E0C95-69B8-4CC0-BA56-B7E865B71427} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default FF NetworkProxy: "backup.ftp", "proxy.fh-muenster.de" FF NetworkProxy: "backup.ftp_port", 3128 FF NetworkProxy: "backup.socks", "proxy.fh-muenster.de" FF NetworkProxy: "backup.socks_port", 3128 FF NetworkProxy: "backup.ssl", "proxy.fh-muenster.de" FF NetworkProxy: "backup.ssl_port", 3128 FF NetworkProxy: "ftp", "proxy.fh-muenster.de" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "http", "proxy.fh-muenster.de" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "proxy.fh-muenster.de" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "proxy.fh-muenster.de" FF NetworkProxy: "ssl_port", 3128 FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin - C:\Program Files\Java\jre6\bin\npDeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Nasenhirsch\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Nasenhirsch\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Evernote Web Clipper - C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-01-16] FF Extension: BibSonomy Buttons - C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\Extensions\buttons@bibsonomy.org.xpi [2012-12-06] FF Extension: Google Toolbar for Firefox - C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}.xpi [2008-03-02] FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2014-02-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [] FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFF [2013-10-10] Chrome: ======= CHR HomePage: CHR Plugin: (Shockwave Flash) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll No File CHR Plugin: (Skype Click to Call) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File CHR Plugin: (Norton Confidential) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Google Drive) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-09-02] CHR Extension: (Norton Identity Protection) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-08-29] CHR Extension: (Google Wallet) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\Exts\Chrome.crx [2013-06-15] ========================== Services (Whitelisted) ================= S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.) R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2006-11-25] () R2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2006-11-25] () R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984 2006-12-04] (Hewlett-Packard) S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X] S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X] ==================== Drivers (Whitelisted) ==================== R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-06-28] (Hewlett-Packard Development Company, L.P.) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-02] (Symantec Corporation) R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-19] (Conexant Systems Inc.) S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [99968 2009-02-09] (Guillemot Corporation) R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20140318.001\IDSvix86.sys [395992 2014-03-06] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20140318.017\NAVENG.SYS [93272 2014-03-03] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20140318.017\NAVEX15.SYS [1612376 2014-03-03] (Symantec Corporation) S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (PixArt Imaging Inc.) R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation) R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation) S3 usbsermpt; C:\Windows\System32\DRIVERS\usbsermpt.sys [22768 2007-03-03] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 clwvd; system32\DRIVERS\clwvd.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-19 09:41 - 2014-03-19 09:41 - 00019934 _____ () C:\Users\Nasenhirsch\Desktop\FRST.txt 2014-03-18 10:54 - 2014-03-18 10:54 - 02347384 _____ (ESET) C:\Users\Nasenhirsch\Downloads\esetsmartinstaller_enu.exe 2014-03-18 10:09 - 2014-03-18 10:09 - 00000866 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-18 10:09 - 2014-03-18 10:09 - 00000000 ____D () C:\Users\Nasenhirsch\AppData\Roaming\Malwarebytes 2014-03-18 10:09 - 2014-03-18 10:09 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-18 10:09 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-18 10:05 - 2014-03-18 10:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nasenhirsch\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-18 09:44 - 2014-03-18 09:52 - 00000000 ____D () C:\AdwCleaner 2014-03-18 09:41 - 2014-03-18 09:41 - 01950720 _____ () C:\Users\Nasenhirsch\Desktop\adwcleaner.exe 2014-03-18 09:35 - 2014-03-19 09:16 - 00000000 ____D () C:\Users\Nasenhirsch\Downloads\FRST 2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-17 16:15 - 2014-03-17 17:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-17 16:13 - 2014-03-17 17:19 - 00000000 ____D () C:\Users\Nasenhirsch\Desktop\mbar 2014-03-17 16:13 - 2014-03-17 16:13 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-17 16:04 - 2014-03-17 16:05 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Nasenhirsch\Desktop\mbar-1.07.0.1009.exe 2014-03-16 14:39 - 2014-03-16 14:39 - 00006621 _____ () C:\Users\Nasenhirsch\Downloads\gmer.log 2014-03-16 13:05 - 2014-03-16 13:05 - 00380416 _____ () C:\Users\Nasenhirsch\Downloads\Gmer-19357.exe 2014-03-16 12:55 - 2014-03-16 16:40 - 00031522 _____ () C:\Users\Nasenhirsch\Downloads\Addition.txt 2014-03-16 12:52 - 2014-03-19 09:41 - 00000000 ____D () C:\FRST 2014-03-16 12:51 - 2014-03-16 12:51 - 01145856 _____ (Farbar) C:\Users\Nasenhirsch\Desktop\FRST.exe 2014-03-16 12:48 - 2014-03-16 12:50 - 00000484 _____ () C:\Users\Nasenhirsch\Downloads\defogger_disable.log 2014-03-16 12:48 - 2014-03-16 12:48 - 00000000 _____ () C:\Users\Nasenhirsch\defogger_reenable 2014-03-16 12:47 - 2014-03-16 12:47 - 00050477 _____ () C:\Users\Nasenhirsch\Downloads\Defogger.exe 2014-03-16 12:39 - 2014-03-16 12:39 - 00000796 _____ () C:\Windows\setupact.log 2014-03-16 12:39 - 2014-03-16 12:39 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-12 19:17 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-12 19:17 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-12 19:17 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-12 19:17 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-12 19:17 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-12 19:17 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-12 19:17 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-03-12 19:17 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-12 19:17 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-12 19:17 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-12 19:17 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-12 19:17 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-12 19:17 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-12 19:17 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-12 19:17 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-03-12 19:17 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-12 16:28 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 16:28 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 16:28 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 16:28 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-02-18 19:08 - 2014-03-19 09:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-03-19 09:43 - 2014-03-19 09:41 - 00019934 _____ () C:\Users\Nasenhirsch\Desktop\FRST.txt 2014-03-19 09:42 - 2009-10-28 20:13 - 00000000 ____D () C:\Users\Nasenhirsch\AppData\Roaming\Skype 2014-03-19 09:41 - 2014-03-16 12:52 - 00000000 ____D () C:\FRST 2014-03-19 09:41 - 2012-08-29 13:22 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000UA.job 2014-03-19 09:38 - 2014-02-18 19:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-19 09:31 - 2012-08-29 13:22 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000Core.job 2014-03-19 09:16 - 2014-03-18 09:35 - 00000000 ____D () C:\Users\Nasenhirsch\Downloads\FRST 2014-03-19 09:11 - 2010-02-04 17:46 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-19 09:09 - 2012-07-18 07:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-19 09:09 - 2010-02-04 17:46 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-19 09:07 - 2007-03-04 06:26 - 01802126 _____ () C:\Windows\WindowsUpdate.log 2014-03-19 09:07 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-19 09:07 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-18 15:50 - 2011-10-31 17:02 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\Citavi 3 2014-03-18 10:54 - 2014-03-18 10:54 - 02347384 _____ (ESET) C:\Users\Nasenhirsch\Downloads\esetsmartinstaller_enu.exe 2014-03-18 10:53 - 2006-11-02 11:33 - 01567294 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-18 10:09 - 2014-03-18 10:09 - 00000866 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-18 10:09 - 2014-03-18 10:09 - 00000000 ____D () C:\Users\Nasenhirsch\AppData\Roaming\Malwarebytes 2014-03-18 10:09 - 2014-03-18 10:09 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-18 10:06 - 2014-03-18 10:05 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nasenhirsch\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-18 09:57 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-18 09:54 - 2006-12-20 21:42 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-03-18 09:54 - 2006-11-02 14:01 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-18 09:52 - 2014-03-18 09:44 - 00000000 ____D () C:\AdwCleaner 2014-03-18 09:41 - 2014-03-18 09:41 - 01950720 _____ () C:\Users\Nasenhirsch\Desktop\adwcleaner.exe 2014-03-18 09:27 - 2012-06-13 09:42 - 00002591 _____ () C:\Users\Nasenhirsch\Desktop\Microsoft Office Word 2007.lnk 2014-03-18 09:20 - 2012-04-13 08:10 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\LBV 2014-03-18 08:13 - 2006-12-20 22:21 - 02166094 _____ () C:\Windows\PFRO.log 2014-03-18 07:35 - 2013-08-10 08:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-18 07:28 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-17 17:19 - 2014-03-17 16:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-17 17:19 - 2014-03-17 16:13 - 00000000 ____D () C:\Users\Nasenhirsch\Desktop\mbar 2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-17 16:13 - 2014-03-17 16:13 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-17 16:05 - 2014-03-17 16:04 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Nasenhirsch\Desktop\mbar-1.07.0.1009.exe 2014-03-16 16:40 - 2014-03-16 12:55 - 00031522 _____ () C:\Users\Nasenhirsch\Downloads\Addition.txt 2014-03-16 14:39 - 2014-03-16 14:39 - 00006621 _____ () C:\Users\Nasenhirsch\Downloads\gmer.log 2014-03-16 13:05 - 2014-03-16 13:05 - 00380416 _____ () C:\Users\Nasenhirsch\Downloads\Gmer-19357.exe 2014-03-16 12:51 - 2014-03-16 12:51 - 01145856 _____ (Farbar) C:\Users\Nasenhirsch\Desktop\FRST.exe 2014-03-16 12:50 - 2014-03-16 12:48 - 00000484 _____ () C:\Users\Nasenhirsch\Downloads\defogger_disable.log 2014-03-16 12:48 - 2014-03-16 12:48 - 00000000 _____ () C:\Users\Nasenhirsch\defogger_reenable 2014-03-16 12:48 - 2007-03-03 14:41 - 00000000 ____D () C:\Users\Nasenhirsch 2014-03-16 12:47 - 2014-03-16 12:47 - 00050477 _____ () C:\Users\Nasenhirsch\Downloads\Defogger.exe 2014-03-16 12:39 - 2014-03-16 12:39 - 00000796 _____ () C:\Windows\setupact.log 2014-03-16 12:39 - 2014-03-16 12:39 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-16 11:15 - 2012-08-29 13:27 - 00002064 _____ () C:\Users\Nasenhirsch\Desktop\Google Chrome.lnk 2014-03-13 19:46 - 2012-04-06 12:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-13 19:46 - 2011-05-21 19:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-13 06:50 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-03-13 06:28 - 2011-06-20 18:07 - 00004892 _____ () C:\Users\Nasenhirsch\AppData\Local\d3d9caps.dat 2014-03-12 20:18 - 2006-11-02 13:47 - 00312720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-12 20:15 - 2008-09-25 07:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-12 19:32 - 2009-07-16 19:55 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-12 19:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-03-10 18:11 - 2010-06-25 15:52 - 00000000 ____D () C:\Users\Nasenhirsch\AppData\Local\Audible 2014-03-09 11:13 - 2012-06-13 09:41 - 00002633 _____ () C:\Users\Nasenhirsch\Desktop\Microsoft Office PowerPoint 2007.lnk 2014-03-08 08:41 - 2012-11-27 17:56 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\Mäusestrategie 2014-03-06 20:21 - 2007-03-03 15:55 - 00019860 _____ () C:\Users\Nasenhirsch\AppData\Roaming\wklnhst.dat 2014-03-01 16:18 - 2011-06-07 16:51 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\Studium 2014-02-28 08:16 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-23 17:56 - 2012-08-09 07:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-23 06:50 - 2014-03-12 19:17 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-23 06:47 - 2014-03-12 19:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-23 06:43 - 2014-03-12 19:17 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-23 06:41 - 2014-03-12 19:17 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-23 06:40 - 2014-03-12 19:17 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-23 06:39 - 2014-03-12 19:17 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-23 06:38 - 2014-03-12 19:17 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-23 06:38 - 2014-03-12 19:17 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-23 06:38 - 2014-03-12 19:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-23 06:37 - 2014-03-12 19:17 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-23 06:37 - 2014-03-12 19:17 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-23 06:37 - 2014-03-12 19:17 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-23 06:37 - 2014-03-12 19:17 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-23 06:36 - 2014-03-12 19:17 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-23 06:36 - 2014-03-12 19:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-23 06:35 - 2014-03-12 19:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll Some content of TEMP: ==================== C:\Users\Nasenhirsch\AppData\Local\Temp\ose00000.exe C:\Users\Nasenhirsch\AppData\Local\Temp\Quarantine.exe C:\Users\Nasenhirsch\AppData\Local\Temp\_isA37A.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-18 10:06 ==================== End Of Log ============================ |
|
19.03.2014, 11:24
| #12 |
| | Verdacht eine verseuchte E-Mail geöffnet zu haben. Sieht gut aus. Damit sollten wir durch sein. Updates Bitte lade dir von Microsoft die neuste Version des Internet Explorers runter: Laden Sie Internet Explorer herunte Klicke nun auf den Windowsbutton in der Taskleiste und dort wiederum auf "Systemsteuerung". Wenn du hier angelangt bist, gehe auf "Programme deinstallieren" unter "Programme". Deinstalliere hier alle alten Java- und Flash-Versionen.
Öffne bitte mit beiden Browsern Adobe - Adobe Flash Player installieren installieren und lade dir die neueste Version herunter. Entferne beim installieren den Haken bei McAfee Security Plus. Ich sehe in deinen Logs nichts gefährliches mehr. Cleanup Die Reihenfolge ist hier entscheidend.
Tipps  Welches Antiviren-Programm soll ich nehmen?Es gibt kein Antiviren-Programm, dass alle schädlinge findet. Du kannst dich nicht 100%-ig auf das Programm verlassen, es hängt immernoch von deinem Verhalten ab. Mit dem richtigen Verhalten schützt du dich am besten davor, dass du überhaupt infiziert wirst.
Nutze immer nur ein Antiviren Programm, da mehrere sich gegenseitig blockieren werden und es somit mehr schadet, als es nutzt. Falls du mehr als einen installiert hast, entscheide dich für einen von denen und deinstalliere die anderen. Halte ausserdem dein Antiviren-Programm immer aktuell, denn durch eine veraltete Datenbank kann das das Programm die neuen Infektionen nicht finden.
Du kannst auch regelmäßig einen On-Demand Scanner laufen lassen um dir eine zweite Meinung zu holen. Ein On-Demand Scanner läuft im gegensatz zu einem normalem Antiviren-Programm nicht ständig mit sondern nur wenn du ihm sagst, dass er das System scannen soll.
Was sollte ich vor dem Runterladen beachten?
Sonstige Tipps
Wenn du das Trojaner-Board untersützten willst, kannst du gerne Spenden. Ich wünsche dir noch eine schöne Zeit. |
|
19.03.2014, 19:49
| #13 |
| |  Verdacht eine verseuchte E-Mail geöffnet zu haben. DANKE!!!!  |
|
| Themen zu Verdacht eine verseuchte E-Mail geöffnet zu haben. |
| browser, chromium, desktop, e-mail, email, entfernen, error, excel, firefox, flash player, google, helper, home, homepage, langsam, mozilla, port, registry, rundll, scan, security, software, svchost.exe, symantec, system, tracker, windows |
Linear-Darstellung
