Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU Tronjaner hat auch mich erwischt (https://www.trojaner-board.de/140685-gvu-tronjaner-hat-mich-erwischt.html)

timo_se 29.08.2013 19:21
GVU Tronjaner hat auch mich erwischt
 
Hallo liebe Helfer,

auch mich hat es heute eiskalt erwischt und ich habe bereits einige Stunden alles mögliche was zu googlen war ausprobiert...ohne Erfolg.

Ich habe demnach nach Anleitung hier im Forum den FRST Scan durchlaufen lassen und poste es hier:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by SYSTEM on 29-08-2013 20:10:55
Running from H:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13531680 2008-07-17] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-17] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [FIC HotKey] - C:\Program Files\Hotkey Utility\tray.exe [520192 2008-06-05] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-20] (Intel Corporation)
HKLM\...\Run: [PowerManager] - C:\Program Files\Power Manager\PM.exe [1675264 2008-05-22] ()
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [26704 2007-04-11] ()
HKLM\...\Run: [lxdomon.exe] - C:\Program Files\Lexmark 9500 Series\lxdomon.exe [450560 2007-09-06] ()
HKLM\...\Run: [lxdoamon] - C:\Program Files\Lexmark 9500 Series\lxdoamon.exe [20480 2007-08-09] ()
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-02-18] (RealNetworks, Inc.)
HKLM\...\Run: [TrayServer] - C:\Program Files\MAGIX\Video_deluxe_17_Plus_Sonderedition_Download-Version\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2629632 2011-05-18] (Brother Industries, Ltd.)
HKLM\...\Run: [iTunesHelper] - D:\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKU\Timo Tischler\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2009-07-13] (Microsoft Corporation)
HKU\Timo Tischler\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [ 2009-05-05] (Acresso Corporation)
HKU\Timo Tischler\...\Run: [GoogleChromeAutoLaunch_02FD4696E8D584CA28380A4E066BEED4] - C:\Program Files\Google\Chrome\Application\chrome.exe [ 2013-08-15] (Google Inc.)
HKU\Timo Tischler\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-04-19] (Skype Technologies S.A.)
HKU\Timo Tischler\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
BootExecute: autocheck autochk * auto_reactivate \\?\Volume{8b33aa80-978c-11de-a815-806e6f6e6963}\bootwiz\asrm.bin

========================== Services (Whitelisted) =================

S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [661072 2009-11-11] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-02-08] (Acronis)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-24] (Brother Industries, Ltd.)
S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S4 FSCLBaseUpdaterService; C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [65536 2007-06-04] ()
S2 lmab_device; C:\Windows\system32\LMabcoms.exe [593920 2009-09-06] ( )
S4 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2008-06-01] (Logitech Inc.)
S4 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2008-06-01] (Logitech Inc.)
S2 lxdoCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdoserv.exe [94208 2007-07-17] (Lexmark International, Inc.)
S2 lxdo_device; C:\Windows\system32\lxdocoms.exe [589824 2007-09-20] ( )
S2 N360; C:\Program Files\Norton 360\Engine\6.4.1.14\diMaster.dll [309688 2012-04-12] (Symantec Corporation)
S2 NMSAccessU; D:\Programme\CDBurnerXP\NMSAccessU.exe [71096 2009-07-13] ()
S4 O&O DriveLED; C:\Program Files\OO Software\DriveLED\oodlag.exe [529664 2009-09-28] (O&O Software GmbH)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-12-11] ()
S2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [139264 2011-04-11] (Oki Data Corporation)
S2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
S4 TestHandler; C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)

==================== Drivers (Whitelisted) ====================

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation)
S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-26] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2013-08-29] ()
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2008-06-01] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2008-06-01] (Logitech Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2008-06-01] ()
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-05-09] (MBB Incorporated)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130829.002\NAVENG.SYS [93272 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130829.002\NAVEX15.SYS [1612376 2013-08-28] (Symantec Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
S0 OODrvled; C:\Windows\System32\DRIVERS\OODrvled.sys [25608 2009-09-28] (O&O Software GmbH)
S3 SRTSP; C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation)
S2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2011-03-17] (Samsung Electronics)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
S0 SymDS; C:\Windows\System32\drivers\N360\0604010.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360\0604010.00E\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2013-07-23] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [149624 2011-11-16] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360\0604010.00E\SYMNETS.SYS [318584 2011-11-16] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-11] (The OpenVPN Project)
S0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2010-02-08] (Acronis)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [42368 2008-09-28] (Todos Data System AB)
S1 WINIO; C:\Windows\system32\WinIo.sys [9336 2007-01-04] (hxxp://www.internals.com)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [116736 2011-05-09] (ZTE Corporation)
S2 adfs; No ImagePath
S1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130823.001\IDSvix86.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\afcdp.sys EF1AFA9752E468013584585666A3B119
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\ahcix86s.sys FBE4016F9EF3AB3DB547E40A936B6CD9
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Apfiltr.sys 2C29855AB6E1E476D026C8FC189F8B98
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130715.001\BHDrvx86.sys 6C6AC7CA8A034C15C52B35189BAD58EE
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys ACE85AF1C31F68BDFEE9333F6592917E
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys DB5E008B3744DD60C8498CBBF2A1CFA6
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys 33E7AB50F87F97ABD9057205E27CB182
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\e1y6032.sys 8EEF52AD831471E323EE7364A8656D35
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys E1E3804F7C59EA3E14637C2A763F65E2
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 2407B8164E966755BC6A4242FC9DE31E
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 500A9814FD9446A8126858A5A7F7D273
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hitmanpro37.sys CE77439BAF613019D6B7658292D1E4A6
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys E5A0034847537EAEE3C00349D5C34C5F
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd32.sys 6FB1858D1F0923D122B0331865695041
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 219CA9A36D6DE2EC04F958C907673436
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\jraid.sys C36F3A1A4E8416EF43F30DEAB7701730
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 52FC17C8589F11747D01D3CF592673D0
C:\Windows\System32\Drivers\ksecpkg.sys 3E5474B03568CFAB834DA3C38E8C9EFA
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LVcKap.sys EDD5BDA3483A981C704E7413B69BEE89
C:\Windows\System32\DRIVERS\LVMVDrv.sys 97F5D626CFF8186C8F753AC2A5012798
C:\Windows\System32\DRIVERS\LVPr2Mon.sys C3C347951ED7C3600B5120DA740C2B93
C:\Windows\System32\DRIVERS\lvuvc.sys D19FD251D383BC203E34CFB63B8C10AC
C:\Windows\System32\drivers\massfilter.sys 79EC6C0033776F89DD5131241F0170E1
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130829.002\NAVENG.SYS 81E928EE3751FAF725C87CC17726C05D
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130829.002\NAVEX15.SYS E0C39FA6C76AE8ED53ABF043F35ECDFF
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v32.sys 58218EC6B61B1169CF54AAB0D00F5FE2
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmb.sys 28E36E677849174C910FAAEAD3E60E9E
C:\Windows\System32\drivers\ccdcmbo.sys 3823DEB17F9F6775DE0187A98FA0536D
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NuidFltr.sys CF7E041663119E09D2E118521ADA9300
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 1DBD6DF4B2D729D533CF8D4BD05D3F17
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\OODrvled.sys 911B1F6512D954EDF468D536790465CF
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 66D3415C159741ADE7038A277EFFF99F
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pccsmcfd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys C5B8D47A4688DE9D335204EA757C2240
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTSTOR.SYS 4F31CFDEBD0A5BC27D45E7EBFEFAAF6F
C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys 4F1E5B0FE7C8050668DBFADE8999AEFB
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys 5BCEB1B306878035DACBA6DD18366EDA
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS 7BB297CADA42903328E92425D9761DA6
C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS 475FCF0F28D845BF1C8ABAC27F19003E
C:\Windows\System32\DRIVERS\srv.sys C4A027B8C0BD3FC0699F41FA5E9E0C87
C:\Windows\System32\DRIVERS\srv2.sys 414BB592CAD8A79649D01F9D94318FB3
C:\Windows\System32\DRIVERS\srvnet.sys FF207D67700AA18242AAF985D3E7D8F4
C:\Windows\system32\Drivers\SSPORT.sys EF3458337D7341A05169CEFC73709264
C:\Windows\System32\Drivers\StarOpen.sys F92254B0BCFCD10CAAC7BCCC7CB7F467
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys EDB05BD63148796F23EA78506404A538
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\N360\0604010.00E\SYMDS.SYS 690FA0E61B90084C4D9A721BD4F3D779
C:\Windows\System32\drivers\N360\0604010.00E\SYMEFA.SYS 8F88EDB211B12537D2DC2A6D73D6067C
C:\Windows\system32\Drivers\SYMEVENT.SYS 74E2521E96176A4449570E50BE91954D
C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS 2C356CCA706505CF63CBE39D532B9236
C:\Windows\System32\Drivers\N360\0604010.00E\SYMNETS.SYS 3EE215D6FE821E3EDF0F7134D9AE905A
C:\Windows\System32\DRIVERS\tap0901.sys 5C7C939BBD03784FE58C80578D065CC9
C:\Windows\System32\drivers\tcpip.sys 55E9965552741F3850CB22CBBA9671ED
C:\Windows\System32\DRIVERS\tcpip.sys 55E9965552741F3850CB22CBBA9671ED
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\DRIVERS\tdrpm258.sys 8DE3E45000BA8C9EBB16737D3F83E216
C:\Windows\System32\DRIVERS\shbecr.sys 4A766448821359DF6A0427A91782385A
C:\Windows\System32\drivers\tdtcp.sys 7156308896D34EA75A582F9A09E50C17
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5
C:\Windows\System32\DRIVERS\tosrfbd.sys 4AC571026155442678E3A0B564A374B1
C:\Windows\System32\Drivers\tosrfbnp.sys 181E217A7A326817D97946D045B3CB46
C:\Windows\System32\Drivers\tosrfcom.sys E90ACE3B4FA7A85F992BC21EB779C407
C:\Windows\System32\DRIVERS\Tosrfhid.sys D3F87C46C7C9E5DB99FBD3D17121B891
C:\Windows\System32\DRIVERS\tosrfnds.sys C52FD27B9ADF3A1F22CB90E6BCF9B0CB
C:\Windows\System32\DRIVERS\tosrfusb.sys 98C04A6432CE9C2AD328F57B9384D348
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerflt.sys B1B8BEE26227DAD9835019201552CB05
C:\Windows\System32\Drivers\usbaapl.sys 73B41F4EAD65F355962168D766AF0F2E
C:\Windows\System32\DRIVERS\usbccgp.sys C31AE588E403042632DC796CF09E30B0
C:\Windows\System32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys E4C436D914768CE965D5E659BA7EEBD8
C:\Windows\System32\DRIVERS\usbhub.sys BDCD7156EC37448F08633FD899823620
C:\Windows\system32\drivers\usbohci.sys EB2D819A639015253C871CDA09D91D58
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\drivers\usbser.sys 88701ECA76145E2C011C0EEFF0F7B70E
C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys 98E1FF1D732C6C7200B6C59D4FF8C1C3
C:\Windows\System32\DRIVERS\USBSTOR.SYS 1C4287739A93594E57E2A9E6A3ED7353
C:\Windows\system32\drivers\usbuhci.sys 22480BF4E5A09192E5E30BA4DDE79FA4
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys 58DF9D2481A56EDDE167E51B334D44FD
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\WinIo.sys 819C68FF6C4C63886D636FFB2DABF5EF
C:\Windows\System32\DRIVERS\WinUsb.sys 30FC6E5448D0CBAAA95280EEEF7FEDAE
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E
C:\Windows\System32\DRIVERS\WUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252
C:\Windows\System32\DRIVERS\ZTEusbnet.sys 48B9F83939F56622FAB71B526D28D89F
C:\Windows\System32\DRIVERS\ZTEusbnmea.sys F6520E06C15DEA5AB7BB016309FE4BB3
C:\Windows\System32\DRIVERS\ZTEusbser6k.sys F6520E06C15DEA5AB7BB016309FE4BB3

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 16:21 - 2013-08-29 16:21 - 00000000 __SHD C:\found.004
2013-08-29 09:08 - 2013-08-29 09:08 - 00003288 ____N C:\bootsqm.dat
2013-08-29 09:06 - 2013-08-29 09:06 - 00000000 __SHD C:\found.005
2013-08-29 08:30 - 2013-08-29 08:30 - 00001048 _____ C:\Windows\System32\.crusader
2013-08-29 08:25 - 2013-08-29 08:37 - 00030976 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2013-08-29 08:24 - 2013-08-29 08:31 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 06:23 - 2013-08-29 06:23 - 01084764 _____ C:\Users\Timo Tischler\AppData\Local\2433f433
2013-08-29 05:36 - 2013-08-29 06:23 - 01084698 _____ C:\ProgramData\2433f433
2013-08-29 05:36 - 2013-08-29 06:23 - 01084696 _____ C:\Users\Timo Tischler\AppData\Roaming\2433f433
2013-08-29 03:44 - 2013-08-29 03:44 - 00010083 _____ C:\Users\Timo Tischler\Desktop\Mappe1.xlsx
2013-08-26 09:13 - 2013-08-26 09:13 - 00081650 _____ C:\Users\Timo Tischler\Desktop\Preordersheet_EUR_SS14.xlsx
2013-08-25 03:12 - 2013-08-25 03:12 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\Okidata
2013-08-25 02:44 - 2013-08-25 02:44 - 00009203 _____ C:\Users\Timo Tischler\Desktop\Überweisungen.xlsx
2013-08-21 05:01 - 2013-08-21 05:01 - 00167547 _____ C:\Users\Timo Tischler\Desktop\Kopie von am 27 8 .xlsx
2013-08-21 00:13 - 2013-08-21 00:13 - 00265582 _____ C:\Users\Timo Tischler\Desktop\am 27 8 .xlsx
2013-08-18 10:32 - 2013-08-18 10:32 - 00051294 _____ C:\Users\Timo Tischler\Desktop\Lundhags Preorder 2014.xlsx
2013-08-17 03:35 - 2013-05-15 07:22 - 00354242 _____ C:\Users\Timo Tischler\Desktop\LOGO1.ai
2013-08-17 02:15 - 2013-08-17 02:15 - 00000000 ____D C:\Users\Timo Tischler\Downloads\Exigus_20130817121055
2013-08-17 02:11 - 2013-08-17 02:11 - 07224929 _____ C:\Users\Timo Tischler\Downloads\Exigus_20130817121055.zip
2013-08-02 08:41 - 2013-08-02 08:41 - 00001991 _____ C:\Users\Public\Desktop\MF60 Mobile Hotspot.lnk
2013-08-02 08:41 - 2011-05-09 23:26 - 00116736 _____ (ZTE Corporation) C:\Windows\System32\Drivers\ZTEusbnet.sys
2013-08-02 08:41 - 2011-05-09 23:26 - 00107776 _____ (ZTE Incorporated) C:\Windows\System32\Drivers\ZTEusbser6k.sys
2013-08-02 08:41 - 2011-05-09 23:26 - 00107776 _____ (ZTE Incorporated) C:\Windows\System32\Drivers\ZTEusbnmea.sys
2013-08-02 08:41 - 2011-05-09 23:26 - 00107776 _____ (ZTE Incorporated) C:\Windows\System32\Drivers\ZTEusbmdm6k.sys
2013-08-02 08:41 - 2011-05-09 23:26 - 00009216 _____ (MBB Incorporated) C:\Windows\System32\Drivers\massfilter.sys
2013-08-02 08:40 - 2013-08-02 08:41 - 00000000 ____D C:\Program Files\SupportAppCB
2013-08-02 08:40 - 2013-08-02 08:40 - 00000000 ____D C:\Program Files\MF60 Mobile Hotspot

==================== One Month Modified Files and Folders =======

2013-08-29 16:21 - 2013-08-29 16:21 - 00000000 __SHD C:\found.004
2013-08-29 09:51 - 2010-02-09 03:49 - 00028599 _____ C:\ProgramData\nvModes.dat
2013-08-29 09:49 - 2010-02-09 02:52 - 00015104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 09:49 - 2010-02-09 02:52 - 00015104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 09:42 - 2009-07-13 20:39 - 24839886 _____ C:\Windows\setupact.log
2013-08-29 09:08 - 2013-08-29 09:08 - 00003288 ____N C:\bootsqm.dat
2013-08-29 09:06 - 2013-08-29 09:06 - 00000000 __SHD C:\found.005
2013-08-29 08:37 - 2013-08-29 08:25 - 00030976 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2013-08-29 08:35 - 2010-02-09 03:58 - 00169871 _____ C:\ProgramData\nvModes.001
2013-08-29 08:31 - 2013-08-29 08:24 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 08:30 - 2013-08-29 08:30 - 00001048 _____ C:\Windows\System32\.crusader
2013-08-29 06:23 - 2013-08-29 06:23 - 01084764 _____ C:\Users\Timo Tischler\AppData\Local\2433f433
2013-08-29 06:23 - 2013-08-29 05:36 - 01084698 _____ C:\ProgramData\2433f433
2013-08-29 06:23 - 2013-08-29 05:36 - 01084696 _____ C:\Users\Timo Tischler\AppData\Roaming\2433f433
2013-08-29 05:33 - 2010-05-30 10:54 - 00000000 ____D C:\Users\Timo Tischler\AppData\Local\CrashDumps
2013-08-29 03:44 - 2013-08-29 03:44 - 00010083 _____ C:\Users\Timo Tischler\Desktop\Mappe1.xlsx
2013-08-28 03:09 - 2013-06-07 07:05 - 00000000 ____D C:\Users\Timo Tischler\Desktop\ZWISCHENABLAGE AKTUELL
2013-08-26 21:41 - 2013-05-15 19:51 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\Skype
2013-08-26 21:35 - 2010-02-09 03:31 - 01782982 _____ C:\Windows\PFRO.log
2013-08-26 11:26 - 2013-07-27 09:31 - 00016073 _____ C:\Users\Timo Tischler\Desktop\Lundhags Order.xlsx
2013-08-26 09:13 - 2013-08-26 09:13 - 00081650 _____ C:\Users\Timo Tischler\Desktop\Preordersheet_EUR_SS14.xlsx
2013-08-25 03:12 - 2013-08-25 03:12 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\Okidata
2013-08-25 02:44 - 2013-08-25 02:44 - 00009203 _____ C:\Users\Timo Tischler\Desktop\Überweisungen.xlsx
2013-08-24 04:52 - 2013-07-25 06:41 - 00010161 _____ C:\Users\Timo Tischler\Desktop\VERKAUF.xlsx
2013-08-24 04:26 - 2010-02-09 03:43 - 01111721 _____ C:\Windows\WindowsUpdate.log
2013-08-22 23:50 - 2009-09-14 21:46 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\UseNeXT
2013-08-21 05:01 - 2013-08-21 05:01 - 00167547 _____ C:\Users\Timo Tischler\Desktop\Kopie von am 27 8 .xlsx
2013-08-21 00:13 - 2013-08-21 00:13 - 00265582 _____ C:\Users\Timo Tischler\Desktop\am 27 8 .xlsx
2013-08-18 11:03 - 2010-03-26 08:54 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\vlc
2013-08-18 10:32 - 2013-08-18 10:32 - 00051294 _____ C:\Users\Timo Tischler\Desktop\Lundhags Preorder 2014.xlsx
2013-08-18 08:03 - 2009-07-13 20:33 - 03291984 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-17 11:22 - 2010-03-31 05:15 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\dvdcss
2013-08-17 03:37 - 2010-02-09 03:50 - 00233696 _____ C:\Users\Timo Tischler\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-17 02:15 - 2013-08-17 02:15 - 00000000 ____D C:\Users\Timo Tischler\Downloads\Exigus_20130817121055
2013-08-17 02:11 - 2013-08-17 02:11 - 07224929 _____ C:\Users\Timo Tischler\Downloads\Exigus_20130817121055.zip
2013-08-15 06:26 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2013-08-10 02:05 - 2013-07-22 05:08 - 00000000 ____D C:\Users\Timo Tischler\Desktop\Ausrüstungsverkauf
2013-08-10 01:25 - 2013-05-22 12:27 - 00000000 ____D C:\Users\Timo Tischler\Desktop\XXXXXXCHANGE FLYERWERKSTATT LAPPLAND
2013-08-02 08:41 - 2013-08-02 08:41 - 00001991 _____ C:\Users\Public\Desktop\MF60 Mobile Hotspot.lnk
2013-08-02 08:41 - 2013-08-02 08:40 - 00000000 ____D C:\Program Files\SupportAppCB
2013-08-02 08:40 - 2013-08-02 08:40 - 00000000 ____D C:\Program Files\MF60 Mobile Hotspot
2013-08-02 08:40 - 2009-09-02 00:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

ZeroAccess:
C:\Windows\Installer\{630d094a-5ad6-4afb-b11c-d421014a516d}
C:\Windows\Installer\{630d094a-5ad6-4afb-b11c-d421014a516d}\@

ZeroAccess:
C:\Users\Timo Tischler\AppData\Local\{630d094a-5ad6-4afb-b11c-d421014a516d}
C:\Users\Timo Tischler\AppData\Local\{630d094a-5ad6-4afb-b11c-d421014a516d}\@

Files to move or delete:
====================
C:\ProgramData\nvModes.dat
C:\Users\Timo Tischler\AppData\Roaming\skype.ini
C:\Users\Timo Tischler\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Timo Tischler\AppData\Local\Temp\lfnvkjwtlsbwfyshq.dll
C:\Users\Timo Tischler\AppData\Local\Temp\_isC909.exe
C:\Users\Timo Tischler\AppData\Local\Temp\_isE257.exe
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\PcfaxTx\pcfxcom.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\NetScn\SysDir\BrMuSNMP.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\NetScn\SysDir\BrNetSti.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\NetScn\SysDir\Brnsplg.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\NetScn\SysDir\BrWiaNCp.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\NetScn\SysDir\NSSearch.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\brlm03a.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\BrMonitor.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrFirmUpdateCheck.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrotherNetTool.exe
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrotherOfflineChk.exe
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrotherUSBTool.exe
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrStMonW.exe
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrStMonWRes.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBAru.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBBul.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBChn.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBCht.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBCze.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBDan.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBDut.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBEng.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBFin.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBFrc.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBFre.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBGer.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBHun.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBIta.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBJpn.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBKor.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBNor.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBPol.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBPor.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBPtb.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBRom.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBRus.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBSpa.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBSvk.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBSwe.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBTrk.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBUsa.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\PCFAX\BRLFX05C.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\PCFAX\BROFX05C.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\PCFAX\BRUFX05C.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\Drivers\DPInst.exe
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\Drivers\dpinst2k.exe
C:\Users\Timo Tischler\AppData\Local\Temp\{D4FE75C4-EAE1-4A55-B8A5-02B385625628}\ISSetup.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{D4FE75C4-EAE1-4A55-B8A5-02B385625628}\_Setup.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{42BF6071-8D11-45A9-B17D-2C1684C33DC5}\ISSetup.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{42BF6071-8D11-45A9-B17D-2C1684C33DC5}\_Setup.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\D3DCompiler_43.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\Opera-12.16-1860.i386.autoupdate.exe
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\opera.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\opera.exe
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\OperaUpgrader.exe
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\updatechecker\opera_autoupdate.exe
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\mapi\OperaMAPI.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\gstreamer.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstaudioconvert.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstaudioresample.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstautodetect.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstcoreplugins.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstdecodebin2.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstdirectsound.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstffmpegcolorspace.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstoggdec.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwaveform.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwavparse.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwebmdec.dll

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description            Windows Boot Manager
locale                  de-DE
inherit                {globalsettings}
default                {default}
resumeobject            {ab2ccf87-6874-11dd-816a-ca656e8d5a34}
displayorder            {default}
toolsdisplayorder      {memdiag}
timeout                30

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\048a3594-1571-11df-8e04-00140b6424fe\Winre.wim,{048a3595-1571-11df-8e04-00140b6424fe}
path                    \windows\system32\winload.exe
description            Windows Recovery Environment
inherit                {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\048a3594-1571-11df-8e04-00140b6424fe\Winre.wim,{048a3595-1571-11df-8e04-00140b6424fe}
systemroot              \windows
nx                      OptIn
winpe                  Yes

Windows Boot Loader
-------------------
identifier              {572bcd56-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[E:]\sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path                    \windows\system32\boot\winload.exe
description            Windows Recovery Environment
osdevice                ramdisk=[E:]\sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot              \windows
nx                      OptIn
detecthal              Yes
winpe                  Yes

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description            Windows 7
locale                  de-DE
inherit                {bootloadersettings}
recoverysequence        {current}
recoveryenabled        Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {ab2ccf87-6874-11dd-816a-ca656e8d5a34}
nx                      OptIn

Resume from Hibernate
---------------------
identifier              {ab2ccf87-6874-11dd-816a-ca656e8d5a34}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description            Windows Resume Application
locale                  de-DE
inherit                {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                    Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description            Windows-Speicherdiagnose
locale                  de-DE
inherit                {globalsettings}
badmemoryaccess        Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description            Frhere Windows-Version

EMS Settings
------------
identifier              {emssettings}
bootems                Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype              Serial
debugport              1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                {globalsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype    Serial
hypervisordebugport    1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                {globalsettings}

Device options
--------------
identifier              {048a3595-1571-11df-8e04-00140b6424fe}
description            Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\048a3594-1571-11df-8e04-00140b6424fe\boot.sdi

Device options
--------------
identifier              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description            Ramdisk Device Options
ramdisksdidevice        partition=E:
ramdisksdipath          \boot\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 4056.81 MB
Available physical RAM: 3552.89 MB
Total Pagefile: 4055.09 MB
Available Pagefile: 3554.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.3 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:92.21 GB) (Free:14.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:364.76 GB) (Free:263.57 GB) NTFS
Drive e: (WinRE) (Fixed) (Total:8.79 GB) (Free:3.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (HITMANPRO) (Removable) (Total:0.96 GB) (Free:0.94 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 8A879E46)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=92 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 990 MB) (Disk ID: C07F3511)
Partition 1: (Active) - (Size=988 MB) - (Type=0B)


LastRegBack: 2013-08-21 15:56

==================== End Of Log ============================
--- --- ---



Schon einmal vielen lieben und herzlichen Dank im Voraus.

Viele Grüße TIMO

cosinus 29.08.2013 20:51
Hallo und :hallo:

Zitat:
ZeroAccess:
C:\Windows\Installer\{630d094a-5ad6-4afb-b11c-d421014a516d}
C:\Windows\Installer\{630d094a-5ad6-4afb-b11c-d421014a516d}\@

ZeroAccess:
C:\Users\Timo Tischler\AppData\Local\{630d094a-5ad6-4afb-b11c-d421014a516d}
C:\Users\Timo Tischler\AppData\Local\{630d094a-5ad6-4afb-b11c-d421014a516d}\@
Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
  • Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.

  • Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.

  • Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, da sie sich praktisch "jeder" ansehen konnte.
Teile mir also mit, wie du dich entschieden hast.

timo_se 29.08.2013 20:58
Hallo, ersteinmal vielen Dank. Online-Banking wird an dem PC eigentlich keines mehr gemacht..

also ich würde versuchen die Schädlinge zu entfernen :-)

VG Timo

cosinus 29.08.2013 21:01
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Timo Tischler\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
C:\Windows\Installer\{630d094a-5ad6-4afb-b11c-d421014a516d}
C:\Users\Timo Tischler\AppData\Local\{630d094a-5ad6-4afb-b11c-d421014a516d}
C:\found.004
C:\found.005
C:\Users\Timo Tischler\AppData\Local\2433f433
C:\ProgramData\2433f433
C:\Users\Timo Tischler\AppData\Roaming\2433f433
C:\ProgramData\nvModes.dat
C:\Users\Timo Tischler\AppData\Roaming\skype.ini
C:\Users\Timo Tischler\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Timo Tischler\AppData\Local\Temp\lfnvkjwtlsbwfyshq.dll
C:\Users\Timo Tischler\AppData\Local\Temp\_isC909.exe
C:\Users\Timo Tischler\AppData\Local\Temp\_isE257.exe
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

timo_se 29.08.2013 21:16
Hallo, habe ich gemacht:

Hier der Code:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-08-2013
Ran by SYSTEM at 2013-08-29 22:10:24 Run:1
Running from I:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Timo Tischler\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
C:\Windows\Installer\{630d094a-5ad6-4afb-b11c-d421014a516d}
C:\Users\Timo Tischler\AppData\Local\{630d094a-5ad6-4afb-b11c-d421014a516d}
C:\found.004
C:\found.005
C:\Users\Timo Tischler\AppData\Local\2433f433
C:\ProgramData\2433f433
C:\Users\Timo Tischler\AppData\Roaming\2433f433
C:\ProgramData\nvModes.dat
C:\Users\Timo Tischler\AppData\Roaming\skype.ini
C:\Users\Timo Tischler\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Timo Tischler\AppData\Local\Temp\lfnvkjwtlsbwfyshq.dll
C:\Users\Timo Tischler\AppData\Local\Temp\_isC909.exe
C:\Users\Timo Tischler\AppData\Local\Temp\_isE257.exe
*****************

HKU\Timo Tischler\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Windows\Installer\{630d094a-5ad6-4afb-b11c-d421014a516d} => Moved successfully.
C:\Users\Timo Tischler\AppData\Local\{630d094a-5ad6-4afb-b11c-d421014a516d} => Moved successfully.
C:\found.004 => Moved successfully.
C:\found.005 => Moved successfully.
C:\Users\Timo Tischler\AppData\Local\2433f433 => Moved successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Timo Tischler\AppData\Roaming\2433f433 => Moved successfully.
C:\ProgramData\nvModes.dat => Moved successfully.
C:\Users\Timo Tischler\AppData\Roaming\skype.ini => Moved successfully.
C:\Users\Timo Tischler\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Timo Tischler\AppData\Local\Temp\lfnvkjwtlsbwfyshq.dll => Moved successfully.
C:\Users\Timo Tischler\AppData\Local\Temp\_isC909.exe => Moved successfully.
C:\Users\Timo Tischler\AppData\Local\Temp\_isE257.exe => Moved successfully.

==== End of Fixlog ====

Der PC fährt wieder ganz normal hoch...Wahnsinn...das gibt es gar nicht
DANKE DANKE DANKE DANKE.....

Ich habe die ganze Zeit bemerkt, dass mein Norton immer Fehlermeldungen gebracht hat und jetzt ist wieder alles grün im Norton. Muss ich noch irgendetwas machen?

VG Timo

cosinus 29.08.2013 21:46
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

timo_se 29.08.2013 22:21
Hallo, das ist der LOG :

Code:
ComboFix 13-08-29.02 - Timo Tischler 29.08.2013  22:58:05.1.2 - x86
ausgeführt von:: c:\users\Timo Tischler\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Hyperionics DB Toolbar\tbHElper.dll
c:\programdata\3D3
c:\programdata\3D3\mm.db
c:\programdata\3D3\thumbnail.db
c:\users\Timo Tischler\AppData\Local\Minibar
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\background.html
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\extension_info.json
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\includes\content.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\kango\console.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\kango\io.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\main.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\manifest.json
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\popup.html
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\popup.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\tab.html
c:\users\Timo Tischler\AppData\Local\Minibar\chrome\tab.js
c:\users\Timo Tischler\AppData\Local\Minibar\chrome_installer.js
c:\users\Timo Tischler\AppData\Local\Minibar\common.js
c:\users\Timo Tischler\AppData\Local\Minibar\install.json
c:\users\Timo Tischler\AppData\Local\Minibar\minibar.crx
c:\users\Timo Tischler\AppData\Local\Minibar\sqlite3.exe
c:\users\Timo Tischler\AppData\Local\Minibar\Uninstall.exe
c:\windows\Installer\{FD76A02F-9E81-A3A9-D53C-2A4DB5201B24}\syshost.exe
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\10CF_FUJITSU_FTS_AMILO Xi 3650_FUJITSU SIEMENS_XY680 _Version 1.0_FSC - 6040000_1.0E-1646-0021_Mobile Intel(R) 4 Series Express Chipset Family_NVIDIA GeForce 9600M GT .MRK
c:\windows\system32\tempdir
c:\windows\system32\tempdir\tinypdf.chm
c:\windows\system32\tempdir\tinypdf.dll
c:\windows\system32\tempdir\tinypdf1.dll
c:\windows\system32\tempdir\tinypdf2.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-07-28 bis 2013-08-29  ))))))))))))))))))))))))))))))
.
.
2013-08-30 04:10 . 2013-08-30 04:10        --------        d-----w-        C:\FRST
2013-08-29 20:41 . 2013-08-29 20:41        --------        d-----w-        C:\found.004
2013-08-29 16:25 . 2013-08-29 16:37        30976        ----a-w-        c:\windows\system32\drivers\hitmanpro37.sys
2013-08-29 16:24 . 2013-08-29 16:31        --------        d-----w-        c:\programdata\HitmanPro
2013-08-25 11:12 . 2013-08-25 11:12        --------        d-----w-        c:\users\Timo Tischler\AppData\Roaming\Okidata
2013-08-02 16:41 . 2011-05-10 07:26        9216        ----a-w-        c:\windows\system32\drivers\massfilter.sys
2013-08-02 16:41 . 2011-05-10 07:26        116736        ----a-w-        c:\windows\system32\drivers\ZTEusbnet.sys
2013-08-02 16:41 . 2011-05-10 07:26        107776        ----a-w-        c:\windows\system32\drivers\ZTEusbser6k.sys
2013-08-02 16:41 . 2011-05-10 07:26        107776        ----a-w-        c:\windows\system32\drivers\ZTEusbnmea.sys
2013-08-02 16:41 . 2011-05-10 07:26        107776        ----a-w-        c:\windows\system32\drivers\ZTEusbmdm6k.sys
2013-08-02 16:40 . 2013-08-02 16:41        --------        d-----w-        c:\program files\SupportAppCB
2013-08-02 16:40 . 2013-08-02 16:40        --------        d-----w-        c:\program files\MF60 Mobile Hotspot
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\prxtbWin0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2011-05-09 09:49        176936        ----a-w-        c:\program files\Winload\prxtbWin0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\prxtbWin0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"GoogleChromeAutoLaunch_02FD4696E8D584CA28380A4E066BEED4"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-08-16 829392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-17 13531680]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-17 92704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-08 6139904]
"FIC HotKey"="c:\program files\Hotkey Utility\tray.exe" [2008-06-05 520192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-20 178712]
"PowerManager"="c:\program files\Power Manager\PM.exe" [2008-05-22 1675264]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2007-04-11 26704]
"lxdomon.exe"="c:\program files\Lexmark 9500 Series\lxdomon.exe" [2007-09-06 450560]
"lxdoamon"="c:\program files\Lexmark 9500 Series\lxdoamon.exe" [2007-08-10 20480]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-18 202256]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_17_Plus_Sonderedition_Download-Version\TrayServer.exe" [2008-08-07 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0auto_reactivate \\?\Volume{8b33aa80-978c-11de-a815-806e6f6e6963}\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-10 20:46        624248        ----a-w-        c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-11-12 04:42        362032        ----a-w-        c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38        34672        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-01-25 05:22        159744        ----a-w-        c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-02-17 18:37        177472        ----a-w-        c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
2008-06-18 12:25        268096        ----a-w-        c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2007-09-28 14:03        75136        ----a-w-        c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 9500 Series Fax Server]
2007-09-18 10:28        307200        ----a-w-        c:\program files\Lexmark 9500 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-18 15:52        202256        ----a-w-        c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-11-12 04:42        5140960        ----a-w-        d:\program files\Acronis Trueimage\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-04-19 161384]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-02-09 160288]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-05-06 13904]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-08-29 30976]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-05-10 9216]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys [2008-09-28 42368]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-16 1343400]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2011-05-10 116736]
R4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-02-09 2480048]
R4 FSCLBaseUpdaterService;FSCLBaseUpdaterService;c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [2007-06-04 65536]
R4 O&O DriveLED;O&O DriveLED Service;c:\program files\OO Software\DriveLED\oodlag.exe [2009-09-28 529664]
S0 OODrvled;OODrvled;c:\windows\system32\DRIVERS\OODrvled.sys [2009-09-28 25608]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-02-09 911680]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe [2007-09-20 589824]
S2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdoserv.exe [2007-07-17 94208]
S2 OpLclSrv;OKI Local Port Manager;c:\program files\Okidata\Common\Extend3\portmgrsrv.exe [2011-04-11 139264]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-18 5120]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - IPNAT
*Deregistered* - avfwot
*Deregistered* - avgntflt
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-22 14:42        1177552        ----a-w-        c:\program files\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 17:09]
.
2013-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 13:45]
.
2013-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 13:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.bigseekpro.com/hypercam/{C6C86047-3328-46DE-BDF4-E5145B5BA962}
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to MP3 Converter - c:\users\Timo Tischler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.174.1
TCP: Interfaces\{FF75917C-E18C-4378-809D-BBE54B81C17C}: NameServer = 192.168.174.254
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.99.75.137/activex/AMC.cab
FF - ProfilePath - c:\users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Winload Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bigseekpro.com/hypercam/{4597E343-791B-48A7-AF44-F05300000950}
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/hypercam/{4597E343-791B-48A7-AF44-F05300000950}?q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Winload Community Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - %profile%\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
FF - Ext: HyperionicsDB Toolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-WAV To MP3_is1 - d:\wav to mp3\unins000.exe
AddRemove-web2date - c:\windows\IsUn0407.exe
AddRemove-{13153F10-CAE7-4C15-A0B0-C51B9BA3CAAA}_is1 - d:\jagderleben\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
  43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
  7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"=hex:51,66,7a,6c,4c,1d,38,12,90,4e,98,
  37,1e,60,56,06,e1,57,a2,36,d1,c9,6d,8a
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"=hex:51,66,7a,6c,4c,1d,38,12,78,cf,d0,
  44,5b,3c,5c,0e,ea,27,54,b2,90,51,f4,7b
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
  34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
  1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
  2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
  fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{10945114-B19F-4614-8450-B25E444A1020}"=hex:51,66,7a,6c,4c,1d,38,12,7a,52,87,
  14,ad,ff,7a,03,fb,46,f1,1e,41,14,54,34
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
  1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
  34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{551A852F-39A6-44A7-9C13-AFBEC9185A9D}"=hex:51,66,7a,6c,4c,1d,38,12,41,86,09,
  51,94,77,c9,01,e3,05,ec,fe,cc,46,1e,89
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
  64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
  69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
  72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
  aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af,
  f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:09,a8,28,19,ff,a2,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4048)
c:\windows\system32\MSVCR71.dll
c:\windows\system32\NVSVC.DLL
c:\program files\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\LMabcoms.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\lxdoserv.exe
d:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\RtHDVCpl.exe
c:\program files\ControlCenter4\BrCtrlCntr.exe
c:\program files\ControlCenter4\BrCcUxSys.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-29  23:15:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-08-29 21:15
.
Vor Suchlauf: 30 Verzeichnis(se), 18.596.855.808 Bytes frei
Nach Suchlauf: 42 Verzeichnis(se), 19.585.310.720 Bytes frei
.
- - End Of File - - BD64D7F318A3406D87F85A5C31D481D5
CA5D868F04144D0BC30199794ADB1DEC

cosinus 29.08.2013 22:31
Was hast du denn da mit hitmanpro gemacht?
Log dazu vorhanden? Wenn ja bitte posten

Außerdem bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

timo_se 30.08.2013 06:40
Hallo, mit dem Hitman habe ich versucht den Trojaner zu entfernen...jedoch ohne Erfolg.

Ich habe leider kein Log und finde auch nix vom Hitman...ich hatte da mit einem Stick gestartet.

Hier ist der LOG von Malwarebytes:

Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.08.29.08

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Timo Tischler :: NOTEBOOKTT [administrator]

29.08.2013 23:42:10
mbar-log-2013-08-29 (23-42-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 279030
Time elapsed: 1 hour(s), 47 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
VG Timo

cosinus 30.08.2013 10:16
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


timo_se 30.08.2013 10:50
Hallo,

hier das ADWCLEANER:

AdwCleaner Logfile:
Code:
# AdwCleaner v3.001 - Report created 30/08/2013 at 11:24:51
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium  (32 bits)
# Username : Timo Tischler - NOTEBOOKTT
# Running from : C:\Users\Timo Tischler\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Winload
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\Timo Tischler\AppData\Local\Conduit
Folder Deleted : C:\Users\Timo Tischler\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Timo Tischler\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Timo Tischler\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Timo Tischler\AppData\LocalLow\Winload
Folder Deleted : C:\Users\Timo Tischler\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Conduit
Folder Deleted : C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\ConduitCommon
Folder Deleted : C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\CT2319825
Folder Deleted : C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Extensions\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Folder Deleted : C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
Folder Deleted : C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File Deleted : C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\searchplugins\search.xml
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\APSyncEngineUI12.APSyncFmtLogPP
Key Deleted : HKLM\SOFTWARE\Classes\APSyncEngineUI12.APSyncFmtLogPP.1
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_imgburn_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_imgburn_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1CB9BD10-E693-484E-B224-A4C5B573B7E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A797830D-8C3E-4B0D-ADA1-CE03C2186481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E4D5911-C6F5-489B-9729-CC0DD3443A09}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Winload
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Minibar
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Winload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16448

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v3.6.10 (de)

[ File : C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\prefs.js ]

Line Deleted : user_pref("CT2319825..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2319825.BrowserCompStateIsOpen_129714600517272937", true);
Line Deleted : user_pref("CT2319825.CTID", "ct2319825");
Line Deleted : user_pref("CT2319825.CurrentServerDate", "4-7-2012");
Line Deleted : user_pref("CT2319825.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2319825.DialogsGetterLastCheckTime", "Wed Jul 04 2012 15:34:49 GMT+0200");
Line Deleted : user_pref("CT2319825.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2319825.EMailNotifierPollDate", "Wed Jul 04 2012 15:34:48 GMT+0200");
Line Deleted : user_pref("CT2319825.FeedPollDate11908299", "Wed Jul 04 2012 15:34:50 GMT+0200");
Line Deleted : user_pref("CT2319825.FirstServerDate", "9-11-2011");
Line Deleted : user_pref("CT2319825.FirstTime", true);
Line Deleted : user_pref("CT2319825.FirstTimeFF3", true);
Line Deleted : user_pref("CT2319825.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2319825.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2319825.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2319825.Initialize", true);
Line Deleted : user_pref("CT2319825.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2319825.InstallationType", "ConduitIntegration");
Line Deleted : user_pref("CT2319825.InstalledDate", "Wed Nov 09 2011 09:08:06 GMT+0100");
Line Deleted : user_pref("CT2319825.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2319825.IsGrouping", false);
Line Deleted : user_pref("CT2319825.IsInitSetupIni", true);
Line Deleted : user_pref("CT2319825.IsMulticommunity", false);
Line Deleted : user_pref("CT2319825.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2319825.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2319825.IsProtectorsInit", true);
Line Deleted : user_pref("CT2319825.LanguagePackLastCheckTime", "Wed Nov 09 2011 09:08:07 GMT+0100");
Line Deleted : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2319825.LastLogin_3.6.0.10", "Wed Jul 04 2012 15:34:48 GMT+0200");
Line Deleted : user_pref("CT2319825.LatestVersion", "3.13.0.6");
Line Deleted : user_pref("CT2319825.Locale", "de");
Line Deleted : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2319825.OriginalFirstVersion", "3.6.0.10");
Line Deleted : user_pref("CT2319825.RadioIsPodcast", false);
Line Deleted : user_pref("CT2319825.RadioMediaID", "11949532");
Line Deleted : user_pref("CT2319825.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Line Deleted : user_pref("CT2319825.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT2319825.RadioStationName", "1Live");
Line Deleted : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a");
Line Deleted : user_pref("CT2319825.SearchEngineBeforeUnload", "Winload Customized Web Search");
Line Deleted : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
Line Deleted : user_pref("CT2319825.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Wed Nov 09 2011 09:08:06 GMT+0100");
Line Deleted : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2319825.SearchProtectorEnabled", true);
Line Deleted : user_pref("CT2319825.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2319825.ServiceMapLastCheckTime", "Wed Jul 04 2012 15:35:09 GMT+0200");
Line Deleted : user_pref("CT2319825.SettingsLastCheckTime", "Wed Nov 09 2011 09:08:05 GMT+0100");
Line Deleted : user_pref("CT2319825.SettingsLastUpdate", "1313478201");
Line Deleted : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Wed Nov 09 2011 09:08:05 GMT+0100");
Line Deleted : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657");
Line Deleted : user_pref("CT2319825.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Line Deleted : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2319825.UserID", "UN18071572173472883");
Line Deleted : user_pref("CT2319825.WeatherNetwork", "");
Line Deleted : user_pref("CT2319825.WeatherPollDate", "Wed Jul 04 2012 15:34:51 GMT+0200");
Line Deleted : user_pref("CT2319825.WeatherUnit", "C");
Line Deleted : user_pref("CT2319825.alertChannelId", "715912");
Line Deleted : user_pref("CT2319825.backendstorage.autocompletepro_enable_auto", "31");
Line Deleted : user_pref("CT2319825.backendstorage.id", "3431383638373036");
Line Deleted : user_pref("CT2319825.ct2319825.AppTrackingLastCheckTime", "Wed Jul 04 2012 15:34:59 GMT+0200");
Line Deleted : user_pref("CT2319825.ct2319825.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2319825.ct2319825.InvalidateCache", false);
Line Deleted : user_pref("CT2319825.ct2319825.LanguagePackLastCheckTime", "Wed Jul 04 2012 15:34:48 GMT+0200");
Line Deleted : user_pref("CT2319825.ct2319825.Locale", "de");
Line Deleted : user_pref("CT2319825.ct2319825.RadioLastCheckTime", "Wed Jul 04 2012 15:34:49 GMT+0200");
Line Deleted : user_pref("CT2319825.ct2319825.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2319825.ct2319825.RadioLastUpdateServer", "129224641269630000");
Line Deleted : user_pref("CT2319825.ct2319825.SearchInNewTabLastCheckTime", "Wed Jul 04 2012 15:34:48 GMT+0200");
Line Deleted : user_pref("CT2319825.ct2319825.SettingsLastCheckTime", "Wed Jul 04 2012 15:34:48 GMT+0200");
Line Deleted : user_pref("CT2319825.ct2319825.SettingsLastUpdate", "1339415133");
Line Deleted : user_pref("CT2319825.ct2319825.ThirdPartyComponentsLastCheck", "Wed Jul 04 2012 15:34:48 GMT+0200");
Line Deleted : user_pref("CT2319825.ct2319825.ThirdPartyComponentsLastUpdate", "1331806000");
Line Deleted : user_pref("CT2319825.ct2319825.globalFirstTimeInfoLastCheckTime", "Wed Jul 04 2012 15:34:48 GMT+0200");
Line Deleted : user_pref("CT2319825.ct2319825.toolbarAppMetaDataLastCheckTime", "Wed Jul 04 2012 15:34:48 GMT+0200");
Line Deleted : user_pref("CT2319825.ct2319825.toolbarContextMenuLastCheckTime", "Wed Jul 04 2012 15:34:48 GMT+0200");
Line Deleted : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Wed Nov 09 2011 09:08:06 GMT+0100");
Line Deleted : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2319825.initDone", true);
Line Deleted : user_pref("CT2319825.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2319825.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT2319825.myStuffEnabled", true);
Line Deleted : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2319825.oldAppsList", "128898076802619665,128898076802619666,111,1000082,129769053852558608,129309281463312841,129264494738128351,128903248917881403,129136390572498374,1000034,12927750993[...]
Line Deleted : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2319825.testingCtid", "");
Line Deleted : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Wed Nov 09 2011 09:08:06 GMT+0100");
Line Deleted : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Wed Nov 09 2011 09:08:06 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Winload Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", "\"1282729563\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2319825", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "oIwsta2spzadhjRgiY1Nhw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "pMJrsOAIrcWADPEnEML9WA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "9H/gICSaMqbmx+Gd+8W4Sg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "eJfMrdrGnhGHiiPiYjgAww==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0d648794549cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825", "\"75babe825203d7a8eecb898dcf55bf17\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2319825&octid=CT2319825", "\"1313478201\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2319825&octid=CT2319825", "\"8a5255c63a6865afe80b48dc78f003a32\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b5761f23e164ca5aa8a71b6bddf4f276\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Timo Tischler\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\0q1up566.default\\conduitCommon\\modules\\3.6.0.10");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{4597E343-791B-48A7-AF44-F05300000950}?q=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2319825");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jul 04 2012 15:34:48 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "395c144f-57ab-4623-a3b7-f38cba34c184");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jul 04 2012 15:34:49 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jul 04 2012 15:34:48 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "09bf1008-aa97-4c0f-aad0-283d7a3fe0a8");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "Winload Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.bigseekpro.com/hypercam/{4597E343-791B-48A7-AF44-F05300000950}");
Line Deleted : user_pref("keyword.URL", "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{4597E343-791B-48A7-AF44-F05300000950}?q=");
Line Deleted : user_pref("somoto.dnscatch", "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{4597E343-791B-48A7-AF44-F05300000950}?q=");
Line Deleted : user_pref("somoto.homepage", "hxxp://www.bigseekpro.com/hypercam/{4597E343-791B-48A7-AF44-F05300000950}");

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Timo Tischler\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [26607 octets] - [30/08/2013 11:21:17]
AdwCleaner[S0].txt - [25951 octets] - [30/08/2013 11:24:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26012 octets] ##########
--- --- ---





Hier das von JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.5 (08.28.2013:1)
OS: Windows 7 Home Premium x86
Ran by Timo Tischler on 30.08.2013 at 11:30:14,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2319825
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Timo Tischler\AppData\Roaming\mozilla\firefox\profiles\0q1up566.default\prefs.js

user_pref("somoto.Var1", "0");
user_pref("somoto.Var10", "0");
user_pref("somoto.Var2", "0");
user_pref("somoto.Var3", "0");
user_pref("somoto.Var4", "0");
user_pref("somoto.Var5", "0");
user_pref("somoto.Var6", "0");
user_pref("somoto.Var7", "0");
user_pref("somoto.Var8", "0");
user_pref("somoto.Var9", "0");
user_pref("somoto.cache.aff_toolbar_settings_xml", "34/15/4/6/112");
user_pref("somoto.firstlaunch", "0");
user_pref("somoto.guid", "%7B4597E343-791B-48A7-AF44-F05300000950%7D");
user_pref("somoto.old_dnscatch", "chrome://browser-region/locale/region.properties");
user_pref("somoto.old_homepage", "www.google.de");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.08.2013 at 11:33:38,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hier das FRST.TXT :


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by Timo Tischler (administrator) on 30-08-2013 11:46:11
Running from C:\Users\Timo Tischler\Desktop
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13531680 2008-07-17] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-17] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-08] (Realtek Semiconductor)
HKLM\...\Run: [FIC HotKey] - C:\Program Files\Hotkey Utility\tray.exe [520192 2008-06-05] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-20] (Intel Corporation)
HKLM\...\Run: [PowerManager] - C:\Program Files\Power Manager\PM.exe [1675264 2008-05-22] ()
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [26704 2007-04-11] ()
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-02-18] (RealNetworks, Inc.)
HKLM\...\Run: [TrayServer] - C:\Program Files\MAGIX\Video_deluxe_17_Plus_Sonderedition_Download-Version\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM\...\Run: [iTunesHelper] - D:\iTunes\iTunesHelper.exe [421776 2012-09-10] (Apple Inc.)
HKLM\...\Runonce: [Lexmark 9500 Series] -  [x]
HKLM\...\Runonce: [lxdoUninstallRan] -  [x]
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [144384 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [GoogleChromeAutoLaunch_02FD4696E8D584CA28380A4E066BEED4] - C:\Program Files\Google\Chrome\Application\chrome.exe [829392 2013-08-16] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
BootExecute: autocheck autochk * auto_reactivate \\?\Volume{8b33aa80-978c-11de-a815-806e6f6e6963}\bootwiz\asrm.bin

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://83.150.146.111/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://82.99.75.137/activex/AMC.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.174.1
Tcpip\..\Interfaces\{FF75917C-E18C-4378-809D-BBE54B81C17C}: [NameServer]192.168.174.254

FireFox:
========
FF ProfilePath: C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - D:\Programme\DIVX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - D:\Programme\DIVX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.688 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.688 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.688 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Firebug - C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Extensions\firebug@software.joehewitt.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Web Developer - C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Winload Customized Web Search) - hxxp://www.google.com
CHR DefaultSuggestURL: (Winload Customized Web Search) -      "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.6) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (DivX Web Player) - D:\Programme\DIVX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - D:\Programme\DIVX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Norton Identity Protection) - C:\Users\TIMOTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\TIMOTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\TIMOTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\TIMOTI~1\AppData\Local\Temp\tbch.crx

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [661072 2009-11-12] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-02-09] (Acronis)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S4 FSCLBaseUpdaterService; C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [65536 2007-06-04] ()
R2 lmab_device; C:\Windows\system32\LMabcoms.exe [593920 2009-09-06] ( )
S4 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2008-06-01] (Logitech Inc.)
S4 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2008-06-01] (Logitech Inc.)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 NMSAccessU; D:\Programme\CDBurnerXP\NMSAccessU.exe [71096 2009-07-13] ()
S4 O&O DriveLED; C:\Program Files\OO Software\DriveLED\oodlag.exe [529664 2009-09-28] (O&O Software GmbH)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] ()
R2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [139264 2011-04-11] (Oki Data Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S4 TestHandler; C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)

==================== Drivers (Whitelisted) ====================

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-07-15] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-29] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2013-08-29] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130829.001\IDSvix86.sys [392792 2013-08-28] (Symantec Corporation)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2008-06-01] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2008-06-01] (Logitech Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2008-06-01] ()
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-05-10] (MBB Incorporated)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130829.023\NAVENG.SYS [93272 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130829.023\NAVEX15.SYS [1612376 2013-08-29] (Symantec Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R0 OODrvled; C:\Windows\System32\DRIVERS\OODrvled.sys [25608 2009-09-28] (O&O Software GmbH)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2011-03-18] (Samsung Electronics)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-08-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2010-02-09] (Acronis)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [42368 2008-09-28] (Todos Data System AB)
R1 WINIO; C:\Windows\system32\WinIo.sys [9336 2007-01-04] (hxxp://www.internals.com)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [116736 2011-05-10] (ZTE Corporation)
S2 adfs; No ImagePath
S3 catchme; \??\C:\Users\TIMOTI~1\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-30 11:33 - 2013-08-30 11:33 - 00002058 _____ C:\Users\Timo Tischler\Desktop\JRT.txt
2013-08-30 11:30 - 2013-08-30 11:30 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 11:28 - 2013-08-30 11:28 - 00026093 _____ C:\Users\Timo Tischler\Desktop\AdwCleaner[S0].txt
2013-08-30 11:21 - 2013-08-30 11:24 - 00000000 ____D C:\AdwCleaner
2013-08-30 11:20 - 2013-08-30 11:20 - 01072975 _____ (Farbar) C:\Users\Timo Tischler\Desktop\FRST.exe
2013-08-30 11:19 - 2013-08-30 11:19 - 01023533 _____ (Thisisu) C:\Users\Timo Tischler\Downloads\JRT.exe
2013-08-30 11:19 - 2013-08-30 11:19 - 00994642 _____ C:\Users\Timo Tischler\Downloads\adwcleaner.exe
2013-08-30 06:10 - 2013-08-30 06:10 - 00000000 ____D C:\FRST
2013-08-30 00:16 - 2013-08-30 00:28 - 00000000 ____D C:\Windows\system32\MRT
2013-08-30 00:09 - 2013-08-30 00:09 - 00000000 ____D C:\Windows\system32\EventProviders
2013-08-29 23:58 - 2013-08-30 08:48 - 00398584 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-08-29 23:42 - 2013-08-30 06:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-29 23:37 - 2013-08-29 23:37 - 00000000 ____D C:\Users\Timo Tischler\Desktop\mmm
2013-08-29 23:36 - 2013-08-29 23:37 - 30091776 _____ (Microsoft Corporation) C:\Users\Timo Tischler\Downloads\IE10-Windows6.1-x86-de-de_b16521.exe
2013-08-29 23:33 - 2013-08-29 23:33 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Timo Tischler\Desktop\mbar-1.07.0.1005.exe
2013-08-29 23:26 - 2013-08-30 06:26 - 00000000 ____D C:\Windows\system32\Drivers\N360
2013-08-29 23:26 - 2013-08-30 03:10 - 00142496 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-08-29 23:26 - 2013-08-30 03:10 - 00007611 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-08-29 23:26 - 2013-08-30 00:02 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-29 23:26 - 2013-08-29 23:26 - 00000000 ____D C:\Program Files\Norton 360
2013-08-29 23:15 - 2013-08-29 23:15 - 00023754 _____ C:\ComboFix.txt
2013-08-29 22:55 - 2013-08-29 23:15 - 00000000 ____D C:\ComboFix
2013-08-29 22:55 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-29 22:55 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-29 22:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-29 22:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-29 22:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-29 22:55 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-29 22:55 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-29 22:55 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-29 22:54 - 2013-08-29 23:15 - 00000000 ____D C:\Qoobox
2013-08-29 22:53 - 2013-08-29 23:13 - 00000000 ____D C:\Windows\erdnt
2013-08-29 22:52 - 2013-08-29 17:14 - 05114906 ____R (Swearware) C:\Users\Timo Tischler\Desktop\ComboFix.exe
2013-08-29 22:48 - 2013-08-29 22:53 - 154147384 _____ (Symantec Corporation) C:\Users\Timo Tischler\Downloads\norton_360_setup.exe
2013-08-29 22:41 - 2013-08-29 22:41 - 00000000 ____D C:\found.004
2013-08-29 22:14 - 2013-08-30 11:27 - 00056621 _____ C:\ProgramData\nvModes.dat
2013-08-29 18:30 - 2013-08-29 18:30 - 00001048 _____ C:\Windows\system32\.crusader
2013-08-29 18:25 - 2013-08-29 18:37 - 00030976 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-08-29 18:24 - 2013-08-29 18:31 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 13:44 - 2013-08-30 09:15 - 00010813 _____ C:\Users\Timo Tischler\Desktop\Mappe1.xlsx
2013-08-26 19:13 - 2013-08-26 19:13 - 00081650 _____ C:\Users\Timo Tischler\Desktop\Preordersheet_EUR_SS14.xlsx
2013-08-25 13:12 - 2013-08-25 13:12 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\Okidata
2013-08-25 12:44 - 2013-08-25 12:44 - 00009203 _____ C:\Users\Timo Tischler\Desktop\Überweisungen.xlsx
2013-08-21 15:01 - 2013-08-21 15:01 - 00167547 _____ C:\Users\Timo Tischler\Desktop\Kopie von am 27 8 .xlsx
2013-08-21 10:13 - 2013-08-21 10:13 - 00265582 _____ C:\Users\Timo Tischler\Desktop\am 27 8 .xlsx
2013-08-18 20:32 - 2013-08-18 20:32 - 00051294 _____ C:\Users\Timo Tischler\Desktop\Lundhags Preorder 2014.xlsx
2013-08-17 13:35 - 2013-05-15 17:22 - 00354242 _____ C:\Users\Timo Tischler\Desktop\LOGO1.ai
2013-08-17 12:15 - 2013-08-17 12:15 - 00000000 ____D C:\Users\Timo Tischler\Downloads\Exigus_20130817121055
2013-08-17 12:11 - 2013-08-17 12:11 - 07224929 _____ C:\Users\Timo Tischler\Downloads\Exigus_20130817121055.zip
2013-08-02 18:41 - 2013-08-02 18:41 - 00001991 _____ C:\Users\Public\Desktop\MF60 Mobile Hotspot.lnk
2013-08-02 18:41 - 2011-05-10 09:26 - 00116736 _____ (ZTE Corporation) C:\Windows\system32\Drivers\ZTEusbnet.sys
2013-08-02 18:41 - 2011-05-10 09:26 - 00107776 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbser6k.sys
2013-08-02 18:41 - 2011-05-10 09:26 - 00107776 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmea.sys
2013-08-02 18:41 - 2011-05-10 09:26 - 00107776 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbmdm6k.sys
2013-08-02 18:41 - 2011-05-10 09:26 - 00009216 _____ (MBB Incorporated) C:\Windows\system32\Drivers\massfilter.sys
2013-08-02 18:40 - 2013-08-02 18:41 - 00000000 ____D C:\Program Files\SupportAppCB
2013-08-02 18:40 - 2013-08-02 18:40 - 00000000 ____D C:\Program Files\MF60 Mobile Hotspot

==================== One Month Modified Files and Folders =======

2013-08-30 11:45 - 2009-10-02 16:28 - 00067910 _____ C:\Windows\system32\LexFiles.ulf
2013-08-30 11:44 - 2013-08-30 11:44 - 00000087 _____ C:\ProgramData\lxdo.log
2013-08-30 11:44 - 2012-12-06 21:23 - 00000000 ____D C:\Program Files\orgaMAX
2013-08-30 11:44 - 2011-07-28 18:11 - 00000000 ____D C:\Program Files\MapCreator 2
2013-08-30 11:44 - 2011-06-17 13:14 - 00000000 ____D C:\Program Files\ImgBurn
2013-08-30 11:44 - 2011-04-08 11:40 - 00000000 ____D C:\Program Files\Lexmark 9500 Series
2013-08-30 11:44 - 2011-04-08 11:22 - 00000084 _____ C:\Windows\WinInit.Ini
2013-08-30 11:44 - 2009-09-02 12:28 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2013-08-30 11:44 - 2009-09-02 10:00 - 00000000 ____D C:\Program Files\Google
2013-08-30 11:44 - 2008-08-12 06:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-30 11:42 - 2010-07-06 15:46 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-30 11:34 - 2012-04-21 19:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-30 11:34 - 2010-02-09 12:52 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-30 11:34 - 2010-02-09 12:52 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-30 11:33 - 2013-08-30 11:33 - 00002058 _____ C:\Users\Timo Tischler\Desktop\JRT.txt
2013-08-30 11:31 - 2010-02-09 13:43 - 01786376 _____ C:\Windows\WindowsUpdate.log
2013-08-30 11:30 - 2013-08-30 11:30 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 11:29 - 2013-05-16 05:51 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\Skype
2013-08-30 11:29 - 2010-05-30 20:54 - 00000000 ____D C:\Users\TIMOTI~1\AppData\Local\CrashDumps
2013-08-30 11:28 - 2013-08-30 11:28 - 00026093 _____ C:\Users\Timo Tischler\Desktop\AdwCleaner[S0].txt
2013-08-30 11:27 - 2013-08-29 22:14 - 00056621 _____ C:\ProgramData\nvModes.dat
2013-08-30 11:27 - 2010-07-06 15:46 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-30 11:27 - 2010-02-09 13:58 - 00056621 _____ C:\ProgramData\nvModes.001
2013-08-30 11:27 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-30 11:26 - 2010-02-09 13:31 - 03444886 _____ C:\Windows\PFRO.log
2013-08-30 11:26 - 2009-07-14 06:39 - 24958082 _____ C:\Windows\setupact.log
2013-08-30 11:24 - 2013-08-30 11:21 - 00000000 ____D C:\AdwCleaner
2013-08-30 11:24 - 2009-10-07 16:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-30 11:20 - 2013-08-30 11:20 - 01072975 _____ (Farbar) C:\Users\Timo Tischler\Desktop\FRST.exe
2013-08-30 11:19 - 2013-08-30 11:19 - 01023533 _____ (Thisisu) C:\Users\Timo Tischler\Downloads\JRT.exe
2013-08-30 11:19 - 2013-08-30 11:19 - 00994642 _____ C:\Users\Timo Tischler\Downloads\adwcleaner.exe
2013-08-30 10:05 - 2010-02-09 13:50 - 00233696 _____ C:\Users\TIMOTI~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-30 09:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-30 09:15 - 2013-08-29 13:44 - 00010813 _____ C:\Users\Timo Tischler\Desktop\Mappe1.xlsx
2013-08-30 09:05 - 2009-07-14 06:33 - 03291984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-30 08:58 - 2010-02-09 21:45 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-08-30 08:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-30 08:48 - 2013-08-29 23:58 - 00398584 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-08-30 07:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-30 06:26 - 2013-08-29 23:26 - 00000000 ____D C:\Windows\system32\Drivers\N360
2013-08-30 06:24 - 2009-12-03 18:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-30 06:20 - 2013-08-29 23:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-30 06:10 - 2013-08-30 06:10 - 00000000 ____D C:\FRST
2013-08-30 03:10 - 2013-08-29 23:26 - 00142496 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-08-30 03:10 - 2013-08-29 23:26 - 00007611 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-08-30 00:34 - 2010-02-09 13:52 - 01529160 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-30 00:31 - 2008-08-12 06:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-30 00:28 - 2013-08-30 00:16 - 00000000 ____D C:\Windows\system32\MRT
2013-08-30 00:09 - 2013-08-30 00:09 - 00000000 ____D C:\Windows\system32\EventProviders
2013-08-30 00:02 - 2013-08-29 23:26 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-29 23:53 - 2008-08-12 06:37 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-29 23:38 - 2012-11-22 08:49 - 00003043 _____ C:\Windows\IE10_main.log
2013-08-29 23:38 - 2006-11-02 12:23 - 00000480 _____ C:\Windows\win.ini
2013-08-29 23:37 - 2013-08-29 23:37 - 00000000 ____D C:\Users\Timo Tischler\Desktop\mmm
2013-08-29 23:37 - 2013-08-29 23:36 - 30091776 _____ (Microsoft Corporation) C:\Users\Timo Tischler\Downloads\IE10-Windows6.1-x86-de-de_b16521.exe
2013-08-29 23:33 - 2013-08-29 23:33 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Timo Tischler\Desktop\mbar-1.07.0.1005.exe
2013-08-29 23:33 - 2009-09-18 08:25 - 00000039 _____ C:\Windows\vbaddin.ini
2013-08-29 23:26 - 2013-08-29 23:26 - 00000000 ____D C:\Program Files\Norton 360
2013-08-29 23:26 - 2010-05-22 20:13 - 00000000 ____D C:\ProgramData\Norton
2013-08-29 23:15 - 2013-08-29 23:15 - 00023754 _____ C:\ComboFix.txt
2013-08-29 23:15 - 2013-08-29 22:55 - 00000000 ____D C:\ComboFix
2013-08-29 23:15 - 2013-08-29 22:54 - 00000000 ____D C:\Qoobox
2013-08-29 23:15 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-08-29 23:15 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-08-29 23:13 - 2013-08-29 22:53 - 00000000 ____D C:\Windows\erdnt
2013-08-29 23:09 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-08-29 23:06 - 2011-07-28 16:41 - 00000000 ____D C:\Program Files\Hyperionics DB Toolbar
2013-08-29 22:53 - 2013-08-29 22:48 - 154147384 _____ (Symantec Corporation) C:\Users\Timo Tischler\Downloads\norton_360_setup.exe
2013-08-29 22:41 - 2013-08-29 22:41 - 00000000 ____D C:\found.004
2013-08-29 18:37 - 2013-08-29 18:25 - 00030976 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-08-29 18:31 - 2013-08-29 18:24 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 18:30 - 2013-08-29 18:30 - 00001048 _____ C:\Windows\system32\.crusader
2013-08-29 17:14 - 2013-08-29 22:52 - 05114906 ____R (Swearware) C:\Users\Timo Tischler\Desktop\ComboFix.exe
2013-08-28 13:09 - 2013-06-07 17:05 - 00000000 ____D C:\Users\Timo Tischler\Desktop\ZWISCHENABLAGE AKTUELL
2013-08-26 21:26 - 2013-07-27 19:31 - 00016073 _____ C:\Users\Timo Tischler\Desktop\Lundhags Order.xlsx
2013-08-26 19:13 - 2013-08-26 19:13 - 00081650 _____ C:\Users\Timo Tischler\Desktop\Preordersheet_EUR_SS14.xlsx
2013-08-25 13:12 - 2013-08-25 13:12 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\Okidata
2013-08-25 12:44 - 2013-08-25 12:44 - 00009203 _____ C:\Users\Timo Tischler\Desktop\Überweisungen.xlsx
2013-08-24 14:52 - 2013-07-25 16:41 - 00010161 _____ C:\Users\Timo Tischler\Desktop\VERKAUF.xlsx
2013-08-23 09:50 - 2009-09-15 07:46 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\UseNeXT
2013-08-21 15:01 - 2013-08-21 15:01 - 00167547 _____ C:\Users\Timo Tischler\Desktop\Kopie von am 27 8 .xlsx
2013-08-21 10:13 - 2013-08-21 10:13 - 00265582 _____ C:\Users\Timo Tischler\Desktop\am 27 8 .xlsx
2013-08-18 21:03 - 2010-03-26 18:54 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\vlc
2013-08-18 20:32 - 2013-08-18 20:32 - 00051294 _____ C:\Users\Timo Tischler\Desktop\Lundhags Preorder 2014.xlsx
2013-08-17 21:22 - 2010-03-31 15:15 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\dvdcss
2013-08-17 12:15 - 2013-08-17 12:15 - 00000000 ____D C:\Users\Timo Tischler\Downloads\Exigus_20130817121055
2013-08-17 12:11 - 2013-08-17 12:11 - 07224929 _____ C:\Users\Timo Tischler\Downloads\Exigus_20130817121055.zip
2013-08-15 16:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-08-10 12:05 - 2013-07-22 15:08 - 00000000 ____D C:\Users\Timo Tischler\Desktop\Ausrüstungsverkauf
2013-08-10 11:25 - 2013-05-22 22:27 - 00000000 ____D C:\Users\Timo Tischler\Desktop\XXXXXXCHANGE FLYERWERKSTATT LAPPLAND
2013-08-05 16:00 - 2010-03-16 19:08 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-02 18:41 - 2013-08-02 18:41 - 00001991 _____ C:\Users\Public\Desktop\MF60 Mobile Hotspot.lnk
2013-08-02 18:41 - 2013-08-02 18:40 - 00000000 ____D C:\Program Files\SupportAppCB
2013-08-02 18:40 - 2013-08-02 18:40 - 00000000 ____D C:\Program Files\MF60 Mobile Hotspot
2013-08-02 18:40 - 2009-09-02 10:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

Files to move or delete:
====================
C:\ProgramData\nvModes.dat
C:\Users\TIMOTI~1\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\Quarantine.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 01:56

==================== End Of Log ============================
--- --- ---



Und hier das Additions.txt :

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-08-2013
Ran by Timo Tischler at 2013-08-30 11:46:59
Running from C:\Users\Timo Tischler\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
AAC Decoder (Version: 7.1.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
AC3Filter 1.62b (Version: 1.62b)
Acronis*True*Image*Home (Version: 13.0.6053)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.1.1)
Adobe Acrobat 8.1.1 Professional (Version: 8.1.1)
Adobe After Effects CS3 (Version: 8)
Adobe After Effects CS3 Presets (Version: 8)
Adobe After Effects CS3 Third Party Content (Version: 3)
Adobe AIR (Version: 1.1.0.5790)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color EU Recommended Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Extra Settings CS4 (Version: 2.0)
Adobe Creative Suite 3 Master Collection (Version: 1.0)
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (Version: 1.0)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe Dreamweaver CS3 (Version: 9.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Fireworks CS3 (Version: 9.0)
Adobe Flash CS3 (Version: 9.0)
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Flash Video Encoder (Version: 2.0)
Adobe Fonts All (Version: 2.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Reader 9 - Deutsch (Version: 9.0.0)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.2.602)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AdobeColorCommonSetRGB (Version: 2.0)
AHV content for Acrobat and Flash (Version: 1)
ALPS Touch Pad Driver
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Artisteer 2 (Version: 2.0)
AutoUpdate (Version: 1.1)
AviSynth 2.5
AXIS Media Control Embedded
Bluetooth Stack for Windows by Toshiba (Version: v6.00.05(FSC))
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-J5910DW (Version: 1.0.5.0)
CDBurnerXP (Version: 4.2.7.1878)
cGPSmapper Free 0100d
cobra (Version: 12.01.1299)
DHTML Editing Component (Version: 6.02.0001)
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.1.0.2)
DivX Web Player (Version: 1.5.0)
ezMS v1.03
Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)
Free Video to DVD Converter version 1.6.22.804
Free Video to iPod Converter version 5.0.6.221 (Version: 5.0.6.221)
Free YouTube to MP3 Converter version 3.11.37.1212 (Version: 3.11.37.1212)
FSCLounge (Version: 1.0.0)
Fujitsu Siemens Computers Recovery (Version: 1.3.9)
Garmin BaseCamp (Version: 4.0.2)
Garmin Communicator Plugin (Version: 2.9.3)
Garmin MapInstall (Version: 3.14.4)
Garmin TOPO Deutschland v3 (Version: 3.0.0.0)
Garmin TransAlpin v2 (Version: 2.0.0.0)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.5)
GmapTool 0.6.0b
Google Chrome (Version: 29.0.1547.57)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
GPL Ghostscript 8.64
H.264 Decoder (Version: 1.1.0)
Handelsbanken card reader (Version: 1.00.0000)
Hotkey Utility (Version: 1.5.5)
HyperCam 2 (Version: 2.25.01)
Hyperionics DB Toolbar
IcoFX 1.6.4
ImgBurn (Version: 2.5.5.0)
Incomedia WebSite X5 v10 - Evolution (Version: 10.0.2.24)
Incomedia WebSite X5 v8 - Evolution
Incomedia WebSite X5 v9 - Evolution (Version: 9.0.0.1654)
Intel(R) Network Connections Drivers
Intel® Matrix Storage Manager
iSpring Free 5 (Version: 5.5.0)
iTunes (Version: 10.7.0.21)
IZArc 4.1.2 (Version: 4.1.2)
Java 2 Runtime Environment, SE v1.4.2_19 (Version: 1.4.2_19)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 30 (Version: 6.0.300)
LameACM
Launch Pad 1.0.3 (Version: 1.0.3)
LetsTrade Komponenten
Lexmark Software deinstallieren
Logitech QuickCam (Version: 11.51.1056)
Logitech QuickCam-Treiberpaket
LogoMaker 2.0
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6)
MAGIX Video deluxe 17 Plus Sonderedition Download-Version (Version: 10.0.11.0)
Malwarebytes' Anti-Malware
MapCreator 2 (Version: 2.0)
MapTk (MapToolKit)
Media Add-ons für Acronis True Image Home 2010 (Version: 13.0.6053)
MF60 Mobile Hotspot (Version: 1.0.0.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MKV Splitter (Version: 1.0.1)
MobileMe Control Panel (Version: 2.6.0.35)
Mozilla Firefox (3.6.10) (Version: 3.6.10 (de))
MSVC80_x86 (Version: 1.0.1.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.27.0)
Nokia Maps Updater 1.0.12 (Version: 1.0.12)
Nokia PC-Internetzugang (Version: 2.0.1.2)
Norton 360 (Version: 20.4.0.40)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
NVIDIA Drivers (Version: 1.7)
O&O DriveLED (Version: 3.0.1945)
O&O MediaRecovery (Version: 4.1.1322)
OKI Alert Info (Version: 1.3.0)
OKI Color Swatch-Dienstprogramm (Version: 2.1.11)
OKI Configuration Tool (Version: 1.6.0)
OKI Device Setting (Version: 1.6.0)
OKI Network Extension (Version: 1.00.000)
OKI Network Setting (Version: 1.0.2)
OKI PDF Print Direct (Version: 3.4.5)
OKI Storage Manager (Version: 1.0.2)
OKI User Setting (Version: 1.4.0)
OpenVPN 2.1.1 (Version: 2.1.1)
Opera 12.12 (Version: 12.12.1707)
orgaMAX Business Software (Version: 12.0)
OziExplorer 3.95
PaperPort Image Printer (Version: 1.00.0001)
PC Connectivity Solution (Version: 10.6.1.0)
PDF Settings CS4 (Version: 9.0)
PHOTOfunSTUDIO 6.0 BD Edition (Version: 6.00.025)
PlayReady PC runtime (Version: 1)
Power Manager 2.8.3 (Version: 2.8.3)
PowerPoint to Flash Converter 3000 7.4
Presto! Forms 3.60.10 (Version: 3.60.10)
Presto! PageManager 7.12.20 (Version: 7.12.20)
PSFtp Version 1.8 (Version: 1.8.1.354)
QuickTime (Version: 7.66.71.0)
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0 (Version: 1.0.0)
Safari (Version: 5.31.21.10)
Scansoft PDF Professional
Skype™ 6.3 (Version: 6.3.107)
SPOT Firmware Updater
SPOT Updater 1.1 (Version: 1.1)
SpyHunter (Version: 4.11.10.4138)
SSH Secure Shell
StarMoney (Version: 1.0)
StarMoney 6.0 S-Edition (Version: 6.0)
SystemDiagnostics (Version: 2.04.0006)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
UseNeXT by Tangysoft
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VCRedistSetup (Version: 1.0.0)
VLC media player 1.0.5 (Version: 1.0.5)
VNC Free Edition 4.1.3 (Version: 4.1.3)
VoiceOver Kit (Version: 1.20.128.0)
Winamp (Version: 5.572 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinSCP 4.3.9 (Version: 4.3.9)
WPF Toolkit June 2009 (Version 3.5.40619.1) (Version: 3.5.40619.1)
 

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2006-11-02 12:23 - 2013-08-29 23:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {05EE699F-AB25-42D8-8781-558C5D1D2FAD} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {0E12083C-0335-49DB-9542-BA1EC6D83ECC} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {18E6D428-D26C-4169-BEDF-3B5BDDC952F6} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2009-07-14] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1EC9510D-A439-4950-9399-B6399EDF9EA7} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-14] (Microsoft Corporation)
Task: {3489D856-B811-4192-B139-434DA6C93ACF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {3501EE4A-0959-4F49-B82C-9B84106AF0DF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1908418406-1939059217-2638421699-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-02-09] (RealNetworks, Inc.)
Task: {3BF6AA5A-8C17-49F1-B0BA-F7B9854B145E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-08-04] (Microsoft Corporation)
Task: {43CE6190-2C14-451B-BB29-9565B5ED2753} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {4D6787D9-819B-48A6-9D95-0A8940368204} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1908418406-1939059217-2638421699-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-02-09] (RealNetworks, Inc.)
Task: {536EC425-DADA-43C7-AEAE-93721AF9052B} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1908418406-1939059217-2638421699-1000 => C:\Windows\System32\portabledeviceapi.dll [2009-07-14] (Microsoft Corporation)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs No File
Task: {5AAAD918-FC45-433A-A271-BE3E191A9685} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {5C2C622F-70E9-4194-A7DA-033E827365AD} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2009-07-14] (Microsoft Corporation)
Task: {6614838B-A08B-4725-8511-CD97E45AD270} - System32\Tasks\User_Feed_Synchronization-{498E3D17-8CF9-48B2-B70E-9E13D21D43CE} => C:\Windows\system32\msfeedssync.exe [2011-06-17] (Microsoft Corporation)
Task: {6696ABF5-14ED-4B23-8962-C6F1E13BB7C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-06] (Google Inc.)
Task: {78148ACB-4274-4EDC-AAB8-FFEBEAF548A6} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2009-07-14] (Microsoft Corporation)
Task: {9334C323-F100-4656-9BA0-E4AA69C0F9C2} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2009-07-14] (Microsoft Corporation)
Task: {ABF28068-C51C-4999-88DA-51024CCCFC03} - System32\Tasks\{3570ECD7-DC5E-441A-B8A4-700401ACC139} => D:\Program Files\Skype\Phone\Skype.exe No File
Task: {C8261BCE-B117-4368-8E3B-4624AD8D1499} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {DAD49146-D949-4927-BF61-B5461804B266} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs No File
Task: {E9599562-BDAF-4CEE-8C4C-C95563692F1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-06] (Google Inc.)
Task: {EC879132-E141-4432-99FF-ED344C5533AB} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Timo Tischler\Desktop\ComboFix.exe:com.apple.metadata?kMDItemDownloadedDate
AlternateDataStreams: C:\Users\Timo Tischler\Desktop\ComboFix.exe:com.apple.metadata?kMDItemWhereFroms
AlternateDataStreams: C:\Users\Timo Tischler\Desktop\ComboFix.exe:com.apple.quarantine

==================== Faulty Device Manager Devices =============

Could not list Devices.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/30/2013 11:36:50 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/08/30 11:36:50.546]: [00002724]: GetDeviceIpAddress: GetAddressByName [BRN001BA9AF551A] Error

Error: (08/30/2013 11:36:15 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/08/30 11:36:15.824]: [00002724]: GetDeviceIpAddress: GetAddressByName [BRN001BA9AF551A] Error

Error: (08/30/2013 11:35:41 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/08/30 11:35:41.113]: [00002724]: GetDeviceIpAddress: GetAddressByName [BRN001BA9AF551A] Error

Error: (08/30/2013 11:35:06 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/08/30 11:35:06.450]: [00002724]: GetDeviceIpAddress: GetAddressByName [BRN001BA9AF551A] Error

Error: (08/30/2013 11:34:31 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/08/30 11:34:31.786]: [00002724]: GetDeviceIpAddress: GetAddressByName [BRN001BA9AF551A] Error

Error: (08/30/2013 11:33:57 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/08/30 11:33:57.137]: [00002724]: GetDeviceIpAddress: GetAddressByName [BRN001BA9AF551A] Error

Error: (08/30/2013 11:33:22 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/08/30 11:33:22.484]: [00002724]: GetDeviceIpAddress: GetAddressByName [BRN001BA9AF551A] Error

Error: (08/30/2013 11:32:47 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/08/30 11:32:47.827]: [00002724]: GetDeviceIpAddress: GetAddressByName [BRN001BA9AF551A] Error


System errors:
=============
Error: (08/30/2013 11:46:45 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 29 Mal passiert.

Error: (08/30/2013 11:46:45 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183

Error: (08/30/2013 11:46:30 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 28 Mal passiert.

Error: (08/30/2013 11:46:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183

Error: (08/30/2013 11:46:10 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 27 Mal passiert.

Error: (08/30/2013 11:46:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183

Error: (08/30/2013 11:46:01 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 26 Mal passiert.

Error: (08/30/2013 11:46:01 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183

Error: (08/30/2013 11:45:56 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 25 Mal passiert.

Error: (08/30/2013 11:45:56 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183


Microsoft Office Sessions:
=========================
Error: (08/30/2013 06:22:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 24168 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (08/06/2013 07:43:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6454 seconds with 1020 seconds of active time.  This session ended with a crash.

Error: (07/28/2013 01:38:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4925 seconds with 3540 seconds of active time.  This session ended with a crash.

Error: (04/22/2013 10:41:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3164 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (03/08/2013 05:56:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 32699 seconds with 2580 seconds of active time.  This session ended with a crash.

Error: (02/07/2013 08:58:07 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1274 seconds with 1020 seconds of active time.  This session ended with a crash.

Error: (11/15/2012 04:35:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 28453 seconds with 3060 seconds of active time.  This session ended with a crash.

Error: (07/13/2012 05:01:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 19349 seconds with 1800 seconds of active time.  This session ended with a crash.

Error: (06/27/2012 04:19:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23521 seconds with 4560 seconds of active time.  This session ended with a crash.

Error: (12/01/2011 09:05:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 666 seconds with 120 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 3032.81 MB
Available physical RAM: 1430.31 MB
Total Pagefile: 6063.9 MB
Available Pagefile: 4280.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.99 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:92.21 GB) (Free:14.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:364.76 GB) (Free:263.6 GB) NTFS
Drive l: () (Network) (Total:298.09 GB) (Free:136.18 GB) NTFS
Drive p: () (Network) (Total:298.09 GB) (Free:136.18 GB) NTFS
Drive v: () (Network) (Total:298.09 GB) (Free:136.18 GB) NTFS
Drive x: (Alte Daten) (Network) (Total:297.6 GB) (Free:91.75 GB) NTFS
Drive y: (Daten) (Network) (Total:297.6 GB) (Free:91.75 GB) NTFS
Drive z: (share) (Network) (Total:916.32 GB) (Free:0 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 8A879E46)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=92 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Danke und Gruß
Timo

cosinus 30.08.2013 11:14
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\TIMOTI~1\AppData\Local\Temp\tbch.crx
C:\ProgramData\nvModes.dat
C:\Users\TIMOTI~1\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\Quarantine.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


timo_se 30.08.2013 11:26
Da kam ne Fehlermeldung und das ist das LOG:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-08-2013
Ran by Timo Tischler at 2013-08-30 12:24:07 Run:3
Running from C:\Users\Timo Tischler\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\TIMOTI~1\AppData\Local\Temp\tbch.crx
C:\ProgramData\nvModes.dat
C:\Users\TIMOTI~1\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\Quarantine.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
*****************

"C:\Users\TIMOTI~1\AppData\Local\Temp\tbch.crx" => File/Directory not found.
"C:\ProgramData\nvModes.dat" => File/Directory not found.
"C:\Users\TIMOTI~1\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe" => File/Directory not found.
C:\Users\TIMOTI~1\AppData\Local\Temp\Quarantine.exe => Moved successfully.
vg timo

cosinus 30.08.2013 11:27
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


timo_se 30.08.2013 12:17
Alles sauber...keine hat mehr was gefunden oder zu meckern gehabt :-)


Mir bleibt nichts anderes übrig also nochmals vielen vielen Dank zu sagen, den Spenden-Knopf habe ich bereits gedrückt damit es bei etwas mehr bleibt als bei warmen Worten - weiter so :daumenhoc

Viele Grüße

Timo

cosinus 30.08.2013 12:59
Wäre schön wenn du die Logs trotzdem postest

timo_se 30.08.2013 13:50
Alles klar, habe ich nicht gespeichert also eben nochmal laufen lassen:

Code:


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.30.03

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Timo Tischler :: NOTEBOOKTT [Administrator]

30.08.2013 14:22:38
mbam-log-2013-08-30 (14-22-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 274848
Laufzeit: 11 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

VG Timo

cosinus 30.08.2013 13:58
Ok, MBAM war auch aktuell :D

Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

timo_se 31.08.2013 05:26
Hallo, Cookies habe ich deaktiviert (hatte ich aber auch bereits schon vor dem "Unfall").

Nee mit dem System läuft aktuell alles wieder :applaus::applaus:

Vielen Dank nochmals.

VG Timo

cosinus 01.09.2013 15:47
Dann wären wir durch! :daumenhoc


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden.

Helfen kann dir dabei delfix:


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.






Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

timo_se 02.09.2013 11:13
Hello Again.....

seit heute früh meckert mein Norton und ich denke ich habe mir erneut (keine Ahnung wie)
2 Trojaner eingefangen..

FRST.TXT:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-09-2013 04
Ran by Timo Tischler (administrator) on NOTEBOOKTT on 02-09-2013 12:01:25
Running from C:\Users\Timo Tischler\Downloads
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13531680 2008-07-17] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-17] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-08] (Realtek Semiconductor)
HKLM\...\Run: [FIC HotKey] - C:\Program Files\Hotkey Utility\tray.exe [520192 2008-06-05] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-20] (Intel Corporation)
HKLM\...\Run: [PowerManager] - C:\Program Files\Power Manager\PM.exe [1675264 2008-05-22] ()
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [26704 2007-04-11] ()
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-02-18] (RealNetworks, Inc.)
HKLM\...\Run: [TrayServer] - C:\Program Files\MAGIX\Video_deluxe_17_Plus_Sonderedition_Download-Version\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM\...\Run: [iTunesHelper] - D:\iTunes\iTunesHelper.exe [421776 2012-09-10] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [144384 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [GoogleChromeAutoLaunch_02FD4696E8D584CA28380A4E066BEED4] - C:\Program Files\Google\Chrome\Application\chrome.exe [829392 2013-08-24] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update*] -  [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\Explorer: [NoDrives] 0
BootExecute: autocheck autochk * auto_reactivate \\?\Volume{8b33aa80-978c-11de-a815-806e6f6e6963}\bootwiz\asrm.bin

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://83.150.146.111/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://82.99.75.137/activex/AMC.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.174.1
Tcpip\..\Interfaces\{FF75917C-E18C-4378-809D-BBE54B81C17C}: [NameServer]192.168.174.254

FireFox:
========
FF ProfilePath: C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - D:\Programme\DIVX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - D:\Programme\DIVX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.688 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.688 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.688 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Firebug - C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Extensions\firebug@software.joehewitt.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Web Developer - C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Winload Customized Web Search) - hxxp://www.google.com
CHR DefaultSuggestURL: (Winload Customized Web Search) -      "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.6) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (DivX Web Player) - D:\Programme\DIVX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - D:\Programme\DIVX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Norton Identity Protection) - C:\Users\TIMOTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\TIMOTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\TIMOTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\TIMOTI~1\AppData\Local\Temp\tbch.crx

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [661072 2009-11-12] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-02-09] (Acronis)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S4 FSCLBaseUpdaterService; C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [65536 2007-06-04] ()
R2 lmab_device; C:\Windows\system32\LMabcoms.exe [593920 2009-09-06] ( )
S4 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2008-06-01] (Logitech Inc.)
S4 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2008-06-01] (Logitech Inc.)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 NMSAccessU; D:\Programme\CDBurnerXP\NMSAccessU.exe [71096 2009-07-13] ()
S4 O&O DriveLED; C:\Program Files\OO Software\DriveLED\oodlag.exe [529664 2009-09-28] (O&O Software GmbH)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] ()
R2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [139264 2011-04-11] (Oki Data Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S4 TestHandler; C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{630d094a-5ad6-4afb-b11c-d421014a516d}\  \...\???\{630d094a-5ad6-4afb-b11c-d421014a516d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-07-15] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-29] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2013-08-29] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130830.001\IDSvix86.sys [392792 2013-08-28] (Symantec Corporation)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2008-06-01] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2008-06-01] (Logitech Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2008-06-01] ()
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-05-10] (MBB Incorporated)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130901.019\NAVENG.SYS [93272 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130901.019\NAVEX15.SYS [1612376 2013-08-29] (Symantec Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R0 OODrvled; C:\Windows\System32\DRIVERS\OODrvled.sys [25608 2009-09-28] (O&O Software GmbH)
R0 SMR322; C:\Windows\System32\drivers\SMR322.SYS [98392 2013-09-02] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2011-03-18] (Samsung Electronics)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-08-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2010-02-09] (Acronis)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [42368 2008-09-28] (Todos Data System AB)
R1 WINIO; C:\Windows\system32\WinIo.sys [9336 2007-01-04] (hxxp://www.internals.com)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [116736 2011-05-10] (ZTE Corporation)
S2 adfs; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\TIMOTI~1\AppData\Local\Temp\catchme.sys [x]
U2 SharedAccess;
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\afcdp.sys EF1AFA9752E468013584585666A3B119
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\ahcix86s.sys FBE4016F9EF3AB3DB547E40A936B6CD9
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Apfiltr.sys 2C29855AB6E1E476D026C8FC189F8B98
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys 6C6AC7CA8A034C15C52B35189BAD58EE
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys 3BEE52611F22C9C0023A98A4425E084F
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys DB5E008B3744DD60C8498CBBF2A1CFA6
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys 33E7AB50F87F97ABD9057205E27CB182
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\e1y6032.sys 8EEF52AD831471E323EE7364A8656D35
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys E1E3804F7C59EA3E14637C2A763F65E2
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 6D84DFC3B5C5052881BF50470D0C03D1
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 2407B8164E966755BC6A4242FC9DE31E
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 500A9814FD9446A8126858A5A7F7D273
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hitmanpro37.sys CE77439BAF613019D6B7658292D1E4A6
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys E5A0034847537EAEE3C00349D5C34C5F
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130830.001\IDSvix86.sys 715941AC16A273F986733BA9A2536368
C:\Windows\System32\DRIVERS\igdkmd32.sys 6FB1858D1F0923D122B0331865695041
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 219CA9A36D6DE2EC04F958C907673436
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\jraid.sys C36F3A1A4E8416EF43F30DEAB7701730
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 52FC17C8589F11747D01D3CF592673D0
C:\Windows\System32\Drivers\ksecpkg.sys 3E5474B03568CFAB834DA3C38E8C9EFA
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LVcKap.sys EDD5BDA3483A981C704E7413B69BEE89
C:\Windows\System32\DRIVERS\LVMVDrv.sys 97F5D626CFF8186C8F753AC2A5012798
C:\Windows\System32\DRIVERS\LVPr2Mon.sys C3C347951ED7C3600B5120DA740C2B93
C:\Windows\System32\DRIVERS\lvuvc.sys D19FD251D383BC203E34CFB63B8C10AC
C:\Windows\System32\drivers\massfilter.sys 79EC6C0033776F89DD5131241F0170E1
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130901.019\NAVENG.SYS 81E928EE3751FAF725C87CC17726C05D
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130901.019\NAVEX15.SYS E0C39FA6C76AE8ED53ABF043F35ECDFF
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v32.sys 58218EC6B61B1169CF54AAB0D00F5FE2
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmb.sys 28E36E677849174C910FAAEAD3E60E9E
C:\Windows\System32\drivers\ccdcmbo.sys 3823DEB17F9F6775DE0187A98FA0536D
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NuidFltr.sys CF7E041663119E09D2E118521ADA9300
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 1DBD6DF4B2D729D533CF8D4BD05D3F17
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\OODrvled.sys 911B1F6512D954EDF468D536790465CF
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 66D3415C159741ADE7038A277EFFF99F
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pccsmcfd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys C5B8D47A4688DE9D335204EA757C2240
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTSTOR.SYS 4F31CFDEBD0A5BC27D45E7EBFEFAAF6F
C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys 4F1E5B0FE7C8050668DBFADE8999AEFB
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\drivers\SMR322.SYS 0A07295A3A4BBEA54D9DFCEAEDFDA331
C:\Windows\System32\DRIVERS\snapman.sys 5BCEB1B306878035DACBA6DD18366EDA
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS C743E384E9EFCA10B41C60D406DE39C0
C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS FE9BD381778A344F0E39AE2D5E607D7F
C:\Windows\System32\DRIVERS\srv.sys C4A027B8C0BD3FC0699F41FA5E9E0C87
C:\Windows\System32\DRIVERS\srv2.sys 414BB592CAD8A79649D01F9D94318FB3
C:\Windows\System32\DRIVERS\srvnet.sys FF207D67700AA18242AAF985D3E7D8F4
C:\Windows\system32\Drivers\SSPORT.sys EF3458337D7341A05169CEFC73709264
C:\Windows\System32\Drivers\StarOpen.sys F92254B0BCFCD10CAAC7BCCC7CB7F467
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys EDB05BD63148796F23EA78506404A538
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS 5A193E5E0F0A776430E5D62A051C1E16
C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS 1773FB2920EBB3A8BAD0360618091470
C:\Windows\system32\Drivers\SYMEVENT.SYS F50D81D3E0C7A353F205562B89CD06D6
C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS 8C9B9036E301A9965CF15BEC91C58A12
C:\Windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS AF879C2A9DBF8529E1F8169B8BAC643C
C:\Windows\System32\DRIVERS\tap0901.sys 5C7C939BBD03784FE58C80578D065CC9
C:\Windows\System32\drivers\tcpip.sys 55E9965552741F3850CB22CBBA9671ED
C:\Windows\System32\DRIVERS\tcpip.sys 55E9965552741F3850CB22CBBA9671ED
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\DRIVERS\tdrpm258.sys 8DE3E45000BA8C9EBB16737D3F83E216
C:\Windows\System32\DRIVERS\shbecr.sys 4A766448821359DF6A0427A91782385A
C:\Windows\System32\drivers\tdtcp.sys 7156308896D34EA75A582F9A09E50C17
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5
C:\Windows\System32\DRIVERS\tosrfbd.sys 4AC571026155442678E3A0B564A374B1
C:\Windows\System32\Drivers\tosrfbnp.sys 181E217A7A326817D97946D045B3CB46
C:\Windows\System32\Drivers\tosrfcom.sys E90ACE3B4FA7A85F992BC21EB779C407
C:\Windows\System32\DRIVERS\Tosrfhid.sys D3F87C46C7C9E5DB99FBD3D17121B891
C:\Windows\System32\DRIVERS\tosrfnds.sys C52FD27B9ADF3A1F22CB90E6BCF9B0CB
C:\Windows\System32\DRIVERS\tosrfusb.sys 98C04A6432CE9C2AD328F57B9384D348
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerflt.sys B1B8BEE26227DAD9835019201552CB05
C:\Windows\System32\Drivers\usbaapl.sys 73B41F4EAD65F355962168D766AF0F2E
C:\Windows\System32\DRIVERS\usbccgp.sys C31AE588E403042632DC796CF09E30B0
C:\Windows\System32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys E4C436D914768CE965D5E659BA7EEBD8
C:\Windows\System32\DRIVERS\usbhub.sys BDCD7156EC37448F08633FD899823620
C:\Windows\system32\drivers\usbohci.sys EB2D819A639015253C871CDA09D91D58
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\drivers\usbser.sys 88701ECA76145E2C011C0EEFF0F7B70E
C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys 98E1FF1D732C6C7200B6C59D4FF8C1C3
C:\Windows\System32\DRIVERS\USBSTOR.SYS 1C4287739A93594E57E2A9E6A3ED7353
C:\Windows\system32\drivers\usbuhci.sys 22480BF4E5A09192E5E30BA4DDE79FA4
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 58DF9D2481A56EDDE167E51B334D44FD
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\WinIo.sys 819C68FF6C4C63886D636FFB2DABF5EF
C:\Windows\System32\DRIVERS\WinUsb.sys 30FC6E5448D0CBAAA95280EEEF7FEDAE
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E
C:\Windows\System32\DRIVERS\WUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252
C:\Windows\System32\DRIVERS\ZTEusbnet.sys 48B9F83939F56622FAB71B526D28D89F
C:\Windows\System32\DRIVERS\ZTEusbnmea.sys F6520E06C15DEA5AB7BB016309FE4BB3
C:\Windows\System32\DRIVERS\ZTEusbser6k.sys F6520E06C15DEA5AB7BB016309FE4BB3

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-02 11:59 - 2013-09-02 11:59 - 01085803 _____ (Farbar) C:\Users\Timo Tischler\Downloads\FRST.exe
2013-09-02 11:18 - 2013-09-02 11:18 - 00098392 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR322.SYS
2013-09-02 11:18 - 2013-09-02 11:18 - 00000020 _____ C:\Windows\system32\Drivers\SMR322.dat
2013-09-02 11:16 - 2013-09-02 11:16 - 02989560 _____ (Symantec Corporation) C:\Users\Timo Tischler\Downloads\NPE (1).exe
2013-09-02 11:16 - 2013-09-02 11:16 - 02986440 _____ (Symantec Corporation) C:\Users\Timo Tischler\Downloads\NPE (2).exe
2013-09-02 10:34 - 2013-09-02 10:34 - 00042219 _____ C:\Users\Timo Tischler\Downloads\SicherLoeschen_3.72.zip
2013-09-02 10:34 - 2013-09-02 10:34 - 00000000 ____D C:\Users\Timo Tischler\Downloads\SicherLoeschen_3.72
2013-09-01 08:18 - 2013-09-01 08:18 - 00994642 _____ C:\Users\Timo Tischler\Downloads\adwcleaner.exe
2013-08-31 22:04 - 2013-08-31 22:04 - 274984492 _____ C:\Users\Timo Tischler\Desktop\Lapponiakomplett.psd
2013-08-30 14:13 - 2013-09-02 11:13 - 00095191 _____ C:\ProgramData\nvModes.dat
2013-08-30 12:42 - 2013-08-30 12:42 - 00000798 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-30 12:41 - 2013-08-30 12:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Timo Tischler\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-30 12:22 - 2013-08-30 12:23 - 00000253 _____ C:\Users\Timo Tischler\Desktop\Fixlist.txt
2013-08-30 11:47 - 2013-08-30 11:47 - 00036718 _____ C:\Users\Timo Tischler\Desktop\FRST.txt
2013-08-30 11:46 - 2013-08-30 11:47 - 00026255 _____ C:\Users\Timo Tischler\Desktop\Addition.txt
2013-08-30 11:44 - 2013-08-30 11:44 - 00000087 _____ C:\ProgramData\lxdo.log
2013-08-30 11:33 - 2013-08-30 11:33 - 00002058 _____ C:\Users\Timo Tischler\Desktop\JRT.txt
2013-08-30 11:30 - 2013-08-30 11:30 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 11:28 - 2013-08-30 11:28 - 00026093 _____ C:\Users\Timo Tischler\Desktop\AdwCleaner[S0].txt
2013-08-30 11:21 - 2013-08-30 11:24 - 00000000 ____D C:\AdwCleaner
2013-08-30 11:19 - 2013-08-30 11:19 - 01023533 _____ (Thisisu) C:\Users\Timo Tischler\Downloads\JRT.exe
2013-08-30 06:10 - 2013-08-30 06:10 - 00000000 ____D C:\FRST
2013-08-30 00:16 - 2013-08-30 00:28 - 00000000 ____D C:\Windows\system32\MRT
2013-08-30 00:09 - 2013-08-30 00:09 - 00000000 ____D C:\Windows\system32\EventProviders
2013-08-29 23:58 - 2013-09-02 11:02 - 00258580 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-08-29 23:42 - 2013-08-30 06:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-29 23:37 - 2013-08-29 23:37 - 00000000 ____D C:\Users\Timo Tischler\Desktop\mmm
2013-08-29 23:36 - 2013-08-29 23:37 - 30091776 _____ (Microsoft Corporation) C:\Users\Timo Tischler\Downloads\IE10-Windows6.1-x86-de-de_b16521.exe
2013-08-29 23:33 - 2013-08-29 23:33 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Timo Tischler\Desktop\mbar-1.07.0.1005.exe
2013-08-29 23:26 - 2013-08-30 06:26 - 00000000 ____D C:\Windows\system32\Drivers\N360
2013-08-29 23:26 - 2013-08-30 03:10 - 00142496 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-08-29 23:26 - 2013-08-30 03:10 - 00007611 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-08-29 23:26 - 2013-08-30 00:02 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-29 23:26 - 2013-08-29 23:26 - 00000000 ____D C:\Program Files\Norton 360
2013-08-29 23:15 - 2013-08-29 23:15 - 00023754 _____ C:\ComboFix.txt
2013-08-29 22:55 - 2013-08-29 23:15 - 00000000 ____D C:\ComboFix
2013-08-29 22:55 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-29 22:55 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-29 22:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-29 22:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-29 22:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-29 22:55 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-29 22:55 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-29 22:55 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-29 22:54 - 2013-08-29 23:15 - 00000000 ____D C:\Qoobox
2013-08-29 22:53 - 2013-08-29 23:13 - 00000000 ____D C:\Windows\erdnt
2013-08-29 22:52 - 2013-08-29 17:14 - 05114906 ____R (Swearware) C:\Users\Timo Tischler\Desktop\ComboFix.exe
2013-08-29 22:48 - 2013-08-29 22:53 - 154147384 _____ (Symantec Corporation) C:\Users\Timo Tischler\Downloads\norton_360_setup.exe
2013-08-29 22:41 - 2013-08-29 22:41 - 00000000 ____D C:\found.004
2013-08-29 18:30 - 2013-08-29 18:30 - 00001048 _____ C:\Windows\system32\.crusader
2013-08-29 18:25 - 2013-08-29 18:37 - 00030976 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-08-29 18:24 - 2013-08-29 18:31 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 13:44 - 2013-09-02 10:37 - 00007607 _____ C:\Users\Timo Tischler\Desktop\Mappe1.xlsx
2013-08-26 19:13 - 2013-08-26 19:13 - 00081650 _____ C:\Users\Timo Tischler\Desktop\Preordersheet_EUR_SS14.xlsx
2013-08-25 13:12 - 2013-08-25 13:12 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\Okidata
2013-08-25 12:44 - 2013-09-01 16:34 - 00009266 _____ C:\Users\Timo Tischler\Desktop\Überweisungen.xlsx
2013-08-21 15:01 - 2013-08-21 15:01 - 00167547 _____ C:\Users\Timo Tischler\Desktop\Kopie von am 27 8 .xlsx
2013-08-21 10:13 - 2013-08-21 10:13 - 00265582 _____ C:\Users\Timo Tischler\Desktop\am 27 8 .xlsx
2013-08-18 20:32 - 2013-08-18 20:32 - 00051294 _____ C:\Users\Timo Tischler\Desktop\Lundhags Preorder 2014.xlsx
2013-08-17 13:35 - 2013-05-15 17:22 - 00354242 _____ C:\Users\Timo Tischler\Desktop\LOGO1.ai
2013-08-17 12:15 - 2013-08-17 12:15 - 00000000 ____D C:\Users\Timo Tischler\Downloads\Exigus_20130817121055
2013-08-17 12:11 - 2013-08-17 12:11 - 07224929 _____ C:\Users\Timo Tischler\Downloads\Exigus_20130817121055.zip

==================== One Month Modified Files and Folders =======

2013-09-02 11:59 - 2013-09-02 11:59 - 01085803 _____ (Farbar) C:\Users\Timo Tischler\Downloads\FRST.exe
2013-09-02 11:57 - 2010-02-09 13:58 - 00095191 _____ C:\ProgramData\nvModes.001
2013-09-02 11:42 - 2010-07-06 15:46 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-02 11:34 - 2012-04-21 19:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 11:28 - 2012-10-23 13:59 - 00000000 ____D C:\Users\TIMOTI~1\AppData\Local\NPE
2013-09-02 11:22 - 2010-05-30 20:54 - 00000000 ____D C:\Users\TIMOTI~1\AppData\Local\CrashDumps
2013-09-02 11:18 - 2013-09-02 11:18 - 00098392 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR322.SYS
2013-09-02 11:18 - 2013-09-02 11:18 - 00000020 _____ C:\Windows\system32\Drivers\SMR322.dat
2013-09-02 11:16 - 2013-09-02 11:16 - 02989560 _____ (Symantec Corporation) C:\Users\Timo Tischler\Downloads\NPE (1).exe
2013-09-02 11:16 - 2013-09-02 11:16 - 02986440 _____ (Symantec Corporation) C:\Users\Timo Tischler\Downloads\NPE (2).exe
2013-09-02 11:13 - 2013-08-30 14:13 - 00095191 _____ C:\ProgramData\nvModes.dat
2013-09-02 11:13 - 2010-02-09 12:52 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 11:13 - 2010-02-09 12:52 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 11:11 - 2013-05-16 05:51 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\Skype
2013-09-02 11:10 - 2010-02-09 13:43 - 02055994 _____ C:\Windows\WindowsUpdate.log
2013-09-02 11:06 - 2010-07-06 15:46 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-02 11:05 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 11:05 - 2009-07-14 06:39 - 25003542 _____ C:\Windows\setupact.log
2013-09-02 11:02 - 2013-08-29 23:58 - 00258580 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-09-02 10:53 - 2010-02-09 12:54 - 00000000 ____D C:\Users\Timo Tischler
2013-09-02 10:37 - 2013-08-29 13:44 - 00007607 _____ C:\Users\Timo Tischler\Desktop\Mappe1.xlsx
2013-09-02 10:34 - 2013-09-02 10:34 - 00042219 _____ C:\Users\Timo Tischler\Downloads\SicherLoeschen_3.72.zip
2013-09-02 10:34 - 2013-09-02 10:34 - 00000000 ____D C:\Users\Timo Tischler\Downloads\SicherLoeschen_3.72
2013-09-02 09:58 - 2009-09-02 10:10 - 00000000 ____D C:\Users\TIMOTI~1\AppData\Local\Google
2013-09-02 09:58 - 2009-09-02 10:00 - 00000000 ____D C:\Program Files\Google
2013-09-01 16:34 - 2013-08-25 12:44 - 00009266 _____ C:\Users\Timo Tischler\Desktop\Überweisungen.xlsx
2013-09-01 15:24 - 2013-07-27 19:31 - 00016341 _____ C:\Users\Timo Tischler\Desktop\Lundhags Order.xlsx
2013-09-01 08:18 - 2013-09-01 08:18 - 00994642 _____ C:\Users\Timo Tischler\Downloads\adwcleaner.exe
2013-08-31 22:04 - 2013-08-31 22:04 - 274984492 _____ C:\Users\Timo Tischler\Desktop\Lapponiakomplett.psd
2013-08-31 17:35 - 2012-12-06 21:23 - 00000000 ____D C:\Program Files\orgaMAX
2013-08-31 09:41 - 2008-08-12 06:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-30 17:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-30 14:51 - 2010-02-09 13:50 - 00233696 _____ C:\Users\TIMOTI~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-30 14:40 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-30 14:13 - 2009-07-14 06:33 - 03291984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-30 14:06 - 2010-02-09 21:45 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-08-30 14:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-30 14:02 - 2010-02-09 13:31 - 03450202 _____ C:\Windows\PFRO.log
2013-08-30 13:34 - 2008-08-12 06:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-30 12:42 - 2013-08-30 12:42 - 00000798 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-30 12:41 - 2013-08-30 12:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Timo Tischler\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-30 12:23 - 2013-08-30 12:22 - 00000253 _____ C:\Users\Timo Tischler\Desktop\Fixlist.txt
2013-08-30 11:47 - 2013-08-30 11:47 - 00036718 _____ C:\Users\Timo Tischler\Desktop\FRST.txt
2013-08-30 11:47 - 2013-08-30 11:46 - 00026255 _____ C:\Users\Timo Tischler\Desktop\Addition.txt
2013-08-30 11:45 - 2009-10-02 16:28 - 00067910 _____ C:\Windows\system32\LexFiles.ulf
2013-08-30 11:44 - 2013-08-30 11:44 - 00000087 _____ C:\ProgramData\lxdo.log
2013-08-30 11:44 - 2011-07-28 18:11 - 00000000 ____D C:\Program Files\MapCreator 2
2013-08-30 11:44 - 2011-06-17 13:14 - 00000000 ____D C:\Program Files\ImgBurn
2013-08-30 11:44 - 2011-04-08 11:22 - 00000084 _____ C:\Windows\WinInit.Ini
2013-08-30 11:44 - 2009-09-02 12:28 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2013-08-30 11:33 - 2013-08-30 11:33 - 00002058 _____ C:\Users\Timo Tischler\Desktop\JRT.txt
2013-08-30 11:30 - 2013-08-30 11:30 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 11:28 - 2013-08-30 11:28 - 00026093 _____ C:\Users\Timo Tischler\Desktop\AdwCleaner[S0].txt
2013-08-30 11:24 - 2013-08-30 11:21 - 00000000 ____D C:\AdwCleaner
2013-08-30 11:24 - 2009-10-07 16:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-30 11:19 - 2013-08-30 11:19 - 01023533 _____ (Thisisu) C:\Users\Timo Tischler\Downloads\JRT.exe
2013-08-30 06:26 - 2013-08-29 23:26 - 00000000 ____D C:\Windows\system32\Drivers\N360
2013-08-30 06:24 - 2009-12-03 18:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-30 06:20 - 2013-08-29 23:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-30 06:10 - 2013-08-30 06:10 - 00000000 ____D C:\FRST
2013-08-30 03:10 - 2013-08-29 23:26 - 00142496 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-08-30 03:10 - 2013-08-29 23:26 - 00007611 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-08-30 00:34 - 2010-02-09 13:52 - 01529160 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-30 00:28 - 2013-08-30 00:16 - 00000000 ____D C:\Windows\system32\MRT
2013-08-30 00:09 - 2013-08-30 00:09 - 00000000 ____D C:\Windows\system32\EventProviders
2013-08-30 00:02 - 2013-08-29 23:26 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-29 23:53 - 2008-08-12 06:37 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-29 23:38 - 2012-11-22 08:49 - 00003043 _____ C:\Windows\IE10_main.log
2013-08-29 23:38 - 2006-11-02 12:23 - 00000480 _____ C:\Windows\win.ini
2013-08-29 23:37 - 2013-08-29 23:37 - 00000000 ____D C:\Users\Timo Tischler\Desktop\mmm
2013-08-29 23:37 - 2013-08-29 23:36 - 30091776 _____ (Microsoft Corporation) C:\Users\Timo Tischler\Downloads\IE10-Windows6.1-x86-de-de_b16521.exe
2013-08-29 23:33 - 2013-08-29 23:33 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Timo Tischler\Desktop\mbar-1.07.0.1005.exe
2013-08-29 23:33 - 2009-09-18 08:25 - 00000039 _____ C:\Windows\vbaddin.ini
2013-08-29 23:26 - 2013-08-29 23:26 - 00000000 ____D C:\Program Files\Norton 360
2013-08-29 23:26 - 2010-05-22 20:13 - 00000000 ____D C:\ProgramData\Norton
2013-08-29 23:15 - 2013-08-29 23:15 - 00023754 _____ C:\ComboFix.txt
2013-08-29 23:15 - 2013-08-29 22:55 - 00000000 ____D C:\ComboFix
2013-08-29 23:15 - 2013-08-29 22:54 - 00000000 ____D C:\Qoobox
2013-08-29 23:15 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-08-29 23:15 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-08-29 23:13 - 2013-08-29 22:53 - 00000000 ____D C:\Windows\erdnt
2013-08-29 23:09 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-08-29 23:06 - 2011-07-28 16:41 - 00000000 ____D C:\Program Files\Hyperionics DB Toolbar
2013-08-29 22:53 - 2013-08-29 22:48 - 154147384 _____ (Symantec Corporation) C:\Users\Timo Tischler\Downloads\norton_360_setup.exe
2013-08-29 22:41 - 2013-08-29 22:41 - 00000000 ____D C:\found.004
2013-08-29 18:37 - 2013-08-29 18:25 - 00030976 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-08-29 18:31 - 2013-08-29 18:24 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 18:30 - 2013-08-29 18:30 - 00001048 _____ C:\Windows\system32\.crusader
2013-08-29 17:14 - 2013-08-29 22:52 - 05114906 ____R (Swearware) C:\Users\Timo Tischler\Desktop\ComboFix.exe
2013-08-28 13:09 - 2013-06-07 17:05 - 00000000 ____D C:\Users\Timo Tischler\Desktop\ZWISCHENABLAGE AKTUELL
2013-08-26 19:13 - 2013-08-26 19:13 - 00081650 _____ C:\Users\Timo Tischler\Desktop\Preordersheet_EUR_SS14.xlsx
2013-08-25 13:12 - 2013-08-25 13:12 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\Okidata
2013-08-24 14:52 - 2013-07-25 16:41 - 00010161 _____ C:\Users\Timo Tischler\Desktop\VERKAUF.xlsx
2013-08-23 09:50 - 2009-09-15 07:46 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\UseNeXT
2013-08-21 15:01 - 2013-08-21 15:01 - 00167547 _____ C:\Users\Timo Tischler\Desktop\Kopie von am 27 8 .xlsx
2013-08-21 10:13 - 2013-08-21 10:13 - 00265582 _____ C:\Users\Timo Tischler\Desktop\am 27 8 .xlsx
2013-08-18 21:03 - 2010-03-26 18:54 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\vlc
2013-08-18 20:32 - 2013-08-18 20:32 - 00051294 _____ C:\Users\Timo Tischler\Desktop\Lundhags Preorder 2014.xlsx
2013-08-17 21:22 - 2010-03-31 15:15 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\dvdcss
2013-08-17 12:15 - 2013-08-17 12:15 - 00000000 ____D C:\Users\Timo Tischler\Downloads\Exigus_20130817121055
2013-08-17 12:11 - 2013-08-17 12:11 - 07224929 _____ C:\Users\Timo Tischler\Downloads\Exigus_20130817121055.zip
2013-08-15 16:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-08-10 12:05 - 2013-07-22 15:08 - 00000000 ____D C:\Users\Timo Tischler\Desktop\Ausrüstungsverkauf
2013-08-10 11:25 - 2013-05-22 22:27 - 00000000 ____D C:\Users\Timo Tischler\Desktop\XXXXXXCHANGE FLYERWERKSTATT LAPPLAND
2013-08-05 16:00 - 2010-03-16 19:08 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
ZeroAccess:
C:\Users\TIMOTI~1\AppData\Local\Google\Desktop\Install\{630d094a-5ad6-4afb-b11c-d421014a516d}
ZeroAccess:
C:\Program Files\Google\Desktop\Install\{630d094a-5ad6-4afb-b11c-d421014a516d}
C:\ProgramData\nvModes.dat
C:\Users\TIMOTI~1\AppData\Local\Temp\fygsejcuyykaurleouy.bfg
C:\Users\TIMOTI~1\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\TIMOTI~1\AppData\Local\Temp\Garmin Software Updates\BaseCamp.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\D3DCompiler_43.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\Opera-12.16-1860.i386.autoupdate.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\opera.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\opera.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\OperaUpgrader.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\updatechecker\opera_autoupdate.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\mapi\OperaMAPI.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\gstreamer.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstaudioconvert.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstaudioresample.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstautodetect.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstcoreplugins.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstdecodebin2.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstdirectsound.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstffmpegcolorspace.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstoggdec.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwaveform.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwavparse.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwebmdec.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=C:
description            Windows Boot Manager
locale                  de-DE
inherit                {globalsettings}
default                {current}
resumeobject            {ab2ccf87-6874-11dd-816a-ca656e8d5a34}
displayorder            {current}
toolsdisplayorder      {memdiag}
timeout                30

Windows-Startladeprogramm
-------------------------
Bezeichner              {048a3594-1571-11df-8e04-00140b6424fe}
device                  ramdisk=[C:]\Recovery\048a3594-1571-11df-8e04-00140b6424fe\Winre.wim,{048a3595-1571-11df-8e04-00140b6424fe}
path                    \windows\system32\winload.exe
description            Windows Recovery Environment
inherit                {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\048a3594-1571-11df-8e04-00140b6424fe\Winre.wim,{048a3595-1571-11df-8e04-00140b6424fe}
systemroot              \windows
nx                      OptIn
winpe                  Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {572bcd56-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[\Device\HarddiskVolume1]\sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path                    \windows\system32\boot\winload.exe
description            Windows Recovery Environment
osdevice                ramdisk=[\Device\HarddiskVolume1]\sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot              \windows
nx                      OptIn
detecthal              Yes
winpe                  Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description            Windows 7
locale                  de-DE
inherit                {bootloadersettings}
recoverysequence        {048a3594-1571-11df-8e04-00140b6424fe}
recoveryenabled        Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {ab2ccf87-6874-11dd-816a-ca656e8d5a34}
nx                      OptIn

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {ab2ccf87-6874-11dd-816a-ca656e8d5a34}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description            Windows Resume Application
locale                  de-DE
inherit                {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                    Yes
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description            Windows-Speicherdiagnose
locale                  de-DE
inherit                {globalsettings}
badmemoryaccess        Yes

Windows-Legacybetriebssystem-Ladeprogramm
-----------------------------------------
Bezeichner              {ntldr}
device                  partition=C:
path                    \ntldr
description            Frhere Windows-Version

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype              Serial
debugport              1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                {globalsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype    Serial
hypervisordebugport    1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {048a3595-1571-11df-8e04-00140b6424fe}
description            Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\048a3594-1571-11df-8e04-00140b6424fe\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description            Ramdisk Device Options
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \boot\boot.sdi



LastRegBack: 2013-09-01 10:02

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-09-2013 04
Ran by Timo Tischler at 2013-09-02 12:05:00
Running from C:\Users\Timo Tischler\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
AAC Decoder (Version: 7.1.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
AC3Filter 1.62b (Version: 1.62b)
Acronis*True*Image*Home (Version: 13.0.6053)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.1.1)
Adobe Acrobat 8.1.1 Professional (Version: 8.1.1)
Adobe After Effects CS3 (Version: 8)
Adobe After Effects CS3 Presets (Version: 8)
Adobe After Effects CS3 Third Party Content (Version: 3)
Adobe AIR (Version: 1.1.0.5790)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color EU Recommended Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Extra Settings CS4 (Version: 2.0)
Adobe Creative Suite 3 Master Collection (Version: 1.0)
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (Version: 1.0)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe Dreamweaver CS3 (Version: 9.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Fireworks CS3 (Version: 9.0)
Adobe Flash CS3 (Version: 9.0)
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Flash Video Encoder (Version: 2.0)
Adobe Fonts All (Version: 2.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Reader 9 - Deutsch (Version: 9.0.0)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.2.602)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AdobeColorCommonSetRGB (Version: 2.0)
AHV content for Acrobat and Flash (Version: 1)
ALPS Touch Pad Driver
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Artisteer 2 (Version: 2.0)
AutoUpdate (Version: 1.1)
AviSynth 2.5
AXIS Media Control Embedded
Bluetooth Stack for Windows by Toshiba (Version: v6.00.05(FSC))
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-J5910DW (Version: 1.0.5.0)
CDBurnerXP (Version: 4.2.7.1878)
cGPSmapper Free 0100d
cobra (Version: 12.01.1299)
DHTML Editing Component (Version: 6.02.0001)
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.1.0.2)
DivX Web Player (Version: 1.5.0)
ezMS v1.03
Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)
Free Video to DVD Converter version 1.6.22.804
Free Video to iPod Converter version 5.0.6.221 (Version: 5.0.6.221)
Free YouTube to MP3 Converter version 3.11.37.1212 (Version: 3.11.37.1212)
FSCLounge (Version: 1.0.0)
Fujitsu Siemens Computers Recovery (Version: 1.3.9)
Garmin BaseCamp (Version: 4.0.2)
Garmin Communicator Plugin (Version: 2.9.3)
Garmin MapInstall (Version: 3.14.4)
Garmin TOPO Deutschland v3 (Version: 3.0.0.0)
Garmin TransAlpin v2 (Version: 2.0.0.0)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.5)
GmapTool 0.6.0b
Google Chrome (Version: 29.0.1547.62)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
GPL Ghostscript 8.64
H.264 Decoder (Version: 1.1.0)
Handelsbanken card reader (Version: 1.00.0000)
Hotkey Utility (Version: 1.5.5)
HyperCam 2 (Version: 2.25.01)
Hyperionics DB Toolbar
IcoFX 1.6.4
ImgBurn (Version: 2.5.5.0)
Incomedia WebSite X5 v10 - Evolution (Version: 10.0.2.24)
Incomedia WebSite X5 v8 - Evolution
Incomedia WebSite X5 v9 - Evolution (Version: 9.0.0.1654)
Intel(R) Network Connections Drivers
Intel® Matrix Storage Manager
iSpring Free 5 (Version: 5.5.0)
iTunes (Version: 10.7.0.21)
IZArc 4.1.2 (Version: 4.1.2)
Java 2 Runtime Environment, SE v1.4.2_19 (Version: 1.4.2_19)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 30 (Version: 6.0.300)
LameACM
Launch Pad 1.0.3 (Version: 1.0.3)
LetsTrade Komponenten
Lexmark Software deinstallieren
Logitech QuickCam (Version: 11.51.1056)
Logitech QuickCam-Treiberpaket
LogoMaker 2.0
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6)
MAGIX Video deluxe 17 Plus Sonderedition Download-Version (Version: 10.0.11.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MapCreator 2 (Version: 2.0)
MapTk (MapToolKit)
Media Add-ons für Acronis True Image Home 2010 (Version: 13.0.6053)
MF60 Mobile Hotspot (Version: 1.0.0.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MKV Splitter (Version: 1.0.1)
MobileMe Control Panel (Version: 2.6.0.35)
Mozilla Firefox (3.6.10) (Version: 3.6.10 (de))
MSVC80_x86 (Version: 1.0.1.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.27.0)
Nokia Maps Updater 1.0.12 (Version: 1.0.12)
Nokia PC-Internetzugang (Version: 2.0.1.2)
Norton 360 (Version: 20.4.0.40)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
NVIDIA Drivers (Version: 1.7)
O&O DriveLED (Version: 3.0.1945)
O&O MediaRecovery (Version: 4.1.1322)
OKI Alert Info (Version: 1.3.0)
OKI Color Swatch-Dienstprogramm (Version: 2.1.11)
OKI Configuration Tool (Version: 1.6.0)
OKI Device Setting (Version: 1.6.0)
OKI Network Extension (Version: 1.00.000)
OKI Network Setting (Version: 1.0.2)
OKI PDF Print Direct (Version: 3.4.5)
OKI Storage Manager (Version: 1.0.2)
OKI User Setting (Version: 1.4.0)
OpenVPN 2.1.1 (Version: 2.1.1)
Opera 12.12 (Version: 12.12.1707)
orgaMAX Business Software (Version: 12.0)
OziExplorer 3.95
PaperPort Image Printer (Version: 1.00.0001)
PC Connectivity Solution (Version: 10.6.1.0)
PDF Settings CS4 (Version: 9.0)
PHOTOfunSTUDIO 6.0 BD Edition (Version: 6.00.025)
PlayReady PC runtime (Version: 1)
Power Manager 2.8.3 (Version: 2.8.3)
PowerPoint to Flash Converter 3000 7.4
Presto! Forms 3.60.10 (Version: 3.60.10)
Presto! PageManager 7.12.20 (Version: 7.12.20)
PSFtp Version 1.8 (Version: 1.8.1.354)
QuickTime (Version: 7.66.71.0)
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0 (Version: 1.0.0)
Safari (Version: 5.31.21.10)
Scansoft PDF Professional
Skype™ 6.3 (Version: 6.3.107)
SPOT Firmware Updater
SPOT Updater 1.1 (Version: 1.1)
SpyHunter (Version: 4.11.10.4138)
SSH Secure Shell
StarMoney (Version: 1.0)
StarMoney 6.0 S-Edition (Version: 6.0)
SystemDiagnostics (Version: 2.04.0006)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
UseNeXT by Tangysoft
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VCRedistSetup (Version: 1.0.0)
VLC media player 1.0.5 (Version: 1.0.5)
VNC Free Edition 4.1.3 (Version: 4.1.3)
VoiceOver Kit (Version: 1.20.128.0)
Winamp (Version: 5.572 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinSCP 4.3.9 (Version: 4.3.9)
WPF Toolkit June 2009 (Version 3.5.40619.1) (Version: 3.5.40619.1)
 

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2006-11-02 12:23 - 2013-08-29 23:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3489D856-B811-4192-B139-434DA6C93ACF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {3501EE4A-0959-4F49-B82C-9B84106AF0DF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1908418406-1939059217-2638421699-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-02-09] (RealNetworks, Inc.)
Task: {3BF6AA5A-8C17-49F1-B0BA-F7B9854B145E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-08-04] (Microsoft Corporation)
Task: {43CE6190-2C14-451B-BB29-9565B5ED2753} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {4D6787D9-819B-48A6-9D95-0A8940368204} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1908418406-1939059217-2638421699-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-02-09] (RealNetworks, Inc.)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs No File
Task: {5AAAD918-FC45-433A-A271-BE3E191A9685} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {6614838B-A08B-4725-8511-CD97E45AD270} - System32\Tasks\User_Feed_Synchronization-{498E3D17-8CF9-48B2-B70E-9E13D21D43CE} => C:\Windows\system32\msfeedssync.exe [2011-06-17] (Microsoft Corporation)
Task: {6696ABF5-14ED-4B23-8962-C6F1E13BB7C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-06] (Google Inc.)
Task: {78148ACB-4274-4EDC-AAB8-FFEBEAF548A6} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2009-07-14] (Microsoft Corporation)
Task: {ABF28068-C51C-4999-88DA-51024CCCFC03} - System32\Tasks\{3570ECD7-DC5E-441A-B8A4-700401ACC139} => D:\Program Files\Skype\Phone\Skype.exe No File
Task: {C8261BCE-B117-4368-8E3B-4624AD8D1499} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {DAD49146-D949-4927-BF61-B5461804B266} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs No File
Task: {E9599562-BDAF-4CEE-8C4C-C95563692F1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Timo Tischler\Desktop\ComboFix.exe:com.apple.metadata?kMDItemDownloadedDate
AlternateDataStreams: C:\Users\Timo Tischler\Desktop\ComboFix.exe:com.apple.metadata?kMDItemWhereFroms
AlternateDataStreams: C:\Users\Timo Tischler\Desktop\ComboFix.exe:com.apple.quarantine

==================== Faulty Device Manager Devices =============

Could not list Devices.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2013 11:58:43 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/02/2013 11:28:47 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (09/02/2013 11:28:46 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (09/02/2013 11:28:45 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (09/02/2013 11:28:43 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (09/02/2013 11:28:41 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (09/02/2013 11:22:50 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (09/02/2013 11:22:29 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00046892
ID des fehlerhaften Prozesses: 0xcb8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (09/02/2013 11:22:22 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (09/02/2013 11:22:21 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.


System errors:
=============
Error: (09/02/2013 00:05:08 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 178 Mal passiert.

Error: (09/02/2013 00:05:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183

Error: (09/02/2013 00:04:40 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 177 Mal passiert.

Error: (09/02/2013 00:04:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183

Error: (09/02/2013 00:04:20 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 176 Mal passiert.

Error: (09/02/2013 00:04:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183

Error: (09/02/2013 00:03:59 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 175 Mal passiert.

Error: (09/02/2013 00:03:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183

Error: (09/02/2013 00:03:34 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 174 Mal passiert.

Error: (09/02/2013 00:03:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183


Microsoft Office Sessions:
=========================
Error: (08/30/2013 06:22:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 24168 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (08/06/2013 07:43:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6454 seconds with 1020 seconds of active time.  This session ended with a crash.

Error: (07/28/2013 01:38:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4925 seconds with 3540 seconds of active time.  This session ended with a crash.

Error: (04/22/2013 10:41:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3164 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (03/08/2013 05:56:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 32699 seconds with 2580 seconds of active time.  This session ended with a crash.

Error: (02/07/2013 08:58:07 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1274 seconds with 1020 seconds of active time.  This session ended with a crash.

Error: (11/15/2012 04:35:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 28453 seconds with 3060 seconds of active time.  This session ended with a crash.

Error: (07/13/2012 05:01:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 19349 seconds with 1800 seconds of active time.  This session ended with a crash.

Error: (06/27/2012 04:19:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23521 seconds with 4560 seconds of active time.  This session ended with a crash.

Error: (12/01/2011 09:05:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 666 seconds with 120 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 74%
Total physical RAM: 3032.81 MB
Available physical RAM: 776.08 MB
Total Pagefile: 6063.9 MB
Available Pagefile: 2933.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.29 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:92.21 GB) (Free:12.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:364.76 GB) (Free:263.25 GB) NTFS
Drive f: () (Fixed) (Total:1863.01 GB) (Free:1845.16 GB) NTFS
Drive l: () (Network) (Total:298.09 GB) (Free:136.06 GB) NTFS
Drive p: () (Network) (Total:298.09 GB) (Free:136.06 GB) NTFS
Drive v: () (Network) (Total:298.09 GB) (Free:136.06 GB) NTFS
Drive x: (Alte Daten) (Network) (Total:297.6 GB) (Free:91.75 GB) NTFS
Drive y: (Daten) (Network) (Total:297.6 GB) (Free:91.75 GB) NTFS
Drive z: (share) (Network) (Total:916.32 GB) (Free:916.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 8A879E46)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=92 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 2EF9D6DB)
Partition 1: (Not Active) - (Size=-198627982848) - (Type=07 NTFS)

==================== End Of Log ============================
Lohnt sich das was oder soll ich NEU aufsetzten?

Viele Grüße und Danke
Timo

cosinus 02.09.2013 11:28
So kann ich dir nicht helfen..was genau meckert Norton?!

timo_se 02.09.2013 11:39
Hi das sind die 2 Funde:


Code:
Dateiname: 800000cb.@
Bedrohungsname: Trojan.Gen.2
Vollst‰ndiger Pfad: c:\program files\google\desktop\install\{630d094a-5ad6-4afb-b11c-d421014a516d}\  \...\???\{630d094a-5ad6-4afb-b11c-d421014a516d}\u\800000cb.@

____________________________

Details
Unbekannte Community-Verbreitung,† Unbekanntes Alter,† Risiko Hoch

Ursprung
Heruntergeladen von?†Unbekannt

Aktivit‰t
Ausgef¸hrte Aktionen: Ausgef¸hrte Aktionen: 1

____________________________


Auf Computern ab†02.09.2013 um 12:31:39
Zuletzt verwendet†02.09.2013 um 12:31:39
Start-Element†Nein
Gestarted†Nein

____________________________


Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.

Unbekannt
Diese Dateiversion ist nicht bekannt.

Hoch
Das Risiko dieser Datei ist hoch.

Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einf¸gen oder anh‰ngen.



____________________________



Quelle: externe Medien
?

____________________________

Dateiaktionen

Datei: c:\program files\google\desktop\install\{630d094a-5ad6-4afb-b11c-d421014a516d}\  \...\???\{630d094a-5ad6-4afb-b11c-d421014a516d}\u\800000cb.@Blockiert
____________________________


Dateiabdruck - SHA:
9568ebe8385be586ca1b319403a5b3bb9a8041f725b293f2ba556f28ace8ec8c
Dateiabdruck - MD5:
Nicht verf¸gbar

und

Code:
Dateiname: 80000000.@
Bedrohungsname: Trojan.Zeroaccess.C
Vollst‰ndiger Pfad: c:\program files\google\desktop\install\{630d094a-5ad6-4afb-b11c-d421014a516d}\  \...\???\{630d094a-5ad6-4afb-b11c-d421014a516d}\u\80000000.@

____________________________

Details
Unbekannte Community-Verbreitung,† Unbekanntes Alter,† Risiko Hoch

Ursprung
Heruntergeladen von?†Unbekannt

Aktivit‰t
Ausgef¸hrte Aktionen: Ausgef¸hrte Aktionen: 1

____________________________


Auf Computern ab†02.09.2013 um 12:31:39
Zuletzt verwendet†02.09.2013 um 12:31:39
Start-Element†Nein
Gestarted†Nein

____________________________


Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.

Unbekannt
Diese Dateiversion ist nicht bekannt.

Hoch
Das Risiko dieser Datei ist hoch.

Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einf¸gen oder anh‰ngen.



____________________________



Quelle: externe Medien
?

____________________________

Dateiaktionen

Datei: c:\program files\google\desktop\install\{630d094a-5ad6-4afb-b11c-d421014a516d}\  \...\???\{630d094a-5ad6-4afb-b11c-d421014a516d}\u\80000000.@Blockiert
____________________________


Dateiabdruck - SHA:
c6ef688b67a40a078cae57457b8f308de0e9aac66c4c3eae4f7ed3b5547d9393
Dateiabdruck - MD5:
Nicht verf¸gbar
VG Timo

cosinus 02.09.2013 11:57
Tja, ZeroAccess hat sich erneut breitgemacht. War in den vorherigen Logs von FRST nciht zu sehen. Ich hab dich ja gewarnt in dem Lesestoff-Posting zum Rootkit, das am Ende doch nur die Neuinstallation von Windows bleiben kann


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:47 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132