| |
| |||||||
Log-Analyse und Auswertung: Verdacht eine verseuchte E-Mail geöffnet zu haben.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.03.2014, 14:47
| #1 |
| |  Verdacht eine verseuchte E-Mail geöffnet zu haben. E-Mail von einer Bekannten, mit sinnvollem Betreff erweist sich als Fake. Der Anhang wurde bereits heruntergeladen und geöffnet. PC ist seit längerem langsam und unternimmt Aktivitäten, die nicht nachvollziehbar sind. Angehängte Logs: Frst-txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Nasenhirsch (administrator) on NOBBI on 16-03-2014 13:04:46
Running from C:\Users\Nasenhirsch\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-14] (APN)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [Norton Download Manager{N360P202122-SHPD-FSD31014}] - C:\Users\Public\Downloads\Norton\{N360P202122-SHPD-FSD31014}\N360Downloader.exe [916616 2013-01-30] (Symantec Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\Run: [Google Update] - C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-17] (Google Inc.)
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: {15286aa8-17c8-11df-9da5-001636f061ef} - F:\installer.exe
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: {22bab632-b32c-11de-90a1-001636f061ef} - F:\installer.exe
HKU\S-1-5-21-2032705600-1806180853-2340890793-1000\...\MountPoints2: {7c48f2ac-c85b-11de-8a2d-001636f061ef} - G:\LaunchU3.exe -a
==================== Internet (Whitelisted) ====================
ProxyServer: proxy.fh-muenster.de:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ecosia.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop
URLSearchHook: HKCU - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
SearchScopes: HKLM - {C34E0C95-69B8-4CC0-BA56-B7E865B71427} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {08B2520D-73E6-4F25-AE60-5C92FAE59C83} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0EB39B9B-F2E3-4BEF-995C-7B473D61F12D&apn_sauid=C5B3DBF5-46AC-4568-94B9-F75EB59269AF
SearchScopes: HKCU - {AF5E2404-1058-492C-82AC-A7334F8E5563} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
SearchScopes: HKCU - {BE9654C9-9D79-42ec-B55A-3CAEB12DBF58} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {C34E0C95-69B8-4CC0-BA56-B7E865B71427} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default
FF SearchEngineOrder.1: Ask.com
FF NetworkProxy: "backup.ftp", "proxy.fh-muenster.de"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "proxy.fh-muenster.de"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "proxy.fh-muenster.de"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "proxy.fh-muenster.de"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "proxy.fh-muenster.de"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.fh-muenster.de"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "proxy.fh-muenster.de"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin - C:\Program Files\Java\jre6\bin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Nasenhirsch\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Nasenhirsch\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Evernote Web Clipper - C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-01-16]
FF Extension: BibSonomy Buttons - C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\Extensions\buttons@bibsonomy.org.xpi [2012-12-06]
FF Extension: Google Toolbar for Firefox - C:\Users\Nasenhirsch\AppData\Roaming\Mozilla\Firefox\Profiles\om9lfhxc.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}.xpi [2008-03-02]
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2014-02-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFF [2013-10-10]
Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-09-02]
CHR Extension: (Norton Identity Protection) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-08-29]
CHR Extension: (Google Wallet) - C:\Users\Nasenhirsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\Exts\Chrome.crx [2013-06-15]
CHR HKLM\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2014-02-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-14] (APN LLC.)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2006-11-25] ()
R2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2006-11-25] ()
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984 2006-12-04] (Hewlett-Packard)
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X]
S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
==================== Drivers (Whitelisted) ====================
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-06-28] (Hewlett-Packard Development Company, L.P.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-02] (Symantec Corporation)
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-19] (Conexant Systems Inc.)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [99968 2009-02-09] (Guillemot Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20140314.001\IDSvix86.sys [395992 2014-03-06] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20140315.009\NAVENG.SYS [93272 2014-03-03] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20140315.009\NAVEX15.SYS [1612376 2014-03-03] (Symantec Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (PixArt Imaging Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S3 usbsermpt; C:\Windows\System32\DRIVERS\usbsermpt.sys [22768 2007-03-03] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-16 13:05 - 2014-03-16 13:05 - 00380416 _____ () C:\Users\Nasenhirsch\Downloads\Gmer-19357.exe
2014-03-16 12:55 - 2014-03-16 13:04 - 00033099 _____ () C:\Users\Nasenhirsch\Downloads\Addition.txt
2014-03-16 12:53 - 2014-03-16 13:06 - 00020908 _____ () C:\Users\Nasenhirsch\Downloads\FRST.txt
2014-03-16 12:52 - 2014-03-16 13:04 - 00000000 ____D () C:\FRST
2014-03-16 12:51 - 2014-03-16 12:51 - 01145856 _____ (Farbar) C:\Users\Nasenhirsch\Downloads\FRST.exe
2014-03-16 12:48 - 2014-03-16 12:50 - 00000484 _____ () C:\Users\Nasenhirsch\Downloads\defogger_disable.log
2014-03-16 12:48 - 2014-03-16 12:48 - 00000000 _____ () C:\Users\Nasenhirsch\defogger_reenable
2014-03-16 12:47 - 2014-03-16 12:47 - 00050477 _____ () C:\Users\Nasenhirsch\Downloads\Defogger.exe
2014-03-16 12:39 - 2014-03-16 12:39 - 00000796 _____ () C:\Windows\setupact.log
2014-03-16 12:39 - 2014-03-16 12:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-16 09:46 - 2014-03-16 09:49 - 00000000 ____D () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333
2014-03-16 09:43 - 2014-03-16 09:43 - 00131402 _____ () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333.zip
2014-03-12 19:17 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 19:17 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 19:17 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 19:17 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 19:17 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 19:17 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 19:17 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-12 19:17 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 19:17 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 19:17 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 19:17 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 19:17 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 19:17 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-12 19:17 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 19:17 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-12 19:17 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 16:28 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 16:28 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 16:28 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 16:28 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-18 19:08 - 2014-02-18 19:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-03-16 13:06 - 2014-03-16 12:53 - 00020908 _____ () C:\Users\Nasenhirsch\Downloads\FRST.txt
2014-03-16 13:05 - 2014-03-16 13:05 - 00380416 _____ () C:\Users\Nasenhirsch\Downloads\Gmer-19357.exe
2014-03-16 13:04 - 2014-03-16 12:55 - 00033099 _____ () C:\Users\Nasenhirsch\Downloads\Addition.txt
2014-03-16 13:04 - 2014-03-16 12:52 - 00000000 ____D () C:\FRST
2014-03-16 12:51 - 2014-03-16 12:51 - 01145856 _____ (Farbar) C:\Users\Nasenhirsch\Downloads\FRST.exe
2014-03-16 12:50 - 2014-03-16 12:48 - 00000484 _____ () C:\Users\Nasenhirsch\Downloads\defogger_disable.log
2014-03-16 12:48 - 2014-03-16 12:48 - 00000000 _____ () C:\Users\Nasenhirsch\defogger_reenable
2014-03-16 12:48 - 2007-03-03 14:41 - 00000000 ____D () C:\Users\Nasenhirsch
2014-03-16 12:47 - 2014-03-16 12:47 - 00050477 _____ () C:\Users\Nasenhirsch\Downloads\Defogger.exe
2014-03-16 12:46 - 2012-07-18 07:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-16 12:41 - 2012-08-29 13:22 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000UA.job
2014-03-16 12:41 - 2007-03-04 06:26 - 01729787 _____ () C:\Windows\WindowsUpdate.log
2014-03-16 12:41 - 2006-11-02 11:33 - 01567294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 12:39 - 2014-03-16 12:39 - 00000796 _____ () C:\Windows\setupact.log
2014-03-16 12:39 - 2014-03-16 12:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-16 12:11 - 2010-02-04 17:46 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-16 12:09 - 2012-08-29 13:22 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000Core.job
2014-03-16 11:36 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 11:36 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 11:16 - 2012-04-13 08:10 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\LBV
2014-03-16 11:15 - 2012-08-29 13:27 - 00002064 _____ () C:\Users\Nasenhirsch\Desktop\Google Chrome.lnk
2014-03-16 09:49 - 2014-03-16 09:46 - 00000000 ____D () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333
2014-03-16 09:44 - 2010-02-04 17:46 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-16 09:43 - 2014-03-16 09:43 - 00131402 _____ () C:\Users\Nasenhirsch\Downloads\attachments_20140316094333.zip
2014-03-13 19:46 - 2012-04-06 12:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-13 19:46 - 2011-05-21 19:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-13 11:53 - 2012-06-13 09:42 - 00002591 _____ () C:\Users\Nasenhirsch\Desktop\Microsoft Office Word 2007.lnk
2014-03-13 06:50 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-13 06:28 - 2011-06-20 18:07 - 00004892 _____ () C:\Users\Nasenhirsch\AppData\Local\d3d9caps.dat
2014-03-12 20:19 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-12 20:18 - 2006-11-02 13:47 - 00312720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 20:15 - 2008-09-25 07:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 20:15 - 2006-12-20 22:21 - 02164120 _____ () C:\Windows\PFRO.log
2014-03-12 19:38 - 2006-12-20 21:42 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-12 19:38 - 2006-11-02 14:01 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-12 19:32 - 2009-07-16 19:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 19:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-12 19:06 - 2009-10-28 20:13 - 00000000 ____D () C:\Users\Nasenhirsch\AppData\Roaming\Skype
2014-03-10 18:11 - 2010-06-25 15:52 - 00000000 ____D () C:\Users\Nasenhirsch\AppData\Local\Audible
2014-03-09 11:13 - 2012-06-13 09:41 - 00002633 _____ () C:\Users\Nasenhirsch\Desktop\Microsoft Office PowerPoint 2007.lnk
2014-03-08 08:41 - 2012-11-27 17:56 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\Mäusestrategie
2014-03-06 20:21 - 2007-03-03 15:55 - 00019860 _____ () C:\Users\Nasenhirsch\AppData\Roaming\wklnhst.dat
2014-03-01 16:18 - 2011-06-07 16:51 - 00000000 ____D () C:\Users\Nasenhirsch\Documents\Studium
2014-02-28 08:16 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-23 17:56 - 2012-08-09 07:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-23 06:50 - 2014-03-12 19:17 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 06:47 - 2014-03-12 19:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 06:43 - 2014-03-12 19:17 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 06:41 - 2014-03-12 19:17 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 06:40 - 2014-03-12 19:17 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 06:39 - 2014-03-12 19:17 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 06:38 - 2014-03-12 19:17 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 06:38 - 2014-03-12 19:17 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 06:38 - 2014-03-12 19:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 06:37 - 2014-03-12 19:17 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 06:37 - 2014-03-12 19:17 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 06:37 - 2014-03-12 19:17 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 06:37 - 2014-03-12 19:17 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 06:36 - 2014-03-12 19:17 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 06:36 - 2014-03-12 19:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 06:35 - 2014-03-12 19:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-18 19:09 - 2014-02-18 19:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 04:17 - 2013-08-10 08:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 03:53 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
Some content of TEMP:
====================
C:\Users\Nasenhirsch\AppData\Local\Temp\ose00000.exe
C:\Users\Nasenhirsch\AppData\Local\Temp\_isA37A.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Nasenhirsch at 2014-03-16 13:09:35
Running from C:\Users\Nasenhirsch\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton 360 Premier Edition (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier Edition (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C0A03}) (Version: 12.10.3.28 - APN, LLC) <==== ATTENTION
ASL_HS_Installer32 (Version: 1.0.9 - Hewlett-Packard) Hidden
AudibleManager (HKLM\...\AudibleManager) (Version: 99881261.-2.2005037174.2005036188 - Audible, Inc.)
Christmas Eve (HKLM\...\Christmas Eve) (Version: - )
Citavi (HKLM\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.1.15.0 - Swiss Academic Software)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - )
Dia (nur entfernen) (HKLM\...\Dia) (Version: - )
Diagram Designer (HKLM\...\Diagram Designer) (Version: - )
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.2.0.0 - )
EPSON Easy Photo Print (HKLM\...\{B8890B12-4E4C-4E53-9ECB-96193BBA7767}) (Version: 1.4.0.0 - )
EPSON File Manager (HKLM\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON Print CD (HKLM\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.50.000 - )
EPSON PRINT Image Framer Tool (HKLM\...\{956673F5-0C6B-4428-A5D1-277AF533E098}) (Version: 3.2.0.0 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version: - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
ESPRX560_590 Benutzerhandbuch (HKLM\...\ESPRX560_590 Benutzerhandbuch) (Version: - )
Falk Navi-Manager (HKLM\...\{3222B0CE-59C5-4CA0-B545-2B88F200756B}) (Version: 2.8.0 - Falk Navigation GmbH)
Falk Navi-Manager (Version: 2.2.0.0 - Falk Navigation GmbH) Hidden
Free Xmas Screensaver 1.0 (HKLM\...\Free Xmas Screensaver_is1) (Version: - )
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Hewlett-Packard Active Check (Version: 1.1.4.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent (Version: 2.0.55.0 - HP) Hidden
HP Active Support Library (Version: 1.0.21 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP Help and Support (HKLM\...\{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}) (Version: 1.0.0 - Hewlett-Packard)
HP Quick Launch Buttons 6.10 B9 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.10 B9 - Hewlett-Packard)
HP QuickPlay 3.0 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.007 - Hewlett-Packard)
HP User Guide 0048 (HKLM\...\{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}) (Version: 1.02.0004 - Ihr Firmenname)
HP Wireless Assistant (HKLM\...\{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}) (Version: 3.00 B2 - Hewlett-Packard)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
iTunes (HKLM\...\{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}) (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version: - )
LevelOne Media Control Embedded (HKLM\...\LevelOne Media Control Embedded) (Version: 1.0.1.18 - )
LightScribe 1.4.124.1 (Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 Trial (HKLM\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Reader (HKLM\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - )
Microsoft Reader Text-to-Speech deutsch (HKLM\...\{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}) (Version: 01.00.0000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetObjects Fusion 12.0 (HKLM\...\{5434DE40-0848-49BF-8BDC-94BAE7A33041}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (Version: 12.00.5000.5041 - NetObjects) Hidden
Norton 360 Premier Edition (HKLM\...\N360) (Version: 20.4.0.40 - Symantec Corporation)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)
phase-6-basic 2.1.2.4b (HKLM\...\phase-6-basic) (Version: 2.1.2.4b - phase-6)
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synthesia (HKLM\...\Synthesia) (Version: 8.4 - Synthesia LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile® Device Handbook (HKLM\...\Windows Mobile Device Handbook) (Version: 1.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
==================== Restore Points =========================
08-02-2014 17:21:51 Norton 360 Registry Clean
14-02-2014 02:01:07 Windows Update
25-02-2014 16:24:46 Windows Update
27-02-2014 20:34:23 Windows Update
28-02-2014 06:20:37 Windows Update
12-03-2014 18:09:45 Windows Update
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0736AD87-88F2-4D1A-A9AA-F154A04BCFF7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000UA => C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3B7E399F-44BC-4BAF-9655-96A9DED46522} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000Core => C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {440FB657-B19B-46F8-9B15-AE1CF1E6857E} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {66B91388-8448-4F3E-8A95-532768A0F6D3} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {70E4AD9A-E437-407F-8E80-BF16EB7F09CE} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade
Task: {72E9C998-3454-4CCE-87AA-9D65C6AB8CE1} - System32\Tasks\{74BCCAEC-F60E-40BC-8E6E-1446A36020CD} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {8B2E00DF-4951-4337-B030-C49F443D3219} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: {9A9F7034-69AF-41CE-A4B5-CA09D08B85BD} - System32\Tasks\Datenträgerbereinigung => C:\Windows\System32\cleanmgr.exe [2006-11-02] (Microsoft Corporation)
Task: {A389AFAC-E184-4C7C-9FAA-0EE5CB4634A6} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {A78504D5-82C1-420D-B69D-C4C79DAD4EB5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {B9A443D6-0AF4-4441-B920-0BDBD863407A} - System32\Tasks\{EC42D3EA-239A-4518-B460-4DE913B419F3} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {B9E96C21-9F53-4688-88FD-6DE924BE01EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {D92F8D56-0C34-4250-A31D-F4B54B3520F7} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {DB38DD90-2678-45A2-B422-A708CCCFE061} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {FA0091BE-8CAC-485C-80BC-CF6F93DBC46D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000Core.job => C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2032705600-1806180853-2340890793-1000UA.job => C:\Users\Nasenhirsch\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-16 14:39:28
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHV2120BH_PL rev.892C 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\NASENH~1\AppData\Local\Temp\pxldqpog.sys
---- System - GMER 2.1 ----
SSDT 86A34E40 ZwAlertResumeThread
SSDT 86A34ED8 ZwAlertThread
SSDT 86A317A0 ZwAllocateVirtualMemory
SSDT 86A50008 ZwAlpcConnectPort
SSDT 86A348B8 ZwAssignProcessToJobObject
SSDT 86A34C68 ZwCreateMutant
SSDT 86A4DB08 ZwCreateSymbolicLinkObject
SSDT 86A2F198 ZwCreateThread
SSDT 86A34950 ZwDebugActiveProcess
SSDT 86A2D918 ZwDuplicateObject
SSDT 86A2F820 ZwFreeVirtualMemory
SSDT 86A34D10 ZwImpersonateAnonymousToken
SSDT 86A34DA8 ZwImpersonateThread
SSDT 86A50F90 ZwLoadDriver
SSDT 86A2F788 ZwMapViewOfSection
SSDT 86A34BD0 ZwOpenEvent
SSDT 86A4BE78 ZwOpenProcess
SSDT 86A2D470 ZwOpenProcessToken
SSDT 86A34AA0 ZwOpenSection
SSDT 86A4B608 ZwOpenThread
SSDT 86A34810 ZwProtectVirtualMemory
SSDT 86A34F70 ZwResumeThread
SSDT 86A34330 ZwSetContextThread
SSDT 86A343C8 ZwSetInformationProcess
SSDT 86A349E8 ZwSetSystemInformation
SSDT 86A34B38 ZwSuspendProcess
SSDT 86A34200 ZwSuspendThread
SSDT 86AB09A0 ZwTerminateProcess
SSDT 86A34298 ZwTerminateThread
SSDT 86A34450 ZwUnmapViewOfSection
SSDT 86A31970 ZwWriteVirtualMemory
SSDT 86A4DB90 ZwCreateThreadEx
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 826F0768 8 Bytes [40, 4E, A3, 86, D8, 4E, A3, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 826F077C 4 Bytes [A0, 17, A3, 86]
.text ntkrnlpa.exe!KeSetEvent + 13D 826F0788 4 Bytes [08, 00, A5, 86]
.text ntkrnlpa.exe!KeSetEvent + 191 826F07DC 4 Bytes [B8, 48, A3, 86]
.text ntkrnlpa.exe!KeSetEvent + 1F5 826F0840 4 Bytes [68, 4C, A3, 86]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641c78965
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641c78965 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
| Themen zu Verdacht eine verseuchte E-Mail geöffnet zu haben. |
| browser, chromium, desktop, e-mail, email, entfernen, error, excel, firefox, flash player, google, helper, home, homepage, langsam, mozilla, port, registry, rundll, scan, security, software, svchost.exe, symantec, system, tracker, windows |
Baum-Darstellung