|
Log-Analyse und Auswertung: Microsoft Office Word reagiert nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
21.12.2013, 16:03 | #1 |
| Microsoft Office Word reagiert nicht mehr Guten Tag, ich habe seit einigen Tagen folgendes Problem. Wenn ich mit Outlook arbeite popt plötzlich die Nachricht hoch "Microsoft Word Office reagiert nicht mehr". Dann hängt sich Outlook auf. Auch wenn ich Word öffne popt die Nachricht nach kurzer Zeit auch auf. Ich habe Microsoft Office 2003 auf meinem Rechner. Betriebssystem Vista. Das Officepaket habe ich komplett gelöscht und neu installiert. Die Nachricht taucht aber immer wieder auf. Was kann ich tun? Danke für die Hilfe. Gruß Raimund |
21.12.2013, 16:49 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Office Word reagiert nicht mehr Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
21.12.2013, 17:38 | #3 |
| Microsoft Office Word reagiert nicht mehr #
__________________FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02 Ran by paugstadt (administrator) on PAUGSTADT-PC on 21-12-2013 17:30:45 Running from C:\Users\paugstadt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4W7CN65 Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (T-Systems International GmbH) C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe (Hauppauge Computer Works) C:\Program Files\WinTV\EPG Services\System\EPGService.exe (Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (O2Micro International) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe (T-Systems International GmbH) C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe () C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\paugstadt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NWEReboot] - [x] HKLM\...\Run: [] - [x] HKLM\...\Run: [T-Home Dialerschutz-Software] - C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKCU\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [430080 2007-12-29] () HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.) HKCU\...\Winlogon: [Shell] Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION HKCU\...\Policies\Explorer: [NofolderOptions] 0 HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKCU\...\Policies\Explorer: [NoResolveSearch] 1 HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] () HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\paugstadt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\paugstadt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://photoservice.fujicolor.de/ips-opdata//19780615/activex/IPSUploader4.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: haufereader - No CLSID Value - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{FE1F4513-6461-4D33-8AF5-7318CDDBD895}: [NameServer]192.168.2.1 Chrome: ======= CHR HomePage: CHR RestoreOnStartup: "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=48&cc=" CHR DefaultSearchProvider: Search the web (Softonic) CHR DefaultSearchURL: hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=49&cc= CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx ========================== Services (Whitelisted) ================= R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805024 2011-02-01] (Acronis) R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-12-28] (Acronis) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) R2 DFSVC; C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH) R2 EPGService; C:\Program Files\WinTV\EPG Services\System\EPGService.exe [436224 2008-04-09] (Hauppauge Computer Works) S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) S3 HauppaugeTVServer; C:\Program Files\WinTV\HCWTVServer.exe [815104 2008-03-31] (Hauppauge Computer Works) R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-09-02] (Nero AG) R2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-13] (Symantec Corporation) R2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation) R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys [1098968 2013-12-03] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation) R3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.) R3 DFSYS; C:\Program Files\T-Online\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation) S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.) S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.) R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20131220.001\IDSvix86.sys [394456 2013-12-12] (Symantec Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131220.008\NAVENG.SYS [93272 2013-12-19] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131220.008\NAVEX15.SYS [1612376 2013-12-19] (Symantec Corporation) R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2007-02-07] (CACE Technologies) R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA) R3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH) R1 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-04-27] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation) R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS [345208 2012-04-18] (Symantec Corporation) R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.) S3 igfx; system32\DRIVERS\igdkmd32.sys [x] S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-21 17:30 - 2013-12-21 17:30 - 00000000 ____D C:\FRST 2013-12-21 15:45 - 2013-12-21 15:45 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2013-12-19 12:43 - 2013-12-19 12:43 - 00000000 ____D C:\Windows\pss 2013-12-19 12:23 - 2013-12-19 12:53 - 00002597 _____ C:\Users\paugstadt\Desktop\Microsoft Office Word 2003.lnk 2013-12-19 12:07 - 2013-12-21 17:23 - 00094660 _____ C:\Windows\WindowsUpdate.log 2013-12-19 12:02 - 2013-12-20 08:01 - 00333456 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-19 12:02 - 2013-12-20 08:00 - 00003122 _____ C:\Windows\PFRO.log 2013-12-19 10:27 - 2013-12-21 17:27 - 00086496 _____ C:\Users\paugstadt\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-16 07:38 - 2013-12-16 07:38 - 00002044 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-11 11:50 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-11 11:50 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-11 11:50 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-11 11:50 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-11 11:50 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-11 11:50 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-11 11:50 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-12-11 11:50 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-11 11:50 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-12-11 11:50 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-12-11 11:50 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-11 11:50 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-12-11 11:50 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-11 11:50 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-12-11 11:50 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-11 11:50 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-11 07:43 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2013-12-11 07:43 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-11 07:43 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-11 07:43 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-11 07:43 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-11 07:43 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-11 07:43 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-11 07:43 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll 2013-12-11 07:43 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-11 07:43 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-11-26 08:55 - 2013-11-26 08:57 - 00023552 _____ C:\Users\paugstadt\Desktop\Mitgliederliste ISP.xls ==================== One Month Modified Files and Folders ======= 2013-12-21 17:30 - 2013-12-21 17:30 - 00000000 ____D C:\FRST 2013-12-21 17:27 - 2013-12-19 10:27 - 00086496 _____ C:\Users\paugstadt\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-21 17:23 - 2013-12-19 12:07 - 00094660 _____ C:\Windows\WindowsUpdate.log 2013-12-21 17:23 - 2012-04-30 05:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-21 17:23 - 2010-05-10 15:14 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-21 17:23 - 2009-03-23 08:39 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\Skype 2013-12-21 17:23 - 2008-09-15 16:54 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2013-12-21 15:47 - 2008-08-02 09:47 - 00000821 _____ C:\Windows\ODBC.INI 2013-12-21 15:46 - 2006-11-02 11:23 - 00000240 _____ C:\Windows\win.ini 2013-12-21 15:45 - 2013-12-21 15:45 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2013-12-21 15:45 - 2008-02-26 14:38 - 00000000 ____D C:\Program Files\Microsoft Office 2013-12-21 15:45 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\ShellNew 2013-12-21 15:45 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\System 2013-12-21 15:45 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-12-21 15:44 - 2008-02-26 14:43 - 00000000 ____D C:\Windows\PCHEALTH 2013-12-21 15:42 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system 2013-12-21 15:27 - 2012-01-23 09:43 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\Dropbox 2013-12-21 15:23 - 2012-01-23 09:48 - 00000000 ___RD C:\Users\paugstadt\Dropbox 2013-12-21 15:22 - 2013-09-20 13:14 - 00000000 ____D C:\Users\paugstadt\AppData\Local\HTC MediaHub 2013-12-21 15:22 - 2012-12-28 16:01 - 00000274 _____ C:\Windows\Tasks\AbelssoftPreloader.job 2013-12-21 15:22 - 2010-05-10 15:14 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-21 15:21 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-21 15:21 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-21 15:21 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-21 15:19 - 2006-11-02 14:01 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-20 08:01 - 2013-12-19 12:02 - 00333456 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-20 08:00 - 2013-12-19 12:02 - 00003122 _____ C:\Windows\PFRO.log 2013-12-19 12:53 - 2013-12-19 12:23 - 00002597 _____ C:\Users\paugstadt\Desktop\Microsoft Office Word 2003.lnk 2013-12-19 12:43 - 2013-12-19 12:43 - 00000000 ____D C:\Windows\pss 2013-12-19 08:26 - 2011-01-24 15:07 - 00000432 _____ C:\Windows\BRWMARK.INI 2013-12-19 08:17 - 2012-08-23 15:38 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Microsoft Help 2013-12-19 08:17 - 2011-03-04 16:07 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\TeamViewer 2013-12-19 08:17 - 2010-11-17 16:06 - 00000000 ____D C:\Users\paugstadt\AppData\Local\CrashDumps 2013-12-16 10:03 - 2008-01-21 08:16 - 01560216 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-16 07:38 - 2013-12-16 07:38 - 00002044 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-16 07:37 - 2008-02-15 18:04 - 00000000 ____D C:\Program Files\Google 2013-12-13 09:26 - 2009-12-15 09:01 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\U3 2013-12-12 09:47 - 2013-09-12 13:30 - 00269857 ____H C:\Users\paugstadt\Desktop\PP11Thumbs.ptn 2013-12-12 09:47 - 2013-09-12 13:30 - 00001176 ____H C:\Users\paugstadt\Desktop\maxdesk.ini2 2013-12-12 09:47 - 2013-09-12 13:30 - 00000149 ____H C:\Users\paugstadt\Desktop\PP11Thumbs.ptn2 2013-12-11 11:57 - 2013-08-14 10:08 - 00000000 ____D C:\Windows\system32\MRT 2013-12-11 11:53 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-12-11 11:36 - 2012-04-30 05:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-12-11 11:36 - 2011-05-20 16:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-12-10 09:38 - 2008-08-02 09:48 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Adobe 2013-12-07 10:12 - 2013-11-08 08:13 - 00001887 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk 2013-12-07 10:11 - 2008-08-01 19:03 - 00000000 ____D C:\Users\paugstadt 2013-12-07 10:06 - 2013-09-20 13:01 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Downloaded Installations 2013-12-06 07:22 - 2006-11-02 13:37 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-11-26 08:57 - 2013-11-26 08:55 - 00023552 _____ C:\Users\paugstadt\Desktop\Mitgliederliste ISP.xls 2013-11-24 08:14 - 2009-03-23 08:39 - 00000000 ___RD C:\Program Files\Skype 2013-11-24 08:14 - 2009-03-23 08:39 - 00000000 ____D C:\ProgramData\Skype 2013-11-22 16:00 - 2008-08-06 15:03 - 00000000 ____D C:\ProgramData\FLEXnet ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-21 15:29 ==================== End Of Log ============================ --- --- --- --- --- --- #FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-12-2013 02 Ran by paugstadt at 2013-12-21 17:31:47 Running from C:\Users\paugstadt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4W7CN65 Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Internet Security Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 6.1.2) 7-Zip 9.22beta 8500A909_BasicWeb (Version: 140.0.000.000) 8500A909_Help_BasicWeb (Version: 1.00.0000) Abelssoft Backup (Version: 2.2) Acronis*True*Image*Home 2011 (Version: 14.0.6942) Activation Assistant for the 2007 Microsoft Office suites Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0) Adobe Acrobat 8 Standard - English, Français, Deutsch (Version: 8.1.5) Adobe Acrobat 8.1.5 - CPSID_49013 Adobe Acrobat 8.1.5 Standard (Version: 8.1.5) Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2) Adobe Flash Player 11 ActiveX (Version: 11.9.900.170) Adobe Flash Player 11 Plugin (Version: 11.9.900.170) Adobe GoLive 6.0 (DEU) (Version: 6.0) Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8) Adobe SVG Viewer 3.0 (Version: 3.0) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) ATI Catalyst Install Manager (Version: 3.0.657.0) Bing Bar (Version: 7.0.609.0) Bluetooth Stack for Windows by Toshiba (Version: v7.10.10(T)) BMWi-Softwarepaket 9.2 (Version: 9.2.0) Bonjour (Version: 3.0.0.10) bpd_scan (Version: 3.00.0000) BPDSoftware (Version: 140.0.000.000) BPDSoftware_Ini (Version: 1.00.0000) Brother MFL-Pro Suite (Version: 1.00) BufferChm (Version: 140.0.213.000) Camera Assistant Software for Toshiba (Version: 1.7.175.0123) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Core Implementation (Version: 2008.0130.1509.26922) Catalyst Control Center Graphics Full Existing (Version: 2008.0130.1509.26922) Catalyst Control Center Graphics Full New (Version: 2008.0130.1509.26922) Catalyst Control Center Graphics Light (Version: 2008.0130.1509.26922) Catalyst Control Center Graphics Previews Vista (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Chinese Standard (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Chinese Traditional (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Dutch (Version: 2008.0130.1509.26922) Catalyst Control Center Localization French (Version: 2008.0130.1509.26922) Catalyst Control Center Localization German (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Italian (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Japanese (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Korean (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Portuguese (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Spanish (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Swedish (Version: 2008.0130.1509.26922) CCC Help Chinese Standard (Version: 2008.0130.1508.26922) CCC Help Chinese Traditional (Version: 2008.0130.1508.26922) CCC Help Dutch (Version: 2008.0130.1508.26922) CCC Help English (Version: 2008.0130.1508.26922) CCC Help French (Version: 2008.0130.1508.26922) CCC Help German (Version: 2008.0130.1508.26922) CCC Help Italian (Version: 2008.0130.1508.26922) CCC Help Japanese (Version: 2008.0130.1508.26922) CCC Help Korean (Version: 2008.0130.1508.26922) CCC Help Portuguese (Version: 2008.0130.1508.26922) CCC Help Spanish (Version: 2008.0130.1508.26922) CCC Help Swedish (Version: 2008.0130.1508.26922) ccc-core-static (Version: 2008.0130.1509.26922) ccc-utility (Version: 2008.0130.1509.26922) CD/DVD Drive Acoustic Silencer (Version: 2.02.00) CDBurnerXP (Version: 4.5.1.4003) Citrix XenApp Web Plugin (Version: 11.0.0.5357) Cockpit (Version: 1.0.168) Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000) Conexant HD Audio (Version: 4.36.6.0) Crystal Reports for .NET Framework 2.0 (x86) (Version: 10.2.0) Desktop SMS (Version: 1.2.0) devolo dLAN Wireless extender Konfiguration (Version: 1.0.0.0) devolo dLAN-Konfigurationsassistent (Version: 14.0.0.0) devolo EasyShare (Version: 4.0.0.0) devolo Informer (Version: 22.0.0.0) Dropbox (HKCU Version: 2.0.26) DVD MovieFactory for TOSHIBA (Version: 5.51) ElsterFormular (Version: 14.4.12044) eReg (Version: 1.20.138.34) erLT (Version: 1.20.0137) Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (Version: 2.0.0.1) Free YouTube Downloader Converter Google Earth (Version: 7.1.2.2041) Google Toolbar for Internet Explorer (Version: 4.0.0.002) Google Update Helper (Version: 1.3.22.3) Haufe iDesk-Browser (Version: 10.10.14.0000) Haufe iDesk-Browser (Version: 8.07.16.5590) Haufe iDesk-Service (Version: 11.07.19.8023) Hauppauge German Help Files and Resources Hauppauge WinTV Hauppauge WinTV DVB-T EPG Service Hauppauge WinTV Infrared Remote Hauppauge WinTV Scheduler Hauppauge WinTV TV Services HDAUDIO Soft Data Fax Modem with SmartCP HDMI Control Manager (Version: 1.6) HP Officejet Pro 8500 A909 Series (Version: 14.0) HTC Driver Installer (Version: 4.10.0.001) HTC Sync Manager (Version: 2.4.11.0) Huawei modem Intel® Matrix Storage Manager InterVideo FilterSDK for Hauppauge IPTInstaller (Version: 4.0.8) iTunes (Version: 11.0.2.26) Java Auto Updater (Version: 2.1.9.5) Katechismus 1.0 (Version: 1.0) Lexware Info Service (Version: 2.90.00.0009) Logitech SetPoint 6.20 (Version: 6.20.64) MAGIX Digital Foto Maker SE 4.1.0.835 (D) (Version: 4.1.0.835) MAGIX Foto Suite 1.12.0.89 (D) (Version: 1.12.0.89) MAGIX Online Druck Service 2.3.2.0 (D) (Version: 2.3.2.0) Marvell Miniport Driver (Version: 10.51.4.3) Mein CEWE FOTOBUCH (Version: 5.0.1) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Default Manager (Version: 2.2.114.0) Microsoft Office 2003 Web Components (Version: 11.0.8173.0) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office Standard Edition 2003 (Version: 11.0.5614.0) Microsoft Office XP Web Components (Version: 11.0.8173.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual J# 2.0 Redistributable Package Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727) Microsoft Works (Version: 9.7.0621) Microsoft XML Parser (Version: 8.0.7820.0) Microsoft XML Parser (Version: 8.20.8730.4) Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1) Microsoft_VC100_CRT_x86 (Version: 1.0.0) MSVC80_x86_v2 (Version: 1.0.3.0) MSVC90_x86 (Version: 1.0.1.2) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) myphotobook 3.5 (Version: 3.5) NetWaiting (Version: 2.5.52) Network (Version: 140.0.215.000) Nokia Connectivity Cable Driver (Version: 7.1.92.0) Nokia Map Loader (Version: 3.0.28) Nokia PC Suite (Version: 7.1.62.1) Nokia Software Updater (Version: 02.04.006.41579) Nokia_Multimedia_Common_Components_2_5 (Version: 2.6.86) Norton Internet Security (Version: 19.9.1.14) O2Micro Flash Memory Card Reader Driver (x86) (Version: 3.19.1) Online Foto Print System ( OFPS - 1NIGHTPRINT.de ) PaperPort Image Printer (Version: 1.00.0000) PC Connectivity Solution (Version: 12.0.48.0) PC-Kaufmann Startpaket 2013 PDF Architect (Version: 1.0.52.8917) PDFCreator (Version: 1.6.2) pdfforge Toolbar v6.7 (Version: 6.7) <==== ATTENTION Prism Video Converter QuickSteuer 2008 (Version: 14.00) QuickSteuer 2009 (Version: 15.00.00.0034) QuickSteuer 2010 (Version: 16.14.00.0002) QuickSteuer 2011 (Version: 17.08.00.0006) QuickSteuer 2012 (Version: 18.09.00.0003) QuickSteuer 2013 (Version: 19.06.00.0003) QuickSteuer Wissens-Center 2008 (Version: 14.0.0.0) QuickSteuer Wissens-Center 2009 (Version: 15.0.1.0) QuickSteuer Wissens-Center 2011 (Version: 17.10.0.0) QuickSteuer Wissens-Center 2012 (Version: 18.1.0.0) QuickTime (Version: 7.73.80.64) Rossmann Fotowelt Software 4.9 (Version: 4.9) Sage BankCom (Version: 2.00.0000) Sage HBCI-Kontaktverwaltung (Version: 3.0) Sage SAIP (Version: 1.0.1.115) Sagede.Shared.Elster.Setup (Version: 1.0.0.0.21) Sagede.Shared.Elster.Setup (Version: 1.0.0.0.7) Scan (Version: 140.0.167.000) ScanSoft PaperPort 11 (Version: 11.1.0000) Servicepack Datumsaktualisierung (Version: 1.00.00.0005) Skins (Version: 2008.0130.1509.26922) Skype Click to Call (Version: 5.9.9216) Skype™ 6.10 (Version: 6.10.104) Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0) Steuer Update 14.01 (Version: 14.01) Steuer Update 15.09 (Version: 15.09) Synaptics Pointing Device Driver (Version: 10.1.7.0) TeamViewer 8 (Version: 8.0.17396) T-Home Dialerschutz-Software T-Mobile web'n'walk Manager (Version: 3.1.0) Toolbox (Version: 140.0.428.000) TOSHIBA Assist (Version: 2.01.04) TOSHIBA Benutzerhandbücher (Version: 7.33) TOSHIBA ConfigFree (Version: 7.1.26) TOSHIBA Disc Creator (Version: 2.0.1.1.a) TOSHIBA DVD PLAYER (Version: 1.20.10) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00) TOSHIBA Face Recognition (Version: 1.0.3.32) TOSHIBA Hardware Setup (Version: 3.00.01.00) Toshiba Online Product Information (Version: 1.00.0012) TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b) TOSHIBA SD Memory Utilities (Version: 1.8.1.1) TOSHIBA Supervisor Password (Version: 3.00.01.00) TOSHIBA Value Added Package (Version: 1.1.14) TRDCReminder (Version: 1.00.0014) TRORDCLauncher (Version: 1.0.0.1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3) VR-NetWorld VTPlus32 für WinTV (German) WashAndGo (Version: 17.7) WebReg (Version: 140.0.213.017) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) Windows Media Encoder 9-Reihe Windows Media Encoder 9-Reihe (Version: 9.00.3374) Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0) Yahoo! Detect ==================== Restore Points ========================= 18-12-2013 15:52:02 Geplanter Prüfpunkt 20-12-2013 16:31:19 Geplanter Prüfpunkt 21-12-2013 14:43:23 Microsoft Office Standard Edition 2003 wird installiert ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {59B0987D-014F-4348-98E0-7C5D861C145C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5BD3EE58-CBCE-4C75-BF27-133ECD32EA8B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10] (Google Inc.) Task: {72FD39B2-AA09-49F6-BF14-4A4200D17533} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10] (Google Inc.) Task: {89D150A1-AF65-4E5E-8052-7330791FFA52} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION Task: {93C05B86-2EE7-4ED3-AD71-48BC1DBAA46E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\symerr.exe [2012-02-04] (Symantec Corporation) Task: {A0645FC6-7F3B-4C40-BF18-708FD5BEB81C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) Task: {BA5CF01C-7796-49A1-B960-C3CB0D2E951F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\symerr.exe [2012-02-04] (Symantec Corporation) Task: {C902A018-F213-41B9-B162-A476EB57CED0} - System32\Tasks\AbelssoftPreloader => C:\Program Files\WashAndGo\AbelssoftPreloader.exe [2012-10-05] (Microsoft) Task: {D5062C16-82CD-4B51-9C64-1399F7D66632} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\wscstub.exe [2013-02-02] (Symantec Corporation) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] () Task: C:\Windows\Tasks\AbelssoftPreloader.job => C:\Program Files\WashAndGo\AbelssoftPreloader.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2008-02-15 17:22 - 2008-01-30 15:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll 2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\paugstadt\AppData\Roaming\Dropbox\bin\libcef.dll 2003-07-14 22:44 - 2003-07-14 22:44 - 00102968 _____ () C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (3).doc:DocumentSummaryInformation AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (3).doc:SummaryInformation AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (3).doc:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (4).doc:DocumentSummaryInformation AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (4).doc:SummaryInformation AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (4).doc:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Microsoft-6zu4-Adapter #7 Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft-6zu4-Adapter #9 Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft-6zu4-Adapter #13 Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Bluetooth RFCOMM Description: Bluetooth RFCOMM Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94} Manufacturer: TOSHIBA Service: tosrfcom Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet Pro 8500 A909g Description: Officejet Pro 8500 A909g Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/21/2013 04:07:26 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4352 Error: (12/21/2013 04:07:26 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4352 Error: (12/21/2013 04:07:26 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/21/2013 04:07:25 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3338 Error: (12/21/2013 04:07:25 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3338 Error: (12/21/2013 04:07:25 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/21/2013 04:07:24 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2308 Error: (12/21/2013 04:07:24 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2308 Error: (12/21/2013 04:07:24 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/21/2013 04:07:23 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1014 System errors: ============= Error: (12/21/2013 05:23:09 PM) (Source: ipnathlp) (User: ) Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.34 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren. Error: (12/21/2013 05:23:02 PM) (Source: ipnathlp) (User: ) Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error: (12/21/2013 05:22:57 PM) (Source: ipnathlp) (User: ) Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error: (12/21/2013 03:22:28 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (12/21/2013 03:22:09 PM) (Source: Service Control Manager) (User: ) Description: Tosrfcom Error: (12/21/2013 03:22:09 PM) (Source: Service Control Manager) (User: ) Description: Automatisches LiveUpdate - Scheduler%%3 Error: (12/21/2013 03:22:09 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (12/21/2013 03:21:55 PM) (Source: ipnathlp) (User: ) Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.34 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren. Error: (12/21/2013 03:19:05 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (12/21/2013 01:22:34 PM) (Source: ipnathlp) (User: ) Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Microsoft Office Sessions: ========================= Error: (12/21/2013 04:07:26 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4352 Error: (12/21/2013 04:07:26 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4352 Error: (12/21/2013 04:07:26 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/21/2013 04:07:25 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3338 Error: (12/21/2013 04:07:25 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3338 Error: (12/21/2013 04:07:25 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/21/2013 04:07:24 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2308 Error: (12/21/2013 04:07:24 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2308 Error: (12/21/2013 04:07:24 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/21/2013 04:07:23 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1014 CodeIntegrity Errors: =================================== Date: 2013-12-21 17:31:10.009 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-21 17:31:09.676 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-21 17:31:09.338 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-21 17:31:08.960 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-21 17:31:08.647 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-21 17:31:08.314 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-21 17:30:57.245 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-21 17:30:56.893 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-21 17:30:56.590 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-21 17:30:56.251 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 51% Total physical RAM: 3069.48 MB Available physical RAM: 1490.46 MB Total Pagefile: 6347.18 MB Available Pagefile: 4756.23 MB Total Virtual: 2047.88 MB Available Virtual: 1889.37 MB ==================== Drives ================================ Drive c: (Vista) (Fixed) (Total:117.54 GB) (Free:14.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:232.89 GB) (Free:232.66 GB) NTFS Drive f: (Data) (Fixed) (Total:113.88 GB) (Free:108.71 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 22741035) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=118 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=114 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 233 GB) (Disk ID: 25D1610F) Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
21.12.2013, 21:15 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Office Word reagiert nicht mehr Was ist mit meiner Frage nach bisherigen Funden? Oder gab es bisher nichts?
__________________ Logfiles bitte immer in CODE-Tags posten |
22.12.2013, 18:18 | #5 |
| Microsoft Office Word reagiert nicht mehr Guten Abend, soll ich mir die 4 Programme downloaden um den jeweiligen Scan zu machen, oder wie darf ich das verstehen? |
22.12.2013, 23:31 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Office Word reagiert nicht mehr Das war meine Frage: Zitat:
__________________ --> Microsoft Office Word reagiert nicht mehr |
23.12.2013, 07:43 | #7 |
| Microsoft Office Word reagiert nicht mehr Guten Morgen, nein, ich habe bisher keine weiteren Logs gefunden. |
23.12.2013, 09:32 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Office Word reagiert nicht mehr Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
23.12.2013, 11:50 | #9 |
| Microsoft Office Word reagiert nicht mehr #--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1008 (c) Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 3218587648, free: 1489039360 Initializing... ====================== ------------ Kernel report ------------ 12/23/2013 09:39:52 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\acpi.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\NIS\1309010.00E\SYMDS.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\NIS\1309010.00E\SYMEFA.SYS \SystemRoot\System32\Drivers\PxHelp20.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\msrpc.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\timntr.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\TVALZ_O.SYS \SystemRoot\system32\DRIVERS\tos_sps32.sys \SystemRoot\system32\DRIVERS\tdrpm273.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\ecache.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\crcdisk.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\tosrfec.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\NETw4v32.sys \SystemRoot\system32\DRIVERS\yk60x86.sys \SystemRoot\system32\DRIVERS\ohci1394.sys \SystemRoot\system32\DRIVERS\1394BUS.SYS \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\o2media.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\tdcmdpst.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\QIOMem.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\SipIMNDI.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\CHDART.sys \SystemRoot\system32\DRIVERS\HSXHWAZL.sys \SystemRoot\system32\DRIVERS\HSX_DPV.sys \SystemRoot\system32\DRIVERS\HSX_CNXT.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\drivers\NIS\1309010.00E\ccSetx86.sys \SystemRoot\System32\Drivers\NIS\1309010.00E\SRTSP.SYS \SystemRoot\system32\drivers\NIS\1309010.00E\Ironx86.SYS \SystemRoot\system32\drivers\NIS\1309010.00E\SRTSPX.SYS \??\C:\Windows\system32\Drivers\SYMEVENT.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\tosrfusb.sys \SystemRoot\system32\DRIVERS\tosrfbd.sys \SystemRoot\system32\DRIVERS\Tosrfhid.sys \SystemRoot\system32\drivers\Toshidpt.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS \SystemRoot\system32\DRIVERS\smb.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20131220.001\IDSvix86.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \SystemRoot\System32\Drivers\dfsc.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\drivers\mrxdav.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\drivers\npf_devolo.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\xaudio.sys \SystemRoot\system32\DRIVERS\afcdp.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\cdfs.sys \??\C:\Program Files\T-Online\Dialerschutz-Software\DFInjDrv32.sys \??\C:\Program Files\T-Online\Dialerschutz-Software\DFSYS.SYS \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\System32\Drivers\BrUsbSer.sys \SystemRoot\System32\Drivers\BrSerIf.sys \SystemRoot\System32\Drivers\UVCFTR_S.SYS \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131222.006\NAVEX15.SYS \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131222.006\NAVENG.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff87db9250 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xffffffff873a4028 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff87db0030 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-0\ Lower Device Object: 0xffffffff87370028 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff87db0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff87e05968, DeviceName: Unknown, DriverName: \Driver\tdrpman273\ DevicePointer: 0xffffffff87e026a0, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff87e027c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff87e00698, DeviceName: Unknown, DriverName: \Driver\tdrpman273\ DevicePointer: 0xffffffff87db0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff8739ff08, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff87370028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\snapman\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 22741035 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 3074048 Numsec = 246497280 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 249571328 Numsec = 238825472 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff87db9250, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff87e0d968, DeviceName: Unknown, DriverName: \Driver\tdrpman273\ DevicePointer: 0xffffffff87e095e0, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff87e0a7c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff87e075c8, DeviceName: Unknown, DriverName: \Driver\tdrpman273\ DevicePointer: 0xffffffff87db9250, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff87335700, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff873a4028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\snapman\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 25D1610F Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 488396097 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Done! Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit --> [Hijack.Regedit] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit --> [Hijack.Regedit] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1008 (c) Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 3218587648, free: 1792917504 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1008 (c) Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 3218587648, free: 1904168960 Downloaded database version: v2013.12.23.02 Downloaded database version: v2013.12.18.01 ======================================= Initializing... ------------ Kernel report ------------ 12/23/2013 10:23:36 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\drivers\imofugc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\acpi.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\NIS\1309010.00E\SYMDS.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\NIS\1309010.00E\SYMEFA.SYS \SystemRoot\System32\Drivers\PxHelp20.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\msrpc.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\timntr.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\TVALZ_O.SYS \SystemRoot\system32\DRIVERS\tos_sps32.sys \SystemRoot\system32\DRIVERS\tdrpm273.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\ecache.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\crcdisk.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\tosrfec.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\NETw4v32.sys \SystemRoot\system32\DRIVERS\yk60x86.sys \SystemRoot\system32\DRIVERS\ohci1394.sys \SystemRoot\system32\DRIVERS\1394BUS.SYS \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\o2media.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\tdcmdpst.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\QIOMem.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\SipIMNDI.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\CHDART.sys \SystemRoot\system32\DRIVERS\HSXHWAZL.sys \SystemRoot\system32\DRIVERS\HSX_DPV.sys \SystemRoot\system32\DRIVERS\HSX_CNXT.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\drivers\NIS\1309010.00E\ccSetx86.sys \SystemRoot\System32\Drivers\NIS\1309010.00E\SRTSP.SYS \SystemRoot\system32\drivers\NIS\1309010.00E\Ironx86.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\drivers\NIS\1309010.00E\SRTSPX.SYS \??\C:\Windows\system32\Drivers\SYMEVENT.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\usbscan.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131222.006\NAVEX15.SYS \SystemRoot\System32\Drivers\BrUsbSer.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131222.006\NAVENG.SYS \SystemRoot\System32\Drivers\BrSerIf.sys \SystemRoot\system32\DRIVERS\tosrfusb.sys \SystemRoot\system32\DRIVERS\tosrfbd.sys \SystemRoot\System32\Drivers\UVCFTR_S.SYS \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\Tosrfhid.sys \SystemRoot\system32\drivers\Toshidpt.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS \SystemRoot\system32\DRIVERS\smb.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20131220.001\IDSvix86.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \SystemRoot\System32\Drivers\dfsc.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\drivers\mrxdav.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\drivers\npf_devolo.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\afcdp.sys \SystemRoot\system32\DRIVERS\xaudio.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\cdfs.sys \??\C:\Program Files\T-Online\Dialerschutz-Software\DFInjDrv32.sys \??\C:\Program Files\T-Online\Dialerschutz-Software\DFSYS.SYS \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff87dcdac8 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xffffffff87915028 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff88581ac8 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-0\ Lower Device Object: 0xffffffff87371028 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff88581ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff87e06810, DeviceName: Unknown, DriverName: \Driver\tdrpman273\ DevicePointer: 0xffffffff87e036a0, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff87e037c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff87e019a8, DeviceName: Unknown, DriverName: \Driver\tdrpman273\ DevicePointer: 0xffffffff88581ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff8736c900, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff87371028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\snapman\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 22741035 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 3074048 Numsec = 246497280 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 249571328 Numsec = 238825472 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff87dcdac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff87e0d980, DeviceName: Unknown, DriverName: \Driver\tdrpman273\ DevicePointer: 0xffffffff87e007e0, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff87e0a7c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff87e08760, DeviceName: Unknown, DriverName: \Driver\tdrpman273\ DevicePointer: 0xffffffff87dcdac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff8736b348, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff87915028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\snapman\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 25D1610F Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 488396097 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_3074048_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam... Removal finished Leider tritt das Problem immer noch auf. |
23.12.2013, 12:15 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Office Word reagiert nicht mehr Ist das falsche Log, bitte die Anleitung richtig lesen Außerdem bat ich darum, die Logs in CODE-Tags zu posten Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
23.12.2013, 12:29 | #11 |
| Microsoft Office Word reagiert nicht mehrCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008 www.malwarebytes.org Database version: v2013.10.02.12 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 paugstadt :: PAUGSTADT-PC [administrator] 23.12.2013 09:39:57 mbar-log-2013-12-23 (09-39-57).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 223822 Time elapsed: 25 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Delete on reboot. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) www.malwarebytes.org Database version: v2013.12.23.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 paugstadt :: PAUGSTADT-PC [administrator] 23.12.2013 10:23:42 mbar-log-2013-12-23 (10-23-42).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 233658 Time elapsed: 20 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) /CODE] |
23.12.2013, 12:30 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Office Word reagiert nicht mehr Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
23.12.2013, 13:20 | #13 |
| Microsoft Office Word reagiert nicht mehrCode:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 23/12/2013 um 12:49:22 # Aktualisiert 23/12/2013 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzername : paugstadt - PAUGSTADT-PC # Gestartet von : C:\Users\paugstadt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\24HRMQ7O\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\NCH Software Ordner Gelöscht : C:\Program Files\NCH Software Ordner Gelöscht : C:\Users\paugstadt\AppData\Roaming\NCH Software Ordner Gelöscht : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf Ordner Gelöscht : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph Datei Gelöscht : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage Datei Gelöscht : C:\Windows\System32\Tasks\BrowserProtect ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89D150A1-AF65-4E5E-8052-7330791FFA52} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89D150A1-AF65-4E5E-8052-7330791FFA52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Schlüssel Gelöscht : HKCU\Software\NCH Software Schlüssel Gelöscht : HKLM\Software\Uniblue Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF ***** [ Browser ] ***** -\\ Internet Explorer v9.0.8112.16526 -\\ Google Chrome v [ Datei : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht : search_url Gelöscht : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [3500 octets] - [23/12/2013 12:46:18] AdwCleaner[S0].txt - [3401 octets] - [23/12/2013 12:49:22] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3461 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows Vista (TM) Home Premium x86 Ran by paugstadt on 23.12.2013 at 12:56:51,26 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23.12.2013 at 13:06:19,94 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2013 01 Ran by paugstadt (administrator) on PAUGSTADT-PC on 23-12-2013 13:08:45 Running from C:\Users\paugstadt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZYMGYZN Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (T-Systems International GmbH) C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe (Hauppauge Computer Works) C:\Program Files\WinTV\EPG Services\System\EPGService.exe (Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (O2Micro International) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (T-Systems International GmbH) C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe () C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\paugstadt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NWEReboot] - [x] HKLM\...\Run: [] - [x] HKLM\...\Run: [T-Home Dialerschutz-Software] - C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKCU\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [430080 2007-12-29] () HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.) HKCU\...\Winlogon: [Shell] Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION HKCU\...\Policies\Explorer: [NofolderOptions] 0 HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKCU\...\Policies\Explorer: [NoResolveSearch] 1 HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] () HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\paugstadt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\paugstadt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://photoservice.fujicolor.de/ips-opdata//19780615/activex/IPSUploader4.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: haufereader - No CLSID Value - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{FE1F4513-6461-4D33-8AF5-7318CDDBD895}: [NameServer]192.168.2.1 Chrome: ======= CHR HomePage: CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchProvider: Search the web (Softonic) CHR DefaultSearchURL: hxxp://www.google.com CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx ========================== Services (Whitelisted) ================= R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805024 2011-02-01] (Acronis) R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-12-28] (Acronis) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) R2 DFSVC; C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH) R2 EPGService; C:\Program Files\WinTV\EPG Services\System\EPGService.exe [436224 2008-04-09] (Hauppauge Computer Works) S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) S3 HauppaugeTVServer; C:\Program Files\WinTV\HCWTVServer.exe [815104 2008-03-31] (Hauppauge Computer Works) R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-09-02] (Nero AG) R2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-13] (Symantec Corporation) R2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation) R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys [1098968 2013-12-03] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation) R3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.) R3 DFSYS; C:\Program Files\T-Online\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation) S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.) S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.) R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20131220.001\IDSvix86.sys [394456 2013-12-12] (Symantec Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131222.020\NAVENG.SYS [93272 2013-12-19] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131222.020\NAVEX15.SYS [1612376 2013-12-19] (Symantec Corporation) R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2007-02-07] (CACE Technologies) R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA) R3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH) R1 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-04-27] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation) R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS [345208 2012-04-18] (Symantec Corporation) R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.) S3 igfx; system32\DRIVERS\igdkmd32.sys [x] S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-23 13:06 - 2013-12-23 13:06 - 00000741 _____ C:\Users\paugstadt\Desktop\JRT.txt 2013-12-23 12:45 - 2013-12-23 12:49 - 00000000 ____D C:\AdwCleaner 2013-12-23 09:39 - 2013-12-23 11:45 - 00000000 ____D C:\Users\paugstadt\Desktop\mbar 2013-12-23 09:39 - 2013-12-23 10:23 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2013-12-23 09:39 - 2013-12-23 10:22 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-12-23 09:37 - 2013-12-23 09:37 - 12582688 _____ (Malwarebytes Corp.) C:\Users\paugstadt\Downloads\mbar-1.07.0.1008.exe 2013-12-23 09:37 - 2013-12-23 09:37 - 12582688 _____ (Malwarebytes Corp.) C:\Users\paugstadt\Downloads\mbar-1.07.0.1008 (1).exe 2013-12-21 17:30 - 2013-12-21 17:30 - 00000000 ____D C:\FRST 2013-12-21 15:45 - 2013-12-21 15:45 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2013-12-19 12:43 - 2013-12-19 12:43 - 00000000 ____D C:\Windows\pss 2013-12-19 12:23 - 2013-12-19 12:53 - 00002597 _____ C:\Users\paugstadt\Desktop\Microsoft Office Word 2003.lnk 2013-12-19 12:07 - 2013-12-23 12:50 - 00729063 _____ C:\Windows\WindowsUpdate.log 2013-12-19 12:02 - 2013-12-22 17:19 - 00012122 _____ C:\Windows\PFRO.log 2013-12-19 12:02 - 2013-12-22 06:58 - 00333456 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-19 10:27 - 2013-12-21 17:27 - 00086496 _____ C:\Users\paugstadt\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-16 07:38 - 2013-12-16 07:38 - 00002044 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-11 11:50 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-11 11:50 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-11 11:50 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-11 11:50 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-11 11:50 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-11 11:50 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-11 11:50 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-12-11 11:50 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-11 11:50 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-12-11 11:50 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-12-11 11:50 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-11 11:50 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-12-11 11:50 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-11 11:50 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-12-11 11:50 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-11 11:50 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-11 07:43 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2013-12-11 07:43 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-11 07:43 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-11 07:43 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-11 07:43 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-11 07:43 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-11 07:43 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-11 07:43 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll 2013-12-11 07:43 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-11 07:43 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-11-26 08:55 - 2013-11-26 08:57 - 00023552 _____ C:\Users\paugstadt\Desktop\Mitgliederliste ISP.xls ==================== One Month Modified Files and Folders ======= 2013-12-23 13:06 - 2013-12-23 13:06 - 00000741 _____ C:\Users\paugstadt\Desktop\JRT.txt 2013-12-23 12:59 - 2013-12-19 12:07 - 00729063 _____ C:\Windows\WindowsUpdate.log 2013-12-23 12:59 - 2010-05-10 15:14 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-23 12:56 - 2013-08-26 11:05 - 00000000 ____D C:\Windows\ERUNT 2013-12-23 12:54 - 2012-01-23 09:48 - 00000000 ___RD C:\Users\paugstadt\Dropbox 2013-12-23 12:54 - 2012-01-23 09:43 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\Dropbox 2013-12-23 12:53 - 2008-09-15 16:54 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2013-12-23 12:52 - 2013-09-20 13:14 - 00000000 ____D C:\Users\paugstadt\AppData\Local\HTC MediaHub 2013-12-23 12:52 - 2012-12-28 16:01 - 00000274 _____ C:\Windows\Tasks\AbelssoftPreloader.job 2013-12-23 12:52 - 2010-05-10 15:14 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-23 12:51 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-23 12:51 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-23 12:51 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-23 12:50 - 2006-11-02 14:01 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-23 12:49 - 2013-12-23 12:45 - 00000000 ____D C:\AdwCleaner 2013-12-23 12:38 - 2012-04-30 05:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-23 11:45 - 2013-12-23 09:39 - 00000000 ____D C:\Users\paugstadt\Desktop\mbar 2013-12-23 10:23 - 2013-12-23 09:39 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2013-12-23 10:22 - 2013-12-23 09:39 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-12-23 10:11 - 2009-03-23 08:39 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\Skype 2013-12-23 10:08 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\nap 2013-12-23 09:37 - 2013-12-23 09:37 - 12582688 _____ (Malwarebytes Corp.) C:\Users\paugstadt\Downloads\mbar-1.07.0.1008.exe 2013-12-23 09:37 - 2013-12-23 09:37 - 12582688 _____ (Malwarebytes Corp.) C:\Users\paugstadt\Downloads\mbar-1.07.0.1008 (1).exe 2013-12-22 17:19 - 2013-12-19 12:02 - 00012122 _____ C:\Windows\PFRO.log 2013-12-22 08:41 - 2006-11-02 11:23 - 00000240 _____ C:\Windows\win.ini 2013-12-22 06:58 - 2013-12-19 12:02 - 00333456 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-22 06:53 - 2010-11-17 16:06 - 00000000 ____D C:\Users\paugstadt\AppData\Local\CrashDumps 2013-12-22 06:52 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-12-21 17:30 - 2013-12-21 17:30 - 00000000 ____D C:\FRST 2013-12-21 17:27 - 2013-12-19 10:27 - 00086496 _____ C:\Users\paugstadt\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-21 15:47 - 2008-08-02 09:47 - 00000821 _____ C:\Windows\ODBC.INI 2013-12-21 15:45 - 2013-12-21 15:45 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2013-12-21 15:45 - 2008-02-26 14:38 - 00000000 ____D C:\Program Files\Microsoft Office 2013-12-21 15:45 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\ShellNew 2013-12-21 15:45 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\System 2013-12-21 15:44 - 2008-02-26 14:43 - 00000000 ____D C:\Windows\PCHEALTH 2013-12-21 15:42 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system 2013-12-19 12:53 - 2013-12-19 12:23 - 00002597 _____ C:\Users\paugstadt\Desktop\Microsoft Office Word 2003.lnk 2013-12-19 12:43 - 2013-12-19 12:43 - 00000000 ____D C:\Windows\pss 2013-12-19 08:26 - 2011-01-24 15:07 - 00000432 _____ C:\Windows\BRWMARK.INI 2013-12-19 08:17 - 2012-08-23 15:38 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Microsoft Help 2013-12-19 08:17 - 2011-03-04 16:07 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\TeamViewer 2013-12-16 10:03 - 2008-01-21 08:16 - 01560216 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-16 07:38 - 2013-12-16 07:38 - 00002044 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-16 07:37 - 2008-02-15 18:04 - 00000000 ____D C:\Program Files\Google 2013-12-13 09:26 - 2009-12-15 09:01 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\U3 2013-12-12 09:47 - 2013-09-12 13:30 - 00269857 ____H C:\Users\paugstadt\Desktop\PP11Thumbs.ptn 2013-12-12 09:47 - 2013-09-12 13:30 - 00001176 ____H C:\Users\paugstadt\Desktop\maxdesk.ini2 2013-12-12 09:47 - 2013-09-12 13:30 - 00000149 ____H C:\Users\paugstadt\Desktop\PP11Thumbs.ptn2 2013-12-11 11:57 - 2013-08-14 10:08 - 00000000 ____D C:\Windows\system32\MRT 2013-12-11 11:53 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-12-11 11:36 - 2012-04-30 05:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-12-11 11:36 - 2011-05-20 16:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-12-10 09:38 - 2008-08-02 09:48 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Adobe 2013-12-07 10:12 - 2013-11-08 08:13 - 00001887 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk 2013-12-07 10:11 - 2008-08-01 19:03 - 00000000 ____D C:\Users\paugstadt 2013-12-07 10:06 - 2013-09-20 13:01 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Downloaded Installations 2013-12-06 07:22 - 2006-11-02 13:37 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-11-26 08:57 - 2013-11-26 08:55 - 00023552 _____ C:\Users\paugstadt\Desktop\Mitgliederliste ISP.xls 2013-11-24 08:14 - 2009-03-23 08:39 - 00000000 ___RD C:\Program Files\Skype 2013-11-24 08:14 - 2009-03-23 08:39 - 00000000 ____D C:\ProgramData\Skype Some content of TEMP: ==================== C:\Users\paugstadt\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-23 12:59 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2013 01 Ran by paugstadt at 2013-12-23 13:17:55 Running from C:\Users\paugstadt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\24HRMQ7O Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Internet Security Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 6.1.2) 7-Zip 9.22beta 8500A909_BasicWeb (Version: 140.0.000.000) 8500A909_Help_BasicWeb (Version: 1.00.0000) Abelssoft Backup (Version: 2.2) Acronis*True*Image*Home 2011 (Version: 14.0.6942) Activation Assistant for the 2007 Microsoft Office suites Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0) Adobe Acrobat 8 Standard - English, Français, Deutsch (Version: 8.1.5) Adobe Acrobat 8.1.5 - CPSID_49013 Adobe Acrobat 8.1.5 Standard (Version: 8.1.5) Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2) Adobe Flash Player 11 ActiveX (Version: 11.9.900.170) Adobe Flash Player 11 Plugin (Version: 11.9.900.170) Adobe GoLive 6.0 (DEU) (Version: 6.0) Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8) Adobe SVG Viewer 3.0 (Version: 3.0) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) ATI Catalyst Install Manager (Version: 3.0.657.0) Bing Bar (Version: 7.0.609.0) Bluetooth Stack for Windows by Toshiba (Version: v7.10.10(T)) BMWi-Softwarepaket 9.2 (Version: 9.2.0) Bonjour (Version: 3.0.0.10) bpd_scan (Version: 3.00.0000) BPDSoftware (Version: 140.0.000.000) BPDSoftware_Ini (Version: 1.00.0000) Brother MFL-Pro Suite (Version: 1.00) BufferChm (Version: 140.0.213.000) Camera Assistant Software for Toshiba (Version: 1.7.175.0123) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Core Implementation (Version: 2008.0130.1509.26922) Catalyst Control Center Graphics Full Existing (Version: 2008.0130.1509.26922) Catalyst Control Center Graphics Full New (Version: 2008.0130.1509.26922) Catalyst Control Center Graphics Light (Version: 2008.0130.1509.26922) Catalyst Control Center Graphics Previews Vista (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Chinese Standard (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Chinese Traditional (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Dutch (Version: 2008.0130.1509.26922) Catalyst Control Center Localization French (Version: 2008.0130.1509.26922) Catalyst Control Center Localization German (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Italian (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Japanese (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Korean (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Portuguese (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Spanish (Version: 2008.0130.1509.26922) Catalyst Control Center Localization Swedish (Version: 2008.0130.1509.26922) CCC Help Chinese Standard (Version: 2008.0130.1508.26922) CCC Help Chinese Traditional (Version: 2008.0130.1508.26922) CCC Help Dutch (Version: 2008.0130.1508.26922) CCC Help English (Version: 2008.0130.1508.26922) CCC Help French (Version: 2008.0130.1508.26922) CCC Help German (Version: 2008.0130.1508.26922) CCC Help Italian (Version: 2008.0130.1508.26922) CCC Help Japanese (Version: 2008.0130.1508.26922) CCC Help Korean (Version: 2008.0130.1508.26922) CCC Help Portuguese (Version: 2008.0130.1508.26922) CCC Help Spanish (Version: 2008.0130.1508.26922) CCC Help Swedish (Version: 2008.0130.1508.26922) ccc-core-static (Version: 2008.0130.1509.26922) ccc-utility (Version: 2008.0130.1509.26922) CD/DVD Drive Acoustic Silencer (Version: 2.02.00) CDBurnerXP (Version: 4.5.1.4003) Citrix XenApp Web Plugin (Version: 11.0.0.5357) Cockpit (Version: 1.0.168) Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000) Conexant HD Audio (Version: 4.36.6.0) Crystal Reports for .NET Framework 2.0 (x86) (Version: 10.2.0) Desktop SMS (Version: 1.2.0) devolo dLAN Wireless extender Konfiguration (Version: 1.0.0.0) devolo dLAN-Konfigurationsassistent (Version: 14.0.0.0) devolo EasyShare (Version: 4.0.0.0) devolo Informer (Version: 22.0.0.0) Dropbox (HKCU Version: 2.0.26) DVD MovieFactory for TOSHIBA (Version: 5.51) ElsterFormular (Version: 14.4.12044) eReg (Version: 1.20.138.34) erLT (Version: 1.20.0137) Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (Version: 2.0.0.1) Free YouTube Downloader Converter Google Earth (Version: 7.1.2.2041) Google Toolbar for Internet Explorer (Version: 4.0.0.002) Google Update Helper (Version: 1.3.22.3) Haufe iDesk-Browser (Version: 10.10.14.0000) Haufe iDesk-Browser (Version: 8.07.16.5590) Haufe iDesk-Service (Version: 11.07.19.8023) Hauppauge German Help Files and Resources Hauppauge WinTV Hauppauge WinTV DVB-T EPG Service Hauppauge WinTV Infrared Remote Hauppauge WinTV Scheduler Hauppauge WinTV TV Services HDMI Control Manager (Version: 1.6) HP Officejet Pro 8500 A909 Series (Version: 14.0) HTC Driver Installer (Version: 4.10.0.001) HTC Sync Manager (Version: 2.4.11.0) Huawei modem Intel® Matrix Storage Manager InterVideo FilterSDK for Hauppauge IPTInstaller (Version: 4.0.8) iTunes (Version: 11.0.2.26) Java Auto Updater (Version: 2.1.9.5) Katechismus 1.0 (Version: 1.0) Lexware Info Service (Version: 2.90.00.0009) Logitech SetPoint 6.20 (Version: 6.20.64) MAGIX Digital Foto Maker SE 4.1.0.835 (D) (Version: 4.1.0.835) MAGIX Foto Suite 1.12.0.89 (D) (Version: 1.12.0.89) MAGIX Online Druck Service 2.3.2.0 (D) (Version: 2.3.2.0) Marvell Miniport Driver (Version: 10.51.4.3) Mein CEWE FOTOBUCH (Version: 5.0.1) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Default Manager (Version: 2.2.114.0) Microsoft Office 2003 Web Components (Version: 11.0.8173.0) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0) Microsoft Office XP Web Components (Version: 11.0.8173.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual J# 2.0 Redistributable Package Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727) Microsoft Works (Version: 9.7.0621) Microsoft XML Parser (Version: 8.0.7820.0) Microsoft XML Parser (Version: 8.20.8730.4) Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1) Microsoft_VC100_CRT_x86 (Version: 1.0.0) MSVC80_x86_v2 (Version: 1.0.3.0) MSVC90_x86 (Version: 1.0.1.2) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) myphotobook 3.5 (Version: 3.5) NetWaiting (Version: 2.5.52) Network (Version: 140.0.215.000) Nokia Connectivity Cable Driver (Version: 7.1.92.0) Nokia Map Loader (Version: 3.0.28) Nokia PC Suite (Version: 7.1.62.1) Nokia Software Updater (Version: 02.04.006.41579) Nokia_Multimedia_Common_Components_2_5 (Version: 2.6.86) Norton Internet Security (Version: 19.9.1.14) O2Micro Flash Memory Card Reader Driver (x86) (Version: 3.19.1) Online Foto Print System ( OFPS - 1NIGHTPRINT.de ) PaperPort Image Printer (Version: 1.00.0000) PC Connectivity Solution (Version: 12.0.48.0) PC-Kaufmann Startpaket 2013 PDF Architect (Version: 1.0.52.8917) PDFCreator (Version: 1.6.2) pdfforge Toolbar v6.7 (Version: 6.7) <==== ATTENTION Prism Video Converter QuickSteuer 2008 (Version: 14.00) QuickSteuer 2009 (Version: 15.00.00.0034) QuickSteuer 2010 (Version: 16.14.00.0002) QuickSteuer 2011 (Version: 17.08.00.0006) QuickSteuer 2012 (Version: 18.09.00.0003) QuickSteuer 2013 (Version: 19.06.00.0003) QuickSteuer Wissens-Center 2008 (Version: 14.0.0.0) QuickSteuer Wissens-Center 2009 (Version: 15.0.1.0) QuickSteuer Wissens-Center 2011 (Version: 17.10.0.0) QuickSteuer Wissens-Center 2012 (Version: 18.1.0.0) QuickTime (Version: 7.73.80.64) Rossmann Fotowelt Software 4.9 (Version: 4.9) Sage BankCom (Version: 2.00.0000) Sage HBCI-Kontaktverwaltung (Version: 3.0) Sage SAIP (Version: 1.0.1.115) Sagede.Shared.Elster.Setup (Version: 1.0.0.0.21) Sagede.Shared.Elster.Setup (Version: 1.0.0.0.7) Scan (Version: 140.0.167.000) ScanSoft PaperPort 11 (Version: 11.1.0000) Servicepack Datumsaktualisierung (Version: 1.00.00.0005) Skins (Version: 2008.0130.1509.26922) Skype Click to Call (Version: 5.9.9216) Skype™ 6.10 (Version: 6.10.104) Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0) Steuer Update 14.01 (Version: 14.01) Steuer Update 15.09 (Version: 15.09) Synaptics Pointing Device Driver (Version: 10.1.7.0) TeamViewer 8 (Version: 8.0.17396) T-Home Dialerschutz-Software T-Mobile web'n'walk Manager (Version: 3.1.0) Toolbox (Version: 140.0.428.000) TOSHIBA Assist (Version: 2.01.04) TOSHIBA Benutzerhandbücher (Version: 7.33) TOSHIBA ConfigFree (Version: 7.1.26) TOSHIBA Disc Creator (Version: 2.0.1.1.a) TOSHIBA DVD PLAYER (Version: 1.20.10) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00) TOSHIBA Face Recognition (Version: 1.0.3.32) TOSHIBA Hardware Setup (Version: 3.00.01.00) Toshiba Online Product Information (Version: 1.00.0012) TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b) TOSHIBA SD Memory Utilities (Version: 1.8.1.1) TOSHIBA Supervisor Password (Version: 3.00.01.00) TOSHIBA Value Added Package (Version: 1.1.14) TRDCReminder (Version: 1.00.0014) TRORDCLauncher (Version: 1.0.0.1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3) VR-NetWorld VTPlus32 für WinTV (German) WashAndGo (Version: 17.7) WebReg (Version: 140.0.213.017) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) Windows Media Encoder 9-Reihe Windows Media Encoder 9-Reihe (Version: 9.00.3374) Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0) Yahoo! Detect ==================== Restore Points ========================= 20-12-2013 16:31:19 Geplanter Prüfpunkt 21-12-2013 14:43:23 Microsoft Office Standard Edition 2003 wird installiert 21-12-2013 19:16:01 Windows Update 22-12-2013 05:49:01 Windows Update 22-12-2013 07:31:12 Windows Update 23-12-2013 09:05:56 Malwarebytes Anti-Rootkit Restore Point ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {59B0987D-014F-4348-98E0-7C5D861C145C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5BD3EE58-CBCE-4C75-BF27-133ECD32EA8B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10] (Google Inc.) Task: {72FD39B2-AA09-49F6-BF14-4A4200D17533} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10] (Google Inc.) Task: {93C05B86-2EE7-4ED3-AD71-48BC1DBAA46E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\symerr.exe [2012-02-04] (Symantec Corporation) Task: {A0645FC6-7F3B-4C40-BF18-708FD5BEB81C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) Task: {BA5CF01C-7796-49A1-B960-C3CB0D2E951F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\symerr.exe [2012-02-04] (Symantec Corporation) Task: {C902A018-F213-41B9-B162-A476EB57CED0} - System32\Tasks\AbelssoftPreloader => C:\Program Files\WashAndGo\AbelssoftPreloader.exe [2012-10-05] (Microsoft) Task: {D5062C16-82CD-4B51-9C64-1399F7D66632} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\wscstub.exe [2013-02-02] (Symantec Corporation) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] () Task: C:\Windows\Tasks\AbelssoftPreloader.job => C:\Program Files\WashAndGo\AbelssoftPreloader.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2008-02-15 17:22 - 2008-01-30 15:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll 2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\paugstadt\AppData\Roaming\Dropbox\bin\libcef.dll 2009-08-05 10:45 - 2009-08-05 10:45 - 00106312 _____ () C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (3).doc:DocumentSummaryInformation AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (3).doc:SummaryInformation AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (3).doc:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (4).doc:DocumentSummaryInformation AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (4).doc:SummaryInformation AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (4).doc:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Microsoft-6zu4-Adapter #7 Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft-6zu4-Adapter #9 Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft-6zu4-Adapter #13 Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Bluetooth RFCOMM Description: Bluetooth RFCOMM Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94} Manufacturer: TOSHIBA Service: tosrfcom Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet Pro 8500 A909g Description: Officejet Pro 8500 A909g Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-12-23 13:17:36.839 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-23 13:17:36.495 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-23 13:17:36.163 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-23 13:17:35.829 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-23 13:17:35.522 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-23 13:17:35.219 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-23 13:17:34.875 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-23 13:17:34.572 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-23 13:17:34.250 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-23 13:17:33.891 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 48% Total physical RAM: 3069.48 MB Available physical RAM: 1584.65 MB Total Pagefile: 6345.18 MB Available Pagefile: 4695.36 MB Total Virtual: 2047.88 MB Available Virtual: 1917.88 MB ==================== Drives ================================ Drive c: (Vista) (Fixed) (Total:117.54 GB) (Free:15.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:232.89 GB) (Free:232.66 GB) NTFS Drive f: (Data) (Fixed) (Total:113.88 GB) (Free:108.71 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 22741035) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=118 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=114 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 233 GB) (Disk ID: 25D1610F) Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
23.12.2013, 14:19 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Office Word reagiert nicht mehr Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Winlogon: [Shell] Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
23.12.2013, 14:45 | #15 |
| Microsoft Office Word reagiert nicht mehrCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-12-2013 01 Ran by paugstadt at 2013-12-23 14:44:03 Run:1 Running from C:\Users\paugstadt\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\...\Winlogon: [Shell] Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION ***************** HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. ==== End of Fixlog ==== |
Themen zu Microsoft Office Word reagiert nicht mehr |
betriebssystem, folge, folgendes, gelöscht, guten, hängt, immer wieder, installier, komplett, kurzer, microsoft, microsoft office, microsoft office 2003, nachricht, neu, nicht mehr, office, outlook, plötzlich, reagiert, reagiert nicht, reagiert nicht mehr, tagen, taucht |