|
Plagegeister aller Art und deren Bekämpfung: Windows 7: Internetoptionen lassen sich nicht öffnen!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.03.2014, 14:28 | #1 |
| Windows 7: Internetoptionen lassen sich nicht öffnen! Hallo, ich kann seit heute nicht mehr den Menüpunkt "Internetoptionen" in den Systemeinstellungen öffnen. Da ich vor kurzem meine Firewall ausgeschaltet habe, befürchte ich, dass sich ein Trojaner oder ähnliches bei mir eingeschlichen hat. FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by jones (administrator) on JONES-HP on 21-03-2014 13:57:46 Running from C:\Users\jones\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (SafetyNut Inc.) C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Somoto) C:\Users\jones\AppData\Local\FilesFrog Update Checker\update_checker.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Dropbox, Inc.) C:\Users\jones\AppData\Roaming\Dropbox\bin\Dropbox.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (SafetyNut Inc.) C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe (SafetyNut Inc.) C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Trend Micro Inc.) C:\Users\jones\Desktop\HiJackThis204.exe (Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-16] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [] - [X] HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] () HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602680 2010-07-02] (Hewlett-Packard Company) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.) HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-14] (Microsoft Corporation) HKU\S-1-5-21-3832247349-3041285599-920539877-1001\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] () HKU\S-1-5-21-3832247349-3041285599-920539877-1001\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company) HKU\S-1-5-21-3832247349-3041285599-920539877-1001\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-3832247349-3041285599-920539877-1001\...\Run: [SDP] - C:\Users\jones\AppData\Local\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto) HKU\S-1-5-21-3832247349-3041285599-920539877-1001\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-3832247349-3041285599-920539877-1001\...\MountPoints2: {e3b4ea8a-939b-11e1-a536-806e6f6e6963} - E:\StartCD.exe AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\ProgramData\Wincert\win64cert.dll [8704 2013-12-31] () AppInit_DLLs: C:\PROGRA~2\MOVIES~1\SAFETY~1\x64\SAFETY~2.DLL => C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetyldr.dll [23560 2014-02-05] () AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-12-31] () AppInit_DLLs-x32: C:\PROGRA~2\MOVIES~1\SAFETY~1\SAFETY~2.DLL => C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetyldr.dll [19976 2014-02-05] () Startup: C:\Users\jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\jones\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll [486408 2014-02-05] () HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll [658952 2014-02-05] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0FE1E842-2C8F-48DF-B30C-E9BBB2203FF5} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM - {F35F599F-9EC9-424D-9673-A3E1C2699A88} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0FE1E842-2C8F-48DF-B30C-E9BBB2203FF5} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {F35F599F-9EC9-424D-9673-A3E1C2699A88} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - {0FE1E842-2C8F-48DF-B30C-E9BBB2203FF5} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {F35F599F-9EC9-424D-9673-A3E1C2699A88} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll () BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll () BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll () Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll () Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\l752tqak.default FF user.js: detected! => C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\l752tqak.default\user.js FF SearchEngineOrder.1: Ask.com FF Homepage: about:home FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\l752tqak.default\searchplugins\Ask.xml FF SearchPlugin: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\l752tqak.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\l752tqak.default\searchplugins\BrowserProtect.xml FF SearchPlugin: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\l752tqak.default\searchplugins\delta.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Movies Toolbar (Dist. by Somoto Ltd.) - C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\l752tqak.default\Extensions\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} [2014-03-12] FF Extension: Quick Translator - C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\l752tqak.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19} [2013-05-04] FF Extension: Ad-Aware Security Add-on - C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\l752tqak.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2014-03-21] FF Extension: Ask New Tabs - C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\l752tqak.default\Extensions\{9A7DF664-82DC-020F-C190-9A665AF83389} [2014-03-12] FF Extension: DownloadHelper - C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\l752tqak.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-29] FF Extension: PricePeep - C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\l752tqak.default\Extensions\pricepeep@getpricepeep.com.xpi [2013-09-10] FF Extension: YouTube Cinema Mode . - C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\l752tqak.default\Extensions\youtube-cinemode@gmail.com.xpi [2013-05-04] FF Extension: Quick Translator - C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\l752tqak.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-05-04] FF Extension: SoundCloud Downloader - Technowise - C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\l752tqak.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-05-04] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2014-03-21] ==================== Services (Whitelisted) ================= R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] () R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.) R2 SafetyNutManager; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3449864 2014-02-05] (SafetyNut Inc.) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-05-02] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20130614.001\IDSvia64.sys [513184 2013-06-14] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20130615.008\ENG64.SYS [126040 2013-05-25] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20130615.008\EX64.SYS [2098776 2013-05-25] (Symantec Corporation) S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2013-05-03] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation) R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-21 13:57 - 2014-03-21 13:58 - 00022656 _____ () C:\Users\jones\Desktop\FRST.txt 2014-03-21 13:57 - 2014-03-21 13:57 - 00000000 ____D () C:\FRST 2014-03-21 13:56 - 2014-03-21 13:56 - 00000472 _____ () C:\Users\jones\Desktop\defogger_disable.log 2014-03-21 13:56 - 2014-03-21 13:56 - 00000000 _____ () C:\Users\jones\defogger_reenable 2014-03-21 13:55 - 2014-03-21 13:55 - 02157056 _____ (Farbar) C:\Users\jones\Desktop\FRST64.exe 2014-03-21 13:55 - 2014-03-21 13:55 - 00380416 _____ () C:\Users\jones\Desktop\Gmer-19357.exe 2014-03-21 13:55 - 2014-03-21 13:55 - 00050477 _____ () C:\Users\jones\Desktop\Defogger.exe 2014-03-21 13:47 - 2014-03-21 13:47 - 00013715 _____ () C:\Users\jones\Desktop\hijackthis.log 2014-03-21 13:46 - 2014-03-21 13:46 - 00388608 _____ (Trend Micro Inc.) C:\Users\jones\Desktop\HiJackThis204.exe 2014-03-21 13:12 - 2014-03-21 13:12 - 00000000 ____D () C:\Users\jones\AppData\Roaming\LavasoftStatistics 2014-03-21 13:06 - 2014-03-21 13:06 - 00027136 _____ () C:\Windows\system32\bddel.exe 2014-03-21 13:06 - 2014-03-21 13:06 - 00019698 _____ () C:\Windows\system32\bddel.dat 2014-03-21 12:54 - 2014-03-21 12:54 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2014-03-21 12:54 - 2014-03-21 12:54 - 00000000 ____D () C:\Program Files\Lavasoft 2014-03-21 12:53 - 2014-03-21 12:53 - 00000000 ____D () C:\Users\jones\AppData\Local\adawarebp 2014-03-21 12:53 - 2014-03-21 12:53 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-03-21 12:53 - 2014-03-21 12:53 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner 2014-03-21 12:53 - 2014-03-21 12:53 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-03-21 12:52 - 2014-03-21 12:52 - 00000000 ____D () C:\Users\jones\AppData\Roaming\Lavasoft 2014-03-21 12:52 - 2014-03-21 12:52 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-03-21 12:35 - 2014-03-21 12:35 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-03-21 11:41 - 2014-03-21 11:41 - 01727624 _____ () C:\Users\jones\Desktop\Adaware_Installer_11.1.5354.exe 2014-03-20 19:31 - 2014-03-20 19:38 - 11829248 _____ () C:\Users\jones\Desktop\a91.9.rar.part 2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\jones\Desktop\wlan_wiz 2014-03-17 20:15 - 2014-03-17 20:27 - 129676320 _____ (A.I.SOFT,INC.) C:\Users\jones\Desktop\DCP-7055W-inst-B1-EU.EXE 2014-03-17 19:22 - 2014-03-17 22:00 - 00018477 _____ () C:\Users\jones\Documents\Lebenslauf_aktuell.odt 2014-03-13 18:24 - 2014-03-13 18:24 - 01345427 _____ () C:\Users\jones\Desktop\rave.ai 2014-03-13 17:12 - 2014-03-13 17:12 - 00000000 ____D () C:\Users\jones\Desktop\tondu 2014-03-12 21:07 - 2014-03-12 21:07 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-12 18:14 - 2014-03-12 18:14 - 00000000 ____D () C:\ProgramData\Browser Manager 2014-03-12 18:14 - 2014-03-12 18:14 - 00000000 ____D () C:\ProgramData\BitGuard 2014-03-12 17:39 - 2014-03-21 13:09 - 00000000 ____D () C:\ProgramData\SafetyNut 2014-03-12 17:39 - 2014-03-12 17:39 - 00000000 ____D () C:\ProgramData\Wincert 2014-03-12 17:39 - 2014-03-12 17:39 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar 2014-03-12 17:36 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-12 17:36 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-12 17:36 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-12 17:36 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-12 17:36 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-12 17:36 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-12 17:36 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-12 17:36 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-12 17:36 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-12 17:36 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-12 17:36 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-12 17:36 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-12 17:36 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-12 17:36 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-12 17:36 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-12 17:36 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-12 17:36 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-12 17:36 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-12 17:36 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-12 17:36 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-12 17:36 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-12 17:36 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-12 17:36 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-12 17:36 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-12 17:36 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-12 17:36 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-12 17:36 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-12 17:36 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-12 17:36 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-12 17:36 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-12 17:36 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-12 17:36 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-12 17:36 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-12 17:36 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-12 17:36 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-12 17:36 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-12 17:36 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-12 17:36 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-12 17:36 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-12 17:36 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-12 17:36 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 17:36 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 17:36 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-12 17:32 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 17:32 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-02-20 23:29 - 2014-02-20 23:30 - 00006374 _____ () C:\Users\jones\Documents\praesi.odt 2014-02-20 14:29 - 2014-02-20 14:29 - 00004478 _____ () C:\Users\jones\Documents\Not only management also helping.odt ==================== One Month Modified Files and Folders ======= 2014-03-21 13:58 - 2014-03-21 13:57 - 00022656 _____ () C:\Users\jones\Desktop\FRST.txt 2014-03-21 13:57 - 2014-03-21 13:57 - 00000000 ____D () C:\FRST 2014-03-21 13:56 - 2014-03-21 13:56 - 00000472 _____ () C:\Users\jones\Desktop\defogger_disable.log 2014-03-21 13:56 - 2014-03-21 13:56 - 00000000 _____ () C:\Users\jones\defogger_reenable 2014-03-21 13:56 - 2012-05-01 14:47 - 00000000 ____D () C:\Users\jones 2014-03-21 13:55 - 2014-03-21 13:55 - 02157056 _____ (Farbar) C:\Users\jones\Desktop\FRST64.exe 2014-03-21 13:55 - 2014-03-21 13:55 - 00380416 _____ () C:\Users\jones\Desktop\Gmer-19357.exe 2014-03-21 13:55 - 2014-03-21 13:55 - 00050477 _____ () C:\Users\jones\Desktop\Defogger.exe 2014-03-21 13:50 - 2013-05-04 14:40 - 00000000 ____D () C:\Users\jones\AppData\Roaming\Dropbox 2014-03-21 13:47 - 2014-03-21 13:47 - 00013715 _____ () C:\Users\jones\Desktop\hijackthis.log 2014-03-21 13:46 - 2014-03-21 13:46 - 00388608 _____ (Trend Micro Inc.) C:\Users\jones\Desktop\HiJackThis204.exe 2014-03-21 13:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-03-21 13:12 - 2014-03-21 13:12 - 00000000 ____D () C:\Users\jones\AppData\Roaming\LavasoftStatistics 2014-03-21 13:09 - 2014-03-12 17:39 - 00000000 ____D () C:\ProgramData\SafetyNut 2014-03-21 13:06 - 2014-03-21 13:06 - 00027136 _____ () C:\Windows\system32\bddel.exe 2014-03-21 13:06 - 2014-03-21 13:06 - 00019698 _____ () C:\Windows\system32\bddel.dat 2014-03-21 13:06 - 2013-09-18 20:33 - 00000000 ____D () C:\Program Files (x86)\PricePeep 2014-03-21 12:55 - 2009-07-14 05:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-21 12:55 - 2009-07-14 05:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-21 12:54 - 2014-03-21 12:54 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2014-03-21 12:54 - 2014-03-21 12:54 - 00000000 ____D () C:\Program Files\Lavasoft 2014-03-21 12:53 - 2014-03-21 12:53 - 00000000 ____D () C:\Users\jones\AppData\Local\adawarebp 2014-03-21 12:53 - 2014-03-21 12:53 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-03-21 12:53 - 2014-03-21 12:53 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner 2014-03-21 12:53 - 2014-03-21 12:53 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-03-21 12:52 - 2014-03-21 12:52 - 00000000 ____D () C:\Users\jones\AppData\Roaming\Lavasoft 2014-03-21 12:52 - 2014-03-21 12:52 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-03-21 12:51 - 2010-09-03 14:36 - 01833432 _____ () C:\Windows\WindowsUpdate.log 2014-03-21 12:49 - 2013-05-04 14:43 - 00000000 ___RD () C:\Users\jones\Dropbox 2014-03-21 12:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-21 12:47 - 2009-07-14 05:51 - 00068007 _____ () C:\Windows\setupact.log 2014-03-21 12:35 - 2014-03-21 12:35 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-03-21 12:07 - 2013-05-02 15:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-21 11:41 - 2014-03-21 11:41 - 01727624 _____ () C:\Users\jones\Desktop\Adaware_Installer_11.1.5354.exe 2014-03-21 11:21 - 2014-02-17 14:25 - 00001975 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-21 10:51 - 2010-07-20 22:46 - 00644310 _____ () C:\Windows\system32\perfh007.dat 2014-03-21 10:51 - 2010-07-20 22:46 - 00126580 _____ () C:\Windows\system32\perfc007.dat 2014-03-21 10:51 - 2009-07-14 06:13 - 01473514 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-21 10:30 - 2014-02-06 18:22 - 00000119 _____ () C:\Users\jones\Desktop\Neues Textdokument (3).txt 2014-03-20 19:38 - 2014-03-20 19:31 - 11829248 _____ () C:\Users\jones\Desktop\a91.9.rar.part 2014-03-19 17:33 - 2013-05-03 11:09 - 00000000 ____D () C:\Users\jones\AppData\Local\Adobe 2014-03-18 16:06 - 2012-05-01 15:42 - 00047358 _____ () C:\Windows\PFRO.log 2014-03-17 22:00 - 2014-03-17 19:22 - 00018477 _____ () C:\Users\jones\Documents\Lebenslauf_aktuell.odt 2014-03-17 20:32 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\jones\Desktop\wlan_wiz 2014-03-17 20:27 - 2014-03-17 20:15 - 129676320 _____ (A.I.SOFT,INC.) C:\Users\jones\Desktop\DCP-7055W-inst-B1-EU.EXE 2014-03-17 19:29 - 2014-02-10 08:49 - 00000000 ____D () C:\Users\jones\AppData\Roaming\ControlCenter4 2014-03-13 21:52 - 2009-07-14 05:45 - 04921312 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-13 18:24 - 2014-03-13 18:24 - 01345427 _____ () C:\Users\jones\Desktop\rave.ai 2014-03-13 17:14 - 2012-05-01 14:52 - 00069536 _____ () C:\Users\jones\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-13 17:12 - 2014-03-13 17:12 - 00000000 ____D () C:\Users\jones\Desktop\tondu 2014-03-12 21:22 - 2013-05-03 12:22 - 00000000 ____D () C:\Users\jones\AppData\Roaming\vlc 2014-03-12 21:07 - 2014-03-12 21:07 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-12 21:07 - 2013-05-02 15:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 21:07 - 2013-05-02 15:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-12 21:07 - 2013-05-02 15:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-12 18:14 - 2014-03-12 18:14 - 00000000 ____D () C:\ProgramData\Browser Manager 2014-03-12 18:14 - 2014-03-12 18:14 - 00000000 ____D () C:\ProgramData\BitGuard 2014-03-12 17:39 - 2014-03-12 17:39 - 00000000 ____D () C:\ProgramData\Wincert 2014-03-12 17:39 - 2014-03-12 17:39 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar 2014-03-01 07:05 - 2014-03-12 17:36 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 06:17 - 2014-03-12 17:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 06:16 - 2014-03-12 17:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 05:58 - 2014-03-12 17:36 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 05:52 - 2014-03-12 17:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 05:51 - 2014-03-12 17:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 05:42 - 2014-03-12 17:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 05:40 - 2014-03-12 17:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 05:37 - 2014-03-12 17:36 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 05:33 - 2014-03-12 17:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 05:33 - 2014-03-12 17:36 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 05:32 - 2014-03-12 17:36 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 05:30 - 2014-03-12 17:36 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 05:23 - 2014-03-12 17:36 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 05:17 - 2014-03-12 17:36 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 05:11 - 2014-03-12 17:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-01 05:02 - 2014-03-12 17:36 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 04:54 - 2014-03-12 17:36 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:52 - 2014-03-12 17:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-01 04:51 - 2014-03-12 17:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-12 17:36 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 04:43 - 2014-03-12 17:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-01 04:43 - 2014-03-12 17:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-01 04:42 - 2014-03-12 17:36 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:40 - 2014-03-12 17:36 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-01 04:38 - 2014-03-12 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-01 04:37 - 2014-03-12 17:36 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-01 04:35 - 2014-03-12 17:36 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 04:18 - 2014-03-12 17:36 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 04:16 - 2014-03-12 17:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-01 04:14 - 2014-03-12 17:36 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-12 17:36 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-12 17:36 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 04:00 - 2014-03-12 17:36 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-01 03:57 - 2014-03-12 17:36 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-12 17:36 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-12 17:36 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-12 17:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-12 17:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-12 17:36 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-20 23:42 - 2013-05-09 17:46 - 00000000 ____D () C:\Users\jones\AppData\Roaming\SoftGrid Client 2014-02-20 23:30 - 2014-02-20 23:29 - 00006374 _____ () C:\Users\jones\Documents\praesi.odt 2014-02-20 14:29 - 2014-02-20 14:29 - 00004478 _____ () C:\Users\jones\Documents\Not only management also helping.odt Some content of TEMP: ==================== C:\Users\jones\AppData\Local\Temp\8af947d4-3c93-49f4-bef5-28562c5d2735.exe C:\Users\jones\AppData\Local\Temp\appshat-distribution.exe C:\Users\jones\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\jones\AppData\Local\Temp\Delta.exe C:\Users\jones\AppData\Local\Temp\DeltaTB.exe C:\Users\jones\AppData\Local\Temp\FLVPlayerSetup.exe C:\Users\jones\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe C:\Users\jones\AppData\Local\Temp\HPQSi.exe C:\Users\jones\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe C:\Users\jones\AppData\Local\Temp\MSNEA2F.exe C:\Users\jones\AppData\Local\Temp\MybabylonTB.exe C:\Users\jones\AppData\Local\Temp\OptimizerPro.exe C:\Users\jones\AppData\Local\Temp\pricepeep_130001_0101.exe C:\Users\jones\AppData\Local\Temp\uninst1.exe C:\Users\jones\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\jones\AppData\Local\Temp\VirtualRouterPlusSetup.exe C:\Users\jones\AppData\Local\Temp\WSSetup.exe C:\Users\jones\AppData\Local\Temp\_is5A82.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-21 13:30 ==================== End Of Log ============================ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by jones at 2014-03-21 13:58:42 Running from C:\Users\jones\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Ad-Aware Antivirus (HKLM\...\{6A16ADA5-0B30-4893-84AB-961B1340D14A}_AdAwareUpdater) (Version: 11.1.5354.0 - Lavasoft) Ad-Aware Security Add-on (HKLM-x32\...\adawaretb) (Version: 3.8.0.10 - Lavasoft) AdAwareInstaller (Version: 11.1.5354.0 - Lavasoft) Hidden AdAwareUpdater (Version: 11.1.5354.0 - Lavasoft) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden Adobe Reader 9.3 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.0 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc) AntimalwareEngine (Version: 2.6.0.0 - Lavasoft) Hidden Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Brother MFL-Pro Suite DCP-7055W (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.) Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version: - ) <==== ATTENTION Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.) CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.) CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version: - ) <==== ATTENTION Free Screen Video Recorder version 2.5.29.430 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.29.430 - DVDVideoSoft Ltd.) HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden HP Documentation (HKLM-x32\...\{B360E24A-BF25-4353-AA79-1B54F509024A}) (Version: 1.0.0.0 - Hewlett-Packard) HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{62BD9D85-46D9-400E-95F1-A09B667CB57F}) (Version: 3.5.23.1 - Hewlett-Packard Company) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2131 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation) iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.) Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.) Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.) Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movies Toolbar for Firefox (Dist. by Somoto Ltd.) (HKLM-x32\...\somotomoviestoolbar1FF) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Native Instruments Service Center (x32 Version: 2.0.6.001 - Native Instruments) Hidden Native Instruments Traktor (Version: 1.1.2.004 - Native Instruments) Hidden No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23) Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.) Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.) PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden Prezi (HKLM-x32\...\{BD44409B-A691-4B97-B33D-F07E1DE791F3}) (Version: 5.0.5 - Ihr Firmenname) PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.3 - betwikx LLC) <==== ATTENTION Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden Reloop ASIO Driver 1.10 (HKLM\...\Reloop ASIO Driver 1.10) (Version: 1.10 - Reloop) RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.) Scansoft PDF Professional (x32 Version: - ) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.0 - Synaptics Incorporated) VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN) Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) XnView 2.00 (HKLM-x32\...\XnView_is1) (Version: 2.00 - Gougelet Pierre-e) ==================== Restore Points ========================= 18-02-2014 13:31:58 Windows Update 25-02-2014 14:59:47 Windows Update 05-03-2014 15:51:33 Windows Update 11-03-2014 14:55:52 Windows Update 12-03-2014 20:23:16 Windows Update 16-03-2014 20:15:14 Windows Update 21-03-2014 11:35:28 AA11 21-03-2014 11:51:43 AA11 ==================== Hosts content: ========================== 2013-09-14 11:56 - 2013-09-14 12:33 - 00001929 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {06B65FAB-2BFA-4172-8777-AC6E145386BE} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation) Task: {5D0C303B-19FD-470A-AF48-723176DA09B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {7400999D-B28F-40A2-A785-B92794E0EEDE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-30] (Hewlett-Packard Company) Task: {7587B5BB-DB7A-4DC9-AD71-138012F51B32} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] () Task: {A3A34562-8E09-4BCA-AC5B-8970AE59DCE9} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] () Task: {A3B16759-171D-499C-874C-0C50B3305A48} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation) Task: {B97F7EEA-DB19-403A-B64F-0F2BAEE086EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-30] (Hewlett-Packard Company) Task: {D56AB7E0-09A6-4CDC-9F89-1BE9E8AD87E8} - System32\Tasks\AdobeAAMUpdater-1.0-jones-HP-jones => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {F93A880E-DBA1-4456-863B-8028F1805B51} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ? ==================== Loaded Modules (whitelisted) ============= 2014-03-12 17:39 - 2014-02-05 19:13 - 00658952 _____ () C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll 2010-07-02 10:51 - 2010-07-02 10:51 - 00027192 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 2014-01-23 16:09 - 2014-01-23 16:09 - 00702744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe 2014-01-23 16:30 - 2014-01-23 16:30 - 00103800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_thread-vc100-mt-1_55.dll 2014-01-23 16:30 - 2014-01-23 16:30 - 00024440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_system-vc100-mt-1_55.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00033656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_chrono-vc100-mt-1_55.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00055680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_date_time-vc100-mt-1_55.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00123776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_filesystem-vc100-mt-1_55.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 03720040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareServiceKernel.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00685904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SQLite.dll 2014-01-23 16:30 - 2014-01-23 16:30 - 00158032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\pugixml.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 02595144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\RCF.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00788856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_regex-vc100-mt-1_55.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00602984 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareActivation.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00291192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareApplicationUpdater.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00142696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareGamingMode.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00098648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareReset.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00120152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTime.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00268152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdater.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00198024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdaterScheduler.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00417128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIgnoreList.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00253800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareQuarantine.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00293744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiMalwareEngine.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00212336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiRootkitEngine.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00509808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerHistory.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00607584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScanner.dll 2014-01-23 16:30 - 2014-01-23 16:30 - 00035192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_timer-vc100-mt-1_55.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00325488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerScheduler.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00333688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareRealTimeProtection.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00227688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIncompatibles.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00219488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiSpam.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00129896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiPhishing.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00599920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareParentalControl.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 01926504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareWebProtection.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00263536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareEmailProtection.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00650608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareNetworkProtection.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00490848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareInstaller.dll 2014-01-23 16:30 - 2014-01-23 16:30 - 00106824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\zlib.dll 2014-01-23 16:30 - 2014-01-23 16:30 - 00149840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\libssh2.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00358744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwarePromo.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00291680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareFeedback.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00154464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SecurityCenter.dll 2013-07-17 17:10 - 2013-07-17 17:10 - 00777296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\BDSmartDB.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 04114264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe 2014-01-23 16:29 - 2014-01-23 16:29 - 00500088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_locale-vc100-mt-1_55.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00361824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\HtmlFramework.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00066904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\DllStorage.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00788848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTrayDefaultSkin.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00139608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\Localization.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-12 17:39 - 2014-02-05 19:13 - 00486408 _____ () C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll 2014-03-12 17:39 - 2014-02-05 19:13 - 00019976 _____ () C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetyldr.dll 2010-05-19 09:05 - 2010-05-19 09:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll 2010-05-19 09:05 - 2010-05-19 09:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll 2010-05-19 09:05 - 2010-05-19 09:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\jones\AppData\Roaming\Dropbox\bin\libcef.dll 2010-02-09 17:58 - 2010-02-09 17:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll 2010-02-09 17:58 - 2010-02-09 17:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll 2010-02-09 17:58 - 2010-02-09 17:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll 2010-02-09 17:58 - 2010-02-09 17:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll 2010-02-09 17:58 - 2010-02-09 17:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll 2010-02-09 17:58 - 2010-02-09 17:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll 2010-02-09 17:58 - 2010-02-09 17:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll 2014-02-09 15:45 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2014-02-15 11:47 - 2014-02-15 11:47 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll 2010-09-03 14:40 - 2010-04-13 08:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-02-15 12:07 - 2014-02-15 12:07 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-03-12 21:07 - 2014-03-12 21:07 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:373E1720 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/21/2014 01:33:08 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (03/21/2014 00:48:27 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/21 12:48:27.495]: [00003684]: Initialize TwdsMain Class failed! Error: (03/21/2014 00:48:27 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/21 12:48:27.480]: [00003684]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/21/2014 00:48:27 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/21 12:48:27.480]: [00003684]: BrStiIf: GetDeviceList Failed! pStiInfo = 0x0.. Error: (03/21/2014 00:38:08 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/21 12:38:08.121]: [00004072]: Initialize TwdsMain Class failed! Error: (03/21/2014 00:38:08 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/21 12:38:08.120]: [00004072]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/21/2014 00:38:08 PM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/21 12:38:08.120]: [00004072]: BrStiIf: GetDeviceList Failed! pStiInfo = 0x0.. Error: (03/21/2014 10:32:01 AM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/21 10:32:01.568]: [00003408]: Initialize TwdsMain Class failed! Error: (03/21/2014 10:32:01 AM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/21 10:32:01.536]: [00003408]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/21/2014 10:32:01 AM) (Source: Brother BrLog) (User: ) Description: TWN BrtTWN: [2014/03/21 10:32:01.536]: [00003408]: BrStiIf: GetDeviceList Failed! pStiInfo = 0x0.. System errors: ============= Error: (03/20/2014 07:24:30 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error: (03/19/2014 05:24:46 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error: (03/19/2014 05:24:45 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Norton Online Backup" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/19/2014 05:24:45 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Norton Online Backup erreicht. Error: (03/18/2014 04:08:24 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error: (03/17/2014 07:11:52 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error: (03/17/2014 07:11:49 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Norton Online Backup" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/17/2014 07:11:49 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Norton Online Backup erreicht. Error: (03/16/2014 09:10:45 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error: (03/12/2014 05:39:22 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SafetyNut Manager" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Microsoft Office Sessions: ========================= Error: (03/21/2014 01:33:08 PM) (Source: SideBySide)(User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8 Error: (03/21/2014 00:48:27 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/21 12:48:27.495]: [00003684]: Initialize TwdsMain Class failed! Error: (03/21/2014 00:48:27 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/21 12:48:27.480]: [00003684]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/21/2014 00:48:27 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/21 12:48:27.480]: [00003684]: BrStiIf: GetDeviceList Failed! pStiInfo = 0x0.. Error: (03/21/2014 00:38:08 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/21 12:38:08.121]: [00004072]: Initialize TwdsMain Class failed! Error: (03/21/2014 00:38:08 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/21 12:38:08.120]: [00004072]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/21/2014 00:38:08 PM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/21 12:38:08.120]: [00004072]: BrStiIf: GetDeviceList Failed! pStiInfo = 0x0.. Error: (03/21/2014 10:32:01 AM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/21 10:32:01.568]: [00003408]: Initialize TwdsMain Class failed! Error: (03/21/2014 10:32:01 AM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/21 10:32:01.536]: [00003408]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/21/2014 10:32:01 AM) (Source: Brother BrLog)(User: ) Description: TWNBrtTWN: [2014/03/21 10:32:01.536]: [00003408]: BrStiIf: GetDeviceList Failed! pStiInfo = 0x0.. ==================== Memory info =========================== Percentage of memory in use: 75% Total physical RAM: 3893.86 MB Available physical RAM: 963.55 MB Total Pagefile: 7785.9 MB Available Pagefile: 5187.87 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:282.1 GB) (Free:183.55 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:15.7 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (KB3OPK_DE) (CDROM) (Total:1.87 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: CB9E9924) Partition: GPT Partition Type. ==================== End Of Log ============================ Gmer.txt Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-03-21 14:17:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.12.0 298,09GB Running: Gmer-19357.exe; Driver: C:\Users\jones\AppData\Local\Temp\kgtiypow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fb0000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002fb002f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Users\jones\AppData\Local\FilesFrog Update Checker\update_checker.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Users\jones\AppData\Local\FilesFrog Update Checker\update_checker.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Users\jones\AppData\Roaming\Dropbox\bin\Dropbox.exe[3740] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Users\jones\AppData\Roaming\Dropbox\bin\Dropbox.exe[3740] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[4016] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[4016] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe[4128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe[4128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f21465 2 bytes [F2, 74] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f214bb 2 bytes [F2, 74] .text ... * 2 ---- Processes - GMER 2.1 ---- Library C:\Users\jones\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\jones\AppData\Roaming\Dropbox\bin\Dropbox.exe [3740](2014-01-03 00:45:04) 0000000003d20000 Library C:\Users\jones\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\jones\AppData\Roaming\Dropbox\bin\Dropbox.exe [3740](2013-10-18 23:55:02) 0000000067e80000 Library C:\Users\jones\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\jones\AppData\Roaming\Dropbox\bin\Dropbox.exe [3740] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 00000000672a0000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:56 on 21/03/2014 (jones) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- |
21.03.2014, 15:41 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Internetoptionen lassen sich nicht öffnen!Zitat:
1. man kleistert sein System nicht mit derartiger Software zu, das ist in höchstem Maße kontraproduktiv! 2. Firewalls von Drittanbietern sind Quatsch mit Soße, die Windows-Firewall ist deutlich sinnvoller, schlanker und nicht so fehlerträchtig 3. verwende max. einen Virenscanner plus Windows-Firewall! (auch der Windows-Defender kann deaktiviert werden) Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
Themen zu Windows 7: Internetoptionen lassen sich nicht öffnen! |
ad-aware, antivirus, bonjour, defender, device driver, downloader, dvdvideosoft ltd., error, failed, fatal error, fehler, firefox, flash player, hijack, hijackthis, home, homepage, internetoptionen, launch, mozilla, nicht öffnen, programm, realtek, registry, scan, security, services.exe, software, symantec, trojaner, windows, windows 7 64 bit |