Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Microsoft Office Word reagiert nicht mehr (https://www.trojaner-board.de/146416-microsoft-office-word-reagiert-mehr.html)

saturn13 21.12.2013 16:03
Microsoft Office Word reagiert nicht mehr
 
Guten Tag, ich habe seit einigen Tagen folgendes Problem. Wenn ich mit Outlook arbeite popt plötzlich die Nachricht hoch "Microsoft Word Office reagiert nicht mehr". Dann hängt sich Outlook auf. Auch wenn ich Word öffne popt die Nachricht nach kurzer Zeit auch auf. Ich habe Microsoft Office 2003 auf meinem Rechner. Betriebssystem Vista. Das Officepaket habe ich komplett gelöscht und neu installiert. Die Nachricht taucht aber immer wieder auf. Was kann ich tun? Danke für die Hilfe. Gruß Raimund

cosinus 21.12.2013 16:49
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

saturn13 21.12.2013 17:38
#
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02
Ran by paugstadt (administrator) on PAUGSTADT-PC on 21-12-2013 17:30:45
Running from C:\Users\paugstadt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4W7CN65
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(T-Systems International GmbH) C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\EPG Services\System\EPGService.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(O2Micro International) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(T-Systems International GmbH) C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe
() C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\paugstadt\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NWEReboot] - [x]
HKLM\...\Run: [] - [x]
HKLM\...\Run: [T-Home Dialerschutz-Software] - C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKCU\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [430080 2007-12-29] ()
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Winlogon: [Shell] Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKCU\...\Policies\Explorer: [NofolderOptions] 0
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoResolveSearch] 1
HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\paugstadt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\paugstadt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://photoservice.fujicolor.de/ips-opdata//19780615/activex/IPSUploader4.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: haufereader - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FE1F4513-6461-4D33-8AF5-7318CDDBD895}: [NameServer]192.168.2.1

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=48&cc="
CHR DefaultSearchProvider: Search the web (Softonic)
CHR DefaultSearchURL: hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=49&cc=
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805024 2011-02-01] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-12-28] (Acronis)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 DFSVC; C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH)
R2 EPGService; C:\Program Files\WinTV\EPG Services\System\EPGService.exe [436224 2008-04-09] (Hauppauge Computer Works)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 HauppaugeTVServer; C:\Program Files\WinTV\HCWTVServer.exe [815104 2008-03-31] (Hauppauge Computer Works)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-09-02] (Nero AG)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-13] (Symantec Corporation)
R2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys [1098968 2013-12-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
R3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.)
R3 DFSYS; C:\Program Files\T-Online\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20131220.001\IDSvix86.sys [394456 2013-12-12] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131220.008\NAVENG.SYS [93272 2013-12-19] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131220.008\NAVEX15.SYS [1612376 2013-12-19] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2007-02-07] (CACE Technologies)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-04-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS [345208 2012-04-18] (Symantec Corporation)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-21 17:30 - 2013-12-21 17:30 - 00000000 ____D C:\FRST
2013-12-21 15:45 - 2013-12-21 15:45 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-12-19 12:43 - 2013-12-19 12:43 - 00000000 ____D C:\Windows\pss
2013-12-19 12:23 - 2013-12-19 12:53 - 00002597 _____ C:\Users\paugstadt\Desktop\Microsoft Office Word 2003.lnk
2013-12-19 12:07 - 2013-12-21 17:23 - 00094660 _____ C:\Windows\WindowsUpdate.log
2013-12-19 12:02 - 2013-12-20 08:01 - 00333456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-19 12:02 - 2013-12-20 08:00 - 00003122 _____ C:\Windows\PFRO.log
2013-12-19 10:27 - 2013-12-21 17:27 - 00086496 _____ C:\Users\paugstadt\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-16 07:38 - 2013-12-16 07:38 - 00002044 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-11 11:50 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 11:50 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 11:50 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 11:50 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 11:50 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 11:50 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 11:50 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-11 11:50 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 11:50 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-11 11:50 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-11 11:50 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 11:50 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-11 11:50 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 11:50 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-11 11:50 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 11:50 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 07:43 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-11 07:43 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 07:43 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 07:43 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 07:43 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 07:43 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 07:43 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 07:43 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-11 07:43 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 07:43 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-11-26 08:55 - 2013-11-26 08:57 - 00023552 _____ C:\Users\paugstadt\Desktop\Mitgliederliste ISP.xls

==================== One Month Modified Files and Folders =======

2013-12-21 17:30 - 2013-12-21 17:30 - 00000000 ____D C:\FRST
2013-12-21 17:27 - 2013-12-19 10:27 - 00086496 _____ C:\Users\paugstadt\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-21 17:23 - 2013-12-19 12:07 - 00094660 _____ C:\Windows\WindowsUpdate.log
2013-12-21 17:23 - 2012-04-30 05:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-21 17:23 - 2010-05-10 15:14 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-21 17:23 - 2009-03-23 08:39 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\Skype
2013-12-21 17:23 - 2008-09-15 16:54 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-12-21 15:47 - 2008-08-02 09:47 - 00000821 _____ C:\Windows\ODBC.INI
2013-12-21 15:46 - 2006-11-02 11:23 - 00000240 _____ C:\Windows\win.ini
2013-12-21 15:45 - 2013-12-21 15:45 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-12-21 15:45 - 2008-02-26 14:38 - 00000000 ____D C:\Program Files\Microsoft Office
2013-12-21 15:45 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\ShellNew
2013-12-21 15:45 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\System
2013-12-21 15:45 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-21 15:44 - 2008-02-26 14:43 - 00000000 ____D C:\Windows\PCHEALTH
2013-12-21 15:42 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system
2013-12-21 15:27 - 2012-01-23 09:43 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\Dropbox
2013-12-21 15:23 - 2012-01-23 09:48 - 00000000 ___RD C:\Users\paugstadt\Dropbox
2013-12-21 15:22 - 2013-09-20 13:14 - 00000000 ____D C:\Users\paugstadt\AppData\Local\HTC MediaHub
2013-12-21 15:22 - 2012-12-28 16:01 - 00000274 _____ C:\Windows\Tasks\AbelssoftPreloader.job
2013-12-21 15:22 - 2010-05-10 15:14 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-21 15:21 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-21 15:21 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-21 15:21 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-21 15:19 - 2006-11-02 14:01 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-20 08:01 - 2013-12-19 12:02 - 00333456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-20 08:00 - 2013-12-19 12:02 - 00003122 _____ C:\Windows\PFRO.log
2013-12-19 12:53 - 2013-12-19 12:23 - 00002597 _____ C:\Users\paugstadt\Desktop\Microsoft Office Word 2003.lnk
2013-12-19 12:43 - 2013-12-19 12:43 - 00000000 ____D C:\Windows\pss
2013-12-19 08:26 - 2011-01-24 15:07 - 00000432 _____ C:\Windows\BRWMARK.INI
2013-12-19 08:17 - 2012-08-23 15:38 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Microsoft Help
2013-12-19 08:17 - 2011-03-04 16:07 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\TeamViewer
2013-12-19 08:17 - 2010-11-17 16:06 - 00000000 ____D C:\Users\paugstadt\AppData\Local\CrashDumps
2013-12-16 10:03 - 2008-01-21 08:16 - 01560216 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-16 07:38 - 2013-12-16 07:38 - 00002044 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-16 07:37 - 2008-02-15 18:04 - 00000000 ____D C:\Program Files\Google
2013-12-13 09:26 - 2009-12-15 09:01 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\U3
2013-12-12 09:47 - 2013-09-12 13:30 - 00269857 ____H C:\Users\paugstadt\Desktop\PP11Thumbs.ptn
2013-12-12 09:47 - 2013-09-12 13:30 - 00001176 ____H C:\Users\paugstadt\Desktop\maxdesk.ini2
2013-12-12 09:47 - 2013-09-12 13:30 - 00000149 ____H C:\Users\paugstadt\Desktop\PP11Thumbs.ptn2
2013-12-11 11:57 - 2013-08-14 10:08 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 11:53 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-11 11:36 - 2012-04-30 05:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 11:36 - 2011-05-20 16:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 09:38 - 2008-08-02 09:48 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Adobe
2013-12-07 10:12 - 2013-11-08 08:13 - 00001887 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2013-12-07 10:11 - 2008-08-01 19:03 - 00000000 ____D C:\Users\paugstadt
2013-12-07 10:06 - 2013-09-20 13:01 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Downloaded Installations
2013-12-06 07:22 - 2006-11-02 13:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-26 08:57 - 2013-11-26 08:55 - 00023552 _____ C:\Users\paugstadt\Desktop\Mitgliederliste ISP.xls
2013-11-24 08:14 - 2009-03-23 08:39 - 00000000 ___RD C:\Program Files\Skype
2013-11-24 08:14 - 2009-03-23 08:39 - 00000000 ____D C:\ProgramData\Skype
2013-11-22 16:00 - 2008-08-06 15:03 - 00000000 ____D C:\ProgramData\FLEXnet

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-21 15:29

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

#FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-12-2013 02
Ran by paugstadt at 2013-12-21 17:31:47
Running from C:\Users\paugstadt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4W7CN65
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 6.1.2)
7-Zip 9.22beta
8500A909_BasicWeb (Version: 140.0.000.000)
8500A909_Help_BasicWeb (Version: 1.00.0000)
Abelssoft Backup (Version: 2.2)
Acronis*True*Image*Home 2011 (Version: 14.0.6942)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Acrobat  8 Standard - English, Français, Deutsch (Version: 8.1.5)
Adobe Acrobat 8.1.5 - CPSID_49013
Adobe Acrobat 8.1.5 Standard (Version: 8.1.5)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe GoLive 6.0 (DEU) (Version: 6.0)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
Adobe SVG Viewer 3.0 (Version:  3.0)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.657.0)
Bing Bar (Version: 7.0.609.0)
Bluetooth Stack for Windows by Toshiba (Version: v7.10.10(T))
BMWi-Softwarepaket 9.2 (Version: 9.2.0)
Bonjour (Version: 3.0.0.10)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
Brother MFL-Pro Suite (Version: 1.00)
BufferChm (Version: 140.0.213.000)
Camera Assistant Software for Toshiba (Version: 1.7.175.0123)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0130.1509.26922)
Catalyst Control Center Graphics Full Existing (Version: 2008.0130.1509.26922)
Catalyst Control Center Graphics Full New (Version: 2008.0130.1509.26922)
Catalyst Control Center Graphics Light (Version: 2008.0130.1509.26922)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Dutch (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization French (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization German (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Italian (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Japanese (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Korean (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Portuguese (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Spanish (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Swedish (Version: 2008.0130.1509.26922)
CCC Help Chinese Standard (Version: 2008.0130.1508.26922)
CCC Help Chinese Traditional (Version: 2008.0130.1508.26922)
CCC Help Dutch (Version: 2008.0130.1508.26922)
CCC Help English (Version: 2008.0130.1508.26922)
CCC Help French (Version: 2008.0130.1508.26922)
CCC Help German (Version: 2008.0130.1508.26922)
CCC Help Italian (Version: 2008.0130.1508.26922)
CCC Help Japanese (Version: 2008.0130.1508.26922)
CCC Help Korean (Version: 2008.0130.1508.26922)
CCC Help Portuguese (Version: 2008.0130.1508.26922)
CCC Help Spanish (Version: 2008.0130.1508.26922)
CCC Help Swedish (Version: 2008.0130.1508.26922)
ccc-core-static (Version: 2008.0130.1509.26922)
ccc-utility (Version: 2008.0130.1509.26922)
CD/DVD Drive Acoustic Silencer (Version: 2.02.00)
CDBurnerXP (Version: 4.5.1.4003)
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
Cockpit (Version: 1.0.168)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.36.6.0)
Crystal Reports for .NET Framework 2.0 (x86) (Version: 10.2.0)
Desktop SMS (Version: 1.2.0)
devolo dLAN Wireless extender Konfiguration (Version: 1.0.0.0)
devolo dLAN-Konfigurationsassistent (Version: 14.0.0.0)
devolo EasyShare (Version: 4.0.0.0)
devolo Informer (Version: 22.0.0.0)
Dropbox (HKCU Version: 2.0.26)
DVD MovieFactory for TOSHIBA (Version: 5.51)
ElsterFormular (Version: 14.4.12044)
eReg (Version: 1.20.138.34)
erLT (Version: 1.20.0137)
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (Version: 2.0.0.1)
Free YouTube Downloader Converter
Google Earth (Version: 7.1.2.2041)
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
Google Update Helper (Version: 1.3.22.3)
Haufe iDesk-Browser (Version: 10.10.14.0000)
Haufe iDesk-Browser (Version: 8.07.16.5590)
Haufe iDesk-Service (Version: 11.07.19.8023)
Hauppauge German Help Files and Resources
Hauppauge WinTV
Hauppauge WinTV DVB-T EPG Service
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV TV Services
HDAUDIO Soft Data Fax Modem with SmartCP
HDMI Control Manager (Version: 1.6)
HP Officejet Pro 8500 A909 Series (Version: 14.0)
HTC Driver Installer (Version: 4.10.0.001)
HTC Sync Manager (Version: 2.4.11.0)
Huawei modem
Intel® Matrix Storage Manager
InterVideo FilterSDK for Hauppauge
IPTInstaller (Version: 4.0.8)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.1.9.5)
Katechismus 1.0  (Version: 1.0)
Lexware Info Service (Version: 2.90.00.0009)
Logitech SetPoint 6.20 (Version: 6.20.64)
MAGIX Digital Foto Maker SE 4.1.0.835 (D) (Version: 4.1.0.835)
MAGIX Foto Suite 1.12.0.89 (D) (Version: 1.12.0.89)
MAGIX Online Druck Service 2.3.2.0 (D) (Version: 2.3.2.0)
Marvell Miniport Driver (Version: 10.51.4.3)
Mein CEWE FOTOBUCH (Version: 5.0.1)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (Version: 11.0.5614.0)
Microsoft Office XP Web Components (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Microsoft Works (Version: 9.7.0621)
Microsoft XML Parser (Version: 8.0.7820.0)
Microsoft XML Parser (Version: 8.20.8730.4)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_x86 (Version: 1.0.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
myphotobook 3.5 (Version: 3.5)
NetWaiting (Version: 2.5.52)
Network (Version: 140.0.215.000)
Nokia Connectivity Cable Driver (Version: 7.1.92.0)
Nokia Map Loader (Version: 3.0.28)
Nokia PC Suite (Version: 7.1.62.1)
Nokia Software Updater (Version: 02.04.006.41579)
Nokia_Multimedia_Common_Components_2_5 (Version: 2.6.86)
Norton Internet Security (Version: 19.9.1.14)
O2Micro Flash Memory Card Reader Driver (x86) (Version: 3.19.1)
Online Foto Print System ( OFPS - 1NIGHTPRINT.de )
PaperPort Image Printer (Version: 1.00.0000)
PC Connectivity Solution (Version: 12.0.48.0)
PC-Kaufmann Startpaket 2013
PDF Architect (Version: 1.0.52.8917)
PDFCreator (Version: 1.6.2)
pdfforge Toolbar v6.7 (Version: 6.7) <==== ATTENTION
Prism Video Converter
QuickSteuer 2008 (Version: 14.00)
QuickSteuer 2009 (Version: 15.00.00.0034)
QuickSteuer 2010 (Version: 16.14.00.0002)
QuickSteuer 2011 (Version: 17.08.00.0006)
QuickSteuer 2012 (Version: 18.09.00.0003)
QuickSteuer 2013 (Version: 19.06.00.0003)
QuickSteuer Wissens-Center 2008 (Version: 14.0.0.0)
QuickSteuer Wissens-Center 2009 (Version: 15.0.1.0)
QuickSteuer Wissens-Center 2011 (Version: 17.10.0.0)
QuickSteuer Wissens-Center 2012 (Version: 18.1.0.0)
QuickTime (Version: 7.73.80.64)
Rossmann Fotowelt Software 4.9 (Version: 4.9)
Sage BankCom (Version: 2.00.0000)
Sage HBCI-Kontaktverwaltung (Version: 3.0)
Sage SAIP (Version: 1.0.1.115)
Sagede.Shared.Elster.Setup (Version: 1.0.0.0.21)
Sagede.Shared.Elster.Setup (Version: 1.0.0.0.7)
Scan (Version: 140.0.167.000)
ScanSoft PaperPort 11 (Version: 11.1.0000)
Servicepack Datumsaktualisierung (Version: 1.00.00.0005)
Skins (Version: 2008.0130.1509.26922)
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.10 (Version: 6.10.104)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Steuer Update 14.01 (Version: 14.01)
Steuer Update 15.09 (Version: 15.09)
Synaptics Pointing Device Driver (Version: 10.1.7.0)
TeamViewer 8 (Version: 8.0.17396)
T-Home Dialerschutz-Software
T-Mobile web'n'walk Manager (Version: 3.1.0)
Toolbox (Version: 140.0.428.000)
TOSHIBA Assist (Version: 2.01.04)
TOSHIBA Benutzerhandbücher (Version: 7.33)
TOSHIBA ConfigFree (Version: 7.1.26)
TOSHIBA Disc Creator (Version: 2.0.1.1.a)
TOSHIBA DVD PLAYER (Version: 1.20.10)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 1.0.3.32)
TOSHIBA Hardware Setup (Version: 3.00.01.00)
Toshiba Online Product Information (Version: 1.00.0012)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b)
TOSHIBA SD Memory Utilities (Version: 1.8.1.1)
TOSHIBA Supervisor Password (Version: 3.00.01.00)
TOSHIBA Value Added Package (Version: 1.1.14)
TRDCReminder (Version: 1.00.0014)
TRORDCLauncher (Version: 1.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
VR-NetWorld
VTPlus32 für WinTV (German)
WashAndGo (Version: 17.7)
WebReg (Version: 140.0.213.017)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Encoder 9-Reihe
Windows Media Encoder 9-Reihe (Version: 9.00.3374)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
Yahoo! Detect

==================== Restore Points  =========================

18-12-2013 15:52:02 Geplanter Prüfpunkt
20-12-2013 16:31:19 Geplanter Prüfpunkt
21-12-2013 14:43:23 Microsoft Office Standard Edition 2003 wird installiert

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {59B0987D-014F-4348-98E0-7C5D861C145C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5BD3EE58-CBCE-4C75-BF27-133ECD32EA8B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10] (Google Inc.)
Task: {72FD39B2-AA09-49F6-BF14-4A4200D17533} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10] (Google Inc.)
Task: {89D150A1-AF65-4E5E-8052-7330791FFA52} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {93C05B86-2EE7-4ED3-AD71-48BC1DBAA46E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\symerr.exe [2012-02-04] (Symantec Corporation)
Task: {A0645FC6-7F3B-4C40-BF18-708FD5BEB81C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {BA5CF01C-7796-49A1-B960-C3CB0D2E951F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\symerr.exe [2012-02-04] (Symantec Corporation)
Task: {C902A018-F213-41B9-B162-A476EB57CED0} - System32\Tasks\AbelssoftPreloader => C:\Program Files\WashAndGo\AbelssoftPreloader.exe [2012-10-05] (Microsoft)
Task: {D5062C16-82CD-4B51-9C64-1399F7D66632} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\wscstub.exe [2013-02-02] (Symantec Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\AbelssoftPreloader.job => C:\Program Files\WashAndGo\AbelssoftPreloader.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-02-15 17:22 - 2008-01-30 15:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\paugstadt\AppData\Roaming\Dropbox\bin\libcef.dll
2003-07-14 22:44 - 2003-07-14 22:44 - 00102968 _____ () C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (3).doc:DocumentSummaryInformation
AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (3).doc:SummaryInformation
AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (3).doc:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (4).doc:DocumentSummaryInformation
AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (4).doc:SummaryInformation
AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (4).doc:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft-6zu4-Adapter #7
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #9
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #13
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth RFCOMM
Description: Bluetooth RFCOMM
Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}
Manufacturer: TOSHIBA
Service: tosrfcom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2013 04:07:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4352

Error: (12/21/2013 04:07:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4352

Error: (12/21/2013 04:07:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/21/2013 04:07:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3338

Error: (12/21/2013 04:07:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3338

Error: (12/21/2013 04:07:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/21/2013 04:07:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2308

Error: (12/21/2013 04:07:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2308

Error: (12/21/2013 04:07:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/21/2013 04:07:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014


System errors:
=============
Error: (12/21/2013 05:23:09 PM) (Source: ipnathlp) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.34 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.

Error: (12/21/2013 05:23:02 PM) (Source: ipnathlp) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (12/21/2013 05:22:57 PM) (Source: ipnathlp) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (12/21/2013 03:22:28 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/21/2013 03:22:09 PM) (Source: Service Control Manager) (User: )
Description: Tosrfcom

Error: (12/21/2013 03:22:09 PM) (Source: Service Control Manager) (User: )
Description: Automatisches LiveUpdate - Scheduler%%3

Error: (12/21/2013 03:22:09 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (12/21/2013 03:21:55 PM) (Source: ipnathlp) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.34 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.

Error: (12/21/2013 03:19:05 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/21/2013 01:22:34 PM) (Source: ipnathlp) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.


Microsoft Office Sessions:
=========================
Error: (12/21/2013 04:07:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4352

Error: (12/21/2013 04:07:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4352

Error: (12/21/2013 04:07:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/21/2013 04:07:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3338

Error: (12/21/2013 04:07:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3338

Error: (12/21/2013 04:07:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/21/2013 04:07:24 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2308

Error: (12/21/2013 04:07:24 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2308

Error: (12/21/2013 04:07:24 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/21/2013 04:07:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014


CodeIntegrity Errors:
===================================
  Date: 2013-12-21 17:31:10.009
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-21 17:31:09.676
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-21 17:31:09.338
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-21 17:31:08.960
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-21 17:31:08.647
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-21 17:31:08.314
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-21 17:30:57.245
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-21 17:30:56.893
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-21 17:30:56.590
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-21 17:30:56.251
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 3069.48 MB
Available physical RAM: 1490.46 MB
Total Pagefile: 6347.18 MB
Available Pagefile: 4756.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.37 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:117.54 GB) (Free:14.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:232.89 GB) (Free:232.66 GB) NTFS
Drive f: (Data) (Fixed) (Total:113.88 GB) (Free:108.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 22741035)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=114 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 25D1610F)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

cosinus 21.12.2013 21:15
Was ist mit meiner Frage nach bisherigen Funden? Oder gab es bisher nichts?

saturn13 22.12.2013 18:18
Guten Abend, soll ich mir die 4 Programme downloaden um den jeweiligen Scan zu machen, oder wie darf ich das verstehen?

cosinus 22.12.2013 23:31
Das war meine Frage:

Zitat:
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => Wichtig: Bitte alle Logs mit Funden posten

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

saturn13 23.12.2013 07:43
Guten Morgen, nein, ich habe bisher keine weiteren Logs gefunden.

cosinus 23.12.2013 09:32
Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

saturn13 23.12.2013 11:50
#---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3218587648, free: 1489039360

Initializing...
======================
------------ Kernel report ------------
12/23/2013 09:39:52
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NIS\1309010.00E\SYMDS.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NIS\1309010.00E\SYMEFA.SYS
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps32.sys
\SystemRoot\system32\DRIVERS\tdrpm273.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\tosrfec.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\NETw4v32.sys
\SystemRoot\system32\DRIVERS\yk60x86.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\o2media.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\QIOMem.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\SipIMNDI.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\CHDART.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\NIS\1309010.00E\ccSetx86.sys
\SystemRoot\System32\Drivers\NIS\1309010.00E\SRTSP.SYS
\SystemRoot\system32\drivers\NIS\1309010.00E\Ironx86.SYS
\SystemRoot\system32\drivers\NIS\1309010.00E\SRTSPX.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\tosrfusb.sys
\SystemRoot\system32\DRIVERS\tosrfbd.sys
\SystemRoot\system32\DRIVERS\Tosrfhid.sys
\SystemRoot\system32\drivers\Toshidpt.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20131220.001\IDSvix86.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\npf_devolo.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Program Files\T-Online\Dialerschutz-Software\DFInjDrv32.sys
\??\C:\Program Files\T-Online\Dialerschutz-Software\DFSYS.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\Drivers\BrUsbSer.sys
\SystemRoot\System32\Drivers\BrSerIf.sys
\SystemRoot\System32\Drivers\UVCFTR_S.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131222.006\NAVEX15.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131222.006\NAVENG.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff87db9250
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff873a4028
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87db0030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff87370028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87db0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87e05968, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87e026a0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff87e027c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87e00698, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87db0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8739ff08, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff87370028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 22741035

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 246497280
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 249571328 Numsec = 238825472

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff87db9250, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87e0d968, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87e095e0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff87e0a7c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87e075c8, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87db9250, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87335700, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff873a4028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 25D1610F

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 488396097

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit --> [Hijack.Regedit]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit --> [Hijack.Regedit]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3218587648, free: 1792917504

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3218587648, free: 1904168960

Downloaded database version: v2013.12.23.02
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
12/23/2013 10:23:36
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NIS\1309010.00E\SYMDS.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NIS\1309010.00E\SYMEFA.SYS
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps32.sys
\SystemRoot\system32\DRIVERS\tdrpm273.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\tosrfec.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\NETw4v32.sys
\SystemRoot\system32\DRIVERS\yk60x86.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\o2media.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\QIOMem.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\SipIMNDI.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\CHDART.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\NIS\1309010.00E\ccSetx86.sys
\SystemRoot\System32\Drivers\NIS\1309010.00E\SRTSP.SYS
\SystemRoot\system32\drivers\NIS\1309010.00E\Ironx86.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\NIS\1309010.00E\SRTSPX.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131222.006\NAVEX15.SYS
\SystemRoot\System32\Drivers\BrUsbSer.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131222.006\NAVENG.SYS
\SystemRoot\System32\Drivers\BrSerIf.sys
\SystemRoot\system32\DRIVERS\tosrfusb.sys
\SystemRoot\system32\DRIVERS\tosrfbd.sys
\SystemRoot\System32\Drivers\UVCFTR_S.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\Tosrfhid.sys
\SystemRoot\system32\drivers\Toshidpt.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20131220.001\IDSvix86.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\npf_devolo.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Program Files\T-Online\Dialerschutz-Software\DFInjDrv32.sys
\??\C:\Program Files\T-Online\Dialerschutz-Software\DFSYS.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff87dcdac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff87915028
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff88581ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff87371028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff88581ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87e06810, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87e036a0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff87e037c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87e019a8, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff88581ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8736c900, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff87371028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 22741035

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 246497280
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 249571328 Numsec = 238825472

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff87dcdac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87e0d980, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87e007e0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff87e0a7c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87e08760, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87dcdac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8736b348, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff87915028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 25D1610F

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 488396097

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_3074048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished

Leider tritt das Problem immer noch auf.

cosinus 23.12.2013 12:15
Ist das falsche Log, bitte die Anleitung richtig lesen
Außerdem bat ich darum, die Logs in CODE-Tags zu posten

Zitat:
Leider tritt das Problem immer noch auf.
Erstens hab ich nicht gesagt, dass das Problem nach MBAR behoben ist und zweitens sind wir hier noch nicht fertig :)

saturn13 23.12.2013 12:29
Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.10.02.12

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
paugstadt :: PAUGSTADT-PC [administrator]

23.12.2013 09:39:57
mbar-log-2013-12-23 (09-39-57).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 223822
Time elapsed: 25 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
[CODE][Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.23.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
paugstadt :: PAUGSTADT-PC [administrator]

23.12.2013 10:23:42
mbar-log-2013-12-23 (10-23-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 233658
Time elapsed: 20 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
/CODE]

cosinus 23.12.2013 12:30
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


saturn13 23.12.2013 13:20
Code:
# AdwCleaner v3.016 - Bericht erstellt am 23/12/2013 um 12:49:22
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : paugstadt - PAUGSTADT-PC
# Gestartet von : C:\Users\paugstadt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\24HRMQ7O\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files\NCH Software
Ordner Gelöscht : C:\Users\paugstadt\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Ordner Gelöscht : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Datei Gelöscht : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Windows\System32\Tasks\BrowserProtect

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89D150A1-AF65-4E5E-8052-7330791FFA52}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89D150A1-AF65-4E5E-8052-7330791FFA52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKCU\Software\NCH Software
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Google Chrome v

[ Datei : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : search_url
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [3500 octets] - [23/12/2013 12:46:18]
AdwCleaner[S0].txt - [3401 octets] - [23/12/2013 12:49:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3461 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by paugstadt on 23.12.2013 at 12:56:51,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.12.2013 at 13:06:19,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2013 01
Ran by paugstadt (administrator) on PAUGSTADT-PC on 23-12-2013 13:08:45
Running from C:\Users\paugstadt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZYMGYZN
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(T-Systems International GmbH) C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\EPG Services\System\EPGService.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(O2Micro International) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(T-Systems International GmbH) C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe
() C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\paugstadt\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NWEReboot] - [x]
HKLM\...\Run: [] - [x]
HKLM\...\Run: [T-Home Dialerschutz-Software] - C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKCU\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [430080 2007-12-29] ()
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Winlogon: [Shell] Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKCU\...\Policies\Explorer: [NofolderOptions] 0
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoResolveSearch] 1
HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\paugstadt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\paugstadt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://photoservice.fujicolor.de/ips-opdata//19780615/activex/IPSUploader4.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: haufereader - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FE1F4513-6461-4D33-8AF5-7318CDDBD895}: [NameServer]192.168.2.1

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: Search the web (Softonic)
CHR DefaultSearchURL: hxxp://www.google.com
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805024 2011-02-01] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-12-28] (Acronis)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 DFSVC; C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH)
R2 EPGService; C:\Program Files\WinTV\EPG Services\System\EPGService.exe [436224 2008-04-09] (Hauppauge Computer Works)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 HauppaugeTVServer; C:\Program Files\WinTV\HCWTVServer.exe [815104 2008-03-31] (Hauppauge Computer Works)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-09-02] (Nero AG)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-13] (Symantec Corporation)
R2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx86.sys [1098968 2013-12-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
R3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.)
R3 DFSYS; C:\Program Files\T-Online\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20131220.001\IDSvix86.sys [394456 2013-12-12] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131222.020\NAVENG.SYS [93272 2013-12-19] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131222.020\NAVEX15.SYS [1612376 2013-12-19] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2007-02-07] (CACE Technologies)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-04-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS [345208 2012-04-18] (Symantec Corporation)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-23 13:06 - 2013-12-23 13:06 - 00000741 _____ C:\Users\paugstadt\Desktop\JRT.txt
2013-12-23 12:45 - 2013-12-23 12:49 - 00000000 ____D C:\AdwCleaner
2013-12-23 09:39 - 2013-12-23 11:45 - 00000000 ____D C:\Users\paugstadt\Desktop\mbar
2013-12-23 09:39 - 2013-12-23 10:23 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-23 09:39 - 2013-12-23 10:22 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-23 09:37 - 2013-12-23 09:37 - 12582688 _____ (Malwarebytes Corp.) C:\Users\paugstadt\Downloads\mbar-1.07.0.1008.exe
2013-12-23 09:37 - 2013-12-23 09:37 - 12582688 _____ (Malwarebytes Corp.) C:\Users\paugstadt\Downloads\mbar-1.07.0.1008 (1).exe
2013-12-21 17:30 - 2013-12-21 17:30 - 00000000 ____D C:\FRST
2013-12-21 15:45 - 2013-12-21 15:45 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-12-19 12:43 - 2013-12-19 12:43 - 00000000 ____D C:\Windows\pss
2013-12-19 12:23 - 2013-12-19 12:53 - 00002597 _____ C:\Users\paugstadt\Desktop\Microsoft Office Word 2003.lnk
2013-12-19 12:07 - 2013-12-23 12:50 - 00729063 _____ C:\Windows\WindowsUpdate.log
2013-12-19 12:02 - 2013-12-22 17:19 - 00012122 _____ C:\Windows\PFRO.log
2013-12-19 12:02 - 2013-12-22 06:58 - 00333456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-19 10:27 - 2013-12-21 17:27 - 00086496 _____ C:\Users\paugstadt\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-16 07:38 - 2013-12-16 07:38 - 00002044 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-11 11:50 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 11:50 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 11:50 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 11:50 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 11:50 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 11:50 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 11:50 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-11 11:50 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 11:50 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-11 11:50 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-11 11:50 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 11:50 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-11 11:50 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 11:50 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-11 11:50 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 11:50 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 07:43 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-11 07:43 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 07:43 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 07:43 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 07:43 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 07:43 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 07:43 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 07:43 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-11 07:43 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 07:43 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-11-26 08:55 - 2013-11-26 08:57 - 00023552 _____ C:\Users\paugstadt\Desktop\Mitgliederliste ISP.xls

==================== One Month Modified Files and Folders =======

2013-12-23 13:06 - 2013-12-23 13:06 - 00000741 _____ C:\Users\paugstadt\Desktop\JRT.txt
2013-12-23 12:59 - 2013-12-19 12:07 - 00729063 _____ C:\Windows\WindowsUpdate.log
2013-12-23 12:59 - 2010-05-10 15:14 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-23 12:56 - 2013-08-26 11:05 - 00000000 ____D C:\Windows\ERUNT
2013-12-23 12:54 - 2012-01-23 09:48 - 00000000 ___RD C:\Users\paugstadt\Dropbox
2013-12-23 12:54 - 2012-01-23 09:43 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\Dropbox
2013-12-23 12:53 - 2008-09-15 16:54 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-12-23 12:52 - 2013-09-20 13:14 - 00000000 ____D C:\Users\paugstadt\AppData\Local\HTC MediaHub
2013-12-23 12:52 - 2012-12-28 16:01 - 00000274 _____ C:\Windows\Tasks\AbelssoftPreloader.job
2013-12-23 12:52 - 2010-05-10 15:14 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-23 12:51 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-23 12:51 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-23 12:51 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 12:50 - 2006-11-02 14:01 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-23 12:49 - 2013-12-23 12:45 - 00000000 ____D C:\AdwCleaner
2013-12-23 12:38 - 2012-04-30 05:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-23 11:45 - 2013-12-23 09:39 - 00000000 ____D C:\Users\paugstadt\Desktop\mbar
2013-12-23 10:23 - 2013-12-23 09:39 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-23 10:22 - 2013-12-23 09:39 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-23 10:11 - 2009-03-23 08:39 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\Skype
2013-12-23 10:08 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\nap
2013-12-23 09:37 - 2013-12-23 09:37 - 12582688 _____ (Malwarebytes Corp.) C:\Users\paugstadt\Downloads\mbar-1.07.0.1008.exe
2013-12-23 09:37 - 2013-12-23 09:37 - 12582688 _____ (Malwarebytes Corp.) C:\Users\paugstadt\Downloads\mbar-1.07.0.1008 (1).exe
2013-12-22 17:19 - 2013-12-19 12:02 - 00012122 _____ C:\Windows\PFRO.log
2013-12-22 08:41 - 2006-11-02 11:23 - 00000240 _____ C:\Windows\win.ini
2013-12-22 06:58 - 2013-12-19 12:02 - 00333456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-22 06:53 - 2010-11-17 16:06 - 00000000 ____D C:\Users\paugstadt\AppData\Local\CrashDumps
2013-12-22 06:52 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-21 17:30 - 2013-12-21 17:30 - 00000000 ____D C:\FRST
2013-12-21 17:27 - 2013-12-19 10:27 - 00086496 _____ C:\Users\paugstadt\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-21 15:47 - 2008-08-02 09:47 - 00000821 _____ C:\Windows\ODBC.INI
2013-12-21 15:45 - 2013-12-21 15:45 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-12-21 15:45 - 2008-02-26 14:38 - 00000000 ____D C:\Program Files\Microsoft Office
2013-12-21 15:45 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\ShellNew
2013-12-21 15:45 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\System
2013-12-21 15:44 - 2008-02-26 14:43 - 00000000 ____D C:\Windows\PCHEALTH
2013-12-21 15:42 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system
2013-12-19 12:53 - 2013-12-19 12:23 - 00002597 _____ C:\Users\paugstadt\Desktop\Microsoft Office Word 2003.lnk
2013-12-19 12:43 - 2013-12-19 12:43 - 00000000 ____D C:\Windows\pss
2013-12-19 08:26 - 2011-01-24 15:07 - 00000432 _____ C:\Windows\BRWMARK.INI
2013-12-19 08:17 - 2012-08-23 15:38 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Microsoft Help
2013-12-19 08:17 - 2011-03-04 16:07 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\TeamViewer
2013-12-16 10:03 - 2008-01-21 08:16 - 01560216 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-16 07:38 - 2013-12-16 07:38 - 00002044 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-16 07:37 - 2008-02-15 18:04 - 00000000 ____D C:\Program Files\Google
2013-12-13 09:26 - 2009-12-15 09:01 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\U3
2013-12-12 09:47 - 2013-09-12 13:30 - 00269857 ____H C:\Users\paugstadt\Desktop\PP11Thumbs.ptn
2013-12-12 09:47 - 2013-09-12 13:30 - 00001176 ____H C:\Users\paugstadt\Desktop\maxdesk.ini2
2013-12-12 09:47 - 2013-09-12 13:30 - 00000149 ____H C:\Users\paugstadt\Desktop\PP11Thumbs.ptn2
2013-12-11 11:57 - 2013-08-14 10:08 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 11:53 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-11 11:36 - 2012-04-30 05:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 11:36 - 2011-05-20 16:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 09:38 - 2008-08-02 09:48 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Adobe
2013-12-07 10:12 - 2013-11-08 08:13 - 00001887 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2013-12-07 10:11 - 2008-08-01 19:03 - 00000000 ____D C:\Users\paugstadt
2013-12-07 10:06 - 2013-09-20 13:01 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Downloaded Installations
2013-12-06 07:22 - 2006-11-02 13:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-26 08:57 - 2013-11-26 08:55 - 00023552 _____ C:\Users\paugstadt\Desktop\Mitgliederliste ISP.xls
2013-11-24 08:14 - 2009-03-23 08:39 - 00000000 ___RD C:\Program Files\Skype
2013-11-24 08:14 - 2009-03-23 08:39 - 00000000 ____D C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\paugstadt\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-23 12:59

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2013 01
Ran by paugstadt at 2013-12-23 13:17:55
Running from C:\Users\paugstadt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\24HRMQ7O
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 6.1.2)
7-Zip 9.22beta
8500A909_BasicWeb (Version: 140.0.000.000)
8500A909_Help_BasicWeb (Version: 1.00.0000)
Abelssoft Backup (Version: 2.2)
Acronis*True*Image*Home 2011 (Version: 14.0.6942)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Acrobat  8 Standard - English, Français, Deutsch (Version: 8.1.5)
Adobe Acrobat 8.1.5 - CPSID_49013
Adobe Acrobat 8.1.5 Standard (Version: 8.1.5)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe GoLive 6.0 (DEU) (Version: 6.0)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
Adobe SVG Viewer 3.0 (Version:  3.0)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.657.0)
Bing Bar (Version: 7.0.609.0)
Bluetooth Stack for Windows by Toshiba (Version: v7.10.10(T))
BMWi-Softwarepaket 9.2 (Version: 9.2.0)
Bonjour (Version: 3.0.0.10)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
Brother MFL-Pro Suite (Version: 1.00)
BufferChm (Version: 140.0.213.000)
Camera Assistant Software for Toshiba (Version: 1.7.175.0123)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0130.1509.26922)
Catalyst Control Center Graphics Full Existing (Version: 2008.0130.1509.26922)
Catalyst Control Center Graphics Full New (Version: 2008.0130.1509.26922)
Catalyst Control Center Graphics Light (Version: 2008.0130.1509.26922)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Dutch (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization French (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization German (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Italian (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Japanese (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Korean (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Portuguese (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Spanish (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Swedish (Version: 2008.0130.1509.26922)
CCC Help Chinese Standard (Version: 2008.0130.1508.26922)
CCC Help Chinese Traditional (Version: 2008.0130.1508.26922)
CCC Help Dutch (Version: 2008.0130.1508.26922)
CCC Help English (Version: 2008.0130.1508.26922)
CCC Help French (Version: 2008.0130.1508.26922)
CCC Help German (Version: 2008.0130.1508.26922)
CCC Help Italian (Version: 2008.0130.1508.26922)
CCC Help Japanese (Version: 2008.0130.1508.26922)
CCC Help Korean (Version: 2008.0130.1508.26922)
CCC Help Portuguese (Version: 2008.0130.1508.26922)
CCC Help Spanish (Version: 2008.0130.1508.26922)
CCC Help Swedish (Version: 2008.0130.1508.26922)
ccc-core-static (Version: 2008.0130.1509.26922)
ccc-utility (Version: 2008.0130.1509.26922)
CD/DVD Drive Acoustic Silencer (Version: 2.02.00)
CDBurnerXP (Version: 4.5.1.4003)
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
Cockpit (Version: 1.0.168)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.36.6.0)
Crystal Reports for .NET Framework 2.0 (x86) (Version: 10.2.0)
Desktop SMS (Version: 1.2.0)
devolo dLAN Wireless extender Konfiguration (Version: 1.0.0.0)
devolo dLAN-Konfigurationsassistent (Version: 14.0.0.0)
devolo EasyShare (Version: 4.0.0.0)
devolo Informer (Version: 22.0.0.0)
Dropbox (HKCU Version: 2.0.26)
DVD MovieFactory for TOSHIBA (Version: 5.51)
ElsterFormular (Version: 14.4.12044)
eReg (Version: 1.20.138.34)
erLT (Version: 1.20.0137)
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (Version: 2.0.0.1)
Free YouTube Downloader Converter
Google Earth (Version: 7.1.2.2041)
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
Google Update Helper (Version: 1.3.22.3)
Haufe iDesk-Browser (Version: 10.10.14.0000)
Haufe iDesk-Browser (Version: 8.07.16.5590)
Haufe iDesk-Service (Version: 11.07.19.8023)
Hauppauge German Help Files and Resources
Hauppauge WinTV
Hauppauge WinTV DVB-T EPG Service
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV TV Services
HDMI Control Manager (Version: 1.6)
HP Officejet Pro 8500 A909 Series (Version: 14.0)
HTC Driver Installer (Version: 4.10.0.001)
HTC Sync Manager (Version: 2.4.11.0)
Huawei modem
Intel® Matrix Storage Manager
InterVideo FilterSDK for Hauppauge
IPTInstaller (Version: 4.0.8)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.1.9.5)
Katechismus 1.0  (Version: 1.0)
Lexware Info Service (Version: 2.90.00.0009)
Logitech SetPoint 6.20 (Version: 6.20.64)
MAGIX Digital Foto Maker SE 4.1.0.835 (D) (Version: 4.1.0.835)
MAGIX Foto Suite 1.12.0.89 (D) (Version: 1.12.0.89)
MAGIX Online Druck Service 2.3.2.0 (D) (Version: 2.3.2.0)
Marvell Miniport Driver (Version: 10.51.4.3)
Mein CEWE FOTOBUCH (Version: 5.0.1)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office XP Web Components (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Microsoft Works (Version: 9.7.0621)
Microsoft XML Parser (Version: 8.0.7820.0)
Microsoft XML Parser (Version: 8.20.8730.4)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_x86 (Version: 1.0.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
myphotobook 3.5 (Version: 3.5)
NetWaiting (Version: 2.5.52)
Network (Version: 140.0.215.000)
Nokia Connectivity Cable Driver (Version: 7.1.92.0)
Nokia Map Loader (Version: 3.0.28)
Nokia PC Suite (Version: 7.1.62.1)
Nokia Software Updater (Version: 02.04.006.41579)
Nokia_Multimedia_Common_Components_2_5 (Version: 2.6.86)
Norton Internet Security (Version: 19.9.1.14)
O2Micro Flash Memory Card Reader Driver (x86) (Version: 3.19.1)
Online Foto Print System ( OFPS - 1NIGHTPRINT.de )
PaperPort Image Printer (Version: 1.00.0000)
PC Connectivity Solution (Version: 12.0.48.0)
PC-Kaufmann Startpaket 2013
PDF Architect (Version: 1.0.52.8917)
PDFCreator (Version: 1.6.2)
pdfforge Toolbar v6.7 (Version: 6.7) <==== ATTENTION
Prism Video Converter
QuickSteuer 2008 (Version: 14.00)
QuickSteuer 2009 (Version: 15.00.00.0034)
QuickSteuer 2010 (Version: 16.14.00.0002)
QuickSteuer 2011 (Version: 17.08.00.0006)
QuickSteuer 2012 (Version: 18.09.00.0003)
QuickSteuer 2013 (Version: 19.06.00.0003)
QuickSteuer Wissens-Center 2008 (Version: 14.0.0.0)
QuickSteuer Wissens-Center 2009 (Version: 15.0.1.0)
QuickSteuer Wissens-Center 2011 (Version: 17.10.0.0)
QuickSteuer Wissens-Center 2012 (Version: 18.1.0.0)
QuickTime (Version: 7.73.80.64)
Rossmann Fotowelt Software 4.9 (Version: 4.9)
Sage BankCom (Version: 2.00.0000)
Sage HBCI-Kontaktverwaltung (Version: 3.0)
Sage SAIP (Version: 1.0.1.115)
Sagede.Shared.Elster.Setup (Version: 1.0.0.0.21)
Sagede.Shared.Elster.Setup (Version: 1.0.0.0.7)
Scan (Version: 140.0.167.000)
ScanSoft PaperPort 11 (Version: 11.1.0000)
Servicepack Datumsaktualisierung (Version: 1.00.00.0005)
Skins (Version: 2008.0130.1509.26922)
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.10 (Version: 6.10.104)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Steuer Update 14.01 (Version: 14.01)
Steuer Update 15.09 (Version: 15.09)
Synaptics Pointing Device Driver (Version: 10.1.7.0)
TeamViewer 8 (Version: 8.0.17396)
T-Home Dialerschutz-Software
T-Mobile web'n'walk Manager (Version: 3.1.0)
Toolbox (Version: 140.0.428.000)
TOSHIBA Assist (Version: 2.01.04)
TOSHIBA Benutzerhandbücher (Version: 7.33)
TOSHIBA ConfigFree (Version: 7.1.26)
TOSHIBA Disc Creator (Version: 2.0.1.1.a)
TOSHIBA DVD PLAYER (Version: 1.20.10)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 1.0.3.32)
TOSHIBA Hardware Setup (Version: 3.00.01.00)
Toshiba Online Product Information (Version: 1.00.0012)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b)
TOSHIBA SD Memory Utilities (Version: 1.8.1.1)
TOSHIBA Supervisor Password (Version: 3.00.01.00)
TOSHIBA Value Added Package (Version: 1.1.14)
TRDCReminder (Version: 1.00.0014)
TRORDCLauncher (Version: 1.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
VR-NetWorld
VTPlus32 für WinTV (German)
WashAndGo (Version: 17.7)
WebReg (Version: 140.0.213.017)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Encoder 9-Reihe
Windows Media Encoder 9-Reihe (Version: 9.00.3374)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
Yahoo! Detect

==================== Restore Points  =========================

20-12-2013 16:31:19 Geplanter Prüfpunkt
21-12-2013 14:43:23 Microsoft Office Standard Edition 2003 wird installiert
21-12-2013 19:16:01 Windows Update
22-12-2013 05:49:01 Windows Update
22-12-2013 07:31:12 Windows Update
23-12-2013 09:05:56 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {59B0987D-014F-4348-98E0-7C5D861C145C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5BD3EE58-CBCE-4C75-BF27-133ECD32EA8B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10] (Google Inc.)
Task: {72FD39B2-AA09-49F6-BF14-4A4200D17533} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10] (Google Inc.)
Task: {93C05B86-2EE7-4ED3-AD71-48BC1DBAA46E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\symerr.exe [2012-02-04] (Symantec Corporation)
Task: {A0645FC6-7F3B-4C40-BF18-708FD5BEB81C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {BA5CF01C-7796-49A1-B960-C3CB0D2E951F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\symerr.exe [2012-02-04] (Symantec Corporation)
Task: {C902A018-F213-41B9-B162-A476EB57CED0} - System32\Tasks\AbelssoftPreloader => C:\Program Files\WashAndGo\AbelssoftPreloader.exe [2012-10-05] (Microsoft)
Task: {D5062C16-82CD-4B51-9C64-1399F7D66632} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\wscstub.exe [2013-02-02] (Symantec Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\AbelssoftPreloader.job => C:\Program Files\WashAndGo\AbelssoftPreloader.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-02-15 17:22 - 2008-01-30 15:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\paugstadt\AppData\Roaming\Dropbox\bin\libcef.dll
2009-08-05 10:45 - 2009-08-05 10:45 - 00106312 _____ () C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (3).doc:DocumentSummaryInformation
AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (3).doc:SummaryInformation
AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (3).doc:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (4).doc:DocumentSummaryInformation
AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (4).doc:SummaryInformation
AlternateDataStreams: C:\Users\paugstadt\Desktop\~$crosoft Word-Dokument (neu) (4).doc:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft-6zu4-Adapter #7
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #9
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #13
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth RFCOMM
Description: Bluetooth RFCOMM
Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}
Manufacturer: TOSHIBA
Service: tosrfcom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-12-23 13:17:36.839
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-23 13:17:36.495
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-23 13:17:36.163
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-23 13:17:35.829
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-23 13:17:35.522
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-23 13:17:35.219
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-23 13:17:34.875
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-23 13:17:34.572
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-23 13:17:34.250
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-23 13:17:33.891
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 3069.48 MB
Available physical RAM: 1584.65 MB
Total Pagefile: 6345.18 MB
Available Pagefile: 4695.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.88 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:117.54 GB) (Free:15.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:232.89 GB) (Free:232.66 GB) NTFS
Drive f: (Data) (Fixed) (Total:113.88 GB) (Free:108.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 22741035)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=114 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 25D1610F)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
abgearbeitet

cosinus 23.12.2013 14:19
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKCU\...\Winlogon: [Shell] Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


saturn13 23.12.2013 14:45
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-12-2013 01
Ran by paugstadt at 2013-12-23 14:44:03 Run:1
Running from C:\Users\paugstadt\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...\Winlogon: [Shell] Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION
       
*****************

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

==== End of Fixlog ====


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:48 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131