Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Angriff von Sweet Orange Exploit KIt Website

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.12.2013, 15:56   #1
Lilly06
 
Angriff von Sweet Orange Exploit KIt Website - Standard

Angriff von Sweet Orange Exploit KIt Website



Hallo,

Mein Norton hat einen Angriff von Sweet Orange Exploit KIt Website geblockt.
Nach dem Verlaufsprotokoll wurde er verursacht durch
\DEVICE\\Harddiskvolume2\Program FFiles (x86)\MOZILLA FIREFOX.EXE.
(siehe Anhang)

Vorher wurde das neue Firefox über ein automatisches update installiert. Firefox habe ich ursprünglich über die Mozilla-Seite installiert, also mit automatischer update-Einstellung.

Norton hat nach einem scan zwar keine Risiken gefunden.
Ich kenne mich mit Viren aber nicht so gut aus. ISt mein System jetzt wirklich sicher und vor weiteren Angriffen geschützt? Wenn ich das richtig verstehe, ist doch diese FIREFOX.EXE-Datei eine Anwendung die das neue Firefox installiert hat, oder? Aber müsste die nicht eben Sicherheitslücken schließen und nicht neue schaffen?

Habe ein OTL-Log erstellen lassen:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.12.2013 10:54:27 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,97 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,97% Memory free
7,93 Gb Paging File | 6,48 Gb Available in Paging File | 81,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 374,39 Gb Free Space | 80,40% Space Free | Partition Type: NTFS
Drive D: | 2,52 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.12.21 10:08:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL(1).exe
PRC - [2013.10.08 13:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
PRC - [2013.05.21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe


========== Modules (No Company Name) ==========

MOD - [2012.05.30 15:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.4.0.10\wincfi39.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013.11.26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.12.20 11:47:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.10.08 13:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe -- (NIS)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.05.21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe -- (NCO)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.10.30 12:03:57 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.09.27 04:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Sy mEFA64.sys -- (SymEFA)
DRV:64bit: - [2013.09.27 03:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Ir onx64.sys -- (SymIRON)
DRV:64bit: - [2013.09.27 03:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\sr tsp64.sys -- (SRTSP)
DRV:64bit: - [2013.09.26 04:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\sy mnets.sys -- (SymNetS)
DRV:64bit: - [2013.09.26 03:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\cc Setx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013.09.10 03:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Sy mDS64.sys -- (SymDS)
DRV:64bit: - [2013.09.10 02:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\sr tspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.04.16 03:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD04000.00A\c csetx64.sys -- (ccSet_NST)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.10 15:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.06.26 15:14:30 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.06.26 15:14:30 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.05.18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.08.25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.07.22 12:37:32 | 000,125,888 | ---- | M] (SlSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\An.sys -- (An)
DRV:64bit: - [2010.03.22 17:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.01 18:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Vlone.sys -- (Vlone)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.10.21 10:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic)
DRV:64bit: - [2008.10.21 10:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008.10.21 10:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5)
DRV:64bit: - [2008.10.21 10:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008.10.21 10:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV:64bit: - [2008.10.21 10:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008.10.21 10:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus)
DRV:64bit: - [2008.06.16 18:02:16 | 000,015,408 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV:64bit: - [2006.10.31 08:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV - [2013.12.20 11:10:46 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDef s\20131220.008\EX64.SYS -- (NAVEX15)
DRV - [2013.12.20 11:10:46 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDef s\20131220.008\ENG64.SYS -- (NAVENG)
DRV - [2013.12.13 10:16:22 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\ 20131220.001\IDSvia64.sys -- (IDSVia64)
DRV - [2013.12.03 19:27:32 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs \20131203.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.11.21 09:55:49 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.11.21 09:55:49 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010.07.22 12:37:32 | 000,125,888 | ---- | M] (SlSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\An.sys -- (An)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.06.16 09:02:34 | 000,017,024 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2006.10.31 08:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-90666532-1920636458-2999453760-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-90666532-1920636458-2999453760-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-90666532-1920636458-2999453760-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-90666532-1920636458-2999453760-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 DC FC 6E 1C 45 CE 01 [binary data]
IE - HKU\S-1-5-21-90666532-1920636458-2999453760-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-90666532-1920636458-2999453760-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-90666532-1920636458-2999453760-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google"
FF - prefs.js..extensions.enabledAddons: DailymotionVideoDownloader%40PeterOlayev.com:1.0.5
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:3.1.1030
FF - prefs.js..extensions.enabledAddons: YoutubeDownloader%40PeterOlayev.com:2.2.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.7
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.6.2.3
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.4.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_90 0_170.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_90 0_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144 .dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.1.33\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2013.12.21 10:02:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013.10.30 12:05:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 11:47:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 11:47:07 | 000,000,000 | ---D | M]

[2013.01.16 13:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.12.17 20:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profi les\bzcbaizw.default\extensions
[2013.04.08 09:19:10 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profi les\bzcbaizw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013.12.14 00:24:31 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profi les\bzcbaizw.default\extensions\donottrackplus@abi ne.com
[2013.10.29 09:04:40 | 000,020,469 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\extensions\DailymotionVideoDo wnloader@PeterOlayev.com.xpi
[2013.06.07 17:00:27 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\extensions\elemhidehelper@adb lockplus.org.xpi
[2013.11.06 16:23:28 | 001,338,622 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\extensions\firefox@ghostery.c om.xpi
[2013.08.18 15:55:20 | 000,217,068 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\extensions\spam@trashmail.net .xpi
[2013.12.17 20:29:56 | 000,072,921 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\extensions\YoutubeDownloader@ PeterOlayev.com.xpi
[2013.12.03 20:43:40 | 000,535,138 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.10.10 12:47:08 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\prof iles\bzcbaizw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.07 20:57:44 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.12.20 13:07:08 | 000,002,482 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profi les\bzcbaizw.default\searchplugins\safesearch.xml
[2013.12.20 11:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.12.20 11:47:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.12.21 10:02:49 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\COFFPLGN
[2013.10.30 12:05:51 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{51AF53B7-ABE9-430B-97A3-D7FE4AB677FD}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DL L (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DL L (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.06.25 15:26:00 | 000,192,512 | R--- | M] () - D:\AutoStarter.exe -- [ CDFS ]
O32 - AutoRun File - [2006.04.24 10:57:26 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006.06.15 12:47:56 | 000,578,656 | R--- | M] () - D:\autostart.bmp -- [ CDFS ]
O32 - AutoRun File - [2006.07.06 15:10:28 | 000,001,502 | R--- | M] () - D:\autostart.dat -- [ CDFS ]
O32 - AutoRun File - [2006.06.14 07:26:50 | 000,001,132 | R--- | M] () - D:\autostart.ini -- [ CDFS ]
O33 - MountPoints2\{a6048c25-3057-11e0-a2d9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a6048c25-3057-11e0-a2d9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoStarter.exe -- [2007.06.25 15:26:00 | 000,192,512 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrvonServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.12.21 10:53:54 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\***
[2013.12.20 12:29:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\***
[2013.12.20 11:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.12.10 12:55:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Foxit Reader
[2013.11.29 14:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2013.11.29 14:35:35 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
[2013.11.29 14:35:35 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2013.11.29 14:35:35 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2013.11.29 14:35:35 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2013.11.29 14:35:32 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2013.11.29 14:33:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[2013.11.29 13:43:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\kochen
[2013.11.27 12:58:52 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013.11.25 16:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.11.25 16:56:19 | 000,110,264 | ---- | C] (pdfforge GmbH) -- C:\Windows\SysNative\pdfcmon.dll
[2013.11.25 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013.11.25 16:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PDF Architect
[2013.11.25 16:12:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PDF Architect

========== Files - Modified Within 30 Days ==========

[2013.12.21 10:08:39 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.21 10:08:39 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.21 10:01:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.21 10:01:04 | 3193,888,768 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.13 15:24:05 | 001,620,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.12.13 15:24:05 | 000,699,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.12.13 15:24:05 | 000,654,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.12.13 15:24:05 | 000,149,572 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.12.13 15:24:05 | 000,122,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.12.11 16:28:14 | 000,367,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.12.05 16:42:38 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.11.29 14:36:49 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2013.11.29 14:36:23 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf08b.dat
[2013.11.29 12:41:40 | 000,002,403 | ---- | M] () -- C:\Users\***\Desktop\Druckausgabe anzeigen - Verknüpfung.lnk
[2013.11.28 11:42:40 | 001,594,028 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.11.25 16:56:22 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.11.25 11:06:11 | 000,618,912 | ---- | M] () -- C:\Users\***\Desktop\AdwCleaner - CHIP-Downloader.exe

========== Files Created - No Company Name ==========

[2013.12.05 16:42:38 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.11.29 14:36:49 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2013.11.29 12:41:40 | 000,002,403 | ---- | C] () -- C:\Users\***\Desktop\Druckausgabe anzeigen - Verknüpfung.lnk
[2013.11.27 13:01:43 | 001,594,028 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.11.25 16:56:22 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.11.25 11:06:10 | 000,618,912 | ---- | C] () -- C:\Users\***\Desktop\AdwCleaner - CHIP-Downloader.exe
[2013.06.02 11:32:03 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\Morrowind.ini
[2013.02.02 23:30:28 | 000,007,602 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2013.01.20 22:14:29 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.04 16:53:55 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011.05.17 22:51:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.04.21 11:00:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2013.12.05 16:42:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2011.04.04 12:22:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.06.24 14:32:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NewsLeecher
[2013.11.25 16:12:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect
[2011.02.27 14:56:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Writer
[2013.12.03 20:49:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2011.04.04 12:12:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2011.09.25 16:50:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\simon4
[2011.04.04 12:22:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softi Software
[2012.06.24 13:12:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.04.04 12:20:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon

========== Purity Check ==========



< End of report >
         
--- --- ---


und Malewarebytes hat nichts gefunden:

PHP-Code:
 Malwarebytes Anti-Malware 1.75.0.1300
www
.malwarebytes.org

Datenbank Version
v2013.12.21.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
*** [Administrator]

21.12.2013 12:40:04
mbam
-log-2013-12-21 (12-40-04).txt

Art des Suchlaufs
Vollständiger Suchlauf (A:\|C:\|D:\|F:\|)
Aktivierte SuchlaufeinstellungenSpeicher Autostart Registrierung Dateisystem Heuristiks/Extra HeuristiKs/Shuriken PUP PUM
Deaktivierte Suchlaufeinstellungen
P2P
Durchsuchte Objekte
362990
Laufzeit
58 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien0
(Keine bösartigen Objekte gefunden)

(
Ende
Ist mein System ok?

Bitte um Hilfe.

Lilly
Angehängte Grafiken
Dateityp: jpg Angriff_Sweet Orange.jpg (62,8 KB, 168x aufgerufen)

Alt 21.12.2013, 16:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Angriff von Sweet Orange Exploit KIt Website - Standard

Angriff von Sweet Orange Exploit KIt Website



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 21.12.2013, 21:29   #3
Lilly06
 
Angriff von Sweet Orange Exploit KIt Website - Standard

Angriff von Sweet Orange Exploit KIt Website



Hallo Cosinus,

danke für den netten Willkommensgruß!

Zitat:
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?
Nein, weder Norton, Malewarebytes oder der adwarecleaner haben etwas gefunden.



Hier das Ergebnis von FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02
Ran by *** (administrator) on *** on 21-12-2013 21:43:48
Running from C:\Users\***\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10806816 2010-04-30] (Realtek Semiconductor)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {a6048c25-3057-11e0-a2d9-806e6f6e6963} - D:\AUTOSTARTER.EXE
HKLM-x32\...\Run: [BiosNotice] - C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe [994304 2010-06-15] ()
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x06DCFC6E1C45CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default
FF SelectedSearchEngine: Google
FF Homepage: google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\donottrackplus@abine.com
FF Extension: Bitdefender QuickScan - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: Ghostery - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\firefox@ghostery.com.xpi
FF Extension: TrashMail.net - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\spam@trashmail.net.xpi
FF Extension: 1-Click YouTube Video Downloader - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF Extension: NoScript - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: BetterPrivacy - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bzcbaizw.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.1.33\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF

==================== Services (Whitelisted) =================

R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R3 An; C:\Windows\System32\Drivers\An.sys [125888 2010-07-22] (SlSoft, Inc.)
R3 An; C:\Windows\SysWow64\Drivers\An.sys [125888 2010-07-22] (SlSoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-06-26] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2006-10-31] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWow64\drivers\BIOS64.sys [14136 2006-10-31] (BIOSTAR Group)
R1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2cIo.sys [15408 2008-06-16] (BIOSTAR Group)
R1 BS_I2cIo; C:\Windows\SysWow64\drivers\BS_I2cIo.sys [17024 2008-06-16] (BIOSTAR Group)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131220.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-06-26] ()
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131220.008\ENG64.SYS [126040 2013-12-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131220.008\EX64.SYS [2099288 2013-12-20] (Symantec Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-21 21:43 - 2013-12-21 21:44 - 00014346 _____ C:\Users\***\Downloads\FRST.txt
2013-12-21 21:43 - 2013-12-21 21:43 - 00000000 ____D C:\FRST
2013-12-21 21:38 - 2013-12-21 21:38 - 02193141 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe
2013-12-21 14:14 - 2013-12-21 14:14 - 00005484 _____ C:\Users\***\Downloads\Hattenrod.html
2013-12-21 10:53 - 2013-12-21 10:53 - 00000000 ____D C:\Users\***\Documents\mflpro_c1
2013-12-21 10:08 - 2013-12-21 10:08 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(1).exe
2013-12-20 12:29 - 2013-12-20 12:29 - 00000000 ____D C:\Users\***\Documents\***
2013-12-20 11:47 - 2013-12-20 11:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 07:48 - 2013-12-20 07:48 - 03053496 ____N (Symantec Corporation) C:\Users\***\Downloads\NPE(6).exe
2013-12-20 07:47 - 2013-12-20 10:57 - 266104016 _____ C:\Users\***\Downloads\20131219-023-v5i64(1).exe
2013-12-18 11:17 - 2013-12-18 11:17 - 00407262 _____ C:\Users\***\Downloads\***
2013-12-18 11:17 - 2013-12-18 11:17 - 00406533 _____ C:\Users\***\Downloads\***
2013-12-17 14:50 - 2013-12-17 14:50 - 00003970 _____ C:\Users\***\Downloads\***
2013-12-14 00:32 - 2013-12-14 00:32 - 00910992 _____ (Symantec Corporation) C:\Users\***\Downloads\AutoDetectPkg(2).exe
2013-12-13 21:15 - 2013-12-13 21:15 - 00004148 _____ C:\Users\***\Downloads\***
2013-12-11 15:19 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 15:19 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 15:19 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 15:19 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 15:17 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 15:17 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 15:17 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 15:17 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 15:17 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 15:17 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 15:17 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 15:17 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 15:17 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 15:17 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 15:17 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 15:17 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 15:17 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 15:17 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 15:17 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 15:17 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 15:17 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 15:17 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 15:17 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 15:17 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 15:17 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 15:17 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 15:17 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 15:17 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 15:16 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 15:16 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 15:16 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 15:16 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 15:16 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 15:16 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 15:16 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 15:12 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 15:12 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 15:11 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 15:11 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 15:11 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 15:11 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 15:11 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 15:11 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 15:11 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 15:11 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 15:11 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 15:11 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 15:11 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 15:11 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 15:11 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 15:11 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 15:11 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 15:11 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 15:11 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 12:55 - 2013-12-10 12:55 - 00000000 ____D C:\Users\***\AppData\Local\Foxit Reader
2013-12-05 16:42 - 2013-12-05 16:42 - 00002050 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2013-12-05 16:40 - 2013-12-05 16:40 - 33809000 _____ (Foxit Corporation                                           ) C:\Users\***\Downloads\FoxitReader611.1025_L10N_Setup.exe
2013-12-03 21:46 - 2013-12-03 21:46 - 03057128 ____N (Symantec Corporation) C:\Users\***\Downloads\NPE(5).exe
2013-12-03 21:04 - 2013-12-03 21:04 - 01110034 _____ C:\Users\***\Downloads\adwcleaner.exe
2013-11-29 14:36 - 2013-11-29 14:36 - 00002140 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
2013-11-29 14:35 - 2008-06-17 15:33 - 00167936 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2013-11-29 14:35 - 2007-12-13 22:16 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2013-11-29 14:35 - 2007-12-13 22:16 - 00005632 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2013-11-29 14:35 - 2007-12-13 22:16 - 00003072 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2013-11-29 14:35 - 2006-12-28 13:39 - 00176128 ____N (Brother Industries, Ltd.) C:\Windows\SysWOW64\BroSNMP.dll
2013-11-29 14:33 - 2013-11-29 14:33 - 00000000 ____D C:\Users\***\AppData\Roaming\InstallShield
2013-11-29 14:26 - 2013-11-29 14:26 - 00454399 _____ (A.I.SOFT,INC.) C:\Users\***\Downloads\delinf_10160.EXE
2013-11-29 14:25 - 2013-11-29 14:25 - 45604003 _____ (A.I.SOFT,INC.) C:\Users\***\Downloads\385-INST-WIN7-A.EXE
2013-11-29 13:43 - 2013-12-02 11:21 - 00000000 ____D C:\Users\***\Documents\***
2013-11-29 12:41 - 2013-11-29 12:41 - 00002403 _____ C:\Users\***\Desktop\Druckausgabe anzeigen - Verknüpfung.lnk
2013-11-27 13:01 - 2013-11-28 11:42 - 01594028 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-25 16:56 - 2013-11-25 16:56 - 00001031 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-11-25 16:56 - 2013-11-25 16:56 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-11-25 16:56 - 2013-04-09 15:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2013-11-25 16:56 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2013-11-25 16:56 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-11-25 16:56 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-11-25 16:56 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-11-25 16:56 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-11-25 16:56 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-11-25 16:12 - 2013-11-25 16:12 - 00000000 ____D C:\Users\***\AppData\Roaming\PDF Architect
2013-11-25 16:00 - 2013-11-25 16:00 - 17810632 _____ (pdfforge GmbH) C:\Users\***\Downloads\PDFCreator-1_7_1_setup(2).exe
2013-11-25 11:18 - 2013-11-25 11:18 - 03057128 ____N (Symantec Corporation) C:\Users\***\Downloads\NPE(4).exe
2013-11-25 11:06 - 2013-11-25 11:06 - 00618912 _____ C:\Users\***\Desktop\AdwCleaner - CHIP-Downloader.exe

==================== One Month Modified Files and Folders =======

2013-12-21 21:44 - 2013-12-21 21:43 - 00014346 _____ C:\Users\***\Downloads\FRST.txt
2013-12-21 21:43 - 2013-12-21 21:43 - 00000000 ____D C:\FRST
2013-12-21 21:38 - 2013-12-21 21:38 - 02193141 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe
2013-12-21 21:24 - 2013-05-07 12:44 - 00000000 ____D C:\Users\***\Documents\***
2013-12-21 21:11 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-21 21:11 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-21 21:08 - 2011-02-04 13:26 - 01584586 _____ C:\Windows\WindowsUpdate.log
2013-12-21 21:07 - 2009-07-14 05:51 - 00208778 _____ C:\Windows\setupact.log
2013-12-21 21:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-21 16:33 - 2013-08-20 12:25 - 00075756 _____ C:\Users\***\Downloads\OTL.Txt
2013-12-21 15:09 - 2013-03-29 17:22 - 00000000 ____D C:\Users\***\AppData\Roaming\QuickScan
2013-12-21 14:14 - 2013-12-21 14:14 - 00005484 _____ C:\Users\***\Downloads\***
2013-12-21 13:57 - 2013-09-15 17:37 - 00000000 ____D C:\AdwCleaner
2013-12-21 10:53 - 2013-12-21 10:53 - 00000000 ____D C:\Users\***\Documents\mflpro_c1
2013-12-21 10:08 - 2013-12-21 10:08 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(1).exe
2013-12-20 13:35 - 2012-03-22 22:45 - 00000000 ____D C:\Users\***\AppData\Local\NPE
2013-12-20 13:30 - 2013-07-07 16:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 12:29 - 2013-12-20 12:29 - 00000000 ____D C:\Users\***\Documents\***
2013-12-20 12:28 - 2013-07-26 13:01 - 00000000 ____D C:\Users\***\Documents\***
2013-12-20 11:47 - 2013-12-20 11:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 10:57 - 2013-12-20 07:47 - 266104016 _____ C:\Users\***\Downloads\20131219-023-v5i64(1).exe
2013-12-20 07:48 - 2013-12-20 07:48 - 03053496 ____N (Symantec Corporation) C:\Users\***\Downloads\NPE(6).exe
2013-12-18 12:31 - 2013-09-17 11:28 - 00000000 ____D C:\Users\***\Documents\***
2013-12-18 11:17 - 2013-12-18 11:17 - 00407262 _____ C:\Users\***\Downloads\***
2013-12-18 11:17 - 2013-12-18 11:17 - 00406533 _____ C:\Users\***\Downloads\***
2013-12-17 18:54 - 2011-02-04 13:38 - 04478526 _____ C:\Windows\PFRO.log
2013-12-17 14:50 - 2013-12-17 14:50 - 00003970 _____ C:\Users\***\Downloads\***
2013-12-14 00:32 - 2013-12-14 00:32 - 00910992 _____ (Symantec Corporation) C:\Users\***\Downloads\AutoDetectPkg(2).exe
2013-12-14 00:28 - 2013-08-11 17:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-14 00:28 - 2013-08-11 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-14 00:28 - 2013-06-29 21:57 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-12-14 00:08 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-13 21:15 - 2013-12-13 21:15 - 00004148 _____ C:\Users\***\Downloads\***
2013-12-13 15:35 - 2013-02-18 22:56 - 00000000 ____D C:\Users\***\Documents\***
2013-12-13 15:24 - 2009-07-14 18:58 - 00699432 _____ C:\Windows\system32\perfh007.dat
2013-12-13 15:24 - 2009-07-14 18:58 - 00149572 _____ C:\Windows\system32\perfc007.dat
2013-12-13 15:24 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-13 13:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 23:30 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 16:28 - 2009-07-14 05:45 - 00367224 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 15:18 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2013-12-11 15:16 - 2013-07-12 08:10 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 15:14 - 2011-02-04 14:14 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-10 12:55 - 2013-12-10 12:55 - 00000000 ____D C:\Users\***\AppData\Local\Foxit Reader
2013-12-07 11:48 - 2013-05-23 08:58 - 00000000 ____D C:\Users\***\Documents\***
2013-12-05 16:42 - 2013-12-05 16:42 - 00002050 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2013-12-05 16:42 - 2013-01-27 11:25 - 00000000 ____D C:\Users\***\AppData\Roaming\Foxit Software
2013-12-05 16:42 - 2011-02-04 17:15 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-12-05 16:40 - 2013-12-05 16:40 - 33809000 _____ (Foxit Corporation                                           ) C:\Users\***\Downloads\FoxitReader611.1025_L10N_Setup.exe
2013-12-05 16:39 - 2013-01-16 13:56 - 00000000 ____D C:\ProgramData\Adobe
2013-12-05 16:14 - 2011-02-04 13:42 - 00000000 ____D C:\Users\***\AppData\Roaming\Adobe
2013-12-03 21:46 - 2013-12-03 21:46 - 03057128 ____N (Symantec Corporation) C:\Users\***\Downloads\NPE(5).exe
2013-12-03 21:04 - 2013-12-03 21:04 - 01110034 _____ C:\Users\***\Downloads\adwcleaner.exe
2013-12-02 11:21 - 2013-11-29 13:43 - 00000000 ____D C:\Users\***\Documents\***
2013-12-01 17:27 - 2013-03-09 18:35 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-11-29 14:36 - 2013-11-29 14:36 - 00002140 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
2013-11-29 14:36 - 2011-02-16 21:14 - 00000050 _____ C:\Windows\system32\bridf08b.dat
2013-11-29 14:35 - 2011-02-16 21:14 - 00000000 ____D C:\Program Files (x86)\Brother
2013-11-29 14:35 - 2011-02-04 13:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-29 14:33 - 2013-11-29 14:33 - 00000000 ____D C:\Users\***\AppData\Roaming\InstallShield
2013-11-29 14:26 - 2013-11-29 14:26 - 00454399 _____ (A.I.SOFT,INC.) C:\Users\***\Downloads\delinf_10160.EXE
2013-11-29 14:25 - 2013-11-29 14:25 - 45604003 _____ (A.I.SOFT,INC.) C:\Users\***\Downloads\385-INST-WIN7-A.EXE
2013-11-29 12:41 - 2013-11-29 12:41 - 00002403 _____ C:\Users\***\Desktop\***
2013-11-28 11:42 - 2013-11-27 13:01 - 01594028 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-26 12:54 - 2013-12-11 15:17 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-11 15:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-11 15:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-11 15:16 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-11 15:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-11 15:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-11 15:17 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-11 15:17 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-11 15:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-11 15:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-11 15:17 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-11 15:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-11 15:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-11 15:17 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-11 15:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-11 15:17 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-11 15:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-11 15:16 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-11 15:17 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-11 15:17 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-11 15:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-11 15:16 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-11 15:16 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-11 15:16 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-11 15:16 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-11 15:17 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-11 15:17 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-11 15:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-11 15:17 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-11 15:17 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-11 15:17 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-25 16:56 - 2013-11-25 16:56 - 00001031 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-11-25 16:56 - 2013-11-25 16:56 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-11-25 16:12 - 2013-11-25 16:12 - 00000000 ____D C:\Users\***\AppData\Roaming\PDF Architect
2013-11-25 16:00 - 2013-11-25 16:00 - 17810632 _____ (pdfforge GmbH) C:\Users\***\Downloads\PDFCreator-1_7_1_setup(2).exe
2013-11-25 11:18 - 2013-11-25 11:18 - 03057128 ____N (Symantec Corporation) C:\Users\***\Downloads\NPE(4).exe
2013-11-25 11:06 - 2013-11-25 11:06 - 00618912 _____ C:\Users\***\Desktop\AdwCleaner - CHIP-Downloader.exe
2013-11-23 19:26 - 2013-12-11 15:11 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-11 15:11 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\AutoRun.exe
C:\Users\***\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\***\AppData\Local\Temp\Checkupdate.exe
C:\Users\***\AppData\Local\Temp\eauninstall.exe
C:\Users\***\AppData\Local\Temp\First15.exe
C:\Users\***\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\***\AppData\Local\Temp\Foxit Updater.exe
C:\Users\***\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\***\AppData\Local\Temp\gcapi_dll.dll
C:\Users\***\AppData\Local\Temp\gtapi_signed.dll
C:\Users\***\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\***\AppData\Local\Temp\SkypeSetup.exe
C:\Users\***\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\***\AppData\Local\Temp\VP6Install.exe
C:\Users\***\AppData\Local\Temp\VP6VFW.dll
C:\Users\***\AppData\Local\Temp\_is6E52.exe
C:\Users\***\AppData\Local\Temp\_isA273.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-21 15:40

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---


und addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2013 02
Ran by *** at 2013-12-21 21:44:25
Running from C:\Users\***\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.4.144)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
BIOS Update (x32)
BiosNotice (x32)
Black & White® 2 (x32 Version: 1.00.0000)
Brother MFL-Pro Suite DCP-385C (x32 Version: 1.0.1.0)
Bullzip PDF Printer 7.1.0.1212
CloneDVD2 (x32 Version: 2.9.2.8)
CloudReading (x32 Version: 1.0.27.1025)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
D3DX10 (x32 Version: 15.4.2368.0902)
Fotogalerie (x32 Version: 16.4.3505.0912)
Foxit Reader (x32 Version: 6.1.1.1025)
Geheimakte Tunguska (x32 Version: 1.03.02)
GPL Ghostscript Lite 8.70 (x32)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
Maniac Mansion Deluxe (x32)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0)
Mozilla Maintenance Service (x32 Version: 26.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 8 Micro 8.3.6.0 (x32 Version: 8.3.6.0)
Norton Identity Safe (x32 Version: 2013.4.0.10)
Norton Internet Security (x32 Version: 21.1.0.18)
NVIDIA PhysX (x32 Version: 9.09.0428)
OpenAL (x32)
PDFCreator (x32 Version: 1.7.1)
Photo Gallery (x32 Version: 16.4.3505.0912)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.18.322.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6101)
ScanSoft OmniPage 16 (x32 Version: 16.1.0000)
swMSM (x32 Version: 12.0.0.1)
VirtualCloneDrive (x32)
VLC media player 2.0.6 (x32 Version: 2.0.6)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live Family Safety (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
WinRAR

==================== Restore Points  =========================

28-11-2013 10:38:27 Windows Update
29-11-2013 13:29:09 Entfernt MFL-Pro Suite
29-11-2013 13:34:16 Installiert MFL-Pro Suite
03-12-2013 19:53:13 Removed Java 7 Update 45
05-12-2013 15:38:28 Removed Adobe Reader XI (11.0.05) - Deutsch.
11-12-2013 14:12:37 Windows Update
21-12-2013 14:47:30 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1E25A00F-CB9C-47BA-89DC-CE44F8E9E373} - System32\Tasks\{3BE94CBC-6039-4F0D-9115-C89B681F4D19} => C:\Program Files (x86)\Deep Silver\Geheimakte Tunguska\AutoStarter.exe [2007-06-25] ()
Task: {1F1454B9-218A-4F7E-B0E3-5E1DD17B1249} - System32\Tasks\{618A86B2-3C45-4998-8275-F53AF1DE5F71} => C:\Program Files (x86)\Maxis\Die Sims\Sims.exe
Task: {20635A3F-8385-4CDC-87A7-8DF9E331B22E} - System32\Tasks\{9444B45B-29C1-4EF1-95CF-32E0FB22D56D} => C:\Program Files (x86)\Maxis\Die Sims\Sims.exe
Task: {20B8EC00-E00B-48FE-9F15-B289ADB1978C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {2B906CD8-FF84-480E-805C-040140F96933} - System32\Tasks\{8D53F3DE-2FF7-49A5-83D0-A528E3B373A6} => C:\Program Files (x86)\Maxis\Die Sims\Sims.exe
Task: {33B4B245-6747-420F-882A-2B8533F5206F} - System32\Tasks\{2334656E-1A58-420F-896F-F1A551CE3766} => C:\Program Files (x86)\EA GAMES\Die Sims 2 Wilde Campus-Jahre\TSBin\Sims2EP1.exe
Task: {38A71003-A295-4AB3-9E74-9B4B942F7B56} - System32\Tasks\{FC53C629-39C0-4C6D-BD05-EF87531FBCE3} => Firefox.exe 
Task: {4AE7704A-9342-4E2F-9968-CF66EB7AA649} - System32\Tasks\{97A1270B-0EE4-4A9E-B8E8-884E697A8062} => C:\Program Files (x86)\Maxis\Die Sims\Sims.exe
Task: {5CE7EB17-8153-48B0-8055-7CE0CC5F0110} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\symerr.exe [2013-05-29] (Symantec Corporation)
Task: {6056EE90-BE83-4CB3-BAA4-AA932974074B} - System32\Tasks\{090E355A-6F78-4D76-B6F8-53B1981617D7} => C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind Launcher.exe
Task: {6629154C-9DCC-4121-A835-AF76B6D2B158} - System32\Tasks\{95C69943-2913-452B-82D8-8FB8E651BDF0} => C:\Program Files (x86)\Firefly Studios\Space Colony\Space Colony.exe
Task: {95961AD6-1C6E-4DF5-B56F-75E933FC4206} - System32\Tasks\{8FE772D7-AE59-4D8F-922E-B23607BD3451} => C:\Program Files (x86)\EA GAMES\Die Sims 2\TSBin\Sims2.exe
Task: {A48E50F3-6F47-4227-8D1C-D331B1273DFD} - System32\Tasks\{553B154C-EF8E-4AE2-BCE3-32E8FA772D33} => C:\Program Files (x86)\Maxis\Die Sims\Sims.exe
Task: {ACBB0A5A-2BB5-45D5-801C-2FFC0377EB56} - System32\Tasks\{4AEA1B90-ECDE-4F2B-8131-4846248D6684} => Firefox.exe 
Task: {ADC6913D-6A96-4057-9FAD-56AC32FA2F95} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01] (Microsoft Corporation)
Task: {BBA5E870-8A35-4BFA-834E-29BAB6F14992} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {C4AF0DFF-B493-4427-9BF1-C51B561BFE47} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {CCEB6E21-9A16-4A86-9EA3-3F5EDF4B29C5} - System32\Tasks\{C45B0D8F-17D8-489C-8F6F-104BC22C04AF} => C:\Program Files (x86)\PDFCreator\PDFCreator.exe [2013-11-25] (pdfforge  GmbH)
Task: {DA1F8386-538E-4CF2-9B09-274D74121759} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\symerr.exe [2013-05-29] (Symantec Corporation)
Task: {FDE3C828-2765-4FA8-A274-FA258CB76DC4} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) =============

2013-06-18 22:12 - 2012-05-30 15:51 - 00699280 ____R () C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll
2013-06-18 22:12 - 2012-05-30 15:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.4.0.10\wincfi39.dll
2013-11-29 14:35 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-12-20 11:47 - 2013-12-20 11:47 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-14 00:28 - 2013-12-14 00:28 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2013 10:53:13 AM) (Source: Application Hang) (User: )
Description: Programm OTL(1).exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1e0

Startzeit: 01cefe2c84361eb3

Endzeit: 31

Anwendungspfad: C:\Users\***\Downloads\OTL(1).exe

Berichts-ID:

Error: (12/17/2013 02:53:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 11.0.8407.0, Zeitstempel: 0x521bd0da
Name des fehlerhaften Moduls: WINWORD.EXE, Version: 11.0.8407.0, Zeitstempel: 0x521bd0da
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001afc14
ID des fehlerhaften Prozesses: 0xa24
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3

Error: (12/17/2013 01:30:14 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/12/17 13:30:14.366]: [00003372]: Initialize TwdsMain Class failed!

Error: (12/17/2013 01:30:14 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/12/17 13:30:14.366]: [00003372]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (12/17/2013 01:30:14 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/12/17 13:30:14.350]: [00003372]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (12/17/2013 01:29:43 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/12/17 13:29:43.410]: [00000764]: Initialize TwdsMain Class failed!

Error: (12/17/2013 01:29:43 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/12/17 13:29:43.410]: [00000764]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (12/17/2013 01:29:43 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/12/17 13:29:43.410]: [00000764]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (12/17/2013 01:29:13 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/12/17 13:29:13.691]: [00000704]: Initialize TwdsMain Class failed!

Error: (12/17/2013 01:29:13 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/12/17 13:29:13.691]: [00000704]: ##### Fatal ERROR!! Create STI-device failed! #####


System errors:
=============
Error: (12/14/2013 04:44:08 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/13/2013 00:58:32 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (12/12/2013 10:15:11 PM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (12/11/2013 04:26:00 PM) (Source: DCOM) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

Error: (12/11/2013 04:25:14 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (12/11/2013 04:25:14 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/09/2013 01:20:44 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/08/2013 01:58:35 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/05/2013 01:12:16 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/05/2013 01:12:14 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.


Microsoft Office Sessions:
=========================
Error: (12/21/2013 10:53:13 AM) (Source: Application Hang)(User: )
Description: OTL(1).exe3.2.69.01e001cefe2c84361eb331C:\Users\***\Downloads\OTL(1).exe

Error: (12/17/2013 02:53:34 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE11.0.8407.0521bd0daWINWORD.EXE11.0.8407.0521bd0dac0000005001afc14a2401cefb2b66381a7eC:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE9e6fb990-6722-11e3-967d-0030679554e4

Error: (12/17/2013 01:30:14 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/12/17 13:30:14.366]: [00003372]: Initialize TwdsMain Class failed!

Error: (12/17/2013 01:30:14 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/12/17 13:30:14.366]: [00003372]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (12/17/2013 01:30:14 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/12/17 13:30:14.350]: [00003372]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (12/17/2013 01:29:43 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/12/17 13:29:43.410]: [00000764]: Initialize TwdsMain Class failed!

Error: (12/17/2013 01:29:43 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/12/17 13:29:43.410]: [00000764]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (12/17/2013 01:29:43 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/12/17 13:29:43.410]: [00000764]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (12/17/2013 01:29:13 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/12/17 13:29:13.691]: [00000704]: Initialize TwdsMain Class failed!

Error: (12/17/2013 01:29:13 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/12/17 13:29:13.691]: [00000704]: ##### Fatal ERROR!! Create STI-device failed! #####


==================== Memory info =========================== 

Percentage of memory in use: 44%
Total physical RAM: 4061.24 MB
Available physical RAM: 2241.94 MB
Total Pagefile: 8120.66 MB
Available Pagefile: 6086.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:375.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 3826559E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Viele Grüße
Lilly
__________________

Alt 22.12.2013, 21:28   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Angriff von Sweet Orange Exploit KIt Website - Standard

Angriff von Sweet Orange Exploit KIt Website



Zitat:
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Ist das ein gewerblich genutztes System?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.12.2013, 09:13   #5
Lilly06
 
Angriff von Sweet Orange Exploit KIt Website - Standard

Angriff von Sweet Orange Exploit KIt Website



Hallo cosinus,

frohe Weihnachten!

Zitat:
Ist das ein gewerblich genutztes System?
Nein, das System war so installiert als ich den PC gekauft habe. Warum?
Ist es für Private eher ungeeignet oder anfälliger für Viren? Sollte ich mir ein anderes kaufen?

Ach, und hat der Log irgendetwas ergeben?

Viele Grüße
Lilly


Alt 26.12.2013, 16:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Angriff von Sweet Orange Exploit KIt Website - Standard

Angriff von Sweet Orange Exploit KIt Website



Weil für private Zwecke ein Win7 Ultimate und ein Professional Office unüblich ist. Man muss schon einen guten Grund haben, um mehrere Hundert EUR mehr zu bezahlen nur um ein Win7 Ultimate und Professional Office zu haben.


Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Angriff von Sweet Orange Exploit KIt Website

Alt 02.01.2014, 13:48   #7
Lilly06
 
Angriff von Sweet Orange Exploit KIt Website - Standard

Angriff von Sweet Orange Exploit KIt Website



Frohes neues Jahr!

Habe malewarebytes anti-rootkit durchlaufen lassen. Ergebnis:

Congratulations, no cleanup is required!
Scan finished: No maleware found!

Da scheint ja alles noch mal gut gegangen zu sein, oder?

Viele Grüße
Lilly

Alt 02.01.2014, 14:04   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Angriff von Sweet Orange Exploit KIt Website - Standard

Angriff von Sweet Orange Exploit KIt Website



Log bitte posten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.01.2014, 20:43   #9
Lilly06
 
Angriff von Sweet Orange Exploit KIt Website - Standard

Angriff von Sweet Orange Exploit KIt Website



Hier der Log:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
*** :: *** [administrator]

02.01.2014 13:49:55
mbar-log-2014-01-02 (13-49-55).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 227271
Time elapsed: 23 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 03.01.2014, 10:54   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Angriff von Sweet Orange Exploit KIt Website - Standard

Angriff von Sweet Orange Exploit KIt Website



Gut, MBAR war auch aktuell

Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Angriff von Sweet Orange Exploit KIt Website
application/pdf:, autorun, bho, bios, dateien, defender, excel, explorer, format, logfile, malwarebytes, microsoft, mozilla, programme, realtek, registry, scan, schließen, security, software, spam, symantec, system, viren, windows, winlogon



Ähnliche Themen: Angriff von Sweet Orange Exploit KIt Website


  1. Website des ISC nach Angriff im Notbetrieb
    Nachrichten - 27.12.2014 (0)
  2. Sweet Page
    Log-Analyse und Auswertung - 04.06.2014 (1)
  3. Windows7 - Sweet Page
    Log-Analyse und Auswertung - 14.05.2014 (3)
  4. Sweet page :(
    Plagegeister aller Art und deren Bekämpfung - 13.04.2014 (9)
  5. Sweet-Page und und und.
    Plagegeister aller Art und deren Bekämpfung - 25.03.2014 (19)
  6. Windows 7: Avast meldet bei JEDER Website "schädliche Website blockiert"!
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (20)
  7. Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\
    Log-Analyse und Auswertung - 28.08.2013 (15)
  8. Exploit Toolkit Website 33
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (13)
  9. Exploit-CVE2012-1723.f und Exploit-PDF!Blacole.o gefunden
    Log-Analyse und Auswertung - 02.10.2012 (11)
  10. EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (12)
  11. Malwarebefall, mögliche Ursache: Link angeklickt "xxx.ru, der nach Angriff a. die Website angezeigt
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  12. CIA-Website nach Angriff vom Netz
    Nachrichten - 11.02.2012 (0)
  13. Angriff auf Website
    Diskussionsforum - 26.08.2011 (1)
  14. Orange Filter DB
    Netzwerk und Hardware - 16.12.2008 (4)
  15. was tun bei POP 3 Exploit Angriff ??
    Plagegeister aller Art und deren Bekämpfung - 21.04.2006 (10)
  16. infekt mit: exploit.wmf + exploit.java.ByteVerify + sploit[1].anr
    Plagegeister aller Art und deren Bekämpfung - 29.03.2006 (15)
  17. exploit-byteVerify,JS/Exploit-DialogArg.b,Exploit-mhtRedir.gen. logfile auswerten
    Log-Analyse und Auswertung - 29.10.2004 (4)

Zum Thema Angriff von Sweet Orange Exploit KIt Website - Hallo, Mein Norton hat einen Angriff von Sweet Orange Exploit KIt Website geblockt. Nach dem Verlaufsprotokoll wurde er verursacht durch \DEVICE\\Harddiskvolume2\Program FFiles (x86)\MOZILLA FIREFOX.EXE. (siehe Anhang) Vorher wurde das neue - Angriff von Sweet Orange Exploit KIt Website...
Archiv
Du betrachtest: Angriff von Sweet Orange Exploit KIt Website auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.