|
Plagegeister aller Art und deren Bekämpfung: facebook account gehackedWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.04.2014, 14:27 | #1 |
| facebook account gehacked Hallo, Heute wurde mein Facebook Account gehacked. Habe danach einen maleware scan gemacht und der hat 15 mal den Trojaner pup.privatizerTbn.a gefunden.... Kann das der Grund dafür sein? Bzw wie kann ich sicher sein das nun keiner mehr oben ist? Und viell kann mir noch wer einen Tipp geben, wie ich den Zugriff auf FB wieder bekomme, habe leidet auch keinen Zugriff auf meine registrierungspflichtigen E-Mail von FB.... Vielen dank! Philipp |
19.04.2014, 15:10 | #2 |
/// the machine /// TB-Ausbilder | facebook account gehacked Hi,
__________________nee das sagt gar nix. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Und warum hast Du keinen Zugriff auf die Mailadresse?
__________________ |
19.04.2014, 15:28 | #3 |
| facebook account gehacked danke für die rasche antwort!
__________________ich werd das gleich probiere. weißt du zufällig was das war was maleware gefunden hat? habe keinen zugriff auf die mailadresse weil die sehr alt ist und ich das PW nicht mehr weiß... LG |
19.04.2014, 15:49 | #4 | |
| facebook account gehacked Anhang 66325 Zitat:
anbei das FIRST result: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01 Ran by Philipp (administrator) on PHILIPP-PC on 19-04-2014 16:37:50 Running from C:\Users\Philipp\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\N360.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\N360.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Saitek) C:\Program Files (x86)\Saitek\Software\ProfilerU.exe (Saitek) C:\Program Files (x86)\Saitek\Software\SaiMfd.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-12] (Synaptics Incorporated) HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor) HKLM\...\Run: [RtkOSD] => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-13] (Realtek Semiconductor Corp.) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-02-15] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN) HKLM-x32\...\Run: [Profiler] => C:\Program Files (x86)\Saitek\Software\ProfilerU.exe [184320 2006-05-18] (Saitek) HKLM-x32\...\Run: [SaiMfd] => C:\Program Files (x86)\Saitek\Software\SaiMfd.exe [180736 2006-06-05] (Saitek) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: G - G:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: H - H:\Autorun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: I - I:\Autorun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: J - J:\Autorun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {3b046d47-f371-11e2-8dc7-002682b01834} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {3b046d49-f371-11e2-8dc7-002682b01834} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {4ab366bb-4be3-11e1-8c1c-9a93759d0506} - G:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {51ed533e-ac26-11e1-b234-002682b01834} - H:\Autorun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {80fccf81-84f0-11e3-a105-002682b01834} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {c910a591-4be9-11e1-bcf8-002682b01834} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {cb647060-6e9a-11e2-bddc-893cbdf93c12} - H:\Startme.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {cb8f7b98-d278-11e1-99e8-bad987d704c6} - H:\Startme.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {ce999591-4b1d-11e1-9aa7-002682b01834} - G:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {ce99959c-4b1d-11e1-9aa7-002682b01834} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {d785273c-f36e-11e2-bdff-ce7aac36c501} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {ec55ec98-56e3-11e1-93eb-b0e0b3edb724} - G:\Setup.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {f80db2b5-4b22-11e1-9fbf-002682b01834} - G:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {f80db2d6-4b22-11e1-9fbf-002682b01834} - H:\AutoRun.exe HKU\s-1-5-21-1252622565-2587163276-2949747067-1006\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe HKU\s-1-5-21-1252622565-2587163276-2949747067-1006\...\MountPoints2: {51ed533e-ac26-11e1-b234-002682b01834} - H:\Autorun.exe AppInit_DLLs-x32: c:\progra~2\browse~1\sprote~1.dll => "c:\progra~2\browse~1\sprote~1.dll" File Not Found ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.austrianaviation.net/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - No File Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61 FireFox: ======== FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\nvf73zxj.default FF Homepage: www.austrianaviation.net FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\nvf73zxj.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-02-27] FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-02-27] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-18] Chrome: ======= CHR HomePage: CHR RestoreOnStartup: "hxxp://www.google.com" CHR Extension: (Search-NewTab) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbmgfdlffecjkknfcphajeljoheidim [2013-02-27] CHR Extension: (BraoWse2saeve) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbiagpabkcclfemhfaejjphknmbbeeji [2013-02-27] CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21] CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-28] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG) R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation) R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG) R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-14] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-18] (Symantec Corporation) U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.) R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20140417.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140418.016\ENG64.SYS [126040 2014-03-28] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140418.016\EX64.SYS [2099288 2014-03-28] (Symantec Corporation) S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.) S3 SaiH0763; C:\Windows\System32\DRIVERS\SaiH0763.sys [176640 2007-07-18] (Saitek) S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [53248 2006-06-08] (Saitek) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) U2 wuaserv; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-19 16:31 - 2014-04-19 16:38 - 00021056 _____ () C:\Users\Philipp\Desktop\FRST.txt 2014-04-19 16:30 - 2014-04-19 16:37 - 00000000 ____D () C:\FRST 2014-04-19 16:29 - 2014-04-19 16:29 - 02158592 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe 2014-04-19 11:22 - 2014-04-19 16:24 - 00051825 _____ () C:\Windows\WindowsUpdate.log 2014-04-18 21:27 - 2014-04-18 22:11 - 00018944 _____ () C:\Users\Philipp\Desktop\Vietnamplan.xls 2014-04-15 21:47 - 2014-04-15 21:47 - 00000824 _____ () C:\Users\Public\Desktop\Saitek SST Programming Software.lnk 2014-04-15 21:47 - 2014-04-15 21:47 - 00000000 ____D () C:\Program Files (x86)\Saitek 2014-04-15 21:47 - 2006-06-05 13:22 - 00196096 _____ () C:\Windows\SysWOW64\nY.exe 2014-04-15 21:47 - 2006-06-05 12:20 - 00057344 _____ (Saitek) C:\Windows\SysWOW64\SAIGON.dll 2014-04-15 21:47 - 2006-05-18 08:49 - 00045056 _____ (Saitek) C:\Windows\SysWOW64\SAIKICK.dll 2014-04-14 20:29 - 2014-04-14 20:29 - 00000000 ____D () C:\Users\Philipp\Desktop\SW Ha Up 2014-04-14 11:17 - 2014-04-18 11:21 - 00000000 ____D () C:\Users\Philipp\Desktop\Viet 2014-04-12 12:56 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-12 12:56 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-12 12:56 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-12 12:56 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-12 12:56 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-12 12:56 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-12 12:56 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-12 12:56 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-12 12:56 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-12 12:56 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-12 12:56 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-12 12:56 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-12 12:56 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-12 12:56 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-12 12:56 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-12 12:56 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-12 12:56 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-12 12:56 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-12 12:56 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-12 12:56 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-12 12:56 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-04 23:16 - 2014-04-04 23:16 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-04-02 08:44 - 2014-04-02 08:44 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360 2014-03-29 20:14 - 2014-03-29 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-04-19 16:38 - 2014-04-19 16:31 - 00021056 _____ () C:\Users\Philipp\Desktop\FRST.txt 2014-04-19 16:37 - 2014-04-19 16:30 - 00000000 ____D () C:\FRST 2014-04-19 16:29 - 2014-04-19 16:29 - 02158592 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe 2014-04-19 16:26 - 2010-05-17 03:45 - 00764980 _____ () C:\Windows\system32\perfh007.dat 2014-04-19 16:26 - 2010-05-17 03:45 - 00174178 _____ () C:\Windows\system32\perfc007.dat 2014-04-19 16:26 - 2009-07-14 07:13 - 01803894 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-19 16:24 - 2014-04-19 11:22 - 00051825 _____ () C:\Windows\WindowsUpdate.log 2014-04-19 16:24 - 2010-10-14 21:11 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Skype 2014-04-19 16:23 - 2012-03-30 08:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-19 13:26 - 2010-10-14 20:27 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\HpUpdate 2014-04-19 11:27 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-19 11:27 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-19 11:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-19 10:57 - 2010-10-14 21:00 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DB96048C-19D3-4BC7-BA14-08B8EDD5EE4C} 2014-04-18 22:11 - 2014-04-18 21:27 - 00018944 _____ () C:\Users\Philipp\Desktop\Vietnamplan.xls 2014-04-18 19:39 - 2013-11-16 16:10 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Deployment 2014-04-18 11:21 - 2014-04-14 11:17 - 00000000 ____D () C:\Users\Philipp\Desktop\Viet 2014-04-18 00:48 - 2010-10-28 19:45 - 00000000 ____D () C:\Users\Philipp\AppData\Local\CrashDumps 2014-04-16 14:25 - 2012-10-23 18:08 - 00000000 ____D () C:\Users\Philipp\Documents\Flight Simulator X-Dateien 2014-04-15 22:23 - 2012-02-25 16:26 - 00000000 ____D () C:\Users\Philipp\Desktop\ATR 2014-04-15 21:47 - 2014-04-15 21:47 - 00000824 _____ () C:\Users\Public\Desktop\Saitek SST Programming Software.lnk 2014-04-15 21:47 - 2014-04-15 21:47 - 00000000 ____D () C:\Program Files (x86)\Saitek 2014-04-15 21:47 - 2010-05-16 18:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-15 17:47 - 2012-01-31 11:12 - 00000000 ___RD () C:\Users\Philipp\Dropbox 2014-04-15 14:35 - 2012-01-31 11:11 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Dropbox 2014-04-15 11:06 - 2010-10-17 14:35 - 00000000 ____D () C:\Users\Philipp\Documents\Flight Simulator-Dateien 2014-04-14 20:29 - 2014-04-14 20:29 - 00000000 ____D () C:\Users\Philipp\Desktop\SW Ha Up 2014-04-13 22:07 - 2013-01-16 23:50 - 00000000 ____D () C:\Users\Philipp\Desktop\SW 2014-04-13 22:06 - 2010-10-14 21:56 - 00000000 ____D () C:\Users\Philipp\Desktop\Flie 2014-04-12 20:50 - 2013-07-19 10:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-12 20:43 - 2010-11-01 09:56 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-08 21:28 - 2012-12-31 18:14 - 00094008 _____ () C:\Users\Party\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-04 23:16 - 2014-04-04 23:16 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-04-02 08:44 - 2014-04-02 08:44 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360 2014-04-02 08:38 - 2010-10-14 21:02 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64 2014-04-02 08:37 - 2013-05-21 21:48 - 00003238 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-03-31 03:16 - 2014-04-12 12:56 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-31 03:13 - 2014-04-12 12:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-31 02:13 - 2014-04-12 12:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-31 01:57 - 2014-04-12 12:56 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-30 10:19 - 2013-06-27 11:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-29 20:15 - 2014-03-29 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-28 14:50 - 2014-02-28 11:58 - 00000000 ____D () C:\Users\Philipp\Desktop\Tickets 2014-03-26 09:43 - 2012-12-27 12:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware Some content of TEMP: ==================== C:\Users\Philipp\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-15 18:51 ==================== End Of Log ============================ --- --- --- --- --- --- und das Addition result:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01 Ran by Philipp at 2014-04-19 16:38:17 Running from C:\Users\Philipp\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden Airframes, Systems and Emergency Equipment (HKLM-x32\...\Airframes, Systems and Emergency Equipment1.0) (Version: 1.0 - OAAmedia) ATI Catalyst Install Manager (HKLM\...\{C9083B9D-9092-FF22-DDCC-9776E69BE816}) (Version: 3.0.765.0 - ATI Technologies, Inc.) ATPL AC Electrics (HKLM-x32\...\ATPL AC Electrics1.0) (Version: 1.0 - OAAmedia) ATPL Air Law (HKLM-x32\...\ATPL Air Law1.0) (Version: 1.0 - CAE Oxford Interactive) ATPL Aircraft Performance (HKLM-x32\...\ATPL Aircraft Performance1.0) (Version: 1.0 - OAAmedia) ATPL Autoflight (HKLM-x32\...\ATPL Autoflight1.0) (Version: 1.0 - OAAmedia) ATPL DC Electrics (HKLM-x32\...\ATPL DC Electrics1.0) (Version: 1.0 - OAAmedia) ATPL Flight Instruments (HKLM-x32\...\ATPL Flight Instruments1.0) (Version: 1.0 - OAAmedia) ATPL Flight Planning (HKLM-x32\...\ATPL Flight Planning1.0) (Version: 1.0 - OAAmedia) ATPL Gas Turbine Engines (HKLM-x32\...\ATPL Gas Turbine Engines1.1) (Version: 1.1 - OAAmedia) ATPL General Navigation (HKLM-x32\...\ATPL General Navigation1.0) (Version: 1.0 - OAAmedia) ATPL Human Performance (Part 1) (HKLM-x32\...\ATPL Human Performance (Part 1)1.0) (Version: 1.0 - CAE Oxford Interactive) ATPL Human Performance (Part 2) (HKLM-x32\...\ATPL Human Performance (Part 2)1.0) (Version: 1.0 - CAE Oxford Interactive) ATPL Meteorology (HKLM-x32\...\ATPL Meteorology3.0) (Version: 3.0 - OAAmedia) ATPL Operational Procedures (HKLM-x32\...\ATPL Operational Procedures1.0) (Version: 1.0 - OAAmedia) ATPL Principles of Flight (HKLM-x32\...\ATPL Principles of Flight1.0) (Version: 1.0 - OAAmedia) Aviator (HKLM-x32\...\{3F46D5F5-DEDE-4F4F-8AFE-1D458555C94A}) (Version: 1.0.226 - Xedatec) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4487 - APN, LLC) B200 King Air HD SERIES FSX/P3D (HKLM-x32\...\B200 King Air HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado) Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden bob internet (HKLM-x32\...\bob internet) (Version: 1.16.1.0 - A1 Telekom Austria AG) bob internet (x32 Version: 1.16.1.0 - A1 Telekom Austria AG) Hidden Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation) Bus Driver (x32 Version: 2.2.0.82 - WildTangent) Hidden Cambridge- English Grammar in Use (HKLM-x32\...\Cambridge- English Grammar in Use) (Version: 100A - Clarity Language Consultants Ltd) Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - ) Canon MP540 series Benutzerregistrierung (HKLM-x32\...\Canon MP540 series Benutzerregistrierung) (Version: - ) Canon MP540 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series) (Version: - ) Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (x32 Version: 2010.0302.2233.40412 - ATI) Hidden Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0302.2233.40412 - ATI) Hidden Catalyst Control Center Graphics Full New (x32 Version: 2010.0302.2233.40412 - ATI) Hidden Catalyst Control Center Graphics Light (x32 Version: 2010.0302.2233.40412 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0302.2233.40412 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0302.2233.40412 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0302.2233.40412 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0302.2233.40412 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help English (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help French (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help German (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden ccc-core-static (x32 Version: 2010.0302.2233.40412 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0302.2233.40412 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Clarity recorder (HKLM-x32\...\Clarity recorder) (Version: 1.0 - Clarity Language Consultants Ltd) Crewlink-Offline (HKCU\...\2a1a9d0eea0b256b) (Version: 1.2.3103.30 - Swiss International Airlines) CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.3810 - CyberLink Corp.) CyberLink PowerDVD 9 (x32 Version: 9.0.1.3810 - CyberLink Corp.) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd) Diamond DA40 G1000 Trainer v8.01 (HKLM-x32\...\Diamond DA40 G1000 Trainer v8.01) (Version: v8.01 - GARMIN) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.4.0.6 - DivX, LLC) Dream Chronicles (x32 Version: 2.2.0.82 - WildTangent) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) EXAM (HKLM-x32\...\{35B7368A-F721-46E6-B258-EA3CC11A6924}) (Version: 10.00.0000 - Peters Software) FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden Flight Simulator X (HKLM-x32\...\RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: - ) Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: - ) GARMIN 400 Series Trainer (HKLM-x32\...\GARMIN 400 Series Trainer) (Version: - ) GARMIN 500 Series Trainer (HKLM-x32\...\GARMIN 500 Series Trainer) (Version: - ) Geany 1.22 (HKLM-x32\...\Geany) (Version: 1.22 - The Geany developer team) Gem Shop (x32 Version: 2.2.0.82 - WildTangent) Hidden GNS400W-500W Trainer (HKLM-x32\...\{C59E019B-0952-4B72-A382-68A72224F88F}) (Version: - ) GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.) HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden HP Game Console (x32 Version: - WildTangent) Hidden HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent) HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard) HP Setup (HKLM-x32\...\{E2831862-F131-4327-B9CC-FA30F587EB6C}) (Version: 1.2.3988.3281 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{AF6EB833-D48A-49AC-9394-4C57489FDFF2}) (Version: 4.1.13.1 - Hewlett-Packard Company) HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company) Hidden HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HP User Guides 0217 (HKLM-x32\...\{97F3767E-8A52-4AA6-9304-BEEFBAC04575}) (Version: 1.00.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{84FD80B9-AB11-406F-8719-09C51D18CC0C}) (Version: 4.0.6.0 - Hewlett-Packard) Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) JAA ATPL Questions (HKLM-x32\...\JAA ATPL Questions1.1) (Version: 1.1 - Oxford Aviation Training) Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle) Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden Java SE Development Kit 7 Update 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle) Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.300 - Sun Microsystems, Inc.) Java-Editor 11.21, 2012.11.06 (HKLM-x32\...\{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1) (Version: - Gerhard Röhner) Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden Jewel Quest Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden Joe (HKLM-x32\...\{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}) (Version: 3.05.0100 - Wirth New Media Sarl) Mahjongg Artifacts (x32 Version: 2.2.0.82 - WildTangent) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Mathematica Extras 8.0 (2615434) (HKLM\...\A-WIN-Extras 8.0.4 2615434_is1) (Version: 8.0.4 - Wolfram Research, Inc.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft) Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: 10.0.61637.0 - Microsoft Game Studios) Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 (x32 Version: - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 Common Files (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Common Files (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Native Client (HKLM\...\{8325FD0C-2FDB-46C3-921A-3A78385EA972}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mobile Connect (HKLM-x32\...\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}) (Version: 1.00.0000 - Huawei technologies) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Mystery P.I. - The Vegas Heist (x32 Version: 2.2.0.82 - WildTangent) Hidden Norton 360 (HKLM-x32\...\N360) (Version: 21.2.0.38 - Symantec Corporation) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2514 - CyberLink Corp.) PowerDirector (x32 Version: 8.0.2514 - CyberLink Corp.) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QualityWings Ultimate 146 Collection FSX (HKLM-x32\...\QualityWings Ultimate 146 Collection FSX) (Version: - ) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.2512 - CyberLink Corp.) Hidden Saitek SST Programming Software (HKLM-x32\...\{967FB80D-56BD-42EF-A942-9E8C78F984A4}) (Version: 1.00.0000 - Saitek) Security Task Manager 1.8d (HKLM-x32\...\Security Task Manager) (Version: 1.8d - Neuber Software) Service Pack 1 für SQL Server 2008 (KB 968369) (HKLM-x32\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) SkyTest Swiss (HKLM-x32\...\{CF340C0F-FECA-4744-B261-9BEFD396859A}) (Version: 1.0.0 - SkyTest) SkyTest® AB-Trainingssoftware (HKLM-x32\...\SkyTest® AB-Trainingssoftware 2.4_is1) (Version: - SkyTest) SkyTest® AB-Trainingssoftware (HKLM-x32\...\SkyTest® AB-Trainingssoftware 2.5_is1) (Version: - SkyTest) SkyTest® BU-Trainingssoftware 2.3 (HKLM-x32\...\SkyTest® BU-Trainingssoftware_is1) (Version: - SkyTest) Slingo Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Solid Edge ST3 (HKLM\...\{EA8B28A2-D84F-447E-B588-9C255F1EDC0A}) (Version: 103.00.00114 - Siemens) Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.12.15.18 - Sony Ericsson Communications AB) Sony PC Companion 2.10.155 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.155 - Sony) Sql Server Customer Experience Improvement Program (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.12.0 - Synaptics Incorporated) Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM-x32\...\{877B3198-1C6B-4A9A-8D28-BE4F6040987F}) (Version: 10.1.2531.0 - Microsoft Corporation) VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden Wedding Dash (x32 Version: 2.2.0.82 - WildTangent) Hidden Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Wolfram Mathematica 8 for Students (M-WIN-G 8.0.4 2615565) (HKLM\...\M-WIN-G 8.0.4 2615565_is1) (Version: 8.0.4 - Wolfram Research, Inc.) Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden ==================== Restore Points ========================= 13-03-2014 19:49:01 Windows Update 22-03-2014 10:13:51 Windows Update 12-04-2014 18:40:55 Windows Update 15-04-2014 19:46:17 Installiert Saitek SST Programming Software 15-04-2014 19:48:28 Gerätetreiber-Paketinstallation: Saitek ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-03-13 12:10 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1AC9F9D7-269A-4007-ADFF-8E794ACFAE00} - System32\Tasks\{D6378C8A-2E8D-41B8-A3A2-F5F874648E7D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123.161/de/abandoninstall?page=tsMain Task: {2EACF60B-EEEA-4EEE-A609-6439BE54CB4D} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-23] () Task: {39EC496B-07C5-4742-AA88-404DDDDB30FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated) Task: {4312AD3D-51A9-4367-94BF-73CCCC7486F8} - System32\Tasks\{37422C63-01FF-4981-8670-C9D464273311} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/abandoninstall?page=tsMain Task: {4DDB585C-5558-424F-8C83-F5DDD4C2294C} - System32\Tasks\{0C13D5FC-1637-462A-A99D-AE8C9AE7D8FD} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?page=tsProgressBar Task: {4ED33081-604F-4564-9FBE-B6BEF23DFAEC} - System32\Tasks\{BF80830C-3B2B-4F52-83D8-DD0B99E9083E} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/go/help.faq.installer?LastError=1618 Task: {7490D3A4-F9C1-4E88-8D63-D82F98959D7B} - System32\Tasks\{FED2943A-B262-4A95-A03B-6A9D1BE8A301} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/go/help.faq.installer?LastError=1618 Task: {76782409-A176-4176-B22C-C3019883685B} - System32\Tasks\{6BF621FE-6614-4DD8-A3AD-64CF7BEE6E52} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?page=tsProgressBar Task: {8BFE7381-2D4E-4428-8CB3-495087C65DFC} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {AE893695-C9CA-4EB6-A64F-5ABC1CB0FC2A} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {B91A75AA-3953-4E8F-A721-B5E3AEA8F3D8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation) Task: {D364A291-E412-4912-B890-3EA8B972C115} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {E5F4B0EF-BAA3-4703-8DAA-9A57480CEDF6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-24] (Piriform Ltd) Task: {FF098BFC-1640-417F-940F-F6A667EF0724} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-23] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-18 15:04 - 2010-01-18 15:04 - 00020480 _____ () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 2011-02-15 03:32 - 2011-02-15 03:32 - 01230704 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2009-10-22 12:51 - 2009-10-22 12:51 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-07-03 03:36 - 2010-07-03 03:36 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-04-05 12:12 - 2010-04-05 12:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll 2013-07-21 09:20 - 2013-06-20 14:48 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2011-02-15 03:33 - 2011-02-15 03:33 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2014-04-15 21:47 - 2006-05-18 08:42 - 00147456 _____ () C:\Program Files (x86)\Saitek\Software\SAICFG.dll 2014-03-29 20:14 - 2014-03-29 20:15 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\pdf24\pdf24.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/19/2014 10:06:47 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (04/18/2014 05:46:44 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (04/17/2014 10:27:22 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (04/16/2014 09:49:37 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (04/15/2014 10:07:06 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: fsx.exe, Version: 10.0.61637.0, Zeitstempel: 0x46fadb14 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x1270 Startzeit der fehlerhaften Anwendung: 0xfsx.exe0 Pfad der fehlerhaften Anwendung: fsx.exe1 Pfad des fehlerhaften Moduls: fsx.exe2 Berichtskennung: fsx.exe3 Error: (04/15/2014 09:49:29 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ProfileU.exe, Version: 4.3.4.8, Zeitstempel: 0x446c2820 Name des fehlerhaften Moduls: ProfileU.exe, Version: 4.3.4.8, Zeitstempel: 0x446c2820 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001fda ID des fehlerhaften Prozesses: 0x1b00 Startzeit der fehlerhaften Anwendung: 0xProfileU.exe0 Pfad der fehlerhaften Anwendung: ProfileU.exe1 Pfad des fehlerhaften Moduls: ProfileU.exe2 Berichtskennung: ProfileU.exe3 Error: (04/15/2014 01:43:21 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (04/15/2014 10:55:30 AM) (Source: Application Hang) (User: ) Description: Programm fsx.exe, Version 10.0.61637.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1468 Startzeit: 01cf588815c3e7bc Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe Berichts-ID: a0405254-c47b-11e3-a4db-81f83a9a023d Error: (04/14/2014 05:36:59 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 90080108 Error: (04/14/2014 04:58:45 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 System errors: ============= Error: (04/19/2014 11:24:57 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. Error: (04/19/2014 10:55:25 AM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PRIVAT", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C135595A-72EE-4199-9846-54E812AFD717}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/18/2014 00:50:28 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (04/18/2014 00:50:28 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (04/18/2014 00:50:28 AM) (Source: DCOM) (User: ) Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56} Error: (04/17/2014 10:10:37 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PRIVAT", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C135595A-72EE-4199-9846-54E812AFD717}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/15/2014 02:08:50 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PRIVAT", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C135595A-72EE-4199-9846-54E812AFD717}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/15/2014 09:17:20 AM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PRIVAT", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C135595A-72EE-4199-9846-54E812AFD717}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/14/2014 02:27:14 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error: (04/14/2014 08:18:39 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Microsoft Office Sessions: ========================= Error: (04/19/2014 10:06:47 AM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (04/18/2014 05:46:44 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (04/17/2014 10:27:22 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (04/16/2014 09:49:37 AM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (04/15/2014 10:07:06 PM) (Source: Application Error)(User: ) Description: fsx.exe10.0.61637.046fadb14unknown0.0.0.000000000c000000500000000127001cf58e0a1524ba3C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exeunknown8450ed79-c4d9-11e3-a4db-81f83a9a023d Error: (04/15/2014 09:49:29 PM) (Source: Application Error)(User: ) Description: ProfileU.exe4.3.4.8446c2820ProfileU.exe4.3.4.8446c2820c000000500001fda1b0001cf58e3c145f2dfC:\Program Files (x86)\Saitek\Software\ProfileU.exeC:\Program Files (x86)\Saitek\Software\ProfileU.exe0e53647d-c4d7-11e3-a4db-81f83a9a023d Error: (04/15/2014 01:43:21 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (04/15/2014 10:55:30 AM) (Source: Application Hang)(User: ) Description: fsx.exe10.0.61637.0146801cf588815c3e7bc10C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exea0405254-c47b-11e3-a4db-81f83a9a023d Error: (04/14/2014 05:36:59 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 90080108 Error: (04/14/2014 04:58:45 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 CodeIntegrity Errors: =================================== Date: 2014-04-19 11:18:37.124 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-19 11:18:36.921 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-19 10:50:51.217 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-19 10:50:50.952 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-19 09:37:55.058 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-19 09:37:54.871 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-18 08:06:17.651 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-18 08:06:17.448 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-17 21:55:00.331 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-17 21:55:00.128 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 59% Total physical RAM: 3893.86 MB Available physical RAM: 1568.15 MB Total Pagefile: 7785.9 MB Available Pagefile: 4941.41 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:451.42 GB) (Free:309.28 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:14.04 GB) (Free:2.01 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 5EFDADBF) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================ |
20.04.2014, 17:57 | #5 |
/// the machine /// TB-Ausbilder | facebook account gehacked Wir können die Kiste bereinigen, aber wenn Du nicht mehr auf die bei FB registrierte Mail kommst ist dein Konto futsch, ausser du kontaktierst mal den FB Support. Zaubern kann ich nicht Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.04.2014, 19:44 | #6 |
| facebook account gehacked anbei die Daten: mbam.txt: Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 20.04.2014 Suchlauf-Zeit: 20:24:54 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.20.06 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Philipp Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 323078 Verstrichene Zeit: 32 Min, 23 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.SProtector.A, HKU\S-1-5-21-1252622565-2587163276-2949747067-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\APPDATALOW\SProtector, Löschen bei Neustart, [1ee2e21e10f00000b6aa2177986b639d], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) adware cleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.100 - Bericht erstellt am 20/04/2014 um 20:36:51 # Aktualisiert 20/04/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Philipp - PHILIPP-PC # Gestartet von : C:\Users\Philipp\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoft Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft Ordner Gelöscht : C:\Users\Philipp\.android Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\DownLite Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\DVDVideoSoft ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] Schlüssel Gelöscht : HKCU\Software\Classes\pokki Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\browse~1\sprote~1.dll ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v28.0 (de) [ Datei : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\nvf73zxj.default\prefs.js ] [ Datei : C:\Users\Party\AppData\Roaming\Mozilla\Firefox\Profiles\qetg7ffg.default\prefs.js ] -\\ Google Chrome v [ Datei : C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [13142 octets] - [05/09/2013 21:55:23] AdwCleaner[R1].txt - [3526 octets] - [20/04/2014 20:34:44] AdwCleaner[S0].txt - [12597 octets] - [05/09/2013 21:57:40] AdwCleaner[S1].txt - [3397 octets] - [20/04/2014 20:36:51] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3457 octets] ########## JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Philipp on 20.04.2014 at 20:47:20,65 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1252622565-2587163276-2949747067-1000\Software\sweetim ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{01E9C329-F33E-4692-89EA-FB61F90486B0} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{024D4CB6-C381-43E7-824D-18BFB4D72A70} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{04B08253-B711-4DE7-97F4-0DE6C97FA5E4} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{05B086DA-94D7-486A-AABD-F88BFFCDCAB2} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{08538652-16C1-4ABF-BD8D-7A8D85D57A91} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{0C912EE1-3C42-4A0A-8DA4-3FD29D6AE040} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{0FD2E7DC-AF40-44E5-BFE3-6B656F008785} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{10D2419A-9806-4E0C-A190-9FF2C2DFCB03} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{119C0ED3-0D32-4976-9917-0641D62F9D59} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{120CC450-E05E-489C-8D69-E029E14CE28C} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{12AC2BD2-48FA-4CCA-A33A-8AF879668A90} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{12C46F40-6ACC-4515-9B82-3229BB9690B5} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{13D5DFBE-CACE-4D46-92B6-D1A538E53B17} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{16ED830B-C096-4F5E-8EB9-25439BA5D443} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{17D430B1-8830-45F1-8CFA-4FF042AB468A} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{18967111-CE4F-443F-98B9-2789EFDB067D} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{1DA1F218-71BF-462C-9738-2AC3F0F43DED} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{1DCCEB6D-33B5-4433-8B8D-573FA76A1BC7} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{1F1AFF54-189A-4850-A262-E5FBD2A3F125} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{202E82D1-ED16-432F-BE94-C3B66772FA7D} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{22F31F8C-47B4-4ABC-ABA2-B0F13619E7AC} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2524A2CF-1B26-48A1-89C0-119CE3A28FB7} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2676B840-792F-4A8C-86F1-D3F36C592679} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{267C7216-F63E-4448-BE49-AA3B6E2E3283} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{26B42EEC-0057-4099-90F5-2E71542CD78D} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2733CE90-9A1A-4188-B9D6-200FC1C891A6} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{276C0530-81AF-4A2C-A025-A46930901B07} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{280A5F44-0504-41D7-97EF-7914177344D7} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{281D0429-E61F-48F1-A252-5BD170890402} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2896A9A8-E9C2-4DFD-AFBF-5CA9F52AB47A} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{29D97474-A768-4A75-A827-81DB05E5122A} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2A3A04CF-BC32-435F-BD62-B40EC337A4C8} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2AB33690-BEDE-472B-B178-D8C31C9D12B3} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2AF3B43A-A629-4058-AEBD-3D2936ACA5EA} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2DA744D2-1B28-496F-9B1C-AEF07EC8FA19} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2E20F503-0A90-438A-8CAE-66359F0E76C0} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{30830035-167D-4C61-8E3A-DFA4D038CBFA} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{319E4C94-E8C0-4E52-9E63-F2A04D59DEAE} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{31AA9804-AA96-4A0D-BBC3-AC58209CE0CC} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3298A97C-84A3-490E-B7FB-B3CE5F42CC52} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{32B041A0-469D-40C9-8AB7-017A6729FA2A} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3351D044-4E0A-4A3C-9B44-9118B3D47009} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{33829D9E-DE7F-40C5-8C2E-E1BEA637FBAD} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{33E007FB-AFF3-4E73-8E57-7063E513511F} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{35560663-8570-47B0-8D86-AAF35305C80A} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{357B7A92-5EF5-4BB5-B7EA-34764619B5FC} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{35DF41BA-7C9F-4378-983E-59D0766ECEBE} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{371F0DD4-BC5A-4517-A584-15D39D2C85A9} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3732B4BC-CD16-4AA7-83C4-8E58052EAFEC} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{380B57AE-D116-4C5A-8ECD-FF50430A786C} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{38663C54-B3F3-405D-AAFC-B590A5C78848} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3A0FBF84-B062-4D00-BBA8-000EA21A8DCB} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3A947677-0536-47E1-AC6E-708EAE5769C0} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3B4A3F82-EAA5-458C-BCA8-C662B4B8DB7A} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3BD6FF18-95DA-48E0-8D8A-B6234273BD5C} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3BDB3EC7-E87E-460C-99D5-7D5D24BAD2AC} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3CA72E6F-415F-4286-BAD7-93968482563F} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3DDA2F3C-8899-420E-96EE-32ADB388F8C8} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3DED84B9-5E8D-4503-9E49-EDB1D02A71C8} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3E642A5C-275F-4E5D-925A-6E51057FBB0C} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3EED4529-4614-4DD9-860F-32691587CCE9} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3F0453E2-8A44-4109-85AA-7BD94EB92C33} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{419E99C0-60FC-4DFE-88D2-B04F3746132B} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{41D4D832-50E9-4175-AB70-3F18E9633B04} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4298FFAC-9E63-463F-B7BB-E79148B6980B} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4304E94B-614E-4DF5-8C0E-6269C9424CF0} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{43684B58-389F-4D68-9F6C-CBF202414ED7} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{43910A2A-AF5B-4445-A76F-15CF01D98433} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{46B47661-5A42-4829-A8F8-C49396605C4F} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{47D49A86-DAB6-46D2-AE8B-662F4FA67381} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{47E52F0B-8C83-4ADC-8336-698C692C2CA5} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{491A90F3-4427-4BE1-BE8F-56F44C35E72D} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4AF7E7DA-E355-4F9A-B1E0-A8540C2F63A1} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4BE3D028-522E-4D09-93BA-286003C2011B} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4C3EB8D5-DAC3-4200-BC30-F5AFDB39A148} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4D25A498-C946-4621-A1E1-765E3211EFFB} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4DC4E0F9-0C2D-4646-8A69-F110F9CC5BBD} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4F1BD8FE-5B1A-414A-A076-9ACE16CC3197} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4F51C03F-DDB6-4F84-A3DA-B9BEFA77F070} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4F9DCB31-48BA-409A-9EE7-022732E91F7E} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{50D85617-04EF-4818-8C4B-9952C01CB0A7} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{518D4A2C-C90C-4D6B-880D-A58F5F64F540} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{53122CE7-4830-4837-B6B3-9C5DED5FD83C} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{53F8371A-3311-4126-BE9E-F3E2E7F49096} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{5448C336-1B9E-434B-A690-2137DD4EF1B6} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{5486314A-6960-4E2F-9109-F53021E876B8} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{54DD73A9-6FB0-49F1-8DE0-C3152791C292} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{5509C167-F154-46D7-AF2A-8BCA2D92DFB4} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{566F424D-E858-4C73-A2C0-A73B329086A4} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{5693028C-A6A2-4AB2-9C30-C8E3380DF30D} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{5733B269-58C5-4456-A098-F5BF9707E9D5} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{57E977B1-6D4F-41EF-A798-8C75C95A2594} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{5818F835-C4B2-4F7B-BFDC-EF90BCEB3F31} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{58F45AD2-FFC8-4307-9266-1D722901E242} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{5BE0EA11-BD33-400A-A83A-34E527A25EE6} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{5F2F7FA0-0951-42B3-ABC9-B93BC1192DED} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{60AC8071-1B58-4552-8F8D-11DA6DCE79B1} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{616EC9B3-0E63-4DB9-B303-C355D9EC0411} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{62509031-057C-4947-86C5-F942EAB0DA98} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6336D94A-FEFA-4865-A497-43113909B261} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{64FFACF5-5306-44B0-9CE3-DF8E290BAD66} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{65AC3A74-C7FC-46BC-859D-B400D2046AA1} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{689C7732-CF6B-404C-96F3-7ACF208EA83A} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6A1FD991-744E-42C6-BD2B-81BCDD18A459} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6A94A411-D3F2-46CC-9F1C-2E5C3F21A7A6} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6ABA7B9E-858A-4386-A71C-D82FAC2DB1D6} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6B3B85D6-8D22-41B2-ACE3-2884562C463B} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6CECAC61-7509-47EA-B598-33C84128AD44} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6D694B14-CC72-4ACD-A327-DAEF52EA360C} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6EF5943C-2AA5-4BF2-8971-F6595A3FEDDB} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6F8124AE-0902-4DAE-90FA-2B57C774495D} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{70456D27-19B5-4DCC-B110-EEDF3FF28A19} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7129D173-F715-43A8-A8B2-688635667D5A} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7217107D-FEDF-4A69-B3B9-52C83ABB314B} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{75574148-6B4E-41DE-85D7-D47CE0F63A1F} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{764E439D-CC91-44E7-81E5-0807C48FA85C} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{768521B7-A66B-4EA5-9AFF-C0FBA099D5CA} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7742C28A-F0E3-4941-AC63-25EFF8A137BE} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{778F2B78-AD7F-4DA3-A17B-CA8ACA9E9C1B} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{78F3A8E6-A97E-411A-A58B-EDFE8B2DF502} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7C0997BE-3E26-4439-9818-1491BC23966C} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7C0CE548-4ED3-42C1-B6CE-82C3FEC70EBF} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7C7F55E3-86A4-49EE-B9B5-F2FB1B9CAD0D} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7C97E8C9-5EFC-45A6-B1DF-39942B0A8037} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7C982AE1-3677-4966-A49E-D7618218B211} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7CB7B86C-D759-489C-92CF-85C8121E3270} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7DD92C70-BB19-4B7E-A112-5A1088F2FB16} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7DF7355F-65CD-4AF0-A6D3-54E22B08C044} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7E2A69E3-6961-49C6-BF6A-05C09F087AE8} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7F493454-1ECC-4700-A279-1E64D95926DB} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{80306883-EE57-4F8A-BBBE-A3B2CFFFF97D} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8173A029-CEC9-4AB2-B819-7D39C3B8F041} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{81B88B61-BBCC-4574-8986-136E18FC6C9D} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{841C025C-A8F6-4389-8DAE-4E18388A737F} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{84CA8A6D-5C01-494F-9306-DB97D0801E08} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{850FF688-BC7A-4E9D-B356-7E650763783A} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{852F33CD-E74A-4C00-B507-21A373B4E13B} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{853BB06E-26A4-4EE9-BF8F-E1237F68B1EF} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{85B4F86E-5AE2-4392-BC4E-997DBD652EAF} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{86C0082A-5834-4F90-A4D9-E8EA85BA6D92} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{87C9BDB8-3D99-48C5-979B-EB9591BF4147} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{87FC5B7A-34F6-4E61-BD7E-8939094A550A} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{885953AF-752D-4439-8AAC-9759E230C472} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8957DEC2-8ED1-4216-BE6D-020E9B626CA7} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{89EAFD95-019D-4188-8B26-4898B626F895} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8A219117-78D4-4536-BF31-5505E6FD1752} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8BBA4A7A-CBD8-40F6-BE2A-62FE5589AB75} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8CADBA96-9641-4FBD-9325-9EEAF328EFF9} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8CE0D7A3-B324-45AD-B6D8-E1C1CD363333} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8DD739F2-7B69-4218-BAC7-E5536A5888C2} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8ED53A75-AA61-480A-A429-560EDCD2FE7A} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8F2B9489-5F13-412B-BF5B-2BF7DAD35286} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{905407C3-1D46-47B7-B59A-3682EFD65590} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{90F55852-7082-4C81-A6D3-FB3AB267D6BB} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{926922EE-7291-4613-8D83-FE2EFDDA68C1} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9329A182-2C81-4FA8-970C-BD26F05EAD5F} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{93B374E9-D98F-4543-8961-A3660735BF54} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{93E02419-D95C-4F1D-9366-11DCF0A22CEC} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9413AA2F-0E2B-4E62-8554-C82719978B07} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{942B835A-42AA-4A88-8741-C3C74A501E4E} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{95EE01A7-F1B5-4ADF-A94B-3321354E9595} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{97251A14-CAC4-4D76-AE70-65FB8759E4A4} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{97B19C85-770E-42AB-9332-4202F1BE6EBC} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{97B300C8-26B8-4AE0-8992-0DD40C927138} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{97D864DE-9BD8-4DFB-924F-634BCCB67718} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{98C90EB5-A6E7-4373-8E04-761A5BE9D25C} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9985B059-1F47-496D-ADBB-604DCCEFD32A} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9A4BA475-0043-4FB4-9236-B70EE14ECD60} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9AD2FF3A-E1BD-4B4C-8BDD-ADB3F4282ECF} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9BD7DDEB-7BDA-4FE1-B56D-54CAEE30A7CF} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9C01FF6B-D871-46AC-92B6-C0483F056DBC} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9C2DFDDA-E6FB-4CF9-AFD2-273F94D7CA31} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9CEA65BA-91D8-43F8-BF66-650050847E0B} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{A03593D2-FB13-4F88-A8BF-FC11C6371A7F} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{A2FAD367-7795-4878-AC8E-DA5CCD387F4D} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{A468855A-6CE3-46C0-944A-5CEBFF10C624} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{A48B9A10-641B-4BF0-855E-9E4083443CF1} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{A50CE266-7BEA-4E79-81D2-56757F378A3E} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{A635D238-24FF-49C7-93F8-4ABAB15E2FB1} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{A83BAEBC-94E8-40F0-9F1F-DC49EC7BB1BC} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{AC236300-6C0B-4AEC-B025-D93A3E012A3D} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{ACB35791-0F4B-4F5B-82F2-918AAA9F77E3} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{ACBEAAD6-C9E0-4058-A719-F8BB29B731BD} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{AD0527DE-4B56-40EB-8BD5-AB504CE19E90} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{ADAEAFC1-F252-4767-9316-B5D8B37F12B9} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{AEB46BDA-D075-455A-A6B9-03BA81962409} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{AECB2C76-DC5D-4F8E-92BC-2E5D5829CCA5} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B03AF500-EC6F-4859-93AE-A379A759C630} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B1AB4813-7446-4A2A-995F-4AB01C3639FC} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B1C9E096-4985-4ED8-9C2A-B8C160745F10} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B22F740F-1C0D-417F-95CB-14E195F94A34} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B336144E-BFCC-482E-BF21-9D725A1DFA42} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B3774CA9-390E-4031-9D91-280E2D72C1F7} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B448B87A-FA78-4669-BD3E-D12D2BB17A7B} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B4778993-8508-480A-A61E-7AA009BA526D} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B48AEBE7-774D-4112-84C8-085B895289DE} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B4D4682A-4DEA-437E-B74E-E29CD6716E90} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B4E8F143-929D-482D-AFEA-1DCC97F1BA8F} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B63397DA-33FA-43A8-8AFF-49DF119D4EAB} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B701C806-A7F3-4C59-8E4C-CD01F8DFEEE0} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B9BDD830-EFCB-4EFF-BB5C-D47A44E3D2EC} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BAA2B1F9-E869-4AAF-95C8-818E1B33C4A9} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BB5FA60D-6193-4DBE-9228-307F47DE5F43} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BB7550E1-3715-461A-98B6-554BC6D81476} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BB87C38E-3DD2-4C09-A414-5DE230170E0F} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BBE41FD4-1C2C-4B0B-9E67-4BB47D26D7B4} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BE09DB8E-B6F8-4719-82E3-416BCB8CBEAD} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BE0DC0DF-423B-4B00-B226-205A03CB6086} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BF0A9355-55E5-4942-86D6-CDA835475178} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BFA8084D-0E2F-4FEB-A137-0141E0E49A6B} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C1BC87C5-1B6D-4590-8B4B-44502664C9A7} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C23C6EFD-B505-4501-9972-A0EC8EE053D3} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C4CFC970-7682-437D-BBFE-C646F03DB69D} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C63C7E77-70AE-4D9E-9598-4199884A06D3} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C63D7815-40CD-4013-A492-76B18EBE6704} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C8263C00-D59F-457F-9E71-F8C364595954} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C8826BE5-BA6E-470D-B492-129D6A3C1E75} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C88A6BCD-A4EF-46C8-87B8-28D84171DB73} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C8C2E1D7-9413-4D4F-B5B7-4F887AAC5EE7} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C9853393-3FF6-4504-B1EE-DB89FA419EB2} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{CA323DDD-6EC8-4399-B9C9-E0002159BFFF} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{CB662F76-94EF-428A-9390-E2E062EC2C30} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{CC48BBB2-BCA5-4C45-A6B4-529321052FDA} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{CDE4E11D-E9C2-4219-A5F9-764E9AB035F6} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D1BD4652-12AA-4A64-B81A-4C1D989D28EA} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D1FD804D-000D-4F7C-9EED-7EAB42E72B47} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D3A95797-F38B-411C-9637-C8055324E137} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D3BD746C-6F33-4F1E-ADE4-CB4C5D6DAAFC} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D3CBEE04-C262-44F1-BD2C-487156E7B9D3} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D41AE815-15E1-4F85-8206-A107A4FC6F0B} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D5435464-15E4-4C1E-9B0A-81427DEC45E4} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D559115F-26D8-4FB5-A3EF-EFC844100E35} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D6AB3B3A-9553-4B26-A97F-EE88FE47F692} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D760AE14-352A-4614-91F1-9D3E8E27366B} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D95CD11D-61A7-4F39-8CB4-BC4CE9314465} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D993F7D0-BC0F-419B-B6F2-9D84E6B6BAC2} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D9F65F72-11DA-4637-AC1C-81DBACDB2548} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{DA8FCC12-507F-4EC4-9841-DBA9A27235EB} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{DBD63444-E681-4F23-83FB-B4E5A78C584C} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{DCC4153E-BCB9-470F-BC39-BC218474312E} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{DED7E105-C815-4BC3-8527-2269E7D6D948} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{DEE66938-47F4-4D49-84FE-59917960061C} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{DEF6B8FA-48F7-4758-B200-D97458E551D3} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{DEFB165A-79FA-47D0-88FF-97D53A0CCC6F} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{DF2F4F52-62AF-4B13-A444-7283E975C7E8} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E209E8A8-2A4C-468E-AE37-F4D67BFF93CA} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E21A212F-6BE0-4C80-95CD-CB9BC6A97D01} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E22A23B7-62F0-4360-83E2-86D92D6BED74} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E33C96A6-14E5-4CD5-865B-216C088FFB07} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E3B3D4D8-73D0-498D-B806-9AC30AB0AEE8} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E5A1E53E-8D06-4A8D-A5FB-6F044870945A} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E5C5FDF9-33C0-4A6C-ADE4-A12881EB0A18} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E6D03896-728B-4938-8999-421B8DB7D68E} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E9EE5F9C-9FAD-4279-B148-A5A0FD73BB4C} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{EB1B73CC-B304-40D1-BA6A-4EB6E38BAF47} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{EC7E168F-8554-4F58-98E6-96E933670796} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{EC9770A7-F97E-4A4A-AF2A-2B394546758B} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{ED462DC5-6113-45A6-BD2B-6D07787C4287} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{EE29681C-835E-40AA-A0F8-BA36741E5BCA} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{EF920143-1A80-495A-B6B1-0AB80D7FF084} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F0BD5977-23E1-422B-8636-7AFC6869E649} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F176AB08-671F-41E8-A4E8-043A6F8508B6} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F2CFB7B0-A2DC-4000-BCC7-5D4581AB7004} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F3A54382-6D38-46D2-92B1-E6769847B3F1} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F449975D-5CB6-482A-B22E-C64EC44BED03} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F44AACC9-CC50-4E7F-B825-8CFC7117D283} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F49CA3C1-17D3-4FA0-8D1E-88DFCA32A546} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F589E341-D4DE-4911-A7C8-FEE9630EC541} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F712FDF0-2F7E-47EB-BFDF-1C840161D4D9} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F7FB5D50-FC06-4B2D-A34F-4194F15B869E} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F8D08069-CB27-48AA-A68C-743555B38FA4} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F8E47195-1887-454E-9AF1-0FD70F08B736} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F95F9308-0F7C-47A7-A43C-635BA39D9899} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F9623AA6-B19E-4F36-917C-CCFA8D16852F} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F987BB66-E2EB-47A4-9B24-0B167951994A} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{FA24699D-6E07-4485-94E7-13AAADF3CD51} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{FA345767-7008-416A-9F9A-56BD5EEE4831} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{FBD50ECB-FB2D-4531-86E9-E83F0827BA54} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{FC543B46-36BA-4612-BA28-7A838454908A} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{FC71F104-B68E-45FC-88D3-D2B2FA4D956E} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{FDA7F3DE-BD9F-4537-BECB-465FF5E77E0B} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{FE86238C-677E-44EA-AF44-1FA2B0F961AA} Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{FEE808EB-8F22-460D-8B98-ECEFDF79664F} ~~~ FireFox Successfully deleted: [File] C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\nvf73zxj.default\extensions\toolbar_avira-v7@apn.ask.com.xpi Emptied folder: C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\nvf73zxj.default\minidumps [568 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 20.04.2014 at 20:54:43,91 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ First: FRST Logfile: FRST Logfile: FRST Logfile: [CODE]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 01 Ran by Philipp (administrator) on PHILIPP-PC on 20-04-2014 20:59:18 Running from C:\Users\Philipp\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\N360.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Saitek) C:\Program Files (x86)\Saitek\Software\ProfilerU.exe (Saitek) C:\Program Files (x86)\Saitek\Software\SaiMfd.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\N360.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-12] (Synaptics Incorporated) HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor) HKLM\...\Run: [RtkOSD] => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-13] (Realtek Semiconductor Corp.) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-02-15] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Profiler] => C:\Program Files (x86)\Saitek\Software\ProfilerU.exe [184320 2006-05-18] (Saitek) HKLM-x32\...\Run: [SaiMfd] => C:\Program Files (x86)\Saitek\Software\SaiMfd.exe [180736 2006-06-05] (Saitek) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: G - G:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: H - H:\Autorun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: I - I:\Autorun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: J - J:\Autorun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {3b046d47-f371-11e2-8dc7-002682b01834} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {3b046d49-f371-11e2-8dc7-002682b01834} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {4ab366bb-4be3-11e1-8c1c-9a93759d0506} - G:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {51ed533e-ac26-11e1-b234-002682b01834} - H:\Autorun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {80fccf81-84f0-11e3-a105-002682b01834} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {c910a591-4be9-11e1-bcf8-002682b01834} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {cb647060-6e9a-11e2-bddc-893cbdf93c12} - H:\Startme.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {cb8f7b98-d278-11e1-99e8-bad987d704c6} - H:\Startme.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {ce999591-4b1d-11e1-9aa7-002682b01834} - G:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {ce99959c-4b1d-11e1-9aa7-002682b01834} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {d785273c-f36e-11e2-bdff-ce7aac36c501} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {ec55ec98-56e3-11e1-93eb-b0e0b3edb724} - G:\Setup.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {f80db2b5-4b22-11e1-9fbf-002682b01834} - G:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {f80db2d6-4b22-11e1-9fbf-002682b01834} - H:\AutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.a1.net/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - No File Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61 FireFox: ======== FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\nvf73zxj.default FF Homepage: www.austrianaviation.net FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-02-27] FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-02-27] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-18] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [] Chrome: ======= CHR HomePage: CHR RestoreOnStartup: "hxxp://www.google.com" CHR Extension: (Search-NewTab) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbmgfdlffecjkknfcphajeljoheidim [2013-02-27] CHR Extension: (BraoWse2saeve) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbiagpabkcclfemhfaejjphknmbbeeji [2013-02-27] CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21] CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-28] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG) R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation) R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG) R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-14] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-18] (Symantec Corporation) U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.) R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20140417.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140419.009\ENG64.SYS [126040 2014-03-28] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140419.009\EX64.SYS [2099288 2014-03-28] (Symantec Corporation) S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.) S3 SaiH0763; C:\Windows\System32\DRIVERS\SaiH0763.sys [176640 2007-07-18] (Saitek) S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [53248 2006-06-08] (Saitek) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) U2 wuaserv; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-20 20:56 - 2014-04-20 20:56 - 00000000 ____D () C:\Users\Philipp\Desktop\FRST-OlderVersion 2014-04-20 20:54 - 2014-04-20 20:54 - 00031821 _____ () C:\Users\Philipp\Desktop\JRT.txt 2014-04-20 20:44 - 2014-04-20 20:44 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 20:41 - 2014-04-20 20:41 - 00003597 _____ () C:\Users\Philipp\Desktop\AdwCleaner[S1].txt 2014-04-20 20:32 - 2014-04-20 20:33 - 00001328 _____ () C:\Users\Philipp\Desktop\mbam.txt 2014-04-20 20:28 - 2014-04-20 20:39 - 00000112 _____ () C:\Windows\setupact.log 2014-04-20 20:28 - 2014-04-20 20:28 - 00373560 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-20 20:28 - 2014-04-20 20:28 - 00000366 _____ () C:\Windows\PFRO.log 2014-04-20 20:28 - 2014-04-20 20:28 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-20 19:53 - 2014-04-20 19:53 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe 2014-04-20 19:52 - 2014-04-20 19:52 - 01308369 _____ () C:\Users\Philipp\Desktop\adwcleaner.exe 2014-04-20 19:49 - 2014-04-20 20:32 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-20 19:49 - 2014-04-20 19:49 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-20 19:49 - 2014-04-20 19:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-20 19:49 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-20 19:49 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-20 19:45 - 2014-04-20 19:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-20 16:06 - 2014-04-20 16:06 - 00094008 _____ () C:\Users\Philipp\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-20 08:41 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-20 08:41 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-20 08:41 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-20 08:41 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-20 08:41 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-20 08:41 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-20 08:41 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-20 08:41 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-20 08:41 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-20 08:41 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-20 08:41 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-20 08:41 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-20 08:41 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-20 08:41 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-20 08:41 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-20 08:41 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-20 08:41 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-20 08:41 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-20 08:41 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-20 08:41 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-20 08:41 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-20 08:41 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-20 08:41 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-20 08:41 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-20 08:41 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-20 08:41 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-20 08:41 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-20 08:41 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-20 08:41 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-20 08:41 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-20 08:41 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-20 08:41 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-20 08:41 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-20 08:41 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-20 08:41 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-20 08:41 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-20 08:41 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-20 08:41 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-20 08:41 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-20 08:41 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-20 08:41 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-20 08:41 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-20 08:41 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-20 08:41 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-20 08:41 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-20 08:41 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-20 08:41 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-20 08:41 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-19 16:38 - 2014-04-19 16:39 - 00038704 _____ () C:\Users\Philipp\Desktop\Addition-alt.txt 2014-04-19 16:31 - 2014-04-20 20:59 - 00019609 _____ () C:\Users\Philipp\Desktop\FRST.txt 2014-04-19 16:31 - 2014-04-19 16:39 - 00030277 _____ () C:\Users\Philipp\Desktop\FRST-alt.txt 2014-04-19 16:30 - 2014-04-20 20:59 - 00000000 ____D () C:\FRST 2014-04-19 16:29 - 2014-04-20 20:56 - 02056192 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe 2014-04-19 11:22 - 2014-04-20 20:45 - 00161564 _____ () C:\Windows\WindowsUpdate.log 2014-04-15 21:47 - 2014-04-15 21:47 - 00000824 _____ () C:\Users\Public\Desktop\Saitek SST Programming Software.lnk 2014-04-15 21:47 - 2014-04-15 21:47 - 00000000 ____D () C:\Program Files (x86)\Saitek 2014-04-15 21:47 - 2006-06-05 13:22 - 00196096 _____ () C:\Windows\SysWOW64\nY.exe 2014-04-15 21:47 - 2006-06-05 12:20 - 00057344 _____ (Saitek) C:\Windows\SysWOW64\SAIGON.dll 2014-04-15 21:47 - 2006-05-18 08:49 - 00045056 _____ (Saitek) C:\Windows\SysWOW64\SAIKICK.dll 2014-04-14 20:29 - 2014-04-14 20:29 - 00000000 ____D () C:\Users\Philipp\Desktop\SW Ha Up 2014-04-14 11:17 - 2014-04-19 22:08 - 00000000 ____D () C:\Users\Philipp\Desktop\Viet 2014-04-12 12:56 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-12 12:56 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-12 12:56 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-12 12:56 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-12 12:56 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-12 12:56 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-12 12:56 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-12 12:56 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-12 12:56 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-12 12:56 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-12 12:56 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-12 12:56 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-12 12:56 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-12 12:56 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-12 12:56 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-12 12:56 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-12 12:56 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-04 23:16 - 2014-04-04 23:16 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-04-02 08:44 - 2014-04-02 08:44 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360 2014-03-29 20:14 - 2014-03-29 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-04-20 20:59 - 2014-04-19 16:31 - 00019609 _____ () C:\Users\Philipp\Desktop\FRST.txt 2014-04-20 20:59 - 2014-04-19 16:30 - 00000000 ____D () C:\FRST 2014-04-20 20:56 - 2014-04-20 20:56 - 00000000 ____D () C:\Users\Philipp\Desktop\FRST-OlderVersion 2014-04-20 20:56 - 2014-04-19 16:29 - 02056192 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe 2014-04-20 20:55 - 2010-05-17 03:45 - 00764980 _____ () C:\Windows\system32\perfh007.dat 2014-04-20 20:55 - 2010-05-17 03:45 - 00174178 _____ () C:\Windows\system32\perfc007.dat 2014-04-20 20:55 - 2009-07-14 07:13 - 01803894 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-20 20:54 - 2014-04-20 20:54 - 00031821 _____ () C:\Users\Philipp\Desktop\JRT.txt 2014-04-20 20:48 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-20 20:48 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-20 20:45 - 2014-04-19 11:22 - 00161564 _____ () C:\Windows\WindowsUpdate.log 2014-04-20 20:44 - 2014-04-20 20:44 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 20:41 - 2014-04-20 20:41 - 00003597 _____ () C:\Users\Philipp\Desktop\AdwCleaner[S1].txt 2014-04-20 20:39 - 2014-04-20 20:28 - 00000112 _____ () C:\Windows\setupact.log 2014-04-20 20:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-20 20:36 - 2013-09-05 21:47 - 00000000 ____D () C:\AdwCleaner 2014-04-20 20:36 - 2010-10-14 19:30 - 00000000 ____D () C:\Users\Philipp 2014-04-20 20:33 - 2014-04-20 20:32 - 00001328 _____ () C:\Users\Philipp\Desktop\mbam.txt 2014-04-20 20:32 - 2014-04-20 19:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-20 20:28 - 2014-04-20 20:28 - 00373560 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-20 20:28 - 2014-04-20 20:28 - 00000366 _____ () C:\Windows\PFRO.log 2014-04-20 20:28 - 2014-04-20 20:28 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-20 20:11 - 2012-03-30 08:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-20 19:54 - 2010-10-14 21:11 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Skype 2014-04-20 19:53 - 2014-04-20 19:53 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe 2014-04-20 19:52 - 2014-04-20 19:52 - 01308369 _____ () C:\Users\Philipp\Desktop\adwcleaner.exe 2014-04-20 19:49 - 2014-04-20 19:49 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-20 19:49 - 2014-04-20 19:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-20 19:49 - 2012-10-22 08:11 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Malwarebytes 2014-04-20 19:49 - 2012-10-22 08:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-20 19:45 - 2014-04-20 19:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-20 16:06 - 2014-04-20 16:06 - 00094008 _____ () C:\Users\Philipp\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-20 16:04 - 2012-01-31 11:11 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Dropbox 2014-04-20 15:04 - 2010-10-14 21:00 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DB96048C-19D3-4BC7-BA14-08B8EDD5EE4C} 2014-04-20 11:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-19 22:08 - 2014-04-14 11:17 - 00000000 ____D () C:\Users\Philipp\Desktop\Viet 2014-04-19 21:21 - 2013-01-16 23:50 - 00000000 ____D () C:\Users\Philipp\Desktop\SW 2014-04-19 16:39 - 2014-04-19 16:38 - 00038704 _____ () C:\Users\Philipp\Desktop\Addition-alt.txt 2014-04-19 16:39 - 2014-04-19 16:31 - 00030277 _____ () C:\Users\Philipp\Desktop\FRST-alt.txt 2014-04-19 13:26 - 2010-10-14 20:27 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\HpUpdate 2014-04-18 19:39 - 2013-11-16 16:10 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Deployment 2014-04-18 00:48 - 2010-10-28 19:45 - 00000000 ____D () C:\Users\Philipp\AppData\Local\CrashDumps 2014-04-16 14:25 - 2012-10-23 18:08 - 00000000 ____D () C:\Users\Philipp\Documents\Flight Simulator X-Dateien 2014-04-15 22:23 - 2012-02-25 16:26 - 00000000 ____D () C:\Users\Philipp\Desktop\ATR 2014-04-15 21:47 - 2014-04-15 21:47 - 00000824 _____ () C:\Users\Public\Desktop\Saitek SST Programming Software.lnk 2014-04-15 21:47 - 2014-04-15 21:47 - 00000000 ____D () C:\Program Files (x86)\Saitek 2014-04-15 21:47 - 2010-05-16 18:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-15 17:47 - 2012-01-31 11:12 - 00000000 ___RD () C:\Users\Philipp\Dropbox 2014-04-15 11:06 - 2010-10-17 14:35 - 00000000 ____D () C:\Users\Philipp\Documents\Flight Simulator-Dateien 2014-04-14 20:29 - 2014-04-14 20:29 - 00000000 ____D () C:\Users\Philipp\Desktop\SW Ha Up 2014-04-13 22:06 - 2010-10-14 21:56 - 00000000 ____D () C:\Users\Philipp\Desktop\Fli 2014-04-12 20:50 - 2013-07-19 10:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-12 20:43 - 2010-11-01 09:56 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-08 21:28 - 2012-12-31 18:14 - 00094008 _____ () C:\Users\Party\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-04 23:16 - 2014-04-04 23:16 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-04-03 09:51 - 2014-04-20 19:49 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-20 19:49 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2012-12-27 12:24 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 08:44 - 2014-04-02 08:44 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360 2014-04-02 08:38 - 2010-10-14 21:02 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64 2014-04-02 08:37 - 2013-05-21 21:48 - 00003238 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-03-30 10:19 - 2013-06-27 11:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-29 20:15 - 2014-03-29 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-28 14:50 - 2014-02-28 11:58 - 00000000 ____D () C:\Users\Philipp\Desktop\Tickets Some content of TEMP: ==================== C:\Users\Philipp\AppData\Local\Temp\avgnt.exe C:\Users\Philipp\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwdksq7.dll C:\Users\Philipp\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Addition:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014 01 Ran by Philipp at 2014-04-20 20:59:47 Running from C:\Users\Philipp\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden Airframes, Systems and Emergency Equipment (HKLM-x32\...\Airframes, Systems and Emergency Equipment1.0) (Version: 1.0 - OAAmedia) ATI Catalyst Install Manager (HKLM\...\{C9083B9D-9092-FF22-DDCC-9776E69BE816}) (Version: 3.0.765.0 - ATI Technologies, Inc.) ATPL AC Electrics (HKLM-x32\...\ATPL AC Electrics1.0) (Version: 1.0 - OAAmedia) ATPL Air Law (HKLM-x32\...\ATPL Air Law1.0) (Version: 1.0 - CAE Oxford Interactive) ATPL Aircraft Performance (HKLM-x32\...\ATPL Aircraft Performance1.0) (Version: 1.0 - OAAmedia) ATPL Autoflight (HKLM-x32\...\ATPL Autoflight1.0) (Version: 1.0 - OAAmedia) ATPL DC Electrics (HKLM-x32\...\ATPL DC Electrics1.0) (Version: 1.0 - OAAmedia) ATPL Flight Instruments (HKLM-x32\...\ATPL Flight Instruments1.0) (Version: 1.0 - OAAmedia) ATPL Flight Planning (HKLM-x32\...\ATPL Flight Planning1.0) (Version: 1.0 - OAAmedia) ATPL Gas Turbine Engines (HKLM-x32\...\ATPL Gas Turbine Engines1.1) (Version: 1.1 - OAAmedia) ATPL General Navigation (HKLM-x32\...\ATPL General Navigation1.0) (Version: 1.0 - OAAmedia) ATPL Human Performance (Part 1) (HKLM-x32\...\ATPL Human Performance (Part 1)1.0) (Version: 1.0 - CAE Oxford Interactive) ATPL Human Performance (Part 2) (HKLM-x32\...\ATPL Human Performance (Part 2)1.0) (Version: 1.0 - CAE Oxford Interactive) ATPL Meteorology (HKLM-x32\...\ATPL Meteorology3.0) (Version: 3.0 - OAAmedia) ATPL Operational Procedures (HKLM-x32\...\ATPL Operational Procedures1.0) (Version: 1.0 - OAAmedia) ATPL Principles of Flight (HKLM-x32\...\ATPL Principles of Flight1.0) (Version: 1.0 - OAAmedia) Aviator (HKLM-x32\...\{3F46D5F5-DEDE-4F4F-8AFE-1D458555C94A}) (Version: 1.0.226 - Xedatec) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4487 - APN, LLC) B200 King Air HD SERIES FSX/P3D (HKLM-x32\...\B200 King Air HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado) Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden bob internet (HKLM-x32\...\bob internet) (Version: 1.16.1.0 - A1 Telekom AG) bob internet (x32 Version: 1.16.1.0 - A1 Telekom AG) Hidden Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation) Bus Driver (x32 Version: 2.2.0.82 - WildTangent) Hidden Cambridge- English Grammar in Use (HKLM-x32\...\Cambridge- English Grammar in Use) (Version: 100A - Clarity Language Consultants Ltd) Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - ) Canon MP540 series Benutzerregistrierung (HKLM-x32\...\Canon MP540 series Benutzerregistrierung) (Version: - ) Canon MP540 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series) (Version: - ) Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (x32 Version: 2010.0302.2233.40412 - ATI) Hidden Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0302.2233.40412 - ATI) Hidden Catalyst Control Center Graphics Full New (x32 Version: 2010.0302.2233.40412 - ATI) Hidden Catalyst Control Center Graphics Light (x32 Version: 2010.0302.2233.40412 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0302.2233.40412 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0302.2233.40412 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0302.2233.40412 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0302.2233.40412 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help English (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help French (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help German (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0302.2232.40412 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden ccc-core-static (x32 Version: 2010.0302.2233.40412 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0302.2233.40412 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Clarity recorder (HKLM-x32\...\Clarity recorder) (Version: 1.0 - Clarity Language Consultants Ltd) Crewlink-Offline (HKCU\...\2a1a9d0eea0b256b) (Version: 1.2.3103.30 - SIA) CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.3810 - CyberLink Corp.) CyberLink PowerDVD 9 (x32 Version: 9.0.1.3810 - CyberLink Corp.) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd) Diamond DA40 G1000 Trainer v8.01 (HKLM-x32\...\Diamond DA40 G1000 Trainer v8.01) (Version: v8.01 - GARMIN) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.4.0.6 - DivX, LLC) Dream Chronicles (x32 Version: 2.2.0.82 - WildTangent) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) EXAM (HKLM-x32\...\{35B7368A-F721-46E6-B258-EA3CC11A6924}) (Version: 10.00.0000 - Peters Software) FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden Flight Simulator X (HKLM-x32\...\RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: - ) Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: - ) GARMIN 400 Series Trainer (HKLM-x32\...\GARMIN 400 Series Trainer) (Version: - ) GARMIN 500 Series Trainer (HKLM-x32\...\GARMIN 500 Series Trainer) (Version: - ) Geany 1.22 (HKLM-x32\...\Geany) (Version: 1.22 - The Geany developer team) Gem Shop (x32 Version: 2.2.0.82 - WildTangent) Hidden GNS400W-500W Trainer (HKLM-x32\...\{C59E019B-0952-4B72-A382-68A72224F88F}) (Version: - ) GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.) HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden HP Game Console (x32 Version: - WildTangent) Hidden HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent) HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard) HP Setup (HKLM-x32\...\{E2831862-F131-4327-B9CC-FA30F587EB6C}) (Version: 1.2.3988.3281 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{AF6EB833-D48A-49AC-9394-4C57489FDFF2}) (Version: 4.1.13.1 - Hewlett-Packard Company) HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company) Hidden HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HP User Guides 0217 (HKLM-x32\...\{97F3767E-8A52-4AA6-9304-BEEFBAC04575}) (Version: 1.00.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{84FD80B9-AB11-406F-8719-09C51D18CC0C}) (Version: 4.0.6.0 - Hewlett-Packard) Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) JAA ATPL Questions (HKLM-x32\...\JAA ATPL Questions1.1) (Version: 1.1 - Oxford Aviation Training) Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle) Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden Java SE Development Kit 7 Update 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle) Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.300 - Sun Microsystems, Inc.) Java-Editor 11.21, 2012.11.06 (HKLM-x32\...\{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1) (Version: - Gerhard Röhner) Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden Jewel Quest Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden Joe (HKLM-x32\...\{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}) (Version: 3.05.0100 - Wirth New Media Sarl) Mahjongg Artifacts (x32 Version: 2.2.0.82 - WildTangent) Hidden Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Mathematica Extras 8.0 (2615434) (HKLM\...\A-WIN-Extras 8.0.4 2615434_is1) (Version: 8.0.4 - Wolfram Research, Inc.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft) Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: 10.0.61637.0 - Microsoft Game Studios) Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 (x32 Version: - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 Common Files (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Common Files (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Native Client (HKLM\...\{8325FD0C-2FDB-46C3-921A-3A78385EA972}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mobile Connect (HKLM-x32\...\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}) (Version: 1.00.0000 - Huawei technologies) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Mystery P.I. - The Vegas Heist (x32 Version: 2.2.0.82 - WildTangent) Hidden Norton 360 (HKLM-x32\...\N360) (Version: 21.2.0.38 - Symantec Corporation) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2514 - CyberLink Corp.) PowerDirector (x32 Version: 8.0.2514 - CyberLink Corp.) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QualityWings Ultimate 146 Collection FSX (HKLM-x32\...\QualityWings Ultimate 146 Collection FSX) (Version: - ) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.2512 - CyberLink Corp.) Hidden Saitek SST Programming Software (HKLM-x32\...\{967FB80D-56BD-42EF-A942-9E8C78F984A4}) (Version: 1.00.0000 - Saitek) Security Task Manager 1.8d (HKLM-x32\...\Security Task Manager) (Version: 1.8d - Neuber Software) Service Pack 1 für SQL Server 2008 (KB 968369) (HKLM-x32\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) SkyTest Swiss (HKLM-x32\...\{CF340C0F-FECA-4744-B261-9BEFD396859A}) (Version: 1.0.0 - SkyTest) SkyTest® AB-Trainingssoftware (HKLM-x32\...\SkyTest® AB-Trainingssoftware 2.4_is1) (Version: - SkyTest) SkyTest® AB-Trainingssoftware (HKLM-x32\...\SkyTest® AB-Trainingssoftware 2.5_is1) (Version: - SkyTest) SkyTest® BU-Trainingssoftware 2.3 (HKLM-x32\...\SkyTest® BU-Trainingssoftware_is1) (Version: - SkyTest) Slingo Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Solid Edge ST3 (HKLM\...\{EA8B28A2-D84F-447E-B588-9C255F1EDC0A}) (Version: 103.00.00114 - Siemens) Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.12.15.18 - Sony Ericsson Communications AB) Sony PC Companion 2.10.155 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.155 - Sony) Sql Server Customer Experience Improvement Program (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.12.0 - Synaptics Incorporated) Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM-x32\...\{877B3198-1C6B-4A9A-8D28-BE4F6040987F}) (Version: 10.1.2531.0 - Microsoft Corporation) VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden Wedding Dash (x32 Version: 2.2.0.82 - WildTangent) Hidden Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden ==================== Restore Points ========================= 13-03-2014 19:49:01 Windows Update 22-03-2014 10:13:51 Windows Update 12-04-2014 18:40:55 Windows Update 15-04-2014 19:46:17 Installiert Saitek SST Programming Software 15-04-2014 19:48:28 Gerätetreiber-Paketinstallation: Saitek 20-04-2014 06:40:02 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-03-13 12:10 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1AC9F9D7-269A-4007-ADFF-8E794ACFAE00} - System32\Tasks\{D6378C8A-2E8D-41B8-A3A2-F5F874648E7D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123.161/de/abandoninstall?page=tsMain Task: {2EACF60B-EEEA-4EEE-A609-6439BE54CB4D} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-23] () Task: {39EC496B-07C5-4742-AA88-404DDDDB30FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated) Task: {4312AD3D-51A9-4367-94BF-73CCCC7486F8} - System32\Tasks\{37422C63-01FF-4981-8670-C9D464273311} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/abandoninstall?page=tsMain Task: {4DDB585C-5558-424F-8C83-F5DDD4C2294C} - System32\Tasks\{0C13D5FC-1637-462A-A99D-AE8C9AE7D8FD} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?page=tsProgressBar Task: {4ED33081-604F-4564-9FBE-B6BEF23DFAEC} - System32\Tasks\{BF80830C-3B2B-4F52-83D8-DD0B99E9083E} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/go/help.faq.installer?LastError=1618 Task: {7490D3A4-F9C1-4E88-8D63-D82F98959D7B} - System32\Tasks\{FED2943A-B262-4A95-A03B-6A9D1BE8A301} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/go/help.faq.installer?LastError=1618 Task: {76782409-A176-4176-B22C-C3019883685B} - System32\Tasks\{6BF621FE-6614-4DD8-A3AD-64CF7BEE6E52} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?page=tsProgressBar Task: {8BFE7381-2D4E-4428-8CB3-495087C65DFC} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {AE893695-C9CA-4EB6-A64F-5ABC1CB0FC2A} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {B91A75AA-3953-4E8F-A721-B5E3AEA8F3D8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation) Task: {D364A291-E412-4912-B890-3EA8B972C115} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {E5F4B0EF-BAA3-4703-8DAA-9A57480CEDF6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-24] (Piriform Ltd) Task: {FF098BFC-1640-417F-940F-F6A667EF0724} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-23] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-18 15:04 - 2010-01-18 15:04 - 00020480 _____ () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 2011-02-15 03:32 - 2011-02-15 03:32 - 01230704 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2009-10-22 12:51 - 2009-10-22 12:51 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-07-03 03:36 - 2010-07-03 03:36 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-04-05 12:12 - 2010-04-05 12:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll 2013-07-21 09:20 - 2013-06-20 14:48 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2011-02-15 03:33 - 2011-02-15 03:33 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2014-04-15 21:47 - 2006-05-18 08:42 - 00147456 _____ () C:\Program Files (x86)\Saitek\Software\SAICFG.dll 2014-03-29 20:14 - 2014-03-29 20:15 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\pdf24\pdf24.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-04-20 20:39:02.592 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-20 20:39:02.326 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-20 20:28:08.916 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-20 20:28:08.682 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-20 11:29:09.356 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-20 11:29:09.169 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-20 08:33:53.640 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-20 08:33:53.375 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-19 22:25:56.715 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-19 22:25:56.512 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 40% Total physical RAM: 3893.86 MB Available physical RAM: 2311.11 MB Total Pagefile: 7785.9 MB Available Pagefile: 5763.5 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:451.42 GB) (Free:292.57 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:14.04 GB) (Free:2.01 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 5EFDADBF) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- habe gerade das Programm: searchprotocolhost.exe im TaskManager kurz arbeiten sehen.... was macht das genau und ist es eventuell schädlich? Geändert von Philipp11111 (20.04.2014 um 20:17 Uhr) |
22.04.2014, 13:41 | #7 |
/// the machine /// TB-Ausbilder | facebook account gehacked SearchProtocolHost.exe Windows Prozess - Was ist das? ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.04.2014, 18:38 | #8 |
| facebook account gehacked also es scheint als ob searchprotocolhost.exe ein Virus ist? anbei die Daten von den Tests. ESET: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=8 # IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700) # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=db1fbeb55f1e54418fb4b2a5c3776633 # engine=17874 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-14 09:31:01 # local_time=2014-04-14 11:31:01 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 94 32604 262934351 25363 0 # compatibility_mode=3592 16777213 100 88 1090308 148173557 0 0 # compatibility_mode=5893 16776574 100 94 23988778 149140911 0 0 # scanned=247706 # found=2 # cleaned=0 # scan_time=26778 sh=01E3C61C29AC666D7597B577C2A8D7503AF72779 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbiagpabkcclfemhfaejjphknmbbeeji\1\512dbc077f21e1.47744284.js.vir" sh=495D11D74CE6E3B0DBE8F0D1DCD25E3D96F0097D ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbmgfdlffecjkknfcphajeljoheidim\1\512dbc4ee41990.38025413.js" # version=8 # IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700) # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=db1fbeb55f1e54418fb4b2a5c3776633 # engine=17889 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-04-15 08:26:27 # local_time=2014-04-15 10:26:27 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 94 47546 263016877 40304 0 # compatibility_mode=3592 16777213 100 88 1172834 148256083 0 0 # compatibility_mode=5893 16776574 100 94 24071304 149223437 0 0 # scanned=373153 # found=38 # cleaned=34 # scan_time=47173 sh=1F69FB9BC4F314CBEC9BECEBA3F5C393006A7C57 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z" sh=439A1926304C7AA1A220097112654AA0BA429C0B ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z" sh=A9B44B47329DFDC56F86EDA59429593DF39B5A54 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z" sh=1F69FB9BC4F314CBEC9BECEBA3F5C393006A7C57 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z" sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir" sh=0AB7E14045C76206A8733C6E4D36220A58C85A77 ft=1 fh=9f671b8e7a289dd3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" sh=2A88FC6509FDC3B22587F6E97AC12F70E4F75DC8 ft=1 fh=86e0df17c19558fd vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe" sh=408E55A7D2D56C02EF844CA63C1EA8D440D1F8B2 ft=1 fh=cf5f3ba9cab9d1c3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" sh=EC5913DE16698FF281FE1F1108602BD300AFDA91 ft=1 fh=400322602d09beb6 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe" sh=4E3A9EF57C71B5829AC8CD185CBED27AF6610C13 ft=1 fh=83a0e01ca2b69786 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll" sh=698FB11D2C5D96C744D8602AD22309F10509063A ft=1 fh=c3312308a781a9fa vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll" sh=0111559B94F5572B6777EBE3E85CB9F9C94BC85B ft=1 fh=76e883fd9357c7a4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe" sh=BB237CE0031AFF6ABD4E3626D7C6AE3D6ABEDB5A ft=1 fh=2522929e49563be6 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll" sh=9C835C702D070F54C59E36FED31696261FEBFDA3 ft=1 fh=29643e02259e76bc vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar_x64.dll" sh=B27AA1F8303815E20CE148744957CB3726BCDE96 ft=1 fh=e7bb97c341e31fcc vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe" sh=6CDE6B1DD298CA47510EB79334AE149F60FEFFCE ft=1 fh=0241d1e8e3e9ed03 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" sh=84987AF48F5107F84A12BB7418C0A7A2106906B0 ft=1 fh=6e62188c597b6ea7 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" sh=F2CFD9E6717ED73F51E976B3957C81DD518C5603 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.10.0_AVIRA-V7.msi" sh=01A2A84231C9B2A23F715369CEC5DA5C30F22E37 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.2.1_AVIRA-V7.msi" sh=01EF1A2420765129D2F26E0530725B5F71D8BB96 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.2.2_AVIRA-V7.msi" sh=F4B0FF4B42F223CF8338684906BCFFAD9AA2710E ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.6.0_AVIRA-V7.msi" sh=0AB7E14045C76206A8733C6E4D36220A58C85A77 ft=1 fh=9f671b8e7a289dd3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe" sh=408E55A7D2D56C02EF844CA63C1EA8D440D1F8B2 ft=1 fh=cf5f3ba9cab9d1c3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll" sh=EC5913DE16698FF281FE1F1108602BD300AFDA91 ft=1 fh=400322602d09beb6 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe" sh=4E3A9EF57C71B5829AC8CD185CBED27AF6610C13 ft=1 fh=83a0e01ca2b69786 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll" sh=698FB11D2C5D96C744D8602AD22309F10509063A ft=1 fh=c3312308a781a9fa vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll" sh=0111559B94F5572B6777EBE3E85CB9F9C94BC85B ft=1 fh=76e883fd9357c7a4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe" sh=BB237CE0031AFF6ABD4E3626D7C6AE3D6ABEDB5A ft=1 fh=2522929e49563be6 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll" sh=9C835C702D070F54C59E36FED31696261FEBFDA3 ft=1 fh=29643e02259e76bc vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll" sh=B27AA1F8303815E20CE148744957CB3726BCDE96 ft=1 fh=e7bb97c341e31fcc vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe" sh=6CDE6B1DD298CA47510EB79334AE149F60FEFFCE ft=1 fh=0241d1e8e3e9ed03 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll" sh=84987AF48F5107F84A12BB7418C0A7A2106906B0 ft=1 fh=6e62188c597b6ea7 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll" sh=75A9BFE798ADFBFDFA8E0155A242E69ACD396E53 ft=1 fh=7e8b040c1a60dd55 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\VNT\vntldr.exe" sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted (after the next restart) - quarantined)" ac=C fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe" sh=3B5FA247BC20BCE3FDF362C7D4E78A49C1CD56EB ft=1 fh=e0b4bd5a140dc59d vn="Win32/OpenCandy potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Philipp\Desktop\ATR\DTLite4453-0297.exe" sh=B0CF1C0E8610F7286F8D8ADEA3728628241630B8 ft=1 fh=cdebc04b45596b87 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Philipp\Downloads\avira3737_free_antivirus_de.exe" sh=439A1926304C7AA1A220097112654AA0BA429C0B ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z" sh=A9B44B47329DFDC56F86EDA59429593DF39B5A54 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z" ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=db1fbeb55f1e54418fb4b2a5c3776633 # engine=17979 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-23 05:10:12 # local_time=2014-04-23 07:10:12 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 94 96771 263696302 89533 0 # compatibility_mode=3592 16777213 100 88 254457 148935508 0 0 # compatibility_mode=5893 16776574 100 94 24750729 149902862 0 0 # scanned=386456 # found=1 # cleaned=0 # scan_time=4691 sh=CABD6AC494A80D09C261ADCC01624F7CA2C26F5E ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="H:\01 Windows Sicherung 16.05.2013\PHILIPP-PC\Backup Set 2013-05-16 120146\Backup Files 2013-05-16 120146\Backup files 3.zip" ein Virus wurde auf der Externen Festplatte gefunden (H) aber nicht gelöscht.... Security Check: Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Norton 360 Premier Edition Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 30 Java-Editor 11.21, 2012.11.06 Java version out of Date! Adobe Flash Player 12.0.0.77 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (28.0) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
24.04.2014, 11:40 | #9 | |
/// the machine /// TB-Ausbilder | facebook account gehackedZitat:
Java und Adobe updaten. Backup auf H löschen. Frisches FRST log fehlt, und die Logs bitte in Codetags.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.04.2014, 16:07 | #10 |
| facebook account gehacked anbei der Log FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014 Ran by Philipp (administrator) on PHILIPP-PC on 24-04-2014 16:59:12 Running from C:\Users\Philipp\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\N360.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Saitek) C:\Program Files (x86)\Saitek\Software\ProfilerU.exe (Saitek) C:\Program Files (x86)\Saitek\Software\SaiMfd.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\N360.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Dropbox, Inc.) C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-12] (Synaptics Incorporated) HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor) HKLM\...\Run: [RtkOSD] => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-13] (Realtek Semiconductor Corp.) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-02-15] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Profiler] => C:\Program Files (x86)\Saitek\Software\ProfilerU.exe [184320 2006-05-18] (Saitek) HKLM-x32\...\Run: [SaiMfd] => C:\Program Files (x86)\Saitek\Software\SaiMfd.exe [180736 2006-06-05] (Saitek) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: G - G:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: H - H:\Autorun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: I - I:\Autorun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: J - J:\Autorun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {3b046d47-f371-11e2-8dc7-002682b01834} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {3b046d49-f371-11e2-8dc7-002682b01834} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {4ab366bb-4be3-11e1-8c1c-9a93759d0506} - G:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {51ed533e-ac26-11e1-b234-002682b01834} - H:\Autorun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {80fccf81-84f0-11e3-a105-002682b01834} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {c910a591-4be9-11e1-bcf8-002682b01834} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {cb647060-6e9a-11e2-bddc-893cbdf93c12} - H:\Startme.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {cb8f7b98-d278-11e1-99e8-bad987d704c6} - H:\Startme.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {ce999591-4b1d-11e1-9aa7-002682b01834} - G:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {ce99959c-4b1d-11e1-9aa7-002682b01834} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {d785273c-f36e-11e2-bdff-ce7aac36c501} - H:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {ec55ec98-56e3-11e1-93eb-b0e0b3edb724} - G:\Setup.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {f80db2b5-4b22-11e1-9fbf-002682b01834} - G:\AutoRun.exe HKU\S-1-5-21-1252622565-2587163276-2949747067-1000\...\MountPoints2: {f80db2d6-4b22-11e1-9fbf-002682b01834} - H:\AutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.a1.net/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - No File Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61 FireFox: ======== FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\nvf73zxj.default FF Homepage: www.austrianaviation.net FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-02-27] FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-02-27] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-18] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [] Chrome: ======= CHR HomePage: CHR RestoreOnStartup: "hxxp://www.google.com" CHR Extension: (Search-NewTab) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbmgfdlffecjkknfcphajeljoheidim [2013-02-27] CHR Extension: (BraoWse2saeve) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbiagpabkcclfemhfaejjphknmbbeeji [2013-02-27] CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21] CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-28] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG) R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation) R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG) R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-14] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-18] (Symantec Corporation) U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.) R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20140422.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140422.033\ENG64.SYS [126040 2014-04-22] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140422.033\EX64.SYS [2099288 2014-04-22] (Symantec Corporation) S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.) S3 SaiH0763; C:\Windows\System32\DRIVERS\SaiH0763.sys [176640 2007-07-18] (Saitek) S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [53248 2006-06-08] (Saitek) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) U2 wuaserv; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-24 16:58 - 2014-04-24 16:59 - 00019652 _____ () C:\Users\Philipp\Desktop\FRST.txt 2014-04-24 16:57 - 2014-04-24 16:58 - 00038615 _____ () C:\Users\Philipp\Desktop\Addition.txt 2014-04-24 16:48 - 2014-04-24 16:48 - 00094008 _____ () C:\Users\Philipp\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-24 16:46 - 2014-04-24 16:47 - 00000168 _____ () C:\Windows\setupact.log 2014-04-24 16:46 - 2014-04-24 16:46 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-24 16:45 - 2014-04-24 16:46 - 00373560 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-24 16:45 - 2014-04-24 16:45 - 00000834 _____ () C:\Windows\PFRO.log 2014-04-23 19:29 - 2014-04-23 19:29 - 00855379 _____ () C:\Users\Philipp\Desktop\SecurityCheck.exe 2014-04-23 05:04 - 2014-04-23 05:04 - 00000000 ____D () C:\Users\dub_cm_auto 2014-04-22 17:49 - 2014-04-22 17:49 - 02347384 _____ (ESET) C:\Users\Philipp\Downloads\esetsmartinstaller_enu.exe 2014-04-21 20:32 - 2014-04-21 20:32 - 00000000 __SHD () C:\Users\Philipp\AppData\Local\EmieUserList 2014-04-21 20:32 - 2014-04-21 20:32 - 00000000 __SHD () C:\Users\Philipp\AppData\Local\EmieSiteList 2014-04-21 16:38 - 2014-04-21 16:38 - 01146880 _____ (Farbar) C:\Users\Philipp\Downloads\frst.exe 2014-04-20 20:56 - 2014-04-24 16:56 - 00000000 ____D () C:\Users\Philipp\Desktop\FRST-OlderVersion 2014-04-20 20:44 - 2014-04-20 20:44 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 19:53 - 2014-04-20 19:53 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe 2014-04-20 19:52 - 2014-04-20 19:52 - 01308369 _____ () C:\Users\Philipp\Desktop\adwcleaner.exe 2014-04-20 19:49 - 2014-04-21 13:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-20 19:49 - 2014-04-20 19:49 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-20 19:49 - 2014-04-20 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-20 19:49 - 2014-04-20 19:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-20 19:49 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-20 19:49 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-20 19:45 - 2014-04-20 19:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-20 08:41 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-20 08:41 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-20 08:41 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-20 08:41 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-20 08:41 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-20 08:41 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-20 08:41 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-20 08:41 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-20 08:41 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-20 08:41 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-20 08:41 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-20 08:41 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-20 08:41 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-20 08:41 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-20 08:41 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-20 08:41 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-20 08:41 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-20 08:41 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-20 08:41 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-20 08:41 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-20 08:41 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-20 08:41 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-20 08:41 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-20 08:41 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-20 08:41 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-20 08:41 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-20 08:41 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-20 08:41 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-20 08:41 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-20 08:41 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-20 08:41 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-20 08:41 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-20 08:41 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-20 08:41 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-20 08:41 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-20 08:41 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-20 08:41 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-20 08:41 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-20 08:41 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-20 08:41 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-20 08:41 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-20 08:41 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-20 08:41 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-20 08:41 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-20 08:41 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-20 08:41 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-20 08:41 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-20 08:41 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-19 16:30 - 2014-04-24 16:59 - 00000000 ____D () C:\FRST 2014-04-19 16:29 - 2014-04-24 16:56 - 02061824 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe 2014-04-19 11:22 - 2014-04-24 16:52 - 00281335 _____ () C:\Windows\WindowsUpdate.log 2014-04-15 21:47 - 2014-04-15 21:47 - 00000824 _____ () C:\Users\Public\Desktop\Saitek SST Programming Software.lnk 2014-04-15 21:47 - 2014-04-15 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saitek Programming Software 2014-04-15 21:47 - 2014-04-15 21:47 - 00000000 ____D () C:\Program Files (x86)\Saitek 2014-04-15 21:47 - 2006-06-05 13:22 - 00196096 _____ () C:\Windows\SysWOW64\nY.exe 2014-04-15 21:47 - 2006-06-05 12:20 - 00057344 _____ (Saitek) C:\Windows\SysWOW64\SAIGON.dll 2014-04-15 21:47 - 2006-05-18 08:49 - 00045056 _____ (Saitek) C:\Windows\SysWOW64\SAIKICK.dll 2014-04-14 20:29 - 2014-04-14 20:29 - 00000000 ____D () C:\Users\Philipp\Desktop\SW Ha Up 2014-04-14 11:17 - 2014-04-19 22:08 - 00000000 ____D () C:\Users\Philipp\Desktop\Viet 2014-04-12 12:56 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-12 12:56 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-12 12:56 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-12 12:56 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-12 12:56 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-12 12:56 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-12 12:56 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-12 12:56 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-12 12:56 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-12 12:56 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-12 12:56 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-12 12:56 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-12 12:56 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-12 12:56 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-12 12:56 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-12 12:56 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-12 12:56 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-04 23:16 - 2014-04-04 23:16 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-04-02 08:44 - 2014-04-02 08:44 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360 2014-03-29 20:14 - 2014-03-29 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-04-24 16:59 - 2014-04-24 16:58 - 00019652 _____ () C:\Users\Philipp\Desktop\FRST.txt 2014-04-24 16:59 - 2014-04-19 16:30 - 00000000 ____D () C:\FRST 2014-04-24 16:58 - 2014-04-24 16:57 - 00038615 _____ () C:\Users\Philipp\Desktop\Addition.txt 2014-04-24 16:56 - 2014-04-20 20:56 - 00000000 ____D () C:\Users\Philipp\Desktop\FRST-OlderVersion 2014-04-24 16:56 - 2014-04-19 16:29 - 02061824 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe 2014-04-24 16:54 - 2010-05-17 03:45 - 00764980 _____ () C:\Windows\system32\perfh007.dat 2014-04-24 16:54 - 2010-05-17 03:45 - 00174178 _____ () C:\Windows\system32\perfc007.dat 2014-04-24 16:54 - 2009-07-14 07:13 - 01803894 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-24 16:54 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-24 16:54 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-24 16:53 - 2012-01-31 11:12 - 00000000 ___RD () C:\Users\Philipp\Dropbox 2014-04-24 16:53 - 2012-01-31 11:11 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Dropbox 2014-04-24 16:52 - 2014-04-19 11:22 - 00281335 _____ () C:\Windows\WindowsUpdate.log 2014-04-24 16:50 - 2010-10-14 21:00 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DB96048C-19D3-4BC7-BA14-08B8EDD5EE4C} 2014-04-24 16:48 - 2014-04-24 16:48 - 00094008 _____ () C:\Users\Philipp\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-24 16:47 - 2014-04-24 16:46 - 00000168 _____ () C:\Windows\setupact.log 2014-04-24 16:46 - 2014-04-24 16:46 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-24 16:46 - 2014-04-24 16:45 - 00373560 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-24 16:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-24 16:45 - 2014-04-24 16:45 - 00000834 _____ () C:\Windows\PFRO.log 2014-04-23 20:29 - 2010-10-14 21:11 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Skype 2014-04-23 20:11 - 2012-03-30 08:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-23 19:29 - 2014-04-23 19:29 - 00855379 _____ () C:\Users\Philipp\Desktop\SecurityCheck.exe 2014-04-23 05:04 - 2014-04-23 05:04 - 00000000 ____D () C:\Users\dub_cm_auto 2014-04-22 17:49 - 2014-04-22 17:49 - 02347384 _____ (ESET) C:\Users\Philipp\Downloads\esetsmartinstaller_enu.exe 2014-04-21 20:32 - 2014-04-21 20:32 - 00000000 __SHD () C:\Users\Philipp\AppData\Local\EmieUserList 2014-04-21 20:32 - 2014-04-21 20:32 - 00000000 __SHD () C:\Users\Philipp\AppData\Local\EmieSiteList 2014-04-21 17:43 - 2012-10-23 18:08 - 00000000 ____D () C:\Users\Philipp\Documents\Flight Simulator X-Dateien 2014-04-21 16:38 - 2014-04-21 16:38 - 01146880 _____ (Farbar) C:\Users\Philipp\Downloads\frst.exe 2014-04-21 13:58 - 2014-04-20 19:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-20 20:44 - 2014-04-20 20:44 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 20:36 - 2013-09-05 21:47 - 00000000 ____D () C:\AdwCleaner 2014-04-20 20:36 - 2010-10-14 19:30 - 00000000 ____D () C:\Users\Philipp 2014-04-20 19:53 - 2014-04-20 19:53 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe 2014-04-20 19:52 - 2014-04-20 19:52 - 01308369 _____ () C:\Users\Philipp\Desktop\adwcleaner.exe 2014-04-20 19:49 - 2014-04-20 19:49 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-20 19:49 - 2014-04-20 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-20 19:49 - 2014-04-20 19:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-20 19:49 - 2012-10-22 08:11 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Malwarebytes 2014-04-20 19:49 - 2012-10-22 08:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-20 19:45 - 2014-04-20 19:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-20 11:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-19 22:08 - 2014-04-14 11:17 - 00000000 ____D () C:\Users\Philipp\Desktop\Viet 2014-04-19 21:21 - 2013-01-16 23:50 - 00000000 ____D () C:\Users\Philipp\Desktop\SW 2014-04-19 13:26 - 2010-10-14 20:27 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\HpUpdate 2014-04-18 19:39 - 2013-11-16 16:10 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Deployment 2014-04-18 00:48 - 2010-10-28 19:45 - 00000000 ____D () C:\Users\Philipp\AppData\Local\CrashDumps 2014-04-15 22:23 - 2012-02-25 16:26 - 00000000 ____D () C:\Users\Philipp\Desktop\ATR 2014-04-15 21:47 - 2014-04-15 21:47 - 00000824 _____ () C:\Users\Public\Desktop\Saitek SST Programming Software.lnk 2014-04-15 21:47 - 2014-04-15 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saitek Programming Software 2014-04-15 21:47 - 2014-04-15 21:47 - 00000000 ____D () C:\Program Files (x86)\Saitek 2014-04-15 21:47 - 2010-05-16 18:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-15 11:06 - 2010-10-17 14:35 - 00000000 ____D () C:\Users\Philipp\Documents\Flight Simulator-Dateien 2014-04-14 20:29 - 2014-04-14 20:29 - 00000000 ____D () C:\Users\Philipp\Desktop\SW Ha Up 2014-04-13 22:06 - 2010-10-14 21:56 - 00000000 ____D () C:\Users\Philipp\Desktop\Fli 2014-04-12 20:50 - 2013-07-19 10:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-12 20:43 - 2010-11-01 09:56 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-08 21:28 - 2012-12-31 18:14 - 00094008 _____ () C:\Users\Party\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-04 23:16 - 2014-04-04 23:16 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-04-03 09:51 - 2014-04-20 19:49 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-20 19:49 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2012-12-27 12:24 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 08:44 - 2014-04-02 08:44 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360 2014-04-02 08:38 - 2010-10-14 21:02 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64 2014-04-02 08:37 - 2013-11-18 09:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition 2014-04-02 08:37 - 2013-05-21 21:48 - 00003238 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-03-30 10:19 - 2013-06-27 11:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-29 20:15 - 2014-03-29 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-28 14:50 - 2014-02-28 11:58 - 00000000 ____D () C:\Users\Philipp\Desktop\Tickets Some content of TEMP: ==================== C:\Users\Philipp\AppData\Local\Temp\avgnt.exe C:\Users\Philipp\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcvct1d.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-15 18:51 ==================== End Of Log ============================ |
25.04.2014, 09:27 | #11 |
/// the machine /// TB-Ausbilder | facebook account gehacked Rechner ist sauber, noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.04.2014, 16:03 | #12 |
| facebook account gehacked schaut gut aus, vielen Dank! LG |
26.04.2014, 08:24 | #13 |
/// the machine /// TB-Ausbilder | facebook account gehacked Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu facebook account gehacked |
account, e-mail, facebook, gefunde, gehacked, grund, leidet, maleware, pup.optional.sprotector.a, scan, troja, trojaner, win32/adware.multiplug.h, win32/bundled.toolbar.ask.d, win32/bundled.toolbar.ask.e, win32/bundled.toolbar.ask.f, win32/toolbar.conduit.y, zugriff |