Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Paypal-Phising-Mail Link geöffnet

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.04.2014, 19:20   #1
Tombstone66
 
Paypal-Phising-Mail Link geöffnet - Standard

Paypal-Phising-Mail Link geöffnet



Hi, ich habe eine leider den Link in einer Paypal-Phising-Mail geklickt, aber nichts eingegeben. Jetzt frag ich mich aber, ob nicht ein drive by download stattgefunden haben könnte.

Hier sind meine Logs:

Frst.txt:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Jan (administrator) on JAN-PC on 04-04-2014 15:07:26
Running from C:\Users\Jan\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
( ) C:\Windows\system32\lxeccoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [lxecmon.exe] - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [770728 2011-01-23] ()
HKU\S-1-5-21-3007286899-939717506-3789225700-1001\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-11-29] ()
HKU\S-1-5-21-3007286899-939717506-3789225700-1001\...\Run: [StoppUhr] - [X]
HKU\S-1-5-21-3007286899-939717506-3789225700-1001\...\MountPoints2: {3ffa50c3-3718-11e2-9b03-806e6f6e6963} - F:\Autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFA46BA9226CBCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///E:/viewer/ORDcmViewCD.ocx
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\62zeoeim.default
FF NetworkProxy: "ftp", "81.201.58.160"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "81.201.58.160"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "81.201.58.160"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "81.201.58.160"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Webmail Ad Blocker - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\62zeoeim.default\Extensions\gmailnoads@mywebber.com.xpi [2012-12-08]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-03-12]

==================== Services (Whitelisted) =================

S2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
R2 lxec_device; C:\Windows\SysWOW64\lxeccoms.exe [598696 2010-04-14] ( )
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-03-21] ()

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-03-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140403.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140403.032\ENG64.SYS [126040 2014-04-01] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140403.032\EX64.SYS [2099288 2014-04-01] (Symantec Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-11-26] (Duplex Secure Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2014-02-11] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-04 15:07 - 2014-04-04 15:07 - 00000000 ____D () C:\Users\Jan\Desktop\frst
2014-04-04 14:57 - 2014-04-04 15:07 - 00009578 _____ () C:\Users\Jan\Desktop\FRST.txt
2014-04-04 14:56 - 2014-04-04 14:57 - 00380416 _____ () C:\Users\Jan\Desktop\Gmer-19357.exe
2014-04-04 14:56 - 2014-04-04 14:56 - 02157056 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe
2014-04-04 14:39 - 2014-04-04 14:39 - 00380416 _____ () C:\Users\JanBenutzer\Downloads\Gmer-19357.exe
2014-04-04 14:38 - 2014-04-04 14:38 - 00000578 _____ () C:\Users\JanBenutzer\Downloads\defogger_disable.log
2014-04-04 14:38 - 2014-04-04 14:38 - 00000020 _____ () C:\Users\Jan\defogger_reenable
2014-04-04 14:37 - 2014-04-04 14:37 - 00050477 _____ () C:\Users\JanBenutzer\Downloads\Defogger.exe
2014-04-04 14:31 - 2014-04-04 15:07 - 00000000 ____D () C:\FRST
2014-04-04 14:31 - 2014-04-04 14:49 - 00025972 _____ () C:\Users\JanBenutzer\Downloads\FRST.txt
2014-04-04 14:23 - 2014-04-04 14:23 - 02157056 _____ (Farbar) C:\Users\JanBenutzer\Downloads\FRST64.exe
2014-04-01 18:01 - 2014-04-01 18:01 - 00001819 _____ () C:\Users\JanBenutzer\Desktop\Spotify.lnk
2014-03-31 19:50 - 2014-03-31 19:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-31 18:37 - 2014-03-31 18:37 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-03-31 13:49 - 2014-04-01 17:39 - 00020066 _____ () C:\Users\JanBenutzer\Desktop\Ausgaben April.ods
2014-03-26 00:42 - 2014-03-26 00:42 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-03-26 00:42 - 2014-03-26 00:42 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-25 17:37 - 2014-03-25 17:40 - 00000248 _____ () C:\ProgramData\lxecDiagnostics.log
2014-03-25 17:37 - 2014-03-25 17:37 - 00000000 ____D () C:\ProgramData\Lexmark Pro800-Pro900 Series
2014-03-24 21:37 - 2014-03-24 21:41 - 00000009 _____ () C:\Windows\Sierra.ini
2014-03-24 21:25 - 1998-10-21 19:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2014-03-24 12:37 - 2014-03-24 12:37 - 00001422 _____ () C:\Users\JanBenutzer\Desktop\audacity.exe - Verknüpfung.lnk
2014-03-23 19:58 - 2014-03-23 19:58 - 00000000 ____D () C:\Program Files\TrueCrypt
2014-03-21 21:08 - 2014-03-21 21:09 - 00000000 ____D () C:\Users\JanBenutzer\Documents\BFBC2
2014-03-21 20:14 - 2014-03-21 21:09 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-21 20:14 - 2014-03-21 20:14 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-21 18:21 - 2014-03-21 18:21 - 00002976 _____ () C:\Windows\System32\Tasks\{2F73C27D-6BEE-4C4F-9B8C-2F2CE7D7DF6E}
2014-03-21 18:12 - 2014-03-21 18:12 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-19 01:35 - 2014-03-24 13:50 - 00000000 ____D () C:\Users\JanBenutzer\AppData\Local\Spotify
2014-03-19 01:35 - 2014-03-19 01:35 - 00001819 _____ () C:\Users\JanBenutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-03-19 01:34 - 2014-04-04 14:12 - 00000000 ____D () C:\Users\JanBenutzer\AppData\Roaming\Spotify
2014-03-17 01:44 - 2014-03-17 01:44 - 00000000 ____D () C:\Users\Jan\Documents\BFBC2
2014-03-17 01:44 - 2014-03-17 01:44 - 00000000 ____D () C:\Users\Jan\AppData\Local\PunkBuster
2014-03-16 23:09 - 2014-03-16 23:09 - 00005120 _____ () C:\Users\JanBenutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-16 23:05 - 2014-03-16 23:05 - 00000000 ____D () C:\Users\JanBenutzer\.MCTranscodingSDK
2014-03-16 23:05 - 2014-03-16 23:05 - 00000000 ____D () C:\ProgramData\Geevs
2014-03-16 21:39 - 2014-03-16 21:39 - 03053496 ____N (Symantec Corporation) C:\Users\Jan\Downloads\NPE.exe
2014-03-16 21:38 - 2014-03-16 21:47 - 307156616 _____ () C:\Users\Jan\Downloads\20140315-009-v5i64.exe
2014-03-16 21:30 - 2014-03-16 21:30 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\OpenOffice
2014-03-16 20:47 - 2014-03-16 20:47 - 26437344 _____ (Microsoft Corporation) C:\Users\Jan\Downloads\Windows-KB890830-x64-V5.10.exe
2014-03-16 20:39 - 2014-02-23 09:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-16 20:39 - 2014-02-23 08:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 20:39 - 2014-02-23 08:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 20:39 - 2014-02-23 08:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 20:39 - 2014-02-23 08:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 20:39 - 2014-02-23 08:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 20:39 - 2014-02-23 08:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-16 20:39 - 2014-02-23 08:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 20:39 - 2014-02-23 08:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-16 20:39 - 2014-02-23 08:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-16 20:39 - 2014-02-23 08:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 20:39 - 2014-02-23 08:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-16 20:39 - 2014-02-23 08:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 20:39 - 2014-02-23 08:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 20:39 - 2014-02-23 08:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-16 20:39 - 2014-02-23 08:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 20:39 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-16 20:39 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-16 20:39 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-16 20:39 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-16 20:39 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-16 20:39 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-16 20:39 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-16 20:39 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-16 20:39 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-16 20:39 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-16 20:39 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-16 20:39 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-16 20:39 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-16 20:39 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-16 20:39 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-16 20:39 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-16 20:32 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-16 20:32 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-16 20:32 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-16 20:32 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-16 20:32 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-16 20:32 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-16 20:32 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-16 20:32 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 13:05 - 2014-03-12 13:05 - 00000000 ____D () C:\Users\JanBenutzer\Documents\Symantec

==================== One Month Modified Files and Folders =======

2014-04-04 15:07 - 2014-04-04 15:07 - 00000000 ____D () C:\Users\Jan\Desktop\frst
2014-04-04 15:07 - 2014-04-04 14:57 - 00009578 _____ () C:\Users\Jan\Desktop\FRST.txt
2014-04-04 15:07 - 2014-04-04 14:31 - 00000000 ____D () C:\FRST
2014-04-04 15:07 - 2012-11-29 19:11 - 00000000 ____D () C:\Users\Jan\AppData\Local\PMB Files
2014-04-04 14:57 - 2014-04-04 14:56 - 00380416 _____ () C:\Users\Jan\Desktop\Gmer-19357.exe
2014-04-04 14:56 - 2014-04-04 14:56 - 02157056 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe
2014-04-04 14:56 - 2012-11-25 17:56 - 01247729 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 14:55 - 2009-07-14 06:45 - 00017552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 14:55 - 2009-07-14 06:45 - 00017552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 14:53 - 2009-07-14 19:58 - 00710502 _____ () C:\Windows\system32\perfh007.dat
2014-04-04 14:53 - 2009-07-14 19:58 - 00154832 _____ () C:\Windows\system32\perfc007.dat
2014-04-04 14:53 - 2009-07-14 07:13 - 01651686 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 14:51 - 2012-12-14 18:38 - 00146328 _____ () C:\ProgramData\lxecscan.log
2014-04-04 14:49 - 2014-04-04 14:31 - 00025972 _____ () C:\Users\JanBenutzer\Downloads\FRST.txt
2014-04-04 14:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 14:48 - 2009-07-14 06:51 - 00100776 _____ () C:\Windows\setupact.log
2014-04-04 14:40 - 2012-11-26 21:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 14:39 - 2014-04-04 14:39 - 00380416 _____ () C:\Users\JanBenutzer\Downloads\Gmer-19357.exe
2014-04-04 14:38 - 2014-04-04 14:38 - 00000578 _____ () C:\Users\JanBenutzer\Downloads\defogger_disable.log
2014-04-04 14:38 - 2014-04-04 14:38 - 00000020 _____ () C:\Users\Jan\defogger_reenable
2014-04-04 14:38 - 2012-11-25 18:00 - 00000000 ____D () C:\Users\Jan
2014-04-04 14:37 - 2014-04-04 14:37 - 00050477 _____ () C:\Users\JanBenutzer\Downloads\Defogger.exe
2014-04-04 14:23 - 2014-04-04 14:23 - 02157056 _____ (Farbar) C:\Users\JanBenutzer\Downloads\FRST64.exe
2014-04-04 14:12 - 2014-03-19 01:34 - 00000000 ____D () C:\Users\JanBenutzer\AppData\Roaming\Spotify
2014-04-03 23:44 - 2014-03-04 20:26 - 00000000 ____D () C:\Users\JanBenutzer\AppData\Roaming\vlc
2014-04-03 20:50 - 2013-01-24 18:31 - 00000000 ____D () C:\Users\JanBenutzer\AppData\Roaming\dvdcss
2014-04-01 18:01 - 2014-04-01 18:01 - 00001819 _____ () C:\Users\JanBenutzer\Desktop\Spotify.lnk
2014-04-01 15:56 - 2013-01-15 13:36 - 00000000 ____D () C:\Users\JanBenutzer\AppData\Roaming\MediaMonkey
2014-04-01 13:43 - 2012-11-25 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 23:56 - 2013-03-06 17:45 - 00000000 ___HD () C:\Users\JanBenutzer\Desktop\Jo
2014-03-31 19:50 - 2014-03-31 19:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-31 18:37 - 2014-03-31 18:37 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-03-31 18:31 - 2012-11-25 18:28 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-03-31 18:31 - 2012-11-25 18:28 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-03-26 19:38 - 2012-12-14 18:39 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-03-26 00:42 - 2014-03-26 00:42 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-03-26 00:42 - 2014-03-26 00:42 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-25 17:40 - 2014-03-25 17:37 - 00000248 _____ () C:\ProgramData\lxecDiagnostics.log
2014-03-25 17:37 - 2014-03-25 17:37 - 00000000 ____D () C:\ProgramData\Lexmark Pro800-Pro900 Series
2014-03-25 17:30 - 2012-12-14 18:41 - 00417480 _____ () C:\ProgramData\lxecJSW.log
2014-03-25 12:11 - 2013-03-08 16:06 - 00000000 ____D () C:\Users\JanBenutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-03-25 12:11 - 2012-11-26 16:35 - 00000000 ____D () C:\Users\Jan\AppData\Local\CrashDumps
2014-03-25 12:10 - 2012-11-26 17:25 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-03-24 21:41 - 2014-03-24 21:37 - 00000009 _____ () C:\Windows\Sierra.ini
2014-03-24 20:06 - 2013-02-15 11:30 - 00000000 ____D () C:\Users\JanBenutzer\AppData\Roaming\Audacity
2014-03-24 13:50 - 2014-03-19 01:35 - 00000000 ____D () C:\Users\JanBenutzer\AppData\Local\Spotify
2014-03-24 12:37 - 2014-03-24 12:37 - 00001422 _____ () C:\Users\JanBenutzer\Desktop\audacity.exe - Verknüpfung.lnk
2014-03-23 19:58 - 2014-03-23 19:58 - 00000000 ____D () C:\Program Files\TrueCrypt
2014-03-23 19:58 - 2012-11-26 15:54 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-03-22 11:54 - 2012-11-25 18:32 - 00213256 _____ () C:\Windows\PFRO.log
2014-03-21 21:09 - 2014-03-21 21:08 - 00000000 ____D () C:\Users\JanBenutzer\Documents\BFBC2
2014-03-21 21:09 - 2014-03-21 20:14 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-21 21:09 - 2013-01-31 23:22 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-03-21 20:14 - 2014-03-21 20:14 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-21 19:58 - 2012-11-26 16:05 - 00262874 _____ () C:\Windows\DirectX.log
2014-03-21 19:36 - 2013-02-15 11:23 - 00000000 ____D () C:\Users\Jan\AppData\Local\Windows Live
2014-03-21 19:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-21 18:50 - 2013-02-05 17:41 - 00000000 ____D () C:\Users\JanBenutzer\AppData\Local\Ubisoft Game Launcher
2014-03-21 18:50 - 2012-11-26 16:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-21 18:45 - 2013-01-25 14:56 - 00000000 ____D () C:\Users\JanBenutzer\Documents\My Games
2014-03-21 18:21 - 2014-03-21 18:21 - 00002976 _____ () C:\Windows\System32\Tasks\{2F73C27D-6BEE-4C4F-9B8C-2F2CE7D7DF6E}
2014-03-21 18:15 - 2013-10-09 16:24 - 00000000 ____D () C:\ProgramData\Skype
2014-03-21 18:15 - 2012-11-26 15:39 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-21 18:13 - 2012-11-26 16:17 - 00000000 ____D () C:\Spiele
2014-03-21 18:12 - 2014-03-21 18:12 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-21 18:12 - 2012-11-26 15:53 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-03-21 18:10 - 2012-11-27 01:46 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Dropbox
2014-03-19 01:35 - 2014-03-19 01:35 - 00001819 _____ () C:\Users\JanBenutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-03-17 11:02 - 2013-01-31 23:22 - 00000000 ____D () C:\Users\JanBenutzer\AppData\Local\PunkBuster
2014-03-17 01:44 - 2014-03-17 01:44 - 00000000 ____D () C:\Users\Jan\Documents\BFBC2
2014-03-17 01:44 - 2014-03-17 01:44 - 00000000 ____D () C:\Users\Jan\AppData\Local\PunkBuster
2014-03-17 01:44 - 2012-11-29 19:12 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-03-16 23:21 - 2013-02-15 11:28 - 00000000 ____D () C:\Users\JanBenutzer\AppData\Local\Windows Live
2014-03-16 23:09 - 2014-03-16 23:09 - 00005120 _____ () C:\Users\JanBenutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-16 23:05 - 2014-03-16 23:05 - 00000000 ____D () C:\Users\JanBenutzer\.MCTranscodingSDK
2014-03-16 23:05 - 2014-03-16 23:05 - 00000000 ____D () C:\ProgramData\Geevs
2014-03-16 23:05 - 2013-01-15 13:28 - 00000000 ____D () C:\Users\JanBenutzer
2014-03-16 22:13 - 2013-07-08 16:01 - 00000000 ____D () C:\Users\Jan\AppData\Local\NPE
2014-03-16 21:47 - 2014-03-16 21:38 - 307156616 _____ () C:\Users\Jan\Downloads\20140315-009-v5i64.exe
2014-03-16 21:39 - 2014-03-16 21:39 - 03053496 ____N (Symantec Corporation) C:\Users\Jan\Downloads\NPE.exe
2014-03-16 21:30 - 2014-03-16 21:30 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\OpenOffice
2014-03-16 20:47 - 2014-03-16 20:47 - 26437344 _____ (Microsoft Corporation) C:\Users\Jan\Downloads\Windows-KB890830-x64-V5.10.exe
2014-03-16 20:47 - 2012-11-25 18:05 - 00000000 ____D () C:\Users\Jan\AppData\Local\Mozilla
2014-03-16 20:42 - 2009-07-14 06:45 - 00286096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-16 20:39 - 2013-08-14 10:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-12 13:05 - 2014-03-12 13:05 - 00000000 ____D () C:\Users\JanBenutzer\Documents\Symantec
2014-03-12 13:01 - 2013-03-01 16:43 - 00000000 ____D () C:\Users\JanBenutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-03-12 13:01 - 2012-11-25 18:11 - 00000000 ____D () C:\ProgramData\Norton
2014-03-12 12:58 - 2012-11-25 18:28 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-03-12 12:58 - 2012-11-25 18:28 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-03-12 12:57 - 2012-11-25 18:28 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-03-11 20:40 - 2012-11-26 21:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 20:40 - 2012-11-26 21:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 20:40 - 2012-11-26 21:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\AskSLib.dll
C:\Users\Jan\AppData\Local\Temp\DrvInst64.exe
C:\Users\Jan\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\Jan\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Jan\AppData\Local\Temp\sfextra.dll
C:\Users\Jan\AppData\Local\Temp\ShellLink.dll
C:\Users\Jan\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\JanBenutzer\AppData\Local\Temp\cres.dll
C:\Users\JanBenutzer\AppData\Local\Temp\cshell.dll
C:\Users\JanBenutzer\AppData\Local\Temp\JNativeHook_2328853334731698994.dll
C:\Users\JanBenutzer\AppData\Local\Temp\SIntf16.dll
C:\Users\JanBenutzer\AppData\Local\Temp\SIntf32.dll
C:\Users\JanBenutzer\AppData\Local\Temp\SIntfNT.dll
C:\Users\JanBenutzer\AppData\Local\Temp\SkypeSetup.exe
C:\Users\JanBenutzer\AppData\Local\Temp\sres.dll
C:\Users\JanBenutzer\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\JanBenutzer\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 20:33

==================== End Of Log ============================
         
Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Jan at 2014-04-04 15:07:45
Running from C:\Users\Jan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version:  - Infinity Ward)
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Activision)
Call of Duty(R) - World at War(TM) (x32 Version: 1.0 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version: 1.2 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.3 - Activision)
Call of Duty(R) 2 (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 2 Patch 1.2 (x32 Version: 1.20.0000 - ) Hidden
Call of Duty(R) 2 Patch 1.3 (x32 Version: 1.3 - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1116.1515.27190 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
ClipGrab 3.3.0.4 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Gothic (HKLM-x32\...\Steam App 65540) (Version:  - Piranha – Bytes )
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
Grand Theft Auto: Vice City (HKLM-x32\...\Steam App 12110) (Version:  - Rockstar Games)
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version:  - Lexmark International, Inc.)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 German Language Pack (HKLM-x32\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 17.0.3 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.3 (x86 de)) (Version: 17.0.3 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
No One Lives Forever 2  (HKLM-x32\...\{EBCCE08A-B3EE-40E7-96D7-31741D481015}) (Version:  - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PDF24 Creator 6.0.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap Games, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.0 - Seagate Technology)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version:  - LucasArts)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Third Age - Total War 3.0 (Part 1of2) (HKCU\...\Third Age - Total War 3.0 (Part 1of2)) (Version:  - )
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)

==================== Restore Points  =========================

22-03-2014 10:57:42 Removed Battlefield: Bad Company™ 2
23-03-2014 17:58:21 TrueCrypt installation
01-04-2014 20:21:37 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {035527A4-0E0F-4AD5-A4BC-3111A4167CE8} - System32\Tasks\{2F73C27D-6BEE-4C4F-9B8C-2F2CE7D7DF6E} => C:\Program Files (x86)\Fox\No One Lives Forever 2\Setup.exe
Task: {2633F17C-4F04-4D51-BBB8-E55E6C5A42CF} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {4D94028F-D7B7-4AE9-A192-12B65767588E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {881B7955-7D26-4EBA-BF00-5CE66A34C550} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DDF97F68-361E-4C59-A55B-CF39689EB552} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-12-14 18:38 - 2009-11-04 09:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxecdrpp.dll
2014-03-21 20:14 - 2014-03-21 20:14 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-12-14 18:37 - 2011-01-23 20:47 - 00770728 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
2012-11-29 19:10 - 2012-11-29 19:11 - 03093624 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2012-12-14 18:37 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
2012-12-14 18:37 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
2012-12-14 18:37 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll
2012-12-14 18:37 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
2012-12-14 18:37 - 2009-02-20 04:48 - 00381440 _____ () C:\Windows\system32\lxecsm.dll
2012-12-14 18:37 - 2009-04-28 03:56 - 00024064 _____ () C:\Windows\system32\lxecsmr.dll
2014-03-31 19:50 - 2014-03-31 19:50 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-11 20:40 - 2014-03-11 20:40 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Steam => "C:\Spiele\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Workrave => C:\Program Files (x86)\Workrave\lib\workrave.exe

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2014 02:27:56 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.10.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 10ec

Startzeit: 01cf50011a39e12f

Endzeit: 0

Anwendungspfad: C:\Users\JanBenutzer\Downloads\FRST64.exe

Berichts-ID:

Error: (04/03/2014 04:07:38 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/01/2014 06:20:56 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/31/2014 09:39:49 PM) (Source: MsiInstaller) (User: Jan-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011006}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (03/31/2014 06:35:31 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/27/2014 00:43:46 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/26/2014 11:55:41 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/26/2014 09:09:12 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/26/2014 00:41:04 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/25/2014 00:10:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: s3.exe, Version: 1.25.0.125, Zeitstempel: 0x3833d14a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00077235
ID des fehlerhaften Prozesses: 0x9bc
Startzeit der fehlerhaften Anwendung: 0xs3.exe0
Pfad der fehlerhaften Anwendung: s3.exe1
Pfad des fehlerhaften Moduls: s3.exe2
Berichtskennung: s3.exe3


System errors:
=============
Error: (04/04/2014 02:48:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/04/2014 02:48:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxecCATSCustConnectService erreicht.

Error: (04/04/2014 02:06:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/04/2014 02:06:33 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxecCATSCustConnectService erreicht.

Error: (04/04/2014 00:27:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/04/2014 00:27:28 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxecCATSCustConnectService erreicht.

Error: (04/03/2014 07:46:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/03/2014 07:46:31 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxecCATSCustConnectService erreicht.

Error: (04/03/2014 04:06:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/03/2014 04:06:43 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxecCATSCustConnectService erreicht.


Microsoft Office Sessions:
=========================
Error: (04/04/2014 02:27:56 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.210ec01cf50011a39e12f0C:\Users\JanBenutzer\Downloads\FRST64.exe

Error: (04/03/2014 04:07:38 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/01/2014 06:20:56 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/31/2014 09:39:49 PM) (Source: MsiInstaller)(User: Jan-PC)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011006}1625(NULL)(NULL)(NULL)

Error: (03/31/2014 06:35:31 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/27/2014 00:43:46 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/26/2014 11:55:41 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/26/2014 09:09:12 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/26/2014 00:41:04 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/25/2014 00:10:55 PM) (Source: Application Error)(User: )
Description: s3.exe1.25.0.1253833d14antdll.dll6.1.7601.18247521ea8e7c0000409000772359bc01cf48127ff2543eC:\BlueByte\Siedler3\s3.exeC:\Windows\SysWOW64\ntdll.dllc002150a-b405-11e3-b444-001fd021b442


==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 4094.3 MB
Available physical RAM: 2615.76 MB
Total Pagefile: 20186.79 MB
Available Pagefile: 18602.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:49.02 GB) NTFS
Drive d: () (Fixed) (Total:548.54 GB) (Free:416.67 GB) NTFS
Drive f: (DANCES) (CDROM) (Total:7.17 GB) (Free:0 GB) UDF
Drive j: (Elements) (Fixed) (Total:1397.26 GB) (Free:937.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 727F2FB0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=549 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 0008A1CA)
Partition 1: (Not Active) - (Size=-698724909056) - (Type=07 NTFS)

==================== End Of Log ============================
         
Gmer.txt:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-04 15:17:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD753LJ rev.1AA01110 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Jan\AppData\Local\Temp\uwldypow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\SysWOW64\PnkBstrA.exe[1732] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                         0000000073121a22 2 bytes [12, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1732] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                         0000000073121ad0 2 bytes [12, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1732] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                         0000000073121b08 2 bytes [12, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1732] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                         0000000073121bba 2 bytes [12, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1732] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                         0000000073121bda 2 bytes [12, 73]
.text  C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4548] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter  00000000767f8769 5 bytes [33, C0, C2, 04, 00]

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a7dda7115                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a7dda7115@0cfc838122ae                                        0xAE 0xDD 0xBA 0x68 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                             C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                             0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                             0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                          0xEF 0xA4 0x64 0x8B ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a7dda7115 (not active ControlSet)                                 
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a7dda7115@0cfc838122ae                                            0xAE 0xDD 0xBA 0x68 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                            
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                 C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                 0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                 0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                              0xEF 0xA4 0x64 0x8B ...

---- EOF - GMER 2.1 ----
         
Vielen Dank schonmal im Voraus

Alt 05.04.2014, 08:29   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Paypal-Phising-Mail Link geöffnet - Standard

Paypal-Phising-Mail Link geöffnet



HI,

normal nicht, Phishing zielt darauf ab dass Du was eintippst. Proxy in Firefox hast Du gesetzt?

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 06.04.2014, 13:10   #3
Tombstone66
 
Paypal-Phising-Mail Link geöffnet - Standard

Paypal-Phising-Mail Link geöffnet



Hi, also die Proxyeinstellung steht auf "Proxy-Einstellung des Systems verwenden".
Ich habe den Scan mit mbar gemacht, dabei hat er zumindest angeblich einen Trojaner gefunden: HKCU\SOFTWARE\Schmidt-Pro (Trojan.Agent)
Weißt du was es damit auf sich hat?

Hier das Log:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.04.06.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jan :: JAN-PC [administrator]

06.04.2014 12:21:42
mbar-log-2014-04-06 (12-21-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 267293
Time elapsed: 10 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Schmidt-Pro (Trojan.Agent) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
__________________

Alt 07.04.2014, 12:29   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Paypal-Phising-Mail Link geöffnet - Standard

Paypal-Phising-Mail Link geöffnet



Nö, sieht aber eher nach nem fehlalarm aus.

Logs sehen gut aus. Bemerkst Du was am Rechner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.04.2014, 13:30   #5
Tombstone66
 
Paypal-Phising-Mail Link geöffnet - Standard

Paypal-Phising-Mail Link geöffnet



Nein, eigentlich nicht. Evtl. ist er etwas langsamer, aber das ist schwer einzuschätzen. Na ja, denke mal das wird nichts gewesen sein. Und danke für deine Hilfe!


Alt 13.04.2014, 17:00   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Paypal-Phising-Mail Link geöffnet - Standard

Paypal-Phising-Mail Link geöffnet



Gern Geschehen
__________________
--> Paypal-Phising-Mail Link geöffnet

Antwort

Themen zu Paypal-Phising-Mail Link geöffnet
adobe, branding, browser, defender, error, explorer, failed, fehlercode 1, firefox, firefox 28.0, flash player, ftp, helper, installation, link geöffnet, mozilla, mp3, msiinstaller, ntdll.dll, port, programm, registry, security, services.exe, software, svchost.exe, symantec, system, temp, vice city, windows xp, winlogon.exe



Ähnliche Themen: Paypal-Phising-Mail Link geöffnet


  1. gefälschten Link von Immobilienwebsite geöffnet, Malware oder Phising?Hilfe
    Log-Analyse und Auswertung - 21.07.2015 (23)
  2. PayPal phishing Mail. Link gefolgt.
    Plagegeister aller Art und deren Bekämpfung - 11.07.2015 (22)
  3. Phishing email service.paypal.de link geöffnet
    Überwachung, Datenschutz und Spam - 23.01.2015 (5)
  4. Phising Mail - Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 20.01.2015 (14)
  5. Phising Mail Link geöffnet -> nun Trojaner etc?
    Plagegeister aller Art und deren Bekämpfung - 18.01.2015 (7)
  6. Phising Mail von Paypal geöffnet und Link geklickt auf OSX -> Trojanerbefall?
    Plagegeister aller Art und deren Bekämpfung - 06.10.2014 (5)
  7. Phising Mail Link angeklickt - keine Daten eingegeben
    Plagegeister aller Art und deren Bekämpfung - 01.10.2014 (19)
  8. Auf den Link einer Phishing-Mail geklickt. (Angeblich PayPal)
    Plagegeister aller Art und deren Bekämpfung - 25.09.2014 (5)
  9. PAYPAL Mail geöffnet / Trojaner vermutet
    Log-Analyse und Auswertung - 27.06.2014 (18)
  10. Auf Link einer Phising-Mail gedrückt - Möglicher Virus
    Plagegeister aller Art und deren Bekämpfung - 04.06.2014 (11)
  11. Pdf-Datei aus PayPal-Phishing Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 10.05.2014 (13)
  12. PayPal Phishing-Mail erhalten, auf Link geklickt und Passwort eingegeben
    Plagegeister aller Art und deren Bekämpfung - 12.04.2014 (9)
  13. Phishing-Mail (Paypal) - Anhang geöffnet !
    Plagegeister aller Art und deren Bekämpfung - 18.03.2014 (5)
  14. PayPal Phishing Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 11.01.2014 (11)
  15. Paypal Phising-Mail am Imac OS X - Trojaner?
    Alles rund um Mac OSX & Linux - 24.11.2013 (10)
  16. Paypal Phising Mail ?
    Diskussionsforum - 20.05.2013 (6)
  17. Paypal Phishing Mail Geöffnet + PASSWORD eingegeben
    Überwachung, Datenschutz und Spam - 17.01.2011 (1)

Zum Thema Paypal-Phising-Mail Link geöffnet - Hi, ich habe eine leider den Link in einer Paypal-Phising-Mail geklickt, aber nichts eingegeben. Jetzt frag ich mich aber, ob nicht ein drive by download stattgefunden haben könnte. Hier sind - Paypal-Phising-Mail Link geöffnet...
Archiv
Du betrachtest: Paypal-Phising-Mail Link geöffnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.