| |
| |||||||
Log-Analyse und Auswertung: HD-Total Addware in FirefoxWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.03.2014, 18:49
| #1 |
 |  HD-Total Addware in Firefox Hallo Als ich mich vor gut einer Woche via Kabel mit dem Internet verbunden habe, hat Norton Alarm geschlagen (suspicious Cloud 9). Ich hatte mir das Programm Virtual Wifi Router installiert, da es mir nicht erlaubt ist einen Hardwarerouter zu benützen. Nun zu meinem Problem. In meinem Browser hat sich das Addon HD-Total eingenistet, welches mich mit zwielichtigen Seiten zu verbinden versucht. Ich hatte dann einen Scan mit HijackThis gemacht, das Addon deinstalliert und folgenden Registryeintrag gelöscht: O2 - BHO: CrossriderApp0053360 - {11111111-1111-1111-1111-110511331160} - C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-bho.dll Das Addon installiert sich aber immer wieder selbst und ist auch in den programfiles zu finden. Norton hatte vor geraumer Zeit auch mal den Zeustrojaner in einer Email gefunden und in die Quarantäne verschoben, falls sonst noch verdächtiges Zeug auftauchen sollte. Vielen Dank und hier noch die Logs Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:02:21, on 14.03.2014 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v11.0 (11.00.9600.16518) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Users\*****\AppData\Local\FilesFrog Update Checker\update_checker.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe C:\windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = hxxp://pac.zhaw.ch/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: CrossriderApp0053360 - {11111111-1111-1111-1111-110511331160} - C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-bho.dll O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Dropbox.lnk = *****\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr3.swh.mhn.de O17 - HKLM\System\CCS\Services\Tcpip\..\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: NameServer = 10.148.96.2,10.156.33.53 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr3.swh.mhn.de O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = zhaw.ch,sitecomwl351 O17 - HKLM\System\CS1\Services\Tcpip\..\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: NameServer = 10.148.96.2,10.156.33.53 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fr3.swh.mhn.de O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = zhaw.ch,sitecomwl351 O17 - HKLM\System\CS2\Services\Tcpip\..\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: NameServer = 10.148.96.2,10.156.33.53 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = zhaw.ch,sitecomwl351 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP SkyRoom (Hp.Skyroom.Windows.Service) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Remote Graphics Sender Service (rgsender) - Hewlett-Packard, Inc. - c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe O23 - Service: SEB Windows Service (SebWindowsService) - ETH Zurich - C:\Program Files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 16819 bytes Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:34 on 23/03/2014 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by ****** (administrator) on R108016 on 23-03-2014 17:37:48
Running from C:\Users\******\Documents\Toolsammlung_fuer_Virusscan
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe
(Hewlett-Packard Company) C:\windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Solid Documents, LLC) C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe
(ETH Zurich) C:\Program Files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard, Inc.) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(PortableApps.com) E:\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1690680 2009-11-19] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-11-19] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-18] (IDT, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2013-12-26] ()
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Smart File Advisor] - C:\Program Files (x86)\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-08-17] (Power Software Ltd)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-10-28] (Samsung Electronics Co., Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
IFEO\Utilman.exe: [Debugger]
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll ()
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Tcpip\..\Interfaces\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: [NameServer]10.148.96.2,10.156.33.53
Tcpip\..\Interfaces\{D15E7D67-71C5-48B9-8B7C-6F5D7C87E9C4}: [NameServer]160.85.192.100,160.85.193.100
FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default
FF user.js: detected! => C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\user.js
FF Homepage: www.google.ch
FF NetworkProxy: "autoconfig_url", "hxxp://pac.zhaw.ch/proxy.pac"
FF NetworkProxy: "backup.ftp", "46.163.66.107"
FF NetworkProxy: "backup.ftp_port", 1080
FF NetworkProxy: "backup.socks", "46.163.66.107"
FF NetworkProxy: "backup.socks_port", 1080
FF NetworkProxy: "backup.ssl", "46.163.66.107"
FF NetworkProxy: "backup.ssl_port", 1080
FF NetworkProxy: "ftp", "212.144.254.123"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "212.144.254.123"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.144.254.123"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "212.144.254.123"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HD-Total-1.1 - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com [2014-03-16]
FF Extension: Copy Links - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5} [2011-08-09]
FF Extension: WOT - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\admin@proxy-listen.de.xpi [2013-01-19]
FF Extension: Flagfox - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-09]
FF Extension: NoScript - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-12-20]
FF Extension: BugMeNot Plugin - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2013-01-02]
FF Extension: DownThemAll! - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-23]
==================== Services (Whitelisted) =================
R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-11-11] (McAfee, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
R2 Hp.Skyroom.Windows.Service; C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124984 2009-11-20] (Hewlett-Packard)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-11-11] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 rgsender; c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.)
R2 SCPDFReadSpool; C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe [193392 2012-09-10] (Solid Documents, LLC)
R2 SebWindowsService; C:\Program Files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe [32256 2012-12-19] (ETH Zurich)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe [244224 2009-11-18] (IDT, Inc.)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-23] (Symantec Corporation)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2010-10-18] (Ekahau Inc.)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-23] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140322.002\ENG64.SYS [126040 2014-03-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140322.002\EX64.SYS [2099288 2014-03-14] (Symantec Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-07-01] ()
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-11-11] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-11-11] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-11-11] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-11-11] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-11-11] (McAfee, Inc.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2010-10-11] (Acronis)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-03] ()
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2010-10-11] (Acronis)
U4 eabfiltr;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-23 17:37 - 2014-03-23 17:37 - 00000000 ____D () C:\FRST
2014-03-23 17:34 - 2014-03-23 17:34 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-03-23 17:33 - 2014-03-23 17:37 - 00000000 ____D () C:\Users\******\Documents\Toolsammlung_fuer_Virusscan
2014-03-20 18:51 - 2014-03-20 18:51 - 06659584 _____ () C:\Users\******\Downloads\SS 2013.zip
2014-03-20 15:43 - 2014-03-20 15:43 - 00009404 _____ () C:\Users\******\Desktop\Stundenplan.xlsx
2014-03-19 20:37 - 2014-03-19 20:37 - 00000000 ____D () C:\Users\******\AppData\Roaming\Skype
2014-03-19 18:45 - 2014-03-19 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-15 09:38 - 2014-03-15 12:41 - 00000000 ____D () C:\Users\******\Desktop\Scan_13.3.14
2014-03-14 10:41 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-14 10:41 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-14 10:41 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-14 10:41 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-14 10:41 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-14 10:41 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-14 10:41 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-14 10:41 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-14 10:41 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-14 10:41 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-14 10:41 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-14 10:41 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-14 10:41 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-14 10:41 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-14 10:41 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-14 10:41 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-14 10:41 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-14 10:41 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-14 10:41 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-14 10:41 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-14 10:41 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-14 10:41 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-14 10:41 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-14 10:41 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-14 10:41 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-14 10:41 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-14 10:41 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-14 10:41 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-14 10:41 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-14 10:41 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-14 10:41 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-14 10:41 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-14 10:41 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-14 10:41 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-14 10:41 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-14 10:41 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-14 10:41 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-14 10:41 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-14 10:41 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-14 10:41 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-14 07:45 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-14 07:45 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-14 07:45 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-14 07:45 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-14 07:45 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-14 07:45 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-14 07:44 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-14 07:44 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 20:49 - 2014-03-23 13:08 - 00000515 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-03-13 20:40 - 2014-03-23 14:45 - 00002528 _____ () C:\windows\Tasks\hdtotal1.1-firefoxinstaller.job
2014-03-13 20:40 - 2014-03-23 14:40 - 00003090 _____ () C:\windows\Tasks\hdtotal1.1-chromeinstaller.job
2014-03-13 20:40 - 2014-03-23 14:40 - 00001504 _____ () C:\windows\Tasks\hdtotal1.1-updater.job
2014-03-13 20:40 - 2014-03-23 14:40 - 00001458 _____ () C:\windows\Tasks\hdtotal1.1-codedownloader.job
2014-03-13 20:40 - 2014-03-23 14:40 - 00001358 _____ () C:\windows\Tasks\hdtotal1.1-enabler.job
2014-03-13 20:40 - 2014-03-18 14:41 - 00000000 ____D () C:\Program Files (x86)\hdtotal1.1
2014-03-13 20:40 - 2014-03-15 21:33 - 00000000 ____D () C:\Users\******\AppData\Local\FilesFrog Update Checker
2014-03-13 20:40 - 2014-03-13 20:40 - 00004534 _____ () C:\windows\System32\Tasks\hdtotal1.1-updater
2014-03-13 20:40 - 2014-03-13 20:40 - 00004488 _____ () C:\windows\System32\Tasks\hdtotal1.1-codedownloader
2014-03-13 20:40 - 2014-03-13 20:40 - 00004388 _____ () C:\windows\System32\Tasks\hdtotal1.1-enabler
2014-03-13 20:40 - 2014-03-13 20:40 - 00003250 _____ () C:\windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-03-13 20:40 - 2014-03-13 20:40 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2014-03-13 20:39 - 2014-03-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Virtual WiFi Router
2014-03-13 20:39 - 2014-03-13 20:39 - 00001139 _____ () C:\Users\Public\Desktop\Virtual WiFi Router.lnk
2014-03-13 20:37 - 2014-03-13 20:37 - 01081214 _____ (Virtual WiFi Router, Inc. ) C:\Users\******\Downloads\Virtual_WiFi_Router_3.0.1.1_Setup.exe
2014-03-06 09:51 - 2014-03-20 15:48 - 00000448 _____ () C:\windows\setupact.log
2014-03-06 09:51 - 2014-03-06 09:51 - 00000000 _____ () C:\windows\setuperr.log
2014-03-06 09:50 - 2014-03-06 09:50 - 00114018 _____ () C:\windows\PFRO.log
2014-03-06 09:19 - 2014-03-06 09:19 - 00029106 _____ () C:\Users\******\Desktop\cc_20140306_091848.reg
2014-02-24 13:22 - 2014-02-24 13:22 - 00947381 _____ () C:\Users\******\Downloads\Willkommen_in_Freising_-_Welcome_to_Freising!.zip
==================== One Month Modified Files and Folders =======
2014-03-23 17:37 - 2014-03-23 17:37 - 00000000 ____D () C:\FRST
2014-03-23 17:37 - 2014-03-23 17:33 - 00000000 ____D () C:\Users\******\Documents\Toolsammlung_fuer_Virusscan
2014-03-23 17:34 - 2014-03-23 17:34 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-03-23 17:34 - 2010-09-30 16:14 - 00000000 ____D () C:\Users\******
2014-03-23 17:29 - 2012-07-28 17:10 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-23 17:02 - 2013-01-20 10:57 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001UA.job
2014-03-23 14:45 - 2014-03-13 20:40 - 00002528 _____ () C:\windows\Tasks\hdtotal1.1-firefoxinstaller.job
2014-03-23 14:40 - 2014-03-13 20:40 - 00003090 _____ () C:\windows\Tasks\hdtotal1.1-chromeinstaller.job
2014-03-23 14:40 - 2014-03-13 20:40 - 00001504 _____ () C:\windows\Tasks\hdtotal1.1-updater.job
2014-03-23 14:40 - 2014-03-13 20:40 - 00001458 _____ () C:\windows\Tasks\hdtotal1.1-codedownloader.job
2014-03-23 14:40 - 2014-03-13 20:40 - 00001358 _____ () C:\windows\Tasks\hdtotal1.1-enabler.job
2014-03-23 14:01 - 2010-09-03 23:09 - 01055857 _____ () C:\windows\WindowsUpdate.log
2014-03-23 13:08 - 2014-03-13 20:49 - 00000515 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-03-23 12:43 - 2014-03-13 20:39 - 00000000 ____D () C:\Program Files (x86)\Virtual WiFi Router
2014-03-23 11:35 - 2013-01-20 10:57 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001Core.job
2014-03-22 15:18 - 2009-07-14 05:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 15:18 - 2009-07-14 05:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 01:22 - 2012-04-20 17:17 - 00000000 ____D () C:\Users\******\AppData\Roaming\vlc
2014-03-21 22:56 - 2012-03-11 15:34 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox
2014-03-21 20:42 - 2010-09-03 21:29 - 00723100 _____ () C:\windows\system32\perfh007.dat
2014-03-21 20:42 - 2010-09-03 21:29 - 00158370 _____ () C:\windows\system32\perfc007.dat
2014-03-21 20:42 - 2009-07-14 06:13 - 01667084 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-20 18:51 - 2014-03-20 18:51 - 06659584 _____ () C:\Users\******\Downloads\SS 2013.zip
2014-03-20 15:49 - 2012-03-11 15:40 - 00000000 ___RD () C:\Users\******\Dropbox
2014-03-20 15:49 - 2010-09-03 21:30 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-03-20 15:48 - 2014-03-06 09:51 - 00000448 _____ () C:\windows\setupact.log
2014-03-20 15:48 - 2012-05-08 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-20 15:48 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-20 15:43 - 2014-03-20 15:43 - 00009404 _____ () C:\Users\******\Desktop\Stundenplan.xlsx
2014-03-20 15:40 - 2012-09-10 12:44 - 00001370 _____ () C:\Users\******\AppData\Roaming\MobileToolAnyConnectV3.ini
2014-03-20 08:37 - 2013-05-17 11:02 - 00000000 ____D () C:\Users\******\Documents\Kochen
2014-03-19 22:57 - 2014-03-19 18:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 20:37 - 2014-03-19 20:37 - 00000000 ____D () C:\Users\******\AppData\Roaming\Skype
2014-03-19 18:06 - 2013-10-03 20:44 - 00000000 ____D () C:\Users\******\Documents\Arbeitspläne, Erzbierschof
2014-03-19 08:50 - 2010-09-30 16:44 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-03-19 08:46 - 2012-12-07 15:25 - 00000039 _____ () C:\windows\vbaddin.ini
2014-03-19 08:46 - 2012-09-08 14:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 08:45 - 2013-07-28 20:59 - 00000000 ____D () C:\windows\system32\MRT
2014-03-19 08:42 - 2010-10-05 21:46 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-18 14:41 - 2014-03-13 20:40 - 00000000 ____D () C:\Program Files (x86)\hdtotal1.1
2014-03-18 08:04 - 2011-11-08 21:29 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-18 08:04 - 2010-10-08 16:54 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-03-15 22:52 - 2012-05-28 14:09 - 00000000 ____D () C:\Users\******\Documents\Studium
2014-03-15 21:33 - 2014-03-13 20:40 - 00000000 ____D () C:\Users\******\AppData\Local\FilesFrog Update Checker
2014-03-15 20:09 - 2013-10-21 14:28 - 00000000 ____D () C:\Users\******\Documents\Bier
2014-03-15 12:41 - 2014-03-15 09:38 - 00000000 ____D () C:\Users\******\Desktop\Scan_13.3.14
2014-03-15 11:53 - 2009-07-14 05:45 - 00422576 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-15 11:52 - 2013-03-21 08:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 11:52 - 2013-03-21 08:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 10:20 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-13 20:40 - 2014-03-13 20:40 - 00004534 _____ () C:\windows\System32\Tasks\hdtotal1.1-updater
2014-03-13 20:40 - 2014-03-13 20:40 - 00004488 _____ () C:\windows\System32\Tasks\hdtotal1.1-codedownloader
2014-03-13 20:40 - 2014-03-13 20:40 - 00004388 _____ () C:\windows\System32\Tasks\hdtotal1.1-enabler
2014-03-13 20:40 - 2014-03-13 20:40 - 00003250 _____ () C:\windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-03-13 20:40 - 2014-03-13 20:40 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2014-03-13 20:39 - 2014-03-13 20:39 - 00001139 _____ () C:\Users\Public\Desktop\Virtual WiFi Router.lnk
2014-03-13 20:37 - 2014-03-13 20:37 - 01081214 _____ (Virtual WiFi Router, Inc. ) C:\Users\******\Downloads\Virtual_WiFi_Router_3.0.1.1_Setup.exe
2014-03-12 10:30 - 2012-07-28 17:10 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 10:30 - 2012-04-24 19:51 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 10:30 - 2011-07-18 18:44 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-06 23:10 - 2014-02-02 17:19 - 00000000 ____D () C:\Users\******\AppData\Local\JDownloader v2.0
2014-03-06 23:03 - 2011-07-17 13:08 - 00000000 ____D () C:\Users\******\Downloads\jdownloader
2014-03-06 09:51 - 2014-03-06 09:51 - 00000000 _____ () C:\windows\setuperr.log
2014-03-06 09:50 - 2014-03-06 09:50 - 00114018 _____ () C:\windows\PFRO.log
2014-03-06 09:19 - 2014-03-06 09:19 - 00029106 _____ () C:\Users\******\Desktop\cc_20140306_091848.reg
2014-03-01 10:47 - 2010-10-09 19:10 - 01612384 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-03-01 07:05 - 2014-03-14 10:41 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-14 10:41 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-14 10:41 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-14 10:41 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-14 10:41 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-14 10:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-14 10:41 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-14 10:41 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-14 10:41 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-14 10:41 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-14 10:41 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-14 10:41 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-14 10:41 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-14 10:41 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-14 10:41 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-14 10:41 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-14 10:41 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-14 10:41 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-14 10:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-14 10:41 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-14 10:41 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-14 10:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-14 10:41 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-14 10:41 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-14 10:41 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-14 10:41 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-14 10:41 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-14 10:41 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-14 10:41 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-14 10:41 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-14 10:41 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-14 10:41 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-14 10:41 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-14 10:41 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-14 10:41 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-14 10:41 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-14 10:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-14 10:41 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-14 10:41 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-14 10:41 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-25 13:49 - 2010-10-01 01:06 - 00000000 ____D () C:\windows\rescache
2014-02-24 13:22 - 2014-02-24 13:22 - 00947381 _____ () C:\Users\******\Downloads\Willkommen_in_Freising_-_Welcome_to_Freising!.zip
Files to move or delete:
====================
C:\Users\******\ptw12.exe
Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\setup.exe
C:\Users\******\AppData\Local\Temp\UpdateCheckerSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-22 15:11
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by ***** at 2014-03-23 17:38:22
Running from C:\Users\*****\Documents\Toolsammlung_fuer_Virusscan
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs)
Acronis*True*Image*Home (HKLM-x32\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9646.4 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Album Art Downloader XUI 0.45 (HKLM-x32\...\Album Art Downloader XUI) (Version: 0.45 - hxxp://sourceforge.net/projects/album-art)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Cambridge Advanced Learner's Dictionary - 2nd edition (HKLM-x32\...\cald2) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.36 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
Cisco AnyConnect VPN Client (HKLM-x32\...\{835A6F5F-BC13-48DF-BEBE-8D80B419D145}) (Version: 2.5.0217 - Cisco Systems, Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version: - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version: - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version: - Microsoft)
Drive Encryption for HP ProtectTools (HKLM\...\{D6782B98-BDC0-45F4-A046-9D26C475CBF8}) (Version: 5.0.2.10 - Hewlett-Packard)
Duplicate Music Files Finder 1.5.5 (HKLM-x32\...\Duplicate Music Files Finder_is1) (Version: - LC IBros Solutions S.R.L.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Ekahau HeatMapper (HKLM\...\${PRODUCT_ID}-1.1.1.37697) (Version: 1.1.1.37697 - Ekahau Inc.)
FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version: - ) <==== ATTENTION
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
hdtotal1.1 (HKLM-x32\...\hdtotal1.1) (Version: 1.34.3.6 - hdtotal)
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP 3D DriveGuard (HKLM\...\{7B4DEBE1-E3E3-45BD-88E6-6C3CA9EEED36}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Business Card Reader (HKLM-x32\...\{FD8234FF-A70D-4632-B146-F41AB37C0B24}) (Version: 0.6.3.0 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{B1FE3DA1-15C1-4AEB-85A6-883F8C4AFD42}) (Version: 2.0.2.1 - Hewlett-Packard Company)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
HP Power Assistant (HKLM\...\{BD7AB0B9-4491-4642-B6BB-2560648A0A22}) (Version: 1.0.2.4 - Hewlett-Packard)
HP Power Data (HKLM\...\{DC80F597-39DD-4C32-923E-EDF332E02820}) (Version: 1.0.5.74 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.12.754 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 5.12.754 - Hewlett-Packard Company) Hidden
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company)
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.4 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F484B}) (Version: 1.0.1.48 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}) (Version: 1.2.3557.3169 - Hewlett-Packard)
HP SkyRoom (HKLM-x32\...\InstallShield_{17DA6412-EC90-42D1-A9A4-661416750025}) (Version: 1.1.4.4794. - Hewlett-Packard)
HP SkyRoom (x32 Version: 1.1.4.4794. - Hewlett-Packard) Hidden
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{18F4179A-385F-40EE-AE2D-FA0E1BE62753}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.5 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Wallpaper (HKLM-x32\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.3 - Hewlett-Packard Company)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.6 - Sonix)
HP Wireless Assistant (HKLM\...\{518C838E-A21C-40BE-B844-648040C2491D}) (Version: 4.0.2.4 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6257.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.3 - Intel)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IsoBuster 3.0 (HKLM-x32\...\IsoBuster_is1) (Version: 3.0 - Smart Projects)
iTunes (HKLM\...\{B613A9BB-2B34-4824-A4BE-2427653D59D6}) (Version: 10.4.0.80 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KaloMa 4.78 (HKLM-x32\...\KaloMa_is1) (Version: - Frank Böpple)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.4.0.5 - Logitech) Hidden
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.97 - LSI Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Project MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
Mp3tag v2.46a (HKLM-x32\...\Mp3tag) (Version: v2.46a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.1.0.18 - Symantec Corporation)
NVIDIA Grafiktreiber 296.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.67 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA nView 136.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.28 - NVIDIA Corporation)
NVIDIA Systemsteuerung 296.67 (Version: 296.67 - NVIDIA Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
Private Tax 2011 1.5 (HKLM-x32\...\4095-7861-2728-4611) (Version: 1.5 - Information Factory AG)
Private Tax 2012 2.7 (HKLM-x32\...\6753-7911-9438-6061) (Version: 2.7 - Information Factory AG)
Private Tax 2013 1.3.0 (HKLM-x32\...\0579-4231-5684-8562) (Version: 1.3.0 - Information Factory AG)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QUICKfind (HKLM-x32\...\{593AFFA4-D08E-4272-BABB-420949D32A10}) (Version: - )
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.3.2 - Hewlett-Packard)
Remote Graphics Receiver (x32 Version: 5.3.2 - Hewlett-Packard) Hidden
Remote Graphics Sender (HKLM-x32\...\{2A08C71B-CC60-42EA-8DA2-FE5486E3B20B}) (Version: 5.3.2 - Hewlett-Packard)
Remote Graphics Sender (x32 Version: 5.3.2 - Hewlett-Packard) Hidden
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_5 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_5 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
SEB Windows 1.9.1 (HKLM-x32\...\{8CFB86C5-1505-4044-B10B-2790CBFB8C3E}) (Version: 1.9.1 - ETH Zuerich)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{DC528101-617D-4E9F-B131-F8F8C52E649B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{3C578F10-F74F-4655-B2A6-9F88A6C415E8}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Smart File Advisor 1.1.1 (HKLM-x32\...\Smart File Advisor_is1) (Version: 1.1.1 - Filefacts.net)
Solid Converter PDF (HKLM-x32\...\{56BFAA6E-2BCC-4AED-9233-84731E66B205}) (Version: 7.3.1541.0 - SolidDocuments)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.18 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.18 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.VISIOR_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PRJPROR_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{04DED3FB-DDB2-4C1E-A057-2A1FB97BE42D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{04DED3FB-DDB2-4C1E-A057-2A1FB97BE42D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version: - Microsoft)
Validity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
Virtual WiFi Router version 3.0 (HKLM-x32\...\{F5F33265-5CAA-4F12-AA8F-7F8384BF2A57}_is1) (Version: 3.0 - Virtual WiFi Router, Inc.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows 7 Default Setting (HKLM-x32\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.4 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinSCP 5.1.7 (HKLM-x32\...\winscp3_is1) (Version: 5.1.7 - Martin Prikryl)
XLSTAT 2013 (HKLM-x32\...\{68B36FA5-E276-4C03-A56C-EC25717E1668}) (Version: 15.2.06.755 - Addinsoft)
==================== Restore Points =========================
15-03-2014 08:19:47 Windows Update
19-03-2014 07:41:03 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1CA58B1F-2360-4945-A411-831DB15DE130} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {3422D09C-92E9-4EAB-888B-57314CAEAF4D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-20] (Google Inc.)
Task: {375B520F-240F-4DA9-AE3A-C82889182FD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {452A4DBB-C41B-4966-B439-63E2BD931246} - System32\Tasks\hdtotal1.1-firefoxinstaller => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-firefoxinstaller.exe [2014-03-13] (hdtotal)
Task: {596EAFF8-346A-4F4C-8CCA-58E0C2018305} - System32\Tasks\hdtotal1.1-enabler => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-enabler.exe [2014-03-13] (hdtotal)
Task: {5C13A787-1E8D-46FD-91D6-F5B69D7B2300} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\*****\AppData\Local\FilesFrog Update Checker\update_checker.exe [2013-10-17] (Somoto) <==== ATTENTION
Task: {645AD520-1C63-4B2D-A2B8-5F24A1AAE587} - System32\Tasks\hdtotal1.1-chromeinstaller => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-chromeinstaller.exe [2014-03-13] (hdtotal)
Task: {769B666A-6BED-4222-B7A0-3320FAA67A1D} - System32\Tasks\hdtotal1.1-codedownloader => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-codedownloader.exe [2014-03-13] (hdtotal)
Task: {770E6956-822B-407A-8687-7040078A5754} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A3627E6A-73BC-43C8-8649-0BDDDA336C21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A48CC206-0C44-4EC0-BA63-94E7E73426F9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-20] (Google Inc.)
Task: {A9A92F0C-2200-41A9-9E25-6E60B046A59B} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {B76BAB7C-26C4-4837-A847-7695AE2AA6F4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {B8F34854-B014-4987-8851-3772EE8209B9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {E131F5D2-257E-4882-8D6C-B49CCD8B04EF} - System32\Tasks\hdtotal1.1-updater => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-updater.exe [2014-03-13] (hdtotal)
Task: {F8324986-122F-4DCF-8D8B-C15FC68D62B5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\hdtotal1.1-chromeinstaller.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-chromeinstaller.exe
Task: C:\windows\Tasks\hdtotal1.1-codedownloader.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-codedownloader.exe
Task: C:\windows\Tasks\hdtotal1.1-enabler.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-enabler.exe
Task: C:\windows\Tasks\hdtotal1.1-firefoxinstaller.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-firefoxinstaller.exe
Task: C:\windows\Tasks\hdtotal1.1-updater.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-updater.exe
==================== Loaded Modules (whitelisted) =============
2012-10-23 16:24 - 2012-09-10 20:47 - 00030576 _____ () C:\windows\System32\solidlocalmon.dll
2010-04-20 08:10 - 2010-04-20 08:10 - 00100352 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-09-04 21:35 - 2009-09-04 21:35 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-11-19 23:14 - 2009-11-19 23:14 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2009-11-19 23:14 - 2009-11-19 23:14 - 00055352 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2009-11-19 23:11 - 2009-11-19 23:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2009-11-19 23:11 - 2009-11-19 23:11 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2009-07-01 23:44 - 2009-07-01 23:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2009-06-19 17:21 - 2009-06-19 17:21 - 01249280 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\ice32.dll
2009-06-19 17:21 - 2009-06-19 17:21 - 00159744 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\iceutil32.dll
2009-06-19 17:21 - 2009-06-19 17:21 - 00065536 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\bzip2.dll
2009-06-19 17:21 - 2009-06-19 17:21 - 00167936 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\IceSSL32.dll
2010-09-03 23:24 - 2009-07-24 20:10 - 02199552 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtCore4.dll
2010-09-03 23:24 - 2009-07-24 20:10 - 08024064 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtGui4.dll
2010-09-03 23:24 - 2008-01-09 19:08 - 01245184 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\ice32.dll
2010-09-03 23:24 - 2008-01-09 19:10 - 00159744 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\iceutil32.dll
2010-09-03 23:24 - 2008-01-09 19:06 - 00065536 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\bzip2.dll
2010-09-03 23:24 - 2008-01-09 19:10 - 00167936 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\IceSSL32.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 01249280 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\ice32.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00159744 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\iceutil32.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00065536 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\bzip2.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00167936 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\IceSSL32.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 01249280 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\ice32.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00159744 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\iceutil32.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00065536 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\bzip2.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00167936 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\IceSSL32.dll
2013-12-18 19:42 - 2013-12-18 19:42 - 00057344 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_de\brdlang32.DEU
2012-10-07 21:14 - 2014-02-13 20:44 - 09490944 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
2013-12-18 19:42 - 2013-12-18 19:42 - 00305520 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
2012-10-08 19:57 - 2014-02-13 20:45 - 00014336 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU
2012-10-08 20:20 - 2014-02-13 20:44 - 00045568 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU
2012-10-08 19:57 - 2014-02-13 20:44 - 00100352 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU
2012-12-08 10:27 - 2014-02-12 22:22 - 00025600 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_SaveAsRTF.DEU
2012-10-09 18:55 - 2014-02-13 20:44 - 00053248 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Search.DEU
2012-10-08 19:57 - 2014-02-13 20:44 - 03065856 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU
2012-10-09 15:29 - 2014-02-13 20:45 - 00075264 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Accessibility.DEU
2012-10-08 19:57 - 2014-02-13 20:44 - 01319424 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_AcroForm.DEU
2012-10-08 19:57 - 2014-02-13 20:44 - 00316416 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_DigSig.DEU
2012-10-08 19:57 - 2014-02-13 20:44 - 01180160 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PPKLite.DEU
2012-10-09 19:02 - 2014-02-19 12:57 - 00012800 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PDDom.DEU
2014-02-16 11:55 - 2014-02-16 11:55 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\*****\Desktop\Video Sushi.mov:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/23/2014 11:35:04 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/23/2014 11:35:04 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 03:55:27 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 03:55:27 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 09:12:53 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 09:12:53 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 10:56:29 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 10:56:29 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 06:20:29 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 06:20:28 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
System errors:
=============
Error: (03/23/2014 05:06:21 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/23/2014 02:18:20 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/23/2014 01:42:20 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/23/2014 01:30:17 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/23/2014 01:18:18 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/23/2014 01:08:24 PM) (Source: ipnathlp) (User: )
Description:
Error: (03/23/2014 01:07:56 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (03/23/2014 01:07:56 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (03/23/2014 01:07:55 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (03/23/2014 01:06:20 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Microsoft Office Sessions:
=========================
Error: (03/23/2014 11:35:04 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/23/2014 11:35:04 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 03:55:27 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 03:55:27 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 09:12:53 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 09:12:53 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 10:56:29 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 10:56:29 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 06:20:29 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 06:20:28 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 3953.8 MB
Available physical RAM: 1712.85 MB
Total Pagefile: 7905.79 MB
Available Pagefile: 4606.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:448.46 GB) (Free:33.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:7.49 GB) (Free:4.29 GB) FAT32
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.43 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 350C3B39)
Partition 1: (Active) - (Size=298 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-23 17:54:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0006 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\******\AppData\Local\Temp\fwrdrpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035b0000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800035b002f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...]
---- Processes - GMER 2.1 ----
Library C:\Users\******\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe [4980](2014-01-03 00:45:04) 0000000004180000
Library C:\Users\******\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe [4980](2013-10-18 23:55:02) 000000006a110000
Library C:\Users\******\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe [4980] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 00000000724f0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395825769
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395825769@000d44dd9493 0xF7 0xD6 0x99 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395825769 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395825769@000d44dd9493 0xF7 0xD6 0x99 0x36 ...
---- EOF - GMER 2.1 ----
|
|
24.03.2014, 01:17
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | HD-Total Addware in Firefox Hallo und
__________________ Zitat:
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!
__________________ |
|
24.03.2014, 08:26
| #3 |
| | HD-Total Addware in Firefox Hi und vielen Dank für die rasche Antwort
__________________Nein das ist kein gewerblich genutzter Rechner. Wir können die vergünstigt über die Schule beziehen und die werden dann mit Software ausgestattet. Sonst habe ich keine Logs mehr. Das letzte Mal als Norton etwas gefunden hatte war im letzten Sept.(wahrscheinlich zeus). In den letzten Tagen wurde mir eben nur diese Cloud-Meldung angezeigt, kurz bevor ich dann auch das Addon hatte. Ich hab dir einfach einmal den Log aus der Nortonhistorie dazugepostet. Der sagt aber wahrscheinlich nicht viel aus. Norton Code:
ATTFilter Kategorie: Norton Community Watch
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Aktualisierungsdatum,Übertragen von,Beschreibung,Übertragungsdetails
13.03.2014 22:24:26,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:24:26,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______ <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+. <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
13.03.2014 22:24:03,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:24:03,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______ <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+. <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
13.03.2014 22:24:03,Infos,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:24:03,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,_8408c25eebdc690b7fb36c5d82a0c981 <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 CE 8B C8 ................ <br>9C 7C 29 A5 07 00 00 00 00 6C 5E A1 B8 04 03 00 .|)......l^..... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
13.03.2014 22:24:00,Infos,Statistische Übermittlung: Suspicious.Cloud.7.L Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:24:00,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.L Entlastet,___________ <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 77 09 00 00 CD 7C EE .........w....|. <br>A7 A8 55 3E 06 00 00 00 00 60 1F F5 21 04 03 00 ..U>.....`..!... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
13.03.2014 22:23:59,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:23:59,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______ <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+. <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
13.03.2014 22:23:59,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:23:59,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______ <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+. <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
13.03.2014 22:23:58,Infos,Statistische Übermittlung: Suspicious.Cloud.5 Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:23:58,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.5 Entlastet,_________ <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 C2 57 53 ..............WS <br>70 65 F4 08 CB 00 00 00 00 EE AD 3F A1 04 03 00 pe.........?.... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
13.03.2014 22:23:57,Infos,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:23:57,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,_8408c25eebdc690b7fb36c5d82a0c981 <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 CE 8B C8 ................ <br>9C 7C 29 A5 07 00 00 00 00 6C 5E A1 B8 04 03 00 .|)......l^..... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
13.03.2014 20:42:40,Infos,Beispielübermittlung: Suspicious.Cloud.9,Ausstehend,Keine Aktion erforderlich,13.03.2014 20:42:40,Norton Internet Security,Beispielübermittlung: Suspicious.Cloud.9,CSIDL_PROGRAM_FILES\hdtotal1.1\utils.exe
13.03.2014 20:40:08,Infos,Statistische Übermittlung: Suspicious.Cloud.9,Ausstehend,Keine Aktion erforderlich,13.03.2014 20:40:08,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.9,CSIDL_PROGRAM_FILES\hdtotal1.1\utils.exeDetection Digest: <br>03 00 EA AF 0F 01 00 03 00 53 B0 21 00 CE 8B C8 .........S.!.... <br>9C 3A 5F E6 A7 00 00 00 00 36 33 A6 67 04 03 00 .:_......63.g... <br>00 C8 19 03 06 00 01 02 03 0E 01 00 05 4E 00 5C .............N.\ <br>44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 Device\HarddiskV <br>6F 6C 75 6D 65 32 5C 55 73 65 72 73 5C 6D 61 72 olume2\Users\mar <br>69 75 73 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 ius\AppData\Loca <br>6C 5C 54 65 6D 70 5C 6E 73 6B 39 33 33 43 2E 74 l\Temp\nsk933C.t <br>6D 70 5C 41 76 6F 68 79 70 2E 65 78 65 mp\Avohyp.exe <br>
11.03.2014 18:12:46,Infos,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 18:12:46,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,_8408c25eebdc690b7fb36c5d82a0c981 <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 CE 8B C8 ................ <br>9C 7C 29 A5 07 00 00 00 00 6C 5E A1 B8 04 03 00 .|)......l^..... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
11.03.2014 18:07:40,Infos,Statistische Übermittlung: Suspicious.Cloud.7.L Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 18:07:40,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.L Entlastet,___________ <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 77 09 00 00 CD 7C EE .........w....|. <br>A7 A8 55 3E 06 00 00 00 00 60 1F F5 21 04 03 00 ..U>.....`..!... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
11.03.2014 18:06:24,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 18:06:24,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______ <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+. <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
11.03.2014 18:05:23,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 18:05:23,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______ <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+. <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
11.03.2014 18:02:18,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 18:02:18,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______ <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+. <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
11.03.2014 18:02:12,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 18:02:12,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______ <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+. <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
11.03.2014 18:01:03,Infos,Statistische Übermittlung: Suspicious.Cloud.5 Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 18:01:03,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.5 Entlastet,_________ <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 C2 57 53 ..............WS <br>70 65 F4 08 CB 00 00 00 00 EE AD 3F A1 04 03 00 pe.........?.... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
11.03.2014 17:26:40,Infos,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 17:26:40,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,_8408c25eebdc690b7fb36c5d82a0c981 <br>Detection Digest: <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 CE 8B C8 ................ <br>9C 7C 29 A5 07 00 00 00 00 6C 5E A1 B8 04 03 00 .|)......l^..... <br>00 C8 19 03 06 00 01 02 03 00 00 00 ............ <br>
|
|
24.03.2014, 11:18
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HD-Total Addware in Firefox Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.03.2014, 16:26
| #5 |
| | HD-Total Addware in FirefoxCode:
ATTFilter ComboFix 14-03-24.01 - ****** 24.03.2014 15:42:46.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.41.1031.18.3954.2409 [GMT 1:00]
ausgeführt von:: c:\users\******\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\******.V2\prfE4DE.tmp
c:\users\******\AppData\Roaming\Microsoft\Windows\Recent\Mein DVD Sammel-Thread.url
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome.manifest
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\asyncDB.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\background.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\browserAction.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\contextMenu.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\dbManager.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\dom_bg.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\fileManager.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\firefox.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\firefoxNotifications.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\firefoxOmnibox.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\message.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\pageAction.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\request.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\tabs.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\webRequest.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\windowsMessagingHandler.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\background.html
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\baseObject.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\browser.xul
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\addressBarChangeObserver.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\console.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\consts.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\delegate.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\extensionDataStore.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\folderIOWrapper.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\httpObserver.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\IDBWrapper.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\installer.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\logFile.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\prefs.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\progressListenerObserver.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\registry.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\reloadObserver.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\reports.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\requestObject.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\searchSettings.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\uninstallObserver.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\updateManager.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\utils.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\xhr.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\dialog.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\ffCoreFilesIndex.txt
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\main.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\options.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\options.xul
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\platformVersion.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\search_dialog.xul
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\defaults\preferences\prefs.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\manifest.xml
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins.json
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\1_base.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\102_dealply_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\103_intext_5_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\104_jollywallet_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\119_similar_web_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\123_intext_adv_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\17_jQuery.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\182_openUrl.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\183_tabsWrapper.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\190_pops_5_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\191_ciuvo_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\207_dbWrapper.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\21_debug.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\22_resources.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\220_icm_base_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\221_icm_downloads_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\223_imonomy_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\226_set_campaign_id_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\231_revizer_ws_dynamic_2_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\232_revizer_p_dynamic_2_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\246_setup.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\28_initializer.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\47_resources_background.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\64_appApiMessage.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\7_hooks.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\72_appApiValidation.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\9_search_engine_hook.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\98_omniCommands.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\userCode\background.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\userCode\extension.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\install.rdf
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\locale\en-US\translations.dtd
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\button1.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\button2.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\button3.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\button4.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\button5.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\crossrider_statusbar.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\icon128.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\icon16.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\icon24.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\icon48.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\panelarrow-up.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\popup.html
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\skin.css
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\update.css
c:\users\******\ptw12.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-02-24 bis 2014-03-24 ))))))))))))))))))))))))))))))
.
.
2014-03-23 16:37 . 2014-03-23 16:39 -------- d-----w- C:\FRST
2014-03-19 19:37 . 2014-03-19 19:37 -------- d-----w- c:\users\******\AppData\Roaming\Skype
2014-03-19 17:45 . 2014-03-19 21:57 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-03-19 07:50 . 2014-03-19 07:51 -------- d-----w- c:\windows\system32\drivers\NISx64\1502000.026
2014-03-14 06:45 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-14 06:45 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-14 06:45 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-14 06:45 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-14 06:45 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-14 06:45 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-03-14 06:44 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-14 06:44 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-13 19:40 . 2014-03-15 20:33 -------- d-----w- c:\users\******\AppData\Local\FilesFrog Update Checker
2014-03-13 19:40 . 2014-03-18 13:41 -------- d-----w- c:\program files (x86)\hdtotal1.1
2014-03-13 19:39 . 2014-03-23 11:43 -------- d-----w- c:\program files (x86)\Virtual WiFi Router
2014-02-28 10:50 . 2014-02-28 10:50 -------- d-----w- c:\windows\Migration
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 07:42 . 2010-10-05 20:46 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-12 09:30 . 2012-04-24 18:51 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 09:30 . 2011-07-18 17:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-26 13:43 . 2013-12-26 13:45 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2013-12-26 13:43 . 2013-12-26 13:45 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-12-26 13:43 . 2013-12-26 13:45 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-12-26 13:43 . 2013-12-26 13:46 68928 ----a-w- c:\windows\system32\OpenCL.dll
2013-12-26 13:43 . 2013-12-26 13:46 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-12-26 13:43 . 2013-12-26 13:45 7734592 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-12-26 13:43 . 2009-12-08 03:54 9740608 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-12-26 13:43 . 2013-12-26 13:45 25569088 ----a-w- c:\windows\system32\nvoglv64.dll
2013-12-26 13:43 . 2013-12-26 13:45 19468096 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-12-26 13:43 . 2013-12-26 13:45 14388032 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-12-26 13:43 . 2013-12-26 13:45 8046912 ----a-w- c:\windows\system32\nvcuda.dll
2013-12-26 13:43 . 2013-12-26 13:45 5924672 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-12-26 13:43 . 2013-12-26 13:45 2873664 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-12-26 13:43 . 2013-12-26 13:45 2673984 ----a-w- c:\windows\system32\nvcuvid.dll
2013-12-26 13:43 . 2013-12-26 13:45 2518336 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-12-26 13:43 . 2013-12-26 13:45 2438464 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-12-26 13:43 . 2013-12-26 13:45 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-12-26 13:43 . 2013-12-26 13:45 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2013-12-26 13:43 . 2013-12-26 13:45 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2013-12-26 13:43 . 2009-12-08 03:54 17674048 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-12-26 13:43 . 2009-12-08 03:54 15035200 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-12-26 13:43 . 2013-12-26 13:45 25222464 ----a-w- c:\windows\system32\nvcompiler.dll
2013-12-26 13:43 . 2013-12-26 13:45 2324288 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-12-26 13:43 . 2009-12-08 03:54 2685760 ----a-w- c:\windows\system32\nvapi64.dll
2013-12-24 23:09 . 2014-02-13 18:16 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-13 18:16 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-17 336992]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-10-28 311152]
.
c:\users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 246472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 rgsender;Remote Graphics Sender Service;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [x]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSvia64.sys [x]
S1 RsvLock;RsvLock; [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501000.012\SYMNETS.SYS [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys;c:\windows\SYSNATIVE\DRIVERS\ekaprot6.sys [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]
S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\program files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe;c:\program files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe [x]
S2 SebWindowsService;SEB Windows Service;c:\program files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe;c:\program files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys;c:\windows\SYSNATIVE\DRIVERS\rismcx64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 09:30]
.
2014-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001Core.job
- c:\users\******\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-20 09:57]
.
2014-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001UA.job
- c:\users\******\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-20 09:57]
.
2014-03-24 c:\windows\Tasks\hdtotal1.1-chromeinstaller.job
- c:\program files (x86)\hdtotal1.1\hdtotal1.1-chromeinstaller.exe [2014-03-13 19:40]
.
2014-03-24 c:\windows\Tasks\hdtotal1.1-codedownloader.job
- c:\program files (x86)\hdtotal1.1\hdtotal1.1-codedownloader.exe [2014-03-13 19:40]
.
2014-03-24 c:\windows\Tasks\hdtotal1.1-enabler.job
- c:\program files (x86)\hdtotal1.1\hdtotal1.1-enabler.exe [2014-03-13 19:40]
.
2014-03-24 c:\windows\Tasks\hdtotal1.1-firefoxinstaller.job
- c:\program files (x86)\hdtotal1.1\hdtotal1.1-firefoxinstaller.exe [2014-03-13 19:40]
.
2014-03-24 c:\windows\Tasks\hdtotal1.1-updater.job
- c:\program files (x86)\hdtotal1.1\hdtotal1.1-updater.exe [2014-03-13 19:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-11-19 1690680]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-11-19 363064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-18 487424]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-12-26 1694016]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: NameServer = 10.148.96.2,10.156.33.53
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\
FF - prefs.js: browser.startup.homepage - www.google.ch
FF - user.js: general.useragent.extra.brc -
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3034626353-47612434-3097707952-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d0,b6,35,59,2b,5f,11,80,19,72,0a,f2,02,71,fa,f2,54,fa,72,4b,a5,07,ef,
05,98,fe,19,3b,c2,14,ca,b0,53,8c,cb,29,22,33,2f,a7,4b,f5,c8,a0,27,1b,ae,0a,\
"??"=hex:4d,49,2a,fc,53,56,e3,6b,79,cd,07,aa,fd,c3,df,2d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\users\******\AppData\Local\FilesFrog Update Checker\update_checker.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-24 16:10:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-03-24 15:10
.
Vor Suchlauf: 19 Verzeichnis(se), 36'797'706'240 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 36'080'119'808 Bytes frei
.
- - End Of File - - 3E6DAE0A401C98D4DE378E292013F4BB
A36C5E4F47E84449FF07ED3517B43A31
|
|
24.03.2014, 16:30
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HD-Total Addware in Firefox Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> HD-Total Addware in Firefox |
|
24.03.2014, 17:24
| #7 |
| | HD-Total Addware in Firefox Hier schon mal der Log vom AdwCleaner (Die anderen reiche ich nach). Beim Neustart bekam ich zwei Meldungen: -Ich wurde gefragt, ob ich Smart File Advisor installieren will. -Und eine Meldung: "EFS den Schlüssel für die Dateiverschlüsselung sichern" AdwCleaner Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 24/03/2014 um 16:41:03
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ***** - R108016
# Gestartet von : C:\Users\*****\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\hdtotal1.1
Ordner Gelöscht : C:\Users\*****\AppData\Local\FilesFrog Update Checker
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\searchplugins\safesearch.xml
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\user.js
Datei Gelöscht : C:\windows\Tasks\hdtotal1.1-chromeinstaller.job
Datei Gelöscht : C:\windows\System32\Tasks\hdtotal1.1-chromeinstaller
Datei Gelöscht : C:\windows\Tasks\hdtotal1.1-codedownloader.job
Datei Gelöscht : C:\windows\System32\Tasks\hdtotal1.1-codedownloader
Datei Gelöscht : C:\windows\Tasks\hdtotal1.1-enabler.job
Datei Gelöscht : C:\windows\System32\Tasks\hdtotal1.1-enabler
Datei Gelöscht : C:\windows\Tasks\hdtotal1.1-firefoxinstaller.job
Datei Gelöscht : C:\windows\System32\Tasks\hdtotal1.1-firefoxinstaller
Datei Gelöscht : C:\windows\Tasks\hdtotal1.1-updater.job
Datei Gelöscht : C:\windows\System32\Tasks\hdtotal1.1-updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053360.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053360.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053360.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053360.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522332260}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555335560}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566336660}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544334460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33da5299-b84d-46d5-870a-ba0c43fa824a}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc8b46a8-e1fd-46cc-8b5d-a314995585b2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522332260}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555335560}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566336660}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33da5299-b84d-46d5-870a-ba0c43fa824a}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc8b46a8-e1fd-46cc-8b5d-a314995585b2}
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\hdtotal1.1
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\hdtotal1.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hdtotal1.1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.InstallationThankYouPage", false);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.InstallationTime", 1394739595);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360_dbWasSet_FF25_FIX", true[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.active", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.addressbar", "NA");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.addressbarenhanced", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.asyncdb.was_copied", "true");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.asyncdb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.asyncdb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.asyncinternaldb.was_copied", "true");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.asyncinternaldb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.asyncinternaldb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.backgroundver", 1);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.certdomaininstaller", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.changeprevious", false);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.cookie.InstallationTime.value", "%221394739595%22");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001278%22%2C%22sub_id%22%3A%220%22%2C%22uz[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.description", "HD-Total is an add-on for your Internet browser that enhances your online experienc[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.domain", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.enablesearch", false);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.homepage", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.iframe", false);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2290542B159C8B462A9C73638973E1E[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001278%22%2C%22sub_id%22%3A%220%22%2C%[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001278%22%2C%22sub_id%22%3A%220%2[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%2290542B159C8B462A9C73[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_appVer.value", "32");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_lastVersion.value", "1");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_meta.value", "%7B%7D");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_nextCheck.expiration", "Mon Mar 24 2014 21:14:03 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_nextCheck.value", "true");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_queue.value", "%7B%7D");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.__defualt_browser__.value", "%22ff%22");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%2290542B15[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.monetization_plugin_bundledWithHash.value", "null");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.lastDailyReport", "1395670442065");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.lastUpdate", "1395670443956");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.manifesturl", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.name", "HD-Total-1.1");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.newtab", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.opensearch", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/53360/plugins/094/ff/plugins.json");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.pluginsversion", 27);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.publisher", "HQ-Video");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.searchstatus", 0);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.setnewtab", false);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.thankyou", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.updateinterval", 360);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.ver", 32);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.FilesValidatorDueTime", "1395670496775");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.apps", "53360");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.bic", "144bcf8bdf2ad5f7ed9a8f085f3d59b4");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.cid", 53360);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.firstrun", false);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.hadappinstalled", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.installationdate", 1394881354);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.modetype", "production");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.reportInstall", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.statsDailyCounter", 10);
Zeile gelöscht : user_pref("extensions.crossrider.bic", "144bcf8bdf2ad5f7ed9a8f085f3d59b4");
*************************
AdwCleaner[R0].txt - [19888 octets] - [24/03/2014 16:39:37]
AdwCleaner[S0].txt - [18410 octets] - [24/03/2014 16:41:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18471 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by ****** on 24.03.2014 at 16:58:30.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o3tb5dj0.default\minidumps [110 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.03.2014 at 17:05:40.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by ****** (administrator) on R108016 on 24-03-2014 17:13:18
Running from C:\Users\******\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe
(Hewlett-Packard Company) C:\windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Microsoft Corporation) C:\windows\system32\efsui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Solid Documents, LLC) C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe
(ETH Zurich) C:\Program Files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard, Inc.) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1690680 2009-11-19] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-11-19] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-18] (IDT, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2013-12-26] ()
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Smart File Advisor] - C:\Program Files (x86)\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-08-17] (Power Software Ltd)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-10-28] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll ()
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Tcpip\..\Interfaces\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: [NameServer]10.148.96.2,10.156.33.53
FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default
FF Homepage: www.google.ch
FF NetworkProxy: "autoconfig_url", "hxxp://pac.zhaw.ch/proxy.pac"
FF NetworkProxy: "backup.ftp", "46.163.66.107"
FF NetworkProxy: "backup.ftp_port", 1080
FF NetworkProxy: "backup.socks", "46.163.66.107"
FF NetworkProxy: "backup.socks_port", 1080
FF NetworkProxy: "backup.ssl", "46.163.66.107"
FF NetworkProxy: "backup.ssl_port", 1080
FF NetworkProxy: "ftp", "212.144.254.123"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "212.144.254.123"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.144.254.123"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "212.144.254.123"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Copy Links - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5} [2011-08-09]
FF Extension: WOT - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\admin@proxy-listen.de.xpi [2013-01-19]
FF Extension: Flagfox - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-09]
FF Extension: NoScript - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-12-20]
FF Extension: BugMeNot Plugin - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2013-01-02]
FF Extension: DownThemAll! - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-23]
==================== Services (Whitelisted) =================
R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-11-11] (McAfee, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
R2 Hp.Skyroom.Windows.Service; C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124984 2009-11-20] (Hewlett-Packard)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-11-11] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 rgsender; c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.)
R2 SCPDFReadSpool; C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe [193392 2012-09-10] (Solid Documents, LLC)
R2 SebWindowsService; C:\Program Files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe [32256 2012-12-19] (ETH Zurich)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe [244224 2009-11-18] (IDT, Inc.)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-23] (Symantec Corporation)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2010-10-18] (Ekahau Inc.)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-23] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140322.002\ENG64.SYS [126040 2014-03-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140322.002\EX64.SYS [2099288 2014-03-14] (Symantec Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-07-01] ()
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-11-11] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-11-11] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-11-11] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-11-11] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-11-11] (McAfee, Inc.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2010-10-11] (Acronis)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-03] ()
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2010-10-11] (Acronis)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-24 17:13 - 2014-03-24 17:13 - 00022455 _____ () C:\Users\******\Desktop\FRST.txt
2014-03-24 17:05 - 2014-03-24 17:05 - 00000760 _____ () C:\Users\******\Desktop\JRT.txt
2014-03-24 16:58 - 2014-03-24 16:58 - 00000000 ____D () C:\windows\ERUNT
2014-03-24 16:56 - 2014-03-24 16:56 - 01038974 _____ (Thisisu) C:\Users\******\Desktop\JRT.exe
2014-03-24 16:39 - 2014-03-24 16:41 - 00000000 ____D () C:\AdwCleaner
2014-03-24 16:37 - 2014-03-24 16:37 - 01950720 _____ () C:\Users\******\Desktop\adwcleaner.exe
2014-03-24 16:14 - 2014-03-24 16:14 - 00050619 _____ () C:\Users\******\Desktop\combo.txt
2014-03-24 16:10 - 2014-03-24 16:10 - 00050619 _____ () C:\ComboFix.txt
2014-03-24 15:39 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2014-03-24 15:39 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2014-03-24 15:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-03-24 15:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-03-24 15:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-03-24 15:39 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2014-03-24 15:39 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2014-03-24 15:39 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2014-03-24 15:29 - 2014-03-24 16:10 - 00000000 ____D () C:\Qoobox
2014-03-24 15:29 - 2014-03-24 16:07 - 00000000 ____D () C:\windows\erdnt
2014-03-24 15:26 - 2014-03-24 15:26 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-03-24 15:24 - 2014-03-24 15:24 - 05192353 ____R (Swearware) C:\Users\******\Desktop\ComboFix.exe
2014-03-23 18:20 - 2014-03-23 18:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-23 17:37 - 2014-03-24 17:13 - 00000000 ____D () C:\FRST
2014-03-23 17:35 - 2014-03-23 17:36 - 02157056 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-03-23 17:33 - 2014-03-24 17:12 - 00000000 ____D () C:\Users\******\Documents\Toolsammlung_fuer_Virusscan
2014-03-20 18:51 - 2014-03-20 18:51 - 06659584 _____ () C:\Users\******\Downloads\SS 2013.zip
2014-03-20 15:43 - 2014-03-20 15:43 - 00009404 _____ () C:\Users\******\Desktop\Stundenplan.xlsx
2014-03-19 20:37 - 2014-03-19 20:37 - 00000000 ____D () C:\Users\******\AppData\Roaming\Skype
2014-03-19 18:45 - 2014-03-19 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-15 09:38 - 2014-03-23 18:38 - 00000000 ____D () C:\Users\******\Desktop\Scan_13.3.14
2014-03-14 10:41 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-14 10:41 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-14 10:41 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-14 10:41 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-14 10:41 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-14 10:41 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-14 10:41 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-14 10:41 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-14 10:41 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-14 10:41 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-14 10:41 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-14 10:41 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-14 10:41 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-14 10:41 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-14 10:41 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-14 10:41 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-14 10:41 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-14 10:41 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-14 10:41 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-14 10:41 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-14 10:41 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-14 10:41 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-14 10:41 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-14 10:41 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-14 10:41 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-14 10:41 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-14 10:41 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-14 10:41 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-14 10:41 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-14 10:41 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-14 10:41 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-14 10:41 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-14 10:41 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-14 10:41 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-14 10:41 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-14 10:41 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-14 10:41 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-14 10:41 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-14 10:41 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-14 10:41 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-14 07:45 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-14 07:45 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-14 07:45 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-14 07:45 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-14 07:45 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-14 07:45 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-14 07:44 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-14 07:44 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 20:49 - 2014-03-23 13:08 - 00000515 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-03-13 20:40 - 2014-03-13 20:40 - 00003250 _____ () C:\windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-03-13 20:39 - 2014-03-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Virtual WiFi Router
2014-03-13 20:39 - 2014-03-13 20:39 - 00001139 _____ () C:\Users\Public\Desktop\Virtual WiFi Router.lnk
2014-03-13 20:37 - 2014-03-13 20:37 - 01081214 _____ (Virtual WiFi Router, Inc. ) C:\Users\******\Downloads\Virtual_WiFi_Router_3.0.1.1_Setup.exe
2014-03-06 09:51 - 2014-03-24 16:42 - 00000560 _____ () C:\windows\setupact.log
2014-03-06 09:51 - 2014-03-06 09:51 - 00000000 _____ () C:\windows\setuperr.log
2014-03-06 09:50 - 2014-03-24 15:57 - 00114564 _____ () C:\windows\PFRO.log
2014-03-06 09:19 - 2014-03-06 09:19 - 00029106 _____ () C:\Users\******\Desktop\cc_20140306_091848.reg
2014-02-24 13:22 - 2014-02-24 13:22 - 00947381 _____ () C:\Users\******\Downloads\Willkommen_in_Freising_-_Welcome_to_Freising!.zip
==================== One Month Modified Files and Folders =======
2014-03-24 17:13 - 2014-03-24 17:13 - 00022455 _____ () C:\Users\******\Desktop\FRST.txt
2014-03-24 17:13 - 2014-03-23 17:37 - 00000000 ____D () C:\FRST
2014-03-24 17:12 - 2014-03-23 17:33 - 00000000 ____D () C:\Users\******\Documents\Toolsammlung_fuer_Virusscan
2014-03-24 17:05 - 2014-03-24 17:05 - 00000760 _____ () C:\Users\******\Desktop\JRT.txt
2014-03-24 17:02 - 2013-01-20 10:57 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001UA.job
2014-03-24 16:58 - 2014-03-24 16:58 - 00000000 ____D () C:\windows\ERUNT
2014-03-24 16:56 - 2014-03-24 16:56 - 01038974 _____ (Thisisu) C:\Users\******\Desktop\JRT.exe
2014-03-24 16:51 - 2009-07-14 05:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-24 16:51 - 2009-07-14 05:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-24 16:47 - 2010-09-03 21:29 - 00723100 _____ () C:\windows\system32\perfh007.dat
2014-03-24 16:47 - 2010-09-03 21:29 - 00158370 _____ () C:\windows\system32\perfc007.dat
2014-03-24 16:47 - 2009-07-14 06:13 - 01667084 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-24 16:43 - 2012-03-11 15:40 - 00000000 ___RD () C:\Users\******\Dropbox
2014-03-24 16:43 - 2012-03-11 15:34 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox
2014-03-24 16:43 - 2010-09-03 21:30 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-03-24 16:42 - 2014-03-06 09:51 - 00000560 _____ () C:\windows\setupact.log
2014-03-24 16:42 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-24 16:41 - 2014-03-24 16:39 - 00000000 ____D () C:\AdwCleaner
2014-03-24 16:41 - 2010-09-03 23:09 - 01075711 _____ () C:\windows\WindowsUpdate.log
2014-03-24 16:37 - 2014-03-24 16:37 - 01950720 _____ () C:\Users\******\Desktop\adwcleaner.exe
2014-03-24 16:29 - 2012-07-28 17:10 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-24 16:14 - 2014-03-24 16:14 - 00050619 _____ () C:\Users\******\Desktop\combo.txt
2014-03-24 16:10 - 2014-03-24 16:10 - 00050619 _____ () C:\ComboFix.txt
2014-03-24 16:10 - 2014-03-24 15:29 - 00000000 ____D () C:\Qoobox
2014-03-24 16:10 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-24 16:07 - 2014-03-24 15:29 - 00000000 ____D () C:\windows\erdnt
2014-03-24 15:58 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-03-24 15:57 - 2014-03-06 09:50 - 00114564 _____ () C:\windows\PFRO.log
2014-03-24 15:57 - 2013-01-20 10:57 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001Core.job
2014-03-24 15:57 - 2012-05-08 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-24 15:56 - 2009-07-14 03:34 - 91226112 _____ () C:\windows\system32\config\SOFTWARE.bak
2014-03-24 15:56 - 2009-07-14 03:34 - 24379392 _____ () C:\windows\system32\config\SYSTEM.bak
2014-03-24 15:56 - 2009-07-14 03:34 - 01048576 _____ () C:\windows\system32\config\DEFAULT.bak
2014-03-24 15:56 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2014-03-24 15:56 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2014-03-24 15:49 - 2010-11-10 18:04 - 00000000 ____D () C:\Users\******.V2
2014-03-24 15:49 - 2010-09-30 16:14 - 00000000 ____D () C:\Users\******
2014-03-24 15:26 - 2014-03-24 15:26 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-03-24 15:24 - 2014-03-24 15:24 - 05192353 ____R (Swearware) C:\Users\******\Desktop\ComboFix.exe
2014-03-23 18:59 - 2012-04-22 09:48 - 00000000 ____D () C:\Users\******\AppData\Local\CrashDumps
2014-03-23 18:38 - 2014-03-15 09:38 - 00000000 ____D () C:\Users\******\Desktop\Scan_13.3.14
2014-03-23 18:20 - 2014-03-23 18:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-23 17:36 - 2014-03-23 17:35 - 02157056 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-03-23 13:08 - 2014-03-13 20:49 - 00000515 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-03-23 12:43 - 2014-03-13 20:39 - 00000000 ____D () C:\Program Files (x86)\Virtual WiFi Router
2014-03-22 01:22 - 2012-04-20 17:17 - 00000000 ____D () C:\Users\******\AppData\Roaming\vlc
2014-03-20 18:51 - 2014-03-20 18:51 - 06659584 _____ () C:\Users\******\Downloads\SS 2013.zip
2014-03-20 15:43 - 2014-03-20 15:43 - 00009404 _____ () C:\Users\******\Desktop\Stundenplan.xlsx
2014-03-20 15:40 - 2012-09-10 12:44 - 00001370 _____ () C:\Users\******\AppData\Roaming\MobileToolAnyConnectV3.ini
2014-03-20 08:37 - 2013-05-17 11:02 - 00000000 ____D () C:\Users\******\Documents\Kochen
2014-03-19 22:57 - 2014-03-19 18:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 20:37 - 2014-03-19 20:37 - 00000000 ____D () C:\Users\******\AppData\Roaming\Skype
2014-03-19 18:06 - 2013-10-03 20:44 - 00000000 ____D () C:\Users\******\Documents\Arbeitspläne, Erzbierschof
2014-03-19 08:50 - 2010-09-30 16:44 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-03-19 08:46 - 2012-12-07 15:25 - 00000039 _____ () C:\windows\vbaddin.ini
2014-03-19 08:46 - 2012-09-08 14:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 08:45 - 2013-07-28 20:59 - 00000000 ____D () C:\windows\system32\MRT
2014-03-19 08:42 - 2010-10-05 21:46 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-18 08:04 - 2011-11-08 21:29 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-18 08:04 - 2010-10-08 16:54 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-03-15 22:52 - 2012-05-28 14:09 - 00000000 ____D () C:\Users\******\Documents\Studium
2014-03-15 20:09 - 2013-10-21 14:28 - 00000000 ____D () C:\Users\******\Documents\Bier
2014-03-15 11:53 - 2009-07-14 05:45 - 00422576 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-15 11:52 - 2013-03-21 08:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 11:52 - 2013-03-21 08:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 10:20 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-13 20:40 - 2014-03-13 20:40 - 00003250 _____ () C:\windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-03-13 20:39 - 2014-03-13 20:39 - 00001139 _____ () C:\Users\Public\Desktop\Virtual WiFi Router.lnk
2014-03-13 20:37 - 2014-03-13 20:37 - 01081214 _____ (Virtual WiFi Router, Inc. ) C:\Users\******\Downloads\Virtual_WiFi_Router_3.0.1.1_Setup.exe
2014-03-12 10:30 - 2012-07-28 17:10 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 10:30 - 2012-04-24 19:51 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 10:30 - 2011-07-18 18:44 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-06 23:10 - 2014-02-02 17:19 - 00000000 ____D () C:\Users\******\AppData\Local\JDownloader v2.0
2014-03-06 23:03 - 2011-07-17 13:08 - 00000000 ____D () C:\Users\******\Downloads\jdownloader
2014-03-06 09:51 - 2014-03-06 09:51 - 00000000 _____ () C:\windows\setuperr.log
2014-03-06 09:19 - 2014-03-06 09:19 - 00029106 _____ () C:\Users\******\Desktop\cc_20140306_091848.reg
2014-03-01 10:47 - 2010-10-09 19:10 - 01612384 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-03-01 07:05 - 2014-03-14 10:41 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-14 10:41 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-14 10:41 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-14 10:41 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-14 10:41 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-14 10:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-14 10:41 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-14 10:41 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-14 10:41 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-14 10:41 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-14 10:41 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-14 10:41 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-14 10:41 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-14 10:41 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-14 10:41 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-14 10:41 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-14 10:41 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-14 10:41 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-14 10:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-14 10:41 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-14 10:41 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-14 10:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-14 10:41 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-14 10:41 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-14 10:41 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-14 10:41 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-14 10:41 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-14 10:41 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-14 10:41 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-14 10:41 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-14 10:41 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-14 10:41 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-14 10:41 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-14 10:41 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-14 10:41 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-14 10:41 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-14 10:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-14 10:41 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-14 10:41 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-14 10:41 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-25 13:49 - 2010-10-01 01:06 - 00000000 ____D () C:\windows\rescache
2014-02-24 13:22 - 2014-02-24 13:22 - 00947381 _____ () C:\Users\******\Downloads\Willkommen_in_Freising_-_Welcome_to_Freising!.zip
Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-22 15:11
==================== End Of Log ============================
--- --- --- --- --- --- |
|
24.03.2014, 22:33
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HD-Total Addware in Firefox Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2014, 22:17
| #9 |
| | HD-Total Addware in Firefox Den Scan mit Malwarebytes habe ich bereits gemacht (2 Überbleibsel). ESET musste ich leider abbrechen, weil er über 2h dauerte und ich den Computer benötigte. Hoffentlich schaffe ich es morgen den Computer so lange zu entbehren. Ist das eigentlich ungefährlich den Scan ohne Firewall durchzuführen? Kann ich mir da nicht was übers LAN einfangen? MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 25.03.2014 Scan Time: 08:08:37 Logfile: mbam.txt Administrator: Yes Version: 2.00.0.1000 Malware Database: v2014.03.25.02 Rootkit Database: v2014.03.18.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: ****** Scan Type: Threat Scan Result: Completed Objects Scanned: 297955 Time Elapsed: 13 min, 25 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.HDTotal.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\hdtotal1.1, Quarantined, [9cdabc4b4e2d86b05ee6dab732d1926e], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.OpenCandy, C:\Users\******\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe, Quarantined, [1363d235a7d476c09e8efd288e76926e], Physical Sectors: 0 (No malicious items detected) (end) |
|
26.03.2014, 01:36
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HD-Total Addware in FirefoxZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2014, 12:25
| #11 |
| | HD-Total Addware in Firefox So, hier noch der ESET-Log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=808212b3e3b5c047b23fdca067af711d
# engine=17600
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-25 08:25:07
# local_time=2014-03-25 09:25:07 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 88 3070789 158332492 0 0
# compatibility_mode=5893 16776574 66 85 21222235 147365757 0 0
# scanned=53798
# found=0
# cleaned=0
# scan_time=3611
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=808212b3e3b5c047b23fdca067af711d
# engine=17612
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-25 09:03:06
# local_time=2014-03-25 10:03:06 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 88 3112668 158377971 0 0
# compatibility_mode=5893 16776574 66 85 21267714 147411236 0 0
# scanned=159702
# found=0
# cleaned=0
# scan_time=9146
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=808212b3e3b5c047b23fdca067af711d
# engine=17624
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-26 10:12:22
# local_time=2014-03-26 11:12:22 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 88 3163624 158425327 0 0
# compatibility_mode=5893 16776574 66 85 21315070 147458592 0 0
# scanned=247969
# found=0
# cleaned=0
# scan_time=9841
|
|
26.03.2014, 12:32
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HD-Total Addware in Firefox TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2014, 18:56
| #13 |
| | HD-Total Addware in Firefox Hi cosinus Vielen Dank für die Tipps. Ich hatte bis jetzt eigentlich einfach NoScript als Addon und den Browser auf privaten Modus eingestellt. Folgende Probleme/Fragen hätte ich noch: -Ich habe einen VPN-Client (Cisco AnyClient) installiert, welcher jetzt nicht mehr funktioniert. Das Programm antwortet nicht und man soll es in 1 Minute nochmals versuchen. Neu installieren und konfigurieren? -Den Virtual Wifi Router kann ich bedenkenlos nutzen oder? Also im Sinne von, dass er auch das tut was er soll. -Beim Neutstart krieg ich die Meldung das ich den Schlüssel für die Dateiverschlüsselung sichern soll. Ist das normal? Einfach ausführen und auf extern HD speichern? Sonst alles top! Browser ist wieder sauber und ich zufrieden. Schon mal ein dickes  |
|
26.03.2014, 22:15
| #14 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | HD-Total Addware in FirefoxZitat:
Zitat:
  Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2014, 15:49
| #15 | |
| | HD-Total Addware in FirefoxZitat:
Hat sich aber erledigt. Ich habe in der cmd mal nachgeschaut welche verschlüsselten Dateien ich habe. Das sind nur einige Dateien die von einem Mac importiert wurden. Sonst alles i.O. |
|
| Themen zu HD-Total Addware in Firefox |
| acrobat update, bho, bonjour, browser, desktop, device driver, email, firefox, flash player, helper, hijack, hijackthis, homepage, internet, internet explorer, launch, logfile, monitor, mozilla, object, poweriso, programm, scan, security, software, svchost.exe, symantec, usb, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
