Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Vista: Notebook infiziert mit Antivirus Blocking Rules (https://www.trojaner-board.de/144259-windows-vista-notebook-infiziert-antivirus-blocking-rules.html)

zim 08.11.2013 23:35
Windows Vista: Notebook infiziert mit Antivirus Blocking Rules
 
Hallo,

mein Notebook ist mit Antivirus Blocking Rules und ich fürchte auch mit weiterer Malware infiziert. Die Logfiles habe ich erstellt:

Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Nadine at 2013-11-08 22:39:07
Running from C:\Users\Nadine\AppData\Local\Opera\Opera\temporary_downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Photoshop Elements 7.0 (Version: 7.0.1)
Adobe Photoshop Elements 7.0 (Version: 7.0.1.3)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
Adobe Shockwave Player (Version: 10.2.0.023)
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18)
Amazon MP3-Downloader 1.0.5
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 9.0)
Audible Download Manager (Version: 6.6.0.15)
Bonjour (Version: 3.0.0.10)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink DVD Suite (Version: 5.5.1519)
CyberLink YouCam (Version: 2.0.1616)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESU for Microsoft Vista (Version: 1.0.0)
Free YouTube to MP3 Converter version 3.12.12.827 (Version: 3.12.12.827)
Google Chrome (Version: 30.0.1599.101)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
HDAUDIO Soft Data Fax Modem with SmartCP
HP Active Support Library (Version: 3.1.9.1)
HP Customer Experience Enhancements (Version: 5.7.0.2630)
HP Doc Viewer (Version: 1.01.0005)
HP DVD Play 3.7
HP Easy Setup - Frontend (Version: 5.7.0.2630)
HP Help and Support (Version: 2.0.9.0)
HP Quick Launch Buttons 6.40 F1 (Version: 6.40 F1)
HP Total Care Advisor (Version: 2.1.4047.2685)
HP Update (Version: 4.000.010.008)
HP User Guides 0118 (Version: 1.00.0000)
HP Wireless Assistant (Version: 3.00 J1)
HPAsset component for HP Active Support Library (Version: 3.0.2.2)
HPNetworkAssistant (Version: 1.1.70)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2202)
iTunes (Version: 11.1.2.32)
Java 7 Update 10 (Version: 7.0.100)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
LabelPrint (Version: 2.20.2719)
LEGO Digital Designer
LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket (Version: 2.0.100.0)
LEGO MINDSTORMS NXT Driver (Version: 1.17.770)
LEGO MINDSTORMS NXT Migration Package (Version: 1.2.8.0)
LEGO MINDSTORMS NXT Software v2.0 (Version: 2.0.114.0)
LightScribe System Software (Version: 1.18.15.1)
LightScribe Template Labeler (Version: 1.18.15.1)
Logitech Media Server 7.7.1 (Version: 7.7.1)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Music Unlimited Transfer (Version: 1.2.0.08024)
Norton Internet Security (Version: 21.1.0.18)
OnlineFotoservice (Version: 5.0.4)
Opera 12.16 (Version: 12.16.1860)
PHOTOfunSTUDIO 4.0 HD Edition (Version: 4.00.140)
Power2Go (Version: 5.6.3919)
PowerDirector (Version: 6.5.2719)
QuickTime (Version: 7.74.80.86)
Realtek Ethernet Controller Driver For Windows Vista (Version: 6.236.322.2010)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20133)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30105)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Synaptics Pointing Device Driver (Version: 11.1.3.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Wartung Samsung ML-1660 Series
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver

==================== Restore Points  =========================

08-11-2013 18:28:20 Installed SpyHunter
08-11-2013 18:56:32 Removed Shopping Helper Smartbar
08-11-2013 18:58:27 Removed Shopping Helper Smartbar
08-11-2013 18:59:13 Removed Shopping Helper Smartbar
08-11-2013 19:00:03 Removed Shopping Helper Smartbar
08-11-2013 19:26:32 Removed SpyHunter
08-11-2013 19:28:25 Removed SpyHunter

==================== Hosts content: ==========================

2006-11-02 11:23 - 2013-07-17 16:11 - 00445679 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        localhost
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        www.10sek.com
127.0.0.1        10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        www.123fporn.info
127.0.0.1        123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1C7542C1-7ED8-4F9D-881E-383E14E63C54} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {27BAFA4F-C9AF-482D-91CC-4E993FACE1F8} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {2AF91FA5-3740-4A97-8550-FAEA915F718B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-21] (Google Inc.)
Task: {402A88CE-8FBD-4AB5-B341-690A433B1EAF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {45681450-495E-4D0C-BCB8-648B48BD1C94} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-21] (Google Inc.)
Task: {483415A4-61E3-41A0-95A9-68955F28208A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {853BEE59-99C8-424D-A7E3-E406714BDDDB} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\wscstub.exe [2013-10-08] (Symantec Corporation)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {BE608133-11B7-4A45-97EF-EE3A334461C0} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {D3BFA831-AD5C-4A8F-9FD3-FA08978CB480} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-08 20:43 - 2013-11-08 20:43 - 00028774 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
2013-11-08 20:43 - 2013-11-08 20:43 - 00024679 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
2013-11-08 20:43 - 2013-11-08 20:43 - 00032878 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
2013-11-08 20:43 - 2013-11-08 20:43 - 00024701 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
2013-11-08 20:43 - 2013-11-08 20:44 - 00028779 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
2013-11-08 20:44 - 2013-11-08 20:44 - 00020601 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\4461f48e31bde5c56b31b973b773de09\List.dll
2013-11-08 20:44 - 2013-11-08 20:44 - 00118918 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
2013-11-08 20:44 - 2013-11-08 20:44 - 00082048 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
2013-11-08 20:44 - 2013-11-08 20:44 - 00020576 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
2013-11-08 20:44 - 2013-11-08 20:44 - 00036964 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\f233f63b6654362865c7577442edb9e3\Win32.dll
2013-11-08 20:44 - 2013-11-08 20:44 - 00020590 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
2013-11-08 20:44 - 2013-11-08 20:44 - 00082033 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
2013-11-08 20:44 - 2013-11-08 20:44 - 00024676 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
2013-11-08 20:44 - 2013-11-08 20:44 - 00061540 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\e56c61f7248672819579325af3387035\POSIX.dll
2013-11-08 20:44 - 2013-11-08 20:44 - 00094334 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\eb138ef0e4282611dbf485a302784646\LibYAML.dll
2013-11-08 20:44 - 2013-11-08 20:44 - 00053340 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
2013-11-08 20:44 - 2013-11-08 20:44 - 00184414 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\bd5179a413bc0c4b82eedc22c6cab101\re.dll
2013-11-08 20:44 - 2013-11-08 20:44 - 00024701 ____R () C:\Users\Nadine\AppData\Local\Temp\pdk-Nadine-2504\93e7e3d6030f426844228042348210cf\Service.dll
2013-05-30 18:23 - 2013-07-11 16:41 - 00835584 _____ () C:\Program Files\Opera\gstreamer\gstreamer.dll
2013-05-30 18:23 - 2013-07-11 16:41 - 00093696 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
2013-05-30 18:23 - 2013-07-11 16:41 - 00094208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
2013-05-30 18:23 - 2013-07-11 16:41 - 00057344 _____ () C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
2013-05-30 18:23 - 2013-07-11 16:41 - 00096256 _____ () C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
2013-05-30 18:23 - 2013-07-11 16:41 - 00062976 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
2013-05-30 18:23 - 2013-07-11 16:41 - 00067072 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
2013-05-30 18:23 - 2013-07-11 16:41 - 00158208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2013-05-30 18:23 - 2013-07-11 16:41 - 00312832 _____ () C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
2013-05-30 18:23 - 2013-07-11 16:41 - 00038912 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
2013-05-30 18:23 - 2013-07-11 16:41 - 00073728 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
2013-05-30 18:23 - 2013-07-11 16:41 - 00101888 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:51E66512

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2013 09:47:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5850

Error: (11/08/2013 09:47:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5850

Error: (11/08/2013 09:47:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/08/2013 08:43:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2013 05:54:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2013 10:04:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60607

Error: (11/06/2013 10:04:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 60607

Error: (11/06/2013 10:04:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2013 10:04:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59593

Error: (11/06/2013 10:04:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59593


System errors:
=============
Error: (11/08/2013 08:43:27 PM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%2

Error: (11/08/2013 08:43:27 PM) (Source: Service Control Manager) (User: )
Description: IWPORTParallel arbitrator

Error: (11/08/2013 08:43:27 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (11/08/2013 08:42:53 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 08.11.2013 um 20:39:50 unerwartet heruntergefahren.

Error: (11/08/2013 05:54:07 PM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%2

Error: (11/08/2013 05:54:07 PM) (Source: Service Control Manager) (User: )
Description: IWPORTParallel arbitrator

Error: (11/08/2013 05:54:07 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (11/08/2013 05:53:41 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 06.11.2013 um 22:03:23 unerwartet heruntergefahren.

Error: (11/05/2013 02:38:27 PM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%2

Error: (11/05/2013 02:38:27 PM) (Source: Service Control Manager) (User: )
Description: IWPORTParallel arbitrator


Microsoft Office Sessions:
=========================
Error: (07/13/2011 07:55:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1645 seconds with 1620 seconds of active time.  This session ended with a crash.

Error: (07/13/2011 07:27:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 821 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (07/03/2011 06:38:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16727 seconds with 8880 seconds of active time.  This session ended with a crash.

Error: (06/25/2011 11:47:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3135 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (05/04/2009 00:57:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7170 seconds with 4560 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-11-08 22:37:37.683
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 22:37:37.018
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 22:37:36.503
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 22:37:35.796
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 22:37:07.809
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131101.003\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 22:37:07.290
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131101.003\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 22:37:06.653
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131101.003\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 22:37:06.022
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131101.003\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-03 21:59:20.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-03 21:59:19.842
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 1978.45 MB
Available physical RAM: 807.34 MB
Total Pagefile: 4200.17 MB
Available Pagefile: 2671.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:224.42 GB) (Free:42.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:8.47 GB) (Free:1.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: B4F4B4F4)
Partition 1: (Active) - (Size=224 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
FRST
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Nadine (administrator) on NADINE-PC on 08-11-2013 22:34:55
Running from C:\Users\Nadine\AppData\Local\Opera\Opera\temporary_downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Users\Nadine\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Logitech Inc.) C:\Program Files\Squeezebox\SqueezeTray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files\Opera\opera.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] ()
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe"
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Nadine\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
MountPoints2: {5ddeb39e-c62d-11df-b008-001d727862ad} - F:\__DTMEDIA\DTMedia.exe
MountPoints2: {a915461a-06a8-11df-b2a5-001d727862ad} - F:\LaunchU3.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=shoppinghelper&dpid=shoppinghelper&co=de&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=hp&installdate=02/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=ds&q={searchTerms}&installDate=02/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=ds&q={searchTerms}&installDate=02/11/2013
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
URLSearchHook: HKLM - (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} -  No File
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=ds&q={searchTerms}&installDate=02/11/2013
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=ds&q={searchTerms}&installDate=02/11/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=ds&q={searchTerms}&installDate=02/11/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=ds&q={searchTerms}&installDate=02/11/2013
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=sb&qsrc=2869
BHO: No Name - {40c3cc16-7269-4b32-9531-17f2950fb06f} -  No File
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default
FF Homepage: hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=hp&installDate=02/11/2013
FF SelectedSearchEngine: Web Search
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=ds&installDate=02/11/2013&q=
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Nadine\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\staged
FF Extension: [verify-U]-Add-on - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\verify-u_2@cybits.de
FF Extension: Flagfox - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: TV-Fox - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF Extension: DealPly  Shopping - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\{906000a4-88d9-4d52-b209-7a772970d91f}
FF Extension: DownloadHelper - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: jid1-kV5U6puWw0Cdvg - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\jid1-kV5U6puWw0Cdvg@jetpack.xpi
FF Extension: personas - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\personas@christopher.beard.xpi
FF Extension: smarterwiki - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\smarterwiki@wikiatic.com.xpi
FF Extension: dta - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFF

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (LoadTubes Plugin) - C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (InfiniAd GmbH)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (F2B Dark Electrique - Ibis Tribute on Black) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkhfghgcedfhpkoilcmohbcmkbcdodd\1_0
CHR Extension: (Norton Identity Protection) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (Gmail) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx
CHR HKLM\...\Chrome\Extension: [mphpbdjcljebbcnfopfngmfdackbbdgf] - C:\Program Files\DealPly\DealPly.crx

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-12-08] (Adobe Systems Incorporated)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\diMaster.dll [567600 2013-10-08] (Symantec Corporation)
S3 PACSPTISVR-MusicUnlimitedTransfer; C:\Program Files\Sony\Music Unlimited Transfer\Sony.Earth\PACSPTISVR.exe [169832 2012-04-17] (Sony Corporation)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131101.003\BHDrvx86.sys [1096280 2013-10-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-09-30] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-09-30] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131107.001\IDSvix86.sys [393816 2013-10-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131107.032\NAVENG.SYS [93272 2013-09-30] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131107.032\NAVEX15.SYS [1612376 2013-09-30] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-07-31] (Symantec Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-07-29] (Samsung Electronics)
R0 SymDS; C:\Windows\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-09-30] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [63576 2013-08-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-07-31] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1501000.012\SYMTDIV.SYS [383576 2013-09-26] (Symantec Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S2 IWPORT; \??\C:\Windows\SYSTEM32\DRIVERS\IWPORT.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
S3 ProcObsrv; \??\C:\Program Files\Glary Utilities 3\ProcObsrv.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-08 22:32 - 2013-11-08 22:32 - 00000000 ____D C:\FRST
2013-11-08 22:28 - 2013-11-08 22:28 - 00000000 _____ C:\Users\Nadine\defogger_reenable
2013-11-08 19:30 - 2013-11-08 19:30 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-08 19:28 - 2013-11-08 20:31 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP
2013-11-08 18:23 - 2013-11-08 18:28 - 00000000 ____D C:\Users\Nadine\Documents\Descent
2013-11-06 16:09 - 2013-11-06 16:09 - 00004096 ____H C:\Users\Nadine\Desktop\~$$Zeichnung1.~vsd
2013-11-06 15:51 - 2013-11-06 15:51 - 00232960 _____ C:\Users\Nadine\Desktop\Zeichnung2.vsd
2013-11-06 15:51 - 2013-11-06 15:51 - 00004096 ____H C:\Users\Nadine\Desktop\~$$Zeichnung2.~vsd
2013-11-06 15:43 - 2013-11-06 16:12 - 00232960 _____ C:\Users\Nadine\Desktop\Zeichnung1.vsd
2013-11-03 18:29 - 2013-11-03 18:29 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\David Walters Development
2013-11-02 15:56 - 2013-11-08 19:54 - 00000000 ____D C:\Users\Nadine\AppData\Local\VisualBeeExe
2013-11-02 15:56 - 2013-11-02 15:56 - 00000000 ____D C:\Users\Nadine\AppData\Local\emaze
2013-11-02 15:56 - 2013-11-02 15:56 - 00000000 ____D C:\ProgramData\VisualBee
2013-11-02 15:55 - 2013-11-02 16:03 - 00000000 ____D C:\Program Files\MyPC Backup
2013-11-02 15:54 - 2013-11-02 15:54 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\Dealply
2013-11-02 15:52 - 2013-11-08 20:01 - 00000000 ____D C:\Users\Nadine\AppData\Local\Smartbar
2013-10-27 19:26 - 2013-10-27 19:26 - 00001624 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-27 19:25 - 2013-10-27 19:25 - 00000000 ____D C:\Program Files\iPod
2013-10-27 19:24 - 2013-10-27 19:26 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-27 19:24 - 2013-10-27 19:26 - 00000000 ____D C:\Program Files\iTunes
2013-10-13 02:49 - 2013-09-24 04:07 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 03625984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-13 02:49 - 2013-09-24 04:06 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-10-13 02:49 - 2013-09-23 21:13 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-13 02:49 - 2013-09-23 21:01 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 03:00 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-12 03:00 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-12 02:47 - 2013-08-29 08:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-12 02:47 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-12 02:47 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-12 02:47 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-12 02:47 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-12 02:47 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-12 02:47 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-12 02:47 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-12 02:47 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-12 02:47 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-12 02:47 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-12 02:47 - 2013-07-12 10:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-12 02:46 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-12 02:46 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-12 02:46 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-12 02:43 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-12 02:43 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-12 02:43 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-12 02:43 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-12 02:43 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-12 02:43 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-12 02:43 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-12 02:41 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-12 02:41 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

==================== One Month Modified Files and Folders =======

2013-11-08 22:32 - 2013-11-08 22:32 - 00000000 ____D C:\FRST
2013-11-08 22:28 - 2013-11-08 22:28 - 00000000 _____ C:\Users\Nadine\defogger_reenable
2013-11-08 22:28 - 2013-05-30 18:23 - 00000000 ____D C:\Program Files\Opera
2013-11-08 22:28 - 2008-09-26 13:10 - 00000000 ____D C:\Users\Nadine
2013-11-08 22:25 - 2008-09-10 01:00 - 02003557 _____ C:\Windows\WindowsUpdate.log
2013-11-08 22:05 - 2012-10-21 13:19 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-08 21:43 - 2012-04-05 20:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-08 20:43 - 2012-10-21 13:19 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-08 20:43 - 2008-09-26 13:17 - 00109296 _____ C:\Users\Nadine\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-08 20:43 - 2006-11-02 13:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-08 20:43 - 2006-11-02 13:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-08 20:43 - 2006-11-02 13:44 - 00402216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-08 20:42 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-08 20:31 - 2013-11-08 19:28 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP
2013-11-08 20:06 - 2008-09-10 01:10 - 00000000 ____D C:\Program Files\CONEXANT
2013-11-08 20:01 - 2013-11-02 15:52 - 00000000 ____D C:\Users\Nadine\AppData\Local\Smartbar
2013-11-08 19:54 - 2013-11-02 15:56 - 00000000 ____D C:\Users\Nadine\AppData\Local\VisualBeeExe
2013-11-08 19:30 - 2013-11-08 19:30 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-08 19:27 - 2012-11-06 08:19 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-11-08 19:16 - 2008-09-29 19:49 - 00000000 ____D C:\Users\Nadine\AppData\Local\Deployment
2013-11-08 19:15 - 2012-03-22 20:29 - 00002619 _____ C:\Users\Nadine\Desktop\Microsoft PowerPoint 2010.lnk
2013-11-08 18:28 - 2013-11-08 18:23 - 00000000 ____D C:\Users\Nadine\Documents\Descent
2013-11-06 16:12 - 2013-11-06 15:43 - 00232960 _____ C:\Users\Nadine\Desktop\Zeichnung1.vsd
2013-11-06 16:09 - 2013-11-06 16:09 - 00004096 ____H C:\Users\Nadine\Desktop\~$$Zeichnung1.~vsd
2013-11-06 15:51 - 2013-11-06 15:51 - 00232960 _____ C:\Users\Nadine\Desktop\Zeichnung2.vsd
2013-11-06 15:51 - 2013-11-06 15:51 - 00004096 ____H C:\Users\Nadine\Desktop\~$$Zeichnung2.~vsd
2013-11-05 14:37 - 2012-12-22 21:55 - 00025038 _____ C:\Windows\PFRO.log
2013-11-04 06:31 - 2006-11-02 11:33 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-03 21:59 - 2008-10-12 19:36 - 00000052 _____ C:\Windows\system32\DOErrors.log
2013-11-03 18:29 - 2013-11-03 18:29 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\David Walters Development
2013-11-02 16:14 - 2010-09-26 11:45 - 00002173 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-11-02 16:14 - 2010-09-26 11:45 - 00000000 ____D C:\Windows\system32\Drivers\NIS
2013-11-02 16:10 - 2006-11-02 13:58 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-02 16:03 - 2013-11-02 15:55 - 00000000 ____D C:\Program Files\MyPC Backup
2013-11-02 15:56 - 2013-11-02 15:56 - 00000000 ____D C:\Users\Nadine\AppData\Local\emaze
2013-11-02 15:56 - 2013-11-02 15:56 - 00000000 ____D C:\ProgramData\VisualBee
2013-11-02 15:54 - 2013-11-02 15:54 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\Dealply
2013-11-02 14:26 - 2012-03-22 20:29 - 00002577 _____ C:\Users\Nadine\Desktop\Microsoft Word 2010.lnk
2013-10-27 19:26 - 2013-10-27 19:26 - 00001624 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-27 19:26 - 2013-10-27 19:24 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-27 19:26 - 2013-10-27 19:24 - 00000000 ____D C:\Program Files\iTunes
2013-10-27 19:25 - 2013-10-27 19:25 - 00000000 ____D C:\Program Files\iPod
2013-10-27 19:25 - 2009-04-05 18:05 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-25 20:00 - 2008-10-01 17:06 - 00059904 _____ C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-19 16:04 - 2013-05-29 20:31 - 00001931 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-13 03:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-13 03:26 - 2011-12-27 17:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-13 03:02 - 2008-08-01 10:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-12 02:59 - 2013-08-14 17:52 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 02:46 - 2006-11-02 11:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-11 17:03 - 2012-04-05 20:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-11 17:03 - 2011-05-16 15:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-10 20:44 - 2010-02-02 21:26 - 00000000 ____D C:\Users\Nadine\Documents\Häkeln

Files to move or delete:
====================
C:\Users\Nadine\CarryItEasy.exe


Some content of TEMP:
====================
C:\Users\Nadine\AppData\Local\Temp\BackupSetup.exe
C:\Users\Nadine\AppData\Local\Temp\GetCC.dll
C:\Users\Nadine\AppData\Local\Temp\Installer.exe
C:\Users\Nadine\AppData\Local\Temp\KUIU.EXE
C:\Users\Nadine\AppData\Local\Temp\plus-hd-2-5.exe
C:\Users\Nadine\AppData\Local\Temp\SendMsg.dll
C:\Users\Nadine\AppData\Local\Temp\SHSetup.exe
C:\Users\Nadine\AppData\Local\Temp\SP43672.exe
C:\Users\Nadine\AppData\Local\Temp\SP46631.exe
C:\Users\Nadine\AppData\Local\Temp\SP50498.exe
C:\Users\Nadine\AppData\Local\Temp\vbmz10.exe
C:\Users\Nadine\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Nadine\AppData\Local\Temp\vmpremov.exe
C:\Users\Nadine\AppData\Local\Temp\_isAFAF.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-08 20:49

==================== End Of Log ============================
GMER
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-08 23:29:43
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2552GSX rev.LV011C 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Nadine\AppData\Local\Temp\awdiqpod.sys


---- System - GMER 2.1 ----

SSDT            86B2CE80                                ZwAlertResumeThread
SSDT            86B2CF18                                ZwAlertThread
SSDT            86A25110                                ZwAllocateVirtualMemory
SSDT            86925BB8                                ZwAlpcConnectPort
SSDT            86B2C8F8                                ZwAssignProcessToJobObject
SSDT            86B2CCA8                                ZwCreateMutant
SSDT            86F14CC8                                ZwCreateSymbolicLinkObject
SSDT            86B00FB0                                ZwCreateThread
SSDT            86B2C990                                ZwDebugActiveProcess
SSDT            86A377B8                                ZwDuplicateObject
SSDT            86A21180                                ZwFreeVirtualMemory
SSDT            86B2CD50                                ZwImpersonateAnonymousToken
SSDT            86B2CDE8                                ZwImpersonateThread
SSDT            86925B40                                ZwLoadDriver
SSDT            86A210E8                                ZwMapViewOfSection
SSDT            86B2CC10                                ZwOpenEvent
SSDT            86A37B18                                ZwOpenProcess
SSDT            86A37740                                ZwOpenProcessToken
SSDT            86B2CAE0                                ZwOpenSection
SSDT            86A37A90                                ZwOpenThread
SSDT            86B2C850                                ZwProtectVirtualMemory
SSDT            86B2CF90                                ZwResumeThread
SSDT            86B2C198                                ZwSetContextThread
SSDT            86B2C230                                ZwSetInformationProcess
SSDT            86B2CA28                                ZwSetSystemInformation
SSDT            86B2CB78                                ZwSuspendProcess
SSDT            86B2C068                                ZwSuspendThread
SSDT            86A31710                                ZwTerminateProcess
SSDT            86B2C100                                ZwTerminateThread
SSDT            86B2C2B8                                ZwUnmapViewOfSection
SSDT            86A25088                                ZwWriteVirtualMemory
SSDT            86F14D50                                ZwCreateThreadEx

---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!KeSetEvent + 11D            822C3768 8 Bytes  [80, CE, B2, 86, 18, CF, B2, ...] {OR DH, 0xb2; XCHG [EAX], BL; IRET ; MOV DL, 0x86}
.text          ntkrnlpa.exe!KeSetEvent + 131            822C377C 4 Bytes  [10, 51, A2, 86]
.text          ntkrnlpa.exe!KeSetEvent + 13D            822C3788 4 Bytes  [B8, 5B, 92, 86]
.text          ntkrnlpa.exe!KeSetEvent + 191            822C37DC 4 Bytes  [F8, C8, B2, 86]
.text          ntkrnlpa.exe!KeSetEvent + 1F5            822C3840 4 Bytes  [A8, CC, B2, 86] {TEST AL, 0xcc; MOV DL, 0x86}
.text          ...                                     

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                  SYMTDIV.SYS
AttachedDevice  \Driver\tdx \Device\Udp                  SYMTDIV.SYS
AttachedDevice  \Driver\tdx \Device\RawIp                SYMTDIV.SYS

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                    unknown MBR code

---- EOF - GMER 2.1 ----
Ich hoffe das alles so richtig ist und ihr mir helfen könnt.

Gruß

Nadine

schrauber 09.11.2013 10:49
hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

zim 09.11.2013 14:02
Danke für die schnelle Hilfe.
Hier der Logfile von Combofix:
Code:
ComboFix 13-11-07.01 - Nadine 09.11.2013  11:26:33.1.2 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.49.1031.18.1978.1141 [GMT 1:00]
ausgeführt von:: c:\users\Nadine\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nadine\AppData\Local\assembly\tmp
c:\windows\system32\frapsvid.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-10-09 bis 2013-11-09  ))))))))))))))))))))))))))))))
.
.
2013-11-09 10:41 . 2013-11-09 10:46        --------        d-----w-        c:\users\Nadine\AppData\Local\temp
2013-11-09 10:41 . 2013-11-09 10:41        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-11-08 21:32 . 2013-11-08 21:32        --------        d-----w-        C:\FRST
2013-11-08 18:30 . 2013-11-08 18:30        --------        d-----w-        c:\program files\Enigma Software Group
2013-11-08 18:28 . 2013-11-08 19:31        --------        d-----w-        c:\windows\220FB0354744483A9A0B41DF77061583.TMP
2013-11-03 17:29 . 2013-11-03 17:29        --------        d-----w-        c:\users\Nadine\AppData\Roaming\David Walters Development
2013-11-02 18:56 . 2013-11-09 10:40        --------        d-----w-        c:\users\Nadine\AppData\Local\assembly
2013-11-02 14:56 . 2013-11-08 18:54        --------        d-----w-        c:\users\Nadine\AppData\Local\VisualBeeExe
2013-11-02 14:56 . 2013-11-02 14:56        --------        d-----w-        c:\programdata\VisualBee
2013-11-02 14:56 . 2013-11-02 14:56        --------        d-----w-        c:\users\Nadine\AppData\Local\emaze
2013-11-02 14:55 . 2013-11-02 15:03        --------        d-----w-        c:\program files\MyPC Backup
2013-11-02 14:54 . 2013-11-02 14:54        --------        d-----w-        c:\users\Nadine\AppData\Roaming\Dealply
2013-11-02 14:52 . 2013-11-08 19:01        --------        d-----w-        c:\users\Nadine\AppData\Local\Smartbar
2013-10-27 18:25 . 2013-10-27 18:25        --------        d-----w-        c:\program files\iPod
2013-10-27 18:24 . 2013-10-27 18:26        --------        d-----w-        c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-27 18:24 . 2013-10-27 18:26        --------        d-----w-        c:\program files\iTunes
2013-10-13 01:02 . 2013-11-02 15:12        --------        d-----w-        c:\windows\system32\drivers\NIS\1501000.012
2013-10-12 02:00 . 2013-06-04 01:49        293376        ----a-w-        c:\windows\system32\atmfd.dll
2013-10-12 02:00 . 2013-06-04 04:16        34304        ----a-w-        c:\windows\system32\atmlib.dll
2013-10-12 01:47 . 2013-08-29 07:36        2050048        ----a-w-        c:\windows\system32\win32k.sys
2013-10-12 01:47 . 2013-07-12 09:04        134272        ----a-w-        c:\windows\system32\drivers\usbvideo.sys
2013-10-12 01:47 . 2013-07-12 09:04        73344        ----a-w-        c:\windows\system32\drivers\USBAUDIO.sys
2013-10-12 01:47 . 2013-08-27 01:28        1069056        ----a-w-        c:\windows\system32\DWrite.dll
2013-10-12 01:47 . 2013-08-27 01:28        798208        ----a-w-        c:\windows\system32\FntCache.dll
2013-10-12 01:47 . 2013-08-27 02:47        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll
2013-10-12 01:47 . 2013-08-27 02:47        189952        ----a-w-        c:\windows\system32\d3d10core.dll
2013-10-12 01:47 . 2013-08-27 02:47        1029120        ----a-w-        c:\windows\system32\d3d10.dll
2013-10-12 01:47 . 2013-08-27 01:52        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll
2013-10-12 01:47 . 2013-08-27 01:50        486400        ----a-w-        c:\windows\system32\d3d10level9.dll
2013-10-12 01:47 . 2013-08-27 01:32        683008        ----a-w-        c:\windows\system32\d2d1.dll
2013-10-12 01:47 . 2013-08-27 02:47        160768        ----a-w-        c:\windows\system32\d3d10_1.dll
2013-10-12 01:46 . 2013-08-01 03:16        638400        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-10-12 01:46 . 2013-08-01 02:49        37376        ----a-w-        c:\windows\system32\cdd.dll
2013-10-12 01:46 . 2013-07-20 10:44        102608        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-12 01:43 . 2013-06-29 02:07        197632        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2013-10-12 01:43 . 2013-06-29 02:07        73216        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2013-10-12 01:43 . 2013-06-29 02:07        226304        ----a-w-        c:\windows\system32\drivers\usbport.sys
2013-10-12 01:43 . 2013-06-29 02:06        6016        ----a-w-        c:\windows\system32\drivers\usbd.sys
2013-10-12 01:43 . 2011-05-05 13:54        39936        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2013-10-12 01:43 . 2011-05-05 13:54        23552        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2013-10-12 01:43 . 2013-06-26 23:01        527064        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2013-10-12 01:41 . 2013-07-03 02:10        25472        ----a-w-        c:\windows\system32\drivers\hidparse.sys
2013-10-12 01:41 . 2013-07-04 04:21        532480        ----a-w-        c:\windows\system32\comctl32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 16:03 . 2012-04-05 19:32        692616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-10-11 16:03 . 2011-05-16 14:14        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-30 19:28 . 2010-09-26 10:46        142936        ----a-w-        c:\windows\system32\drivers\SYMEVENT.SYS
2013-09-24 03:07 . 2013-10-13 01:49        53760        ----a-w-        c:\windows\apppatch\iebrshim.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AmazonMP3DownloaderHelper"="c:\users\Nadine\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2010-06-07 618496]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-23 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Media Server-Taskleisten-Tool.lnk - c:\program files\Squeezebox\SqueezeTray.exe [2011-12-17 3051619]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 08:36        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-19 13:42        1185744        ----a-w-        c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:04]
.
2013-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-21 12:19]
.
2013-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-21 12:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.snapdo.com/?publisher=shoppinghelper&dpid=shoppinghelper&co=de&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=hp&installdate=02/11/2013
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=ds&q={searchTerms}&installDate=02/11/2013
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\
FF - prefs.js: browser.startup.homepage - hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=hp&installDate=02/11/2013
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=ds&installDate=02/11/2013&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-11-09 11:45
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NIS\1501000.012\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files\Norton Internet Security\Engine\21.1.0.18"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2556767210-1549820533-2561723135-1000\Software\SecuROM\License information*]
"datasecu"=hex:e0,bd,d6,79,b1,05,21,fd,c5,32,71,b0,00,d0,21,99,48,d5,2b,41,ea,
  29,79,cb,67,8c,bd,e0,a8,78,e4,9f,4e,78,d0,2e,72,ef,2b,d5,5c,e5,58,62,d0,5b,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
c:\windows\SMINST\BLService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\DllHost.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-11-09  11:53:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-11-09 10:53
.
Vor Suchlauf: 11 Verzeichnis(se), 46.752.419.840 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 46.976.520.192 Bytes frei
.
- - End Of File - - D226CF1FAAB8DD28120C5476C1FEBB52
85D751F0E41B8E520AEE8C07A8DA777B

schrauber 10.11.2013 07:04
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

zim 10.11.2013 15:05
Hallo,

ich habe alles gemacht.

Malewarebytes:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.10.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Nadine :: NADINE-PC [Administrator]

10.11.2013 13:53:54
mbam-log-2013-11-10 (13-53-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 215228
Laufzeit: 18 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=shoppinghelper&dpid=shoppinghelper&co=de&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=hp&installdate=02/11/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=ds&q={searchTerms}&installDate=02/11/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=ds&q={searchTerms}&installDate=02/11/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 8
C:\Users\Nadine\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Local\Smartbar (PUP.Optional.SmartBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Local\Smartbar\Application (PUP.Optional.SmartBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\OpenCandy\38DD200439DE483D87D79118B4F506AC (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 14
C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\Dealply\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\OpenCandy\38DD200439DE483D87D79118B4F506AC\TuneUpUtilities2013-2200217_de-DE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Adwcleaner:
Code:
# AdwCleaner v3.011 - Bericht erstellt am 10/11/2013 um 14:46:16
# Updated 03/11/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzername : Nadine - NADINE-PC
# Gestartet von : C:\Users\Nadine\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\VisualBee
Ordner Gelöscht : C:\Program Files\MyPC Backup
Ordner Gelöscht : C:\Program Files\optimizer pro
Ordner Gelöscht : C:\Users\Nadine\AppData\Local\visualbeeexe
Ordner Gelöscht : C:\Users\Nadine\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Smartbar
Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\searchplugins\Web Search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\visualbee
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKLM\Software\visualbee
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6002.18005


-\\ Mozilla Firefox v22.0 (de)

[ Datei : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\prefs.js ]

Zeile gelöscht : user_pref("CT2319825.1000082.isPlayDisplay", "true");
Zeile gelöscht : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1Live\",\"url\":\"hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a\"}");
Zeile gelöscht : user_pref("CT2319825.1000234.TWC_TMP_city", "BERLIN");
Zeile gelöscht : user_pref("CT2319825.1000234.TWC_TMP_country", "DE");
Zeile gelöscht : user_pref("CT2319825.1000234.TWC_country", "GERMANY");
Zeile gelöscht : user_pref("CT2319825.1000234.TWC_locId", "GMXX0007");
Zeile gelöscht : user_pref("CT2319825.1000234.TWC_location", "Berlin, Germany");
Zeile gelöscht : user_pref("CT2319825.1000234.TWC_region", "DE");
Zeile gelöscht : user_pref("CT2319825.1000234.TWC_temp_dis", "c");
Zeile gelöscht : user_pref("CT2319825.1000234.TWC_wind_dis", "kmh");
Zeile gelöscht : user_pref("CT2319825.1000234.weatherData", "{\"icon\":\"29.png\",\"temperature\":\"1°C\",\"temperatureClear\":\"1°C\",\"highTemperature\":\"1°C\",\"lowTemperature\":\"-3°C\",\"feelsLike\":\"-4°C\",\"c[...]
Zeile gelöscht : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2319825.FirstTime", "true");
Zeile gelöscht : user_pref("CT2319825.FirstTimeFF3", "true");
Zeile gelöscht : user_pref("CT2319825.ID.enc", "NTEzODI1OTE=");
Zeile gelöscht : user_pref("CT2319825.LoginRevertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2319825.RevertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=");
Zeile gelöscht : user_pref("CT2319825.UserID", "UN03917798529843930");
Zeile gelöscht : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2319825.autoDisableScopes", -1);
Zeile gelöscht : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Zeile gelöscht : user_pref("CT2319825.countryCode", "DE");
Zeile gelöscht : user_pref("CT2319825.defaultSearch", "true");
Zeile gelöscht : user_pref("CT2319825.enableAlerts", "always");
Zeile gelöscht : user_pref("CT2319825.enableFix404ByUser", "TRUE");
Zeile gelöscht : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Zeile gelöscht : user_pref("CT2319825.firstTimeDialogOpened", "true");
Zeile gelöscht : user_pref("CT2319825.fixPageNotFoundError", "true");
Zeile gelöscht : user_pref("CT2319825.fixPageNotFoundErrorByUser", "false");
Zeile gelöscht : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Zeile gelöscht : user_pref("CT2319825.fixUrls", true);
Zeile gelöscht : user_pref("CT2319825.fullUserID", "UN03917798529843930.UP.20130715175652");
Zeile gelöscht : user_pref("CT2319825.installId", "ConduitNSISIntegration");
Zeile gelöscht : user_pref("CT2319825.installType", "ConduitNSISIntegration");
Zeile gelöscht : user_pref("CT2319825.isCheckedStartAsHidden", true);
Zeile gelöscht : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT2319825.isFirstTimeToolbarLoading", "false");
Zeile gelöscht : user_pref("CT2319825.isNewTabEnabled", false);
Zeile gelöscht : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Zeile gelöscht : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT2319825.keyword", true);
Zeile gelöscht : user_pref("CT2319825.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2319825&octid=CT2319825&SearchSource=15&CUI=UN03917798529843930&SSPV=&Lay=1&UM=false\"[...]
Zeile gelöscht : user_pref("CT2319825.lastVersion", "10.16.4.519");
Zeile gelöscht : user_pref("CT2319825.migrateAppsAndComponents", true);
Zeile gelöscht : user_pref("CT2319825.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://BrowseToolE0191.OurToolbar.com/\",\"EB[...]
Zeile gelöscht : user_pref("CT2319825.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2319825.openThankYouPage", "false");
Zeile gelöscht : user_pref("CT2319825.openUninstallPage", "true");
Zeile gelöscht : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Zeile gelöscht : user_pref("CT2319825.search.searchCount", "0");
Zeile gelöscht : user_pref("CT2319825.searchFromAddressBarEnabledByUser", "false");
Zeile gelöscht : user_pref("CT2319825.searchInNewTabEnabled", "false");
Zeile gelöscht : user_pref("CT2319825.searchInNewTabEnabledByUser", "false");
Zeile gelöscht : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2319825.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT2319825.searchSuggestEnabledByUser", "false");
Zeile gelöscht : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT2319825.selectToSearchBoxEnabledByUser", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2319825.sendUsageEnabled", "false");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2319825\"}");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BrowseToolE0191.OurToolbar.com//xpi\"}");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BrowseToolE0191\"}");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_Configuration_lastUpdate", "1375605923833");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1364418743993");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1364418743771");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364418744035");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_location_lastUpdate", "1373902007434");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352997738203");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358548558693");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.14.40.128_lastUpdate", "1360240191714");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360893649009");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364397439716");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.15.0.562_lastUpdate", "1373902007190");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.15.2.523_lastUpdate", "1368987783843");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.16.4.519_lastUpdate", "1375605924064");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364418744099");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1375605923868");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1375605923724");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364418743843");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1375605924230");
Zeile gelöscht : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1375605924253");
Zeile gelöscht : user_pref("CT2319825.settingsINI", true);
Zeile gelöscht : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Zeile gelöscht : user_pref("CT2319825.showToolbarPermission", "false");
Zeile gelöscht : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Zeile gelöscht : user_pref("CT2319825.smartbar.Uninstall", "0");
Zeile gelöscht : user_pref("CT2319825.smartbar.homepage", true);
Zeile gelöscht : user_pref("CT2319825.smartbar.isHidden", true);
Zeile gelöscht : user_pref("CT2319825.smartbar.toolbarName", "BrowseToolE0191 ");
Zeile gelöscht : user_pref("CT2319825.startPage", "userChanged");
Zeile gelöscht : user_pref("CT2319825.toolbarBornServerTime", "14-10-2012");
Zeile gelöscht : user_pref("CT2319825.toolbarCurrentServerTime", "4-8-2013");
Zeile gelöscht : user_pref("CT2319825.toolbarLoginClientTime", "Wed Mar 27 2013 22:10:23 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.upgradeFromClearSBVersion", true);
Zeile gelöscht : user_pref("CT2319825_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1375605799916,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "");
Zeile gelöscht : user_pref("plugin.blocklisted.npviewpoint", true);
Zeile gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&CU[...]
Zeile gelöscht : user_pref("smartbar.machineId", "TBSMMKI8/JTU+U2GU8HUKK7TC0XF2X55GFKCIV5FYKK7FEXO6OZFB5228KWS4ZBFALME/OVHDAB+5JIK2IG9MQ");
Zeile gelöscht : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");

-\\ Google Chrome v30.0.1599.101

[ Datei : C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [15158 octets] - [10/11/2013 14:44:40]
AdwCleaner[S0].txt - [15092 octets] - [10/11/2013 14:46:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15153 octets] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Basic x86
Ran by Nadine on 10.11.2013 at 14:55:16,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\gz2iqwui.default\extensions\staged
Successfully deleted the following from C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\gz2iqwui.default\prefs.js

user_pref("extensions.personas.lastselected3", "{\"id\":\"43327\",\"name\":\"Blue Blue Christmas\",\"accentcolor\":\"#f5f5f5\",\"textcolor\":\"#f5f2f2\",\"header\":\"hxxp://ge
user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=hp&ins
user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=0df0f5f5-2613-fa5b-773e-935974189586&searchtype=ds&installDate=02/1
Emptied folder: C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\gz2iqwui.default\minidumps [26 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.11.2013 at 15:03:26,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2013
Ran by Nadine (administrator) on NADINE-PC on 10-11-2013 15:12:30
Running from C:\Users\Nadine\Desktop
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Logitech Inc.) C:\Program Files\Squeezebox\SqueezeTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Opera Software) C:\Program Files\Opera\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] ()
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Nadine\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Nadine\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: [verify-U]-Add-on - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\verify-u_2@cybits.de
FF Extension: Flagfox - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: TV-Fox - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF Extension: DownloadHelper - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: jid1-kV5U6puWw0Cdvg - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\jid1-kV5U6puWw0Cdvg@jetpack.xpi
FF Extension: personas - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\personas@christopher.beard.xpi
FF Extension: smarterwiki - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\smarterwiki@wikiatic.com.xpi
FF Extension: dta - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFF

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (LoadTubes Plugin) - C:\Program Files\Mozilla Firefox\plugins\npmieze.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (F2B Dark Electrique - Ibis Tribute on Black) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkhfghgcedfhpkoilcmohbcmkbcdodd\1_0
CHR Extension: (Norton Identity Protection) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (Gmail) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-12-08] (Adobe Systems Incorporated)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\diMaster.dll [567600 2013-10-08] (Symantec Corporation)
S3 PACSPTISVR-MusicUnlimitedTransfer; C:\Program Files\Sony\Music Unlimited Transfer\Sony.Earth\PACSPTISVR.exe [169832 2012-04-17] (Sony Corporation)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131101.003\BHDrvx86.sys [1096280 2013-10-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-09-30] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-09-30] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131108.001\IDSvix86.sys [393816 2013-10-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131109.006\NAVENG.SYS [93272 2013-09-30] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131109.006\NAVEX15.SYS [1612376 2013-09-30] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-07-31] (Symantec Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-07-29] (Samsung Electronics)
R0 SymDS; C:\Windows\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-09-30] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [63576 2013-08-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-07-31] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1501000.012\SYMTDIV.SYS [383576 2013-09-26] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S2 IWPORT; \??\C:\Windows\SYSTEM32\DRIVERS\IWPORT.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
S3 ProcObsrv; \??\C:\Program Files\Glary Utilities 3\ProcObsrv.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-10 15:11 - 2013-11-10 15:11 - 01089447 _____ (Farbar) C:\Users\Nadine\Desktop\FRST.exe
2013-11-10 15:03 - 2013-11-10 15:03 - 00001894 _____ C:\Users\Nadine\Desktop\JRT.txt
2013-11-10 14:55 - 2013-11-10 14:55 - 00000000 ____D C:\Windows\ERUNT
2013-11-10 14:52 - 2013-11-10 14:52 - 01034531 _____ (Thisisu) C:\Users\Nadine\Desktop\JRT.exe
2013-11-10 14:50 - 2013-11-10 14:50 - 00015234 _____ C:\Users\Nadine\Desktop\AdwCleaner[S0].txt
2013-11-10 14:44 - 2013-11-10 14:46 - 00000000 ____D C:\AdwCleaner
2013-11-10 14:43 - 2013-11-10 14:43 - 01073262 _____ C:\Users\Nadine\Desktop\adwcleaner.exe
2013-11-10 13:50 - 2013-11-10 13:50 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\Malwarebytes
2013-11-10 13:49 - 2013-11-10 13:49 - 00000866 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-10 13:48 - 2013-11-10 13:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-10 13:48 - 2013-11-10 13:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-10 13:48 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-10 13:47 - 2013-11-10 13:47 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Nadine\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-09 14:09 - 2013-11-09 14:09 - 00013538 _____ C:\Users\Nadine\Desktop\combofix.txt
2013-11-09 11:53 - 2013-11-09 11:53 - 00013538 _____ C:\ComboFix.txt
2013-11-09 11:23 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-09 11:23 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-09 11:23 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-09 11:23 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-09 11:23 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-09 11:23 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-09 11:23 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-09 11:23 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-09 11:22 - 2013-11-09 11:53 - 00000000 ____D C:\Qoobox
2013-11-09 11:21 - 2013-11-09 11:50 - 00000000 ____D C:\Windows\erdnt
2013-11-09 11:11 - 2013-11-09 11:11 - 05145633 ____R (Swearware) C:\Users\Nadine\Desktop\ComboFix.exe
2013-11-08 23:29 - 2013-11-08 23:29 - 00003976 _____ C:\Users\Nadine\Desktop\Gmer.txt
2013-11-08 22:51 - 2013-11-08 22:51 - 00027418 _____ C:\Users\Nadine\Desktop\Addition.txt
2013-11-08 22:32 - 2013-11-08 22:32 - 00000000 ____D C:\FRST
2013-11-08 22:28 - 2013-11-08 22:28 - 00000000 _____ C:\Users\Nadine\defogger_reenable
2013-11-08 19:30 - 2013-11-08 19:30 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-08 19:28 - 2013-11-08 20:31 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP
2013-11-08 18:23 - 2013-11-08 18:28 - 00000000 ____D C:\Users\Nadine\Documents\Descent
2013-11-06 16:09 - 2013-11-06 16:09 - 00004096 ____H C:\Users\Nadine\Desktop\~$$Zeichnung1.~vsd
2013-11-06 15:51 - 2013-11-06 15:51 - 00232960 _____ C:\Users\Nadine\Desktop\Zeichnung2.vsd
2013-11-06 15:51 - 2013-11-06 15:51 - 00004096 ____H C:\Users\Nadine\Desktop\~$$Zeichnung2.~vsd
2013-11-06 15:43 - 2013-11-06 16:12 - 00232960 _____ C:\Users\Nadine\Desktop\Zeichnung1.vsd
2013-11-03 18:29 - 2013-11-03 18:29 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\David Walters Development
2013-11-02 15:56 - 2013-11-02 15:56 - 00000000 ____D C:\Users\Nadine\AppData\Local\emaze
2013-10-27 19:26 - 2013-10-27 19:26 - 00001624 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-27 19:25 - 2013-10-27 19:25 - 00000000 ____D C:\Program Files\iPod
2013-10-27 19:24 - 2013-10-27 19:26 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-27 19:24 - 2013-10-27 19:26 - 00000000 ____D C:\Program Files\iTunes
2013-10-13 02:49 - 2013-09-24 04:07 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 03625984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-13 02:49 - 2013-09-24 04:06 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-10-13 02:49 - 2013-09-23 21:13 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-13 02:49 - 2013-09-23 21:01 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 03:00 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-12 03:00 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-12 02:47 - 2013-08-29 08:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-12 02:47 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-12 02:47 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-12 02:47 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-12 02:47 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-12 02:47 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-12 02:47 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-12 02:47 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-12 02:47 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-12 02:47 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-12 02:47 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-12 02:47 - 2013-07-12 10:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-12 02:46 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-12 02:46 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-12 02:46 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-12 02:43 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-12 02:43 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-12 02:43 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-12 02:43 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-12 02:43 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-12 02:43 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-12 02:43 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-12 02:41 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-12 02:41 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

==================== One Month Modified Files and Folders =======

2013-11-10 15:11 - 2013-11-10 15:11 - 01089447 _____ (Farbar) C:\Users\Nadine\Desktop\FRST.exe
2013-11-10 15:06 - 2012-10-21 13:19 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-10 15:06 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-10 15:06 - 2006-11-02 13:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-10 15:06 - 2006-11-02 13:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-10 15:04 - 2008-09-10 01:00 - 01115595 _____ C:\Windows\WindowsUpdate.log
2013-11-10 15:04 - 2006-11-02 13:58 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-10 15:03 - 2013-11-10 15:03 - 00001894 _____ C:\Users\Nadine\Desktop\JRT.txt
2013-11-10 14:55 - 2013-11-10 14:55 - 00000000 ____D C:\Windows\ERUNT
2013-11-10 14:52 - 2013-11-10 14:52 - 01034531 _____ (Thisisu) C:\Users\Nadine\Desktop\JRT.exe
2013-11-10 14:50 - 2013-11-10 14:50 - 00015234 _____ C:\Users\Nadine\Desktop\AdwCleaner[S0].txt
2013-11-10 14:46 - 2013-11-10 14:44 - 00000000 ____D C:\AdwCleaner
2013-11-10 14:43 - 2013-11-10 14:43 - 01073262 _____ C:\Users\Nadine\Desktop\adwcleaner.exe
2013-11-10 14:43 - 2012-04-05 20:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-10 14:38 - 2012-12-22 21:55 - 00031284 _____ C:\Windows\PFRO.log
2013-11-10 14:34 - 2008-08-01 11:00 - 00000000 ____D C:\Windows\Downloaded Installations
2013-11-10 14:05 - 2012-10-21 13:19 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-10 13:50 - 2013-11-10 13:50 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\Malwarebytes
2013-11-10 13:49 - 2013-11-10 13:49 - 00000866 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-10 13:49 - 2013-11-10 13:48 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-10 13:48 - 2013-11-10 13:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-10 13:47 - 2013-11-10 13:47 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Nadine\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-09 14:19 - 2012-03-22 20:29 - 00002577 _____ C:\Users\Nadine\Desktop\Microsoft Word 2010.lnk
2013-11-09 14:09 - 2013-11-09 14:09 - 00013538 _____ C:\Users\Nadine\Desktop\combofix.txt
2013-11-09 11:53 - 2013-11-09 11:53 - 00013538 _____ C:\ComboFix.txt
2013-11-09 11:53 - 2013-11-09 11:22 - 00000000 ____D C:\Qoobox
2013-11-09 11:53 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default
2013-11-09 11:53 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-11-09 11:50 - 2013-11-09 11:21 - 00000000 ____D C:\Windows\erdnt
2013-11-09 11:46 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-11-09 11:22 - 2008-09-26 13:10 - 00000000 ____D C:\Users\Nadine
2013-11-09 11:11 - 2013-11-09 11:11 - 05145633 ____R (Swearware) C:\Users\Nadine\Desktop\ComboFix.exe
2013-11-08 23:29 - 2013-11-08 23:29 - 00003976 _____ C:\Users\Nadine\Desktop\Gmer.txt
2013-11-08 22:51 - 2013-11-08 22:51 - 00027418 _____ C:\Users\Nadine\Desktop\Addition.txt
2013-11-08 22:32 - 2013-11-08 22:32 - 00000000 ____D C:\FRST
2013-11-08 22:28 - 2013-11-08 22:28 - 00000000 _____ C:\Users\Nadine\defogger_reenable
2013-11-08 22:28 - 2013-05-30 18:23 - 00000000 ____D C:\Program Files\Opera
2013-11-08 20:43 - 2008-09-26 13:17 - 00109296 _____ C:\Users\Nadine\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-08 20:43 - 2006-11-02 13:44 - 00402216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-08 20:31 - 2013-11-08 19:28 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP
2013-11-08 20:06 - 2008-09-10 01:10 - 00000000 ____D C:\Program Files\CONEXANT
2013-11-08 19:30 - 2013-11-08 19:30 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-08 19:27 - 2012-11-06 08:19 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-11-08 19:16 - 2008-09-29 19:49 - 00000000 ____D C:\Users\Nadine\AppData\Local\Deployment
2013-11-08 19:15 - 2012-03-22 20:29 - 00002619 _____ C:\Users\Nadine\Desktop\Microsoft PowerPoint 2010.lnk
2013-11-08 18:28 - 2013-11-08 18:23 - 00000000 ____D C:\Users\Nadine\Documents\Descent
2013-11-06 16:12 - 2013-11-06 15:43 - 00232960 _____ C:\Users\Nadine\Desktop\Zeichnung1.vsd
2013-11-06 16:09 - 2013-11-06 16:09 - 00004096 ____H C:\Users\Nadine\Desktop\~$$Zeichnung1.~vsd
2013-11-06 15:51 - 2013-11-06 15:51 - 00232960 _____ C:\Users\Nadine\Desktop\Zeichnung2.vsd
2013-11-06 15:51 - 2013-11-06 15:51 - 00004096 ____H C:\Users\Nadine\Desktop\~$$Zeichnung2.~vsd
2013-11-04 06:31 - 2006-11-02 11:33 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-03 21:59 - 2008-10-12 19:36 - 00000052 _____ C:\Windows\system32\DOErrors.log
2013-11-03 18:29 - 2013-11-03 18:29 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\David Walters Development
2013-11-02 16:14 - 2010-09-26 11:45 - 00002173 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-11-02 16:14 - 2010-09-26 11:45 - 00000000 ____D C:\Windows\system32\Drivers\NIS
2013-11-02 15:56 - 2013-11-02 15:56 - 00000000 ____D C:\Users\Nadine\AppData\Local\emaze
2013-10-27 19:26 - 2013-10-27 19:26 - 00001624 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-27 19:26 - 2013-10-27 19:24 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-27 19:26 - 2013-10-27 19:24 - 00000000 ____D C:\Program Files\iTunes
2013-10-27 19:25 - 2013-10-27 19:25 - 00000000 ____D C:\Program Files\iPod
2013-10-27 19:25 - 2009-04-05 18:05 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-25 20:00 - 2008-10-01 17:06 - 00059904 _____ C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-19 16:04 - 2013-05-29 20:31 - 00001931 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-13 03:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-13 03:26 - 2011-12-27 17:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-13 03:02 - 2008-08-01 10:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-12 02:59 - 2013-08-14 17:52 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 02:46 - 2006-11-02 11:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-11 17:03 - 2012-04-05 20:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-11 17:03 - 2011-05-16 15:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\Nadine\CarryItEasy.exe


Some content of TEMP:
====================
C:\Users\Nadine\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 15:12

==================== End Of Log ============================
--- --- ---

--- --- ---


Gruß
Nadine

schrauber 10.11.2013 19:02

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

zim 11.11.2013 22:39
Hallo,

hier erstmal ESET, der Rest kommt gleich
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a820ecf8f39d2c45a92f5b33ecc6f910
# engine=15838
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-11 09:24:56
# local_time=2013-11-11 10:24:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3591 16777213 100 90 550018 146801681 0 0
# compatibility_mode=5892 16776574 100 100 98895382 221737868 0 0
# scanned=250420
# found=0
# cleaned=0
# scan_time=12626
So hier jetzt der Rest:
Code:
Results of screen317's Security Check version 0.99.76 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Norton Internet Security 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 JavaFX 2.1.1   
 Java 7 Update 10 
 Java version out of Date!
 Adobe Flash Player        11.9.900.117 
 Adobe Reader 8 Adobe Reader out of Date!
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
 Mozilla Firefox 22.0 Firefox out of Date! 
 Google Chrome 30.0.1599.101 
 Google Chrome 30.0.1599.69 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
[CODE]A
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by Nadine (administrator) on NADINE-PC on 11-11-2013 22:48:32
Running from C:\Users\Nadine\AppData\Local\Opera\Opera\temporary_downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Logitech Inc.) C:\Program Files\Squeezebox\SqueezeTray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Opera Software) C:\Program Files\Opera\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] ()
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Nadine\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Nadine\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: [verify-U]-Add-on - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\verify-u_2@cybits.de
FF Extension: Flagfox - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: TV-Fox - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF Extension: DownloadHelper - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: jid1-kV5U6puWw0Cdvg - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\jid1-kV5U6puWw0Cdvg@jetpack.xpi
FF Extension: personas - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\personas@christopher.beard.xpi
FF Extension: smarterwiki - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\smarterwiki@wikiatic.com.xpi
FF Extension: dta - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\gz2iqwui.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFF

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (LoadTubes Plugin) - C:\Program Files\Mozilla Firefox\plugins\npmieze.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (F2B Dark Electrique - Ibis Tribute on Black) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkhfghgcedfhpkoilcmohbcmkbcdodd\1_0
CHR Extension: (Norton Identity Protection) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (Gmail) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-12-08] (Adobe Systems Incorporated)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\diMaster.dll [567600 2013-10-08] (Symantec Corporation)
S3 PACSPTISVR-MusicUnlimitedTransfer; C:\Program Files\Sony\Music Unlimited Transfer\Sony.Earth\PACSPTISVR.exe [169832 2012-04-17] (Sony Corporation)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131101.003\BHDrvx86.sys [1096280 2013-10-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-09-30] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-09-30] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131110.003\IDSvix86.sys [393816 2013-10-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131111.002\NAVENG.SYS [93272 2013-09-30] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131111.002\NAVEX15.SYS [1612376 2013-09-30] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-07-31] (Symantec Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-07-29] (Samsung Electronics)
R0 SymDS; C:\Windows\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-09-30] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [63576 2013-08-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-07-31] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1501000.012\SYMTDIV.SYS [383576 2013-09-26] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S2 IWPORT; \??\C:\Windows\SYSTEM32\DRIVERS\IWPORT.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
S3 ProcObsrv; \??\C:\Program Files\Glary Utilities 3\ProcObsrv.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-11 22:46 - 2013-11-11 22:46 - 00001140 _____ C:\Users\Nadine\Desktop\checkup.txt
2013-11-11 22:37 - 2013-11-11 22:37 - 00891184 _____ C:\Users\Nadine\Desktop\SecurityCheck.exe
2013-11-11 14:32 - 2013-11-11 14:32 - 02347384 _____ (ESET) C:\Users\Nadine\Desktop\esetsmartinstaller_enu.exe
2013-11-10 15:33 - 2013-11-10 15:33 - 00141632 _____ C:\Windows\Minidump\Mini111013-01.dmp
2013-11-10 15:14 - 2013-11-10 15:14 - 00032960 _____ C:\Users\Nadine\Desktop\FRST1.txt
2013-11-10 15:13 - 2013-11-10 15:13 - 00032960 _____ C:\Users\Nadine\Desktop\FRST.txt
2013-11-10 15:03 - 2013-11-10 15:03 - 00001894 _____ C:\Users\Nadine\Desktop\JRT.txt
2013-11-10 14:55 - 2013-11-10 14:55 - 00000000 ____D C:\Windows\ERUNT
2013-11-10 14:52 - 2013-11-10 14:52 - 01034531 _____ (Thisisu) C:\Users\Nadine\Desktop\JRT.exe
2013-11-10 14:50 - 2013-11-10 14:50 - 00015234 _____ C:\Users\Nadine\Desktop\AdwCleaner[S0].txt
2013-11-10 14:44 - 2013-11-10 14:46 - 00000000 ____D C:\AdwCleaner
2013-11-10 14:43 - 2013-11-10 14:43 - 01073262 _____ C:\Users\Nadine\Desktop\adwcleaner.exe
2013-11-10 13:50 - 2013-11-10 13:50 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\Malwarebytes
2013-11-10 13:49 - 2013-11-10 13:49 - 00000866 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-10 13:48 - 2013-11-10 13:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-10 13:48 - 2013-11-10 13:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-10 13:48 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-10 13:47 - 2013-11-10 13:47 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Nadine\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-09 14:09 - 2013-11-09 14:09 - 00013538 _____ C:\Users\Nadine\Desktop\combofix.txt
2013-11-09 11:53 - 2013-11-09 11:53 - 00013538 _____ C:\ComboFix.txt
2013-11-09 11:23 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-09 11:23 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-09 11:23 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-09 11:23 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-09 11:23 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-09 11:23 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-09 11:23 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-09 11:23 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-09 11:22 - 2013-11-09 11:53 - 00000000 ____D C:\Qoobox
2013-11-09 11:21 - 2013-11-09 11:50 - 00000000 ____D C:\Windows\erdnt
2013-11-09 11:11 - 2013-11-09 11:11 - 05145633 ____R (Swearware) C:\Users\Nadine\Desktop\ComboFix.exe
2013-11-08 23:29 - 2013-11-08 23:29 - 00003976 _____ C:\Users\Nadine\Desktop\Gmer.txt
2013-11-08 22:51 - 2013-11-08 22:51 - 00027418 _____ C:\Users\Nadine\Desktop\Addition.txt
2013-11-08 22:32 - 2013-11-08 22:32 - 00000000 ____D C:\FRST
2013-11-08 22:28 - 2013-11-08 22:28 - 00000000 _____ C:\Users\Nadine\defogger_reenable
2013-11-08 19:30 - 2013-11-08 19:30 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-08 19:28 - 2013-11-08 20:31 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP
2013-11-08 18:23 - 2013-11-08 18:28 - 00000000 ____D C:\Users\Nadine\Documents\Descent
2013-11-06 15:51 - 2013-11-11 20:50 - 00231936 _____ C:\Users\Nadine\Desktop\Zeichnung2.vsd
2013-11-06 15:43 - 2013-11-11 20:51 - 00232448 _____ C:\Users\Nadine\Desktop\Zeichnung1.vsd
2013-11-03 18:29 - 2013-11-03 18:29 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\David Walters Development
2013-11-02 15:56 - 2013-11-02 15:56 - 00000000 ____D C:\Users\Nadine\AppData\Local\emaze
2013-10-27 19:26 - 2013-10-27 19:26 - 00001624 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-27 19:25 - 2013-10-27 19:25 - 00000000 ____D C:\Program Files\iPod
2013-10-27 19:24 - 2013-10-27 19:26 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-27 19:24 - 2013-10-27 19:26 - 00000000 ____D C:\Program Files\iTunes
2013-10-13 02:49 - 2013-09-24 04:07 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 03625984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-13 02:49 - 2013-09-24 04:07 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-13 02:49 - 2013-09-24 04:06 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-10-13 02:49 - 2013-09-23 21:13 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-13 02:49 - 2013-09-23 21:01 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 03:00 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-12 03:00 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-12 02:47 - 2013-08-29 08:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-12 02:47 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-12 02:47 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-12 02:47 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-12 02:47 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-12 02:47 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-12 02:47 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-12 02:47 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-12 02:47 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-12 02:47 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-12 02:47 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-12 02:47 - 2013-07-12 10:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-12 02:46 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-12 02:46 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-12 02:46 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-12 02:43 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-12 02:43 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-12 02:43 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-12 02:43 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-12 02:43 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-12 02:43 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-12 02:43 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-12 02:41 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-12 02:41 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

==================== One Month Modified Files and Folders =======

2013-11-11 22:46 - 2013-11-11 22:46 - 00001140 _____ C:\Users\Nadine\Desktop\checkup.txt
2013-11-11 22:43 - 2012-04-05 20:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-11 22:37 - 2013-11-11 22:37 - 00891184 _____ C:\Users\Nadine\Desktop\SecurityCheck.exe
2013-11-11 22:18 - 2006-11-02 13:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-11 22:18 - 2006-11-02 13:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-11 22:05 - 2012-10-21 13:19 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-11 21:32 - 2008-09-10 01:00 - 01198790 _____ C:\Windows\WindowsUpdate.log
2013-11-11 20:51 - 2013-11-06 15:43 - 00232448 _____ C:\Users\Nadine\Desktop\Zeichnung1.vsd
2013-11-11 20:50 - 2013-11-06 15:51 - 00231936 _____ C:\Users\Nadine\Desktop\Zeichnung2.vsd
2013-11-11 19:05 - 2012-10-21 13:19 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-11 14:33 - 2006-11-02 11:33 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-11 14:32 - 2013-11-11 14:32 - 02347384 _____ (ESET) C:\Users\Nadine\Desktop\esetsmartinstaller_enu.exe
2013-11-11 14:32 - 2008-10-12 19:36 - 00000052 _____ C:\Windows\system32\DOErrors.log
2013-11-11 14:31 - 2012-03-22 20:29 - 00002577 _____ C:\Users\Nadine\Desktop\Microsoft Word 2010.lnk
2013-11-10 15:33 - 2013-11-10 15:33 - 00141632 _____ C:\Windows\Minidump\Mini111013-01.dmp
2013-11-10 15:33 - 2013-07-14 17:24 - 298506738 _____ C:\Windows\MEMORY.DMP
2013-11-10 15:33 - 2009-12-11 21:17 - 00000000 ____D C:\Windows\Minidump
2013-11-10 15:33 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-10 15:14 - 2013-11-10 15:14 - 00032960 _____ C:\Users\Nadine\Desktop\FRST1.txt
2013-11-10 15:13 - 2013-11-10 15:13 - 00032960 _____ C:\Users\Nadine\Desktop\FRST.txt
2013-11-10 15:04 - 2006-11-02 13:58 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-10 15:03 - 2013-11-10 15:03 - 00001894 _____ C:\Users\Nadine\Desktop\JRT.txt
2013-11-10 14:55 - 2013-11-10 14:55 - 00000000 ____D C:\Windows\ERUNT
2013-11-10 14:52 - 2013-11-10 14:52 - 01034531 _____ (Thisisu) C:\Users\Nadine\Desktop\JRT.exe
2013-11-10 14:50 - 2013-11-10 14:50 - 00015234 _____ C:\Users\Nadine\Desktop\AdwCleaner[S0].txt
2013-11-10 14:46 - 2013-11-10 14:44 - 00000000 ____D C:\AdwCleaner
2013-11-10 14:43 - 2013-11-10 14:43 - 01073262 _____ C:\Users\Nadine\Desktop\adwcleaner.exe
2013-11-10 14:38 - 2012-12-22 21:55 - 00031284 _____ C:\Windows\PFRO.log
2013-11-10 14:36 - 2008-08-01 11:00 - 00000000 ____D C:\Windows\Downloaded Installations
2013-11-10 13:50 - 2013-11-10 13:50 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\Malwarebytes
2013-11-10 13:49 - 2013-11-10 13:49 - 00000866 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-10 13:49 - 2013-11-10 13:48 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-10 13:48 - 2013-11-10 13:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-10 13:47 - 2013-11-10 13:47 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Nadine\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-09 14:09 - 2013-11-09 14:09 - 00013538 _____ C:\Users\Nadine\Desktop\combofix.txt
2013-11-09 11:53 - 2013-11-09 11:53 - 00013538 _____ C:\ComboFix.txt
2013-11-09 11:53 - 2013-11-09 11:22 - 00000000 ____D C:\Qoobox
2013-11-09 11:53 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default
2013-11-09 11:53 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-11-09 11:50 - 2013-11-09 11:21 - 00000000 ____D C:\Windows\erdnt
2013-11-09 11:46 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-11-09 11:22 - 2008-09-26 13:10 - 00000000 ____D C:\Users\Nadine
2013-11-09 11:11 - 2013-11-09 11:11 - 05145633 ____R (Swearware) C:\Users\Nadine\Desktop\ComboFix.exe
2013-11-08 23:29 - 2013-11-08 23:29 - 00003976 _____ C:\Users\Nadine\Desktop\Gmer.txt
2013-11-08 22:51 - 2013-11-08 22:51 - 00027418 _____ C:\Users\Nadine\Desktop\Addition.txt
2013-11-08 22:32 - 2013-11-08 22:32 - 00000000 ____D C:\FRST
2013-11-08 22:28 - 2013-11-08 22:28 - 00000000 _____ C:\Users\Nadine\defogger_reenable
2013-11-08 22:28 - 2013-05-30 18:23 - 00000000 ____D C:\Program Files\Opera
2013-11-08 20:43 - 2008-09-26 13:17 - 00109296 _____ C:\Users\Nadine\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-08 20:43 - 2006-11-02 13:44 - 00402216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-08 20:31 - 2013-11-08 19:28 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP
2013-11-08 20:06 - 2008-09-10 01:10 - 00000000 ____D C:\Program Files\CONEXANT
2013-11-08 19:30 - 2013-11-08 19:30 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-08 19:27 - 2012-11-06 08:19 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-11-08 19:16 - 2008-09-29 19:49 - 00000000 ____D C:\Users\Nadine\AppData\Local\Deployment
2013-11-08 19:15 - 2012-03-22 20:29 - 00002619 _____ C:\Users\Nadine\Desktop\Microsoft PowerPoint 2010.lnk
2013-11-08 18:28 - 2013-11-08 18:23 - 00000000 ____D C:\Users\Nadine\Documents\Descent
2013-11-03 18:29 - 2013-11-03 18:29 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\David Walters Development
2013-11-02 16:14 - 2010-09-26 11:45 - 00002173 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-11-02 16:14 - 2010-09-26 11:45 - 00000000 ____D C:\Windows\system32\Drivers\NIS
2013-11-02 15:56 - 2013-11-02 15:56 - 00000000 ____D C:\Users\Nadine\AppData\Local\emaze
2013-10-27 19:26 - 2013-10-27 19:26 - 00001624 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-27 19:26 - 2013-10-27 19:24 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-27 19:26 - 2013-10-27 19:24 - 00000000 ____D C:\Program Files\iTunes
2013-10-27 19:25 - 2013-10-27 19:25 - 00000000 ____D C:\Program Files\iPod
2013-10-27 19:25 - 2009-04-05 18:05 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-25 20:00 - 2008-10-01 17:06 - 00059904 _____ C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-19 16:04 - 2013-05-29 20:31 - 00001931 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-13 03:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-13 03:26 - 2011-12-27 17:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-13 03:02 - 2008-08-01 10:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-12 02:59 - 2013-08-14 17:52 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 02:46 - 2006-11-02 11:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Files to move or delete:
====================
C:\Users\Nadine\CarryItEasy.exe


Some content of TEMP:
====================
C:\Users\Nadine\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 15:39

==================== End Of Log ============================
--- --- ---

--- --- ---


Und sieht es noch sehr schlimm aus?

Gruß
Nadine

Und nochmals danke für die permanente Hilfe.

schrauber 12.11.2013 12:21
Java, Adobe, Firefox und WIndows updaten.

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

zim 13.11.2013 09:39
Hallo,

ja es funktioniert alles wunderbar, nochmal vielen vielen Dank.
Den Blog habe ich gelesen und verstanden was ich falsch gemacht habe.
Den anderen Link (Bill Castner) kann ich leider nicht öffnen.
Die Addons habe ich mir installiert und mein System werde ich jetzt auch zusätzlich zu meinem Virenscanner regelmäßig prüfen und alles auf dem aktuellen Stand halten, jetzt weiß ich ja worauf ich achten muss.

Danke :dankeschoen:

Gruß
Nadine

schrauber 13.11.2013 16:00
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131