Moin, ich habe mir den GVU-Trojaner eingefangen. Windows Vista lässt sich nicht mehr starten. Auch die Systemwiederherstellung im abgesicherten Modus funktioniert nicht. Wenn ich im abgesicherten Modus Windows starten will, fährt der Rechner wieder runter. Was kann ich tun?

Hi,

dann versuch es bitte mal so:


Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

• Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 64-Bit
• Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
• Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

• Starte den Rechner neu.
• Während dem Hochfahren drücke mehrmals die F8 Taste
• Wähle nun Computer reparieren.
• Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

• Lege die Windows CD in dein Laufwerk.
• Starte den Rechner neu und starte von der CD.
• Wähle die Spracheinstellungen und klicke "Weiter".
• Klicke auf Computerreparaturoptionen !
• Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

• Gib nun bitte notepad ein und drücke Enter.
• Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
  Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
• Schließe Notepad wieder
• Gib nun bitte folgenden Befehl ein.
  e:\frst.exe bzw. e:\frst64.exe
  Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
• Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-08-2013
Ran by SYSTEM on 14-08-2013 12:50:43
Running from H:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe [x]
HKLM\...\Run: [Desktop SMS] - C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [topi] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [HDMICtrlMan] - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-01-25] (TOSHIBA Corporation.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [EPGServiceTool] - C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe [688128 2008-04-17] (Hauppauge Inc.)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM\...\Run: [ScanSoft PDF Professional 3.0-reminder] - "C:\Program Files\ScanSoft\PDF Professional 3.0\Ereg\ereg.exe" -r "C:\ProgramData\ScanSoft\PDF Professional\3\Ereg\ereg.ini" [x]
HKLM\...\Run: [NWEReboot] -  [x]
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKLM\...\Run: [NokiaMusic FastStart] - C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe [2192672 2010-03-04] (Nokia)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [T-Home Dialerschutz-Software] - C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH)
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1352272 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [SAOB Monitor] - C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [391232 2011-02-01] (Acronis)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [SearchSettings] - "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" [x]
HKLM\...\Run: [Iminent] - C:\Program Files\Iminent\Iminent.exe [1074736 2013-01-25] (Iminent)
HKLM\...\Run: [IminentMessenger] - C:\Program Files\Iminent\Iminent.Messengers.exe [884784 2013-01-25] (Iminent)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-24] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [318464 2008-01-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\paugstadt\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\paugstadt\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\paugstadt\...\Run: [] -  [x]
HKU\paugstadt\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [ 2012-10-12] (Nokia)
HKU\paugstadt\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-20] (Skype Technologies S.A.)
HKU\paugstadt\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-20] (Microsoft Corporation)
HKU\paugstadt\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\PAUGST~1\AppData\Local\Temp\kiugqxfkkjbwkbyxd.exe [ 2013-08-13] (Valve Corporation) <===== ATTENTION
HKU\paugstadt\...\Winlogon: [Shell] cmd.exe [ 2008-01-20] (Microsoft Corporation) <==== ATTENTION 
HKU\paugstadt\...\Command Processor: "C:\Users\PAUGST~1\AppData\Local\Temp\kiugqxfkkjbwkbyxd.exe" <===== ATTENTION!
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\paugstadt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805024 2011-02-01] (Acronis)
S2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-12-28] (Acronis)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
S2 DFSVC; C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH)
S2 EPGService; C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [436224 2008-04-09] (Hauppauge Computer Works)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 HauppaugeTVServer; C:\PROGRA~1\WinTV\HCWTVS~1.EXE [815104 2008-03-31] (Hauppauge Computer Works)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-12] (Symantec Corporation)
S2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International)
S2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
S2 SProtection; C:\Program Files\Common Files\Umbrella\umbrella.exe [2864448 2013-08-06] (Iminent)
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-20] (Microsoft Corporation)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation)
S3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.)
S3 DFSYS; C:\Program Files\T-Online\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-12-18] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-08] (Symantec Corporation)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130813.001\IDSvix86.sys [386720 2013-07-19] (Symantec Corporation)
S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37328 2010-08-24] (Logitech, Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130813.009\NAVENG.SYS [93272 2013-08-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130813.009\NAVEX15.SYS [1611992 2013-08-13] (Symantec Corporation)
S2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2007-02-07] (CACE Technologies)
S3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
S1 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-04-26] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-17] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS [345208 2012-04-17] (Symantec Corporation)
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-14 01:08 - 2013-08-14 01:08 - 00000000 ____D C:\Windows\System32\MRT
2013-08-13 21:55 - 2013-08-13 21:55 - 01084727 _____ C:\ProgramData\2433f433
2013-08-13 21:55 - 2013-08-13 21:55 - 01084721 _____ C:\Users\paugstadt\AppData\Roaming\2433f433
2013-08-13 21:55 - 2013-08-13 21:55 - 01084717 _____ C:\Users\paugstadt\AppData\Local\2433f433
2013-08-05 06:13 - 2013-08-05 06:13 - 00000322 _____ C:\Users\paugstadt\Downloads\Jutta_Kricheldorff.vcf
2013-07-29 20:15 - 2013-07-29 20:15 - 00002044 _____ C:\Users\Public\Desktop\Google Earth.lnk

==================== One Month Modified Files and Folders =======

2013-08-14 12:50 - 2013-08-14 12:50 - 00000000 ____D C:\FRST
2013-08-14 12:37 - 2008-08-01 10:03 - 00000000 ____D C:\users\paugstadt
2013-08-14 12:37 - 2006-11-02 03:18 - 00000000 __RSD C:\Windows\Media
2013-08-14 12:37 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2013-08-14 12:37 - 2006-11-02 02:22 - 67633152 _____ C:\Windows\System32\config\software_previous
2013-08-14 12:37 - 2006-11-02 02:22 - 39321600 _____ C:\Windows\System32\config\system_previous
2013-08-14 12:36 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-08-14 12:36 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-08-14 12:36 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2013-08-14 12:30 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\security_previous
2013-08-14 12:30 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\sam_previous
2013-08-14 02:39 - 2008-09-15 07:54 - 00000439 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2013-08-14 02:38 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-14 02:38 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-14 01:30 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-14 01:26 - 2013-01-02 22:17 - 01317140 _____ C:\Windows\WindowsUpdate.log
2013-08-14 01:22 - 2006-11-02 02:22 - 44564480 _____ C:\Windows\System32\config\components_previous
2013-08-14 01:22 - 2006-11-02 02:22 - 00524288 _____ C:\Windows\System32\config\default_previous
2013-08-14 01:18 - 2013-01-02 22:13 - 00019250 _____ C:\Windows\PFRO.log
2013-08-14 01:16 - 2013-08-14 01:08 - 00000000 ____D C:\Windows\System32\MRT
2013-08-13 21:55 - 2013-08-13 21:55 - 01084727 _____ C:\ProgramData\2433f433
2013-08-13 21:55 - 2013-08-13 21:55 - 01084721 _____ C:\Users\paugstadt\AppData\Roaming\2433f433
2013-08-13 21:55 - 2013-08-13 21:55 - 01084717 _____ C:\Users\paugstadt\AppData\Local\2433f433
2013-08-13 21:47 - 2009-03-22 23:39 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\Skype
2013-08-09 23:44 - 2011-01-24 06:07 - 00000432 _____ C:\Windows\BRWMARK.INI
2013-08-08 11:47 - 2013-04-30 09:25 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Smartbar
2013-08-08 11:47 - 2012-10-30 01:39 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Macromedia
2013-08-08 11:47 - 2012-10-29 02:25 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Mozilla
2013-08-08 11:47 - 2012-08-23 06:38 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Microsoft Help
2013-08-08 11:47 - 2012-04-28 06:45 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Microsoft Games
2013-08-08 11:47 - 2011-10-10 02:15 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Haufe Mediengruppe
2013-08-08 11:47 - 2011-02-26 08:43 - 00000000 ____D C:\Users\paugstadt\AppData\Local\Logishrd
2013-08-08 11:47 - 2010-11-17 07:06 - 00000000 ____D C:\Users\paugstadt\AppData\Local\CrashDumps
2013-08-07 21:50 - 2009-03-22 23:39 - 00000000 ___RD C:\Program Files\Skype
2013-08-07 21:50 - 2009-03-22 23:39 - 00000000 ____D C:\ProgramData\Skype
2013-08-06 20:52 - 2013-02-06 23:24 - 00000000 ____D C:\Program Files\Common Files\Umbrella
2013-08-05 22:34 - 2013-01-03 00:54 - 00039709 _____ C:\Windows\setupact.log
2013-08-05 06:13 - 2013-08-05 06:13 - 00000322 _____ C:\Users\paugstadt\Downloads\Jutta_Kricheldorff.vcf
2013-07-29 20:15 - 2013-07-29 20:15 - 00002044 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-29 20:14 - 2008-02-15 09:04 - 00000000 ____D C:\Program Files\Google

Files to move or delete:
====================
C:\Users\PAUGST~1\AppData\Local\Temp\kiugqxfkkjbwkbyxd.exe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-22 13:57:20
Restore point made on: 2013-06-23 13:53:25
Restore point made on: 2013-07-10 22:32:14
Restore point made on: 2013-07-24 07:03:27
Restore point made on: 2013-08-14 00:59:51

==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 4093.48 MB
Available physical RAM: 3519.15 MB
Total Pagefile: 3767.36 MB
Available Pagefile: 3605.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.02 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:117.54 GB) (Free:14.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:232.89 GB) (Free:232.66 GB) NTFS
Drive e: (Data) (Fixed) (Total:113.88 GB) (Free:108.71 GB) NTFS
Drive g: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.23 GB) NTFS
Drive h: () (Removable) (Total:14.91 GB) (Free:12.65 GB) FAT32
Drive i: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 22741035)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=114 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 25D1610F)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2013-08-14 01:26

==================== End Of Log ============================
         

--- --- ---

--- --- ---


hallo Leo, sorry, ich hatte das Log-file ohne Anschreiben geschickt. Gruß Saturn13

Hallo,

startet der Rechner nach folgendem Fix wieder normal?


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

C:\Users\PAUGST~1\AppData\Local\Temp\kiugqxfkkjbwkbyxd.exe
C:\Users\PAUGST~1\AppData\Local\Temp\kiugqxfkkjbwkbyxd.dll
2013-08-13 21:55 - 2013-08-13 21:55 - 01084727 _____ C:\ProgramData\2433f433
2013-08-13 21:55 - 2013-08-13 21:55 - 01084721 _____ C:\Users\paugstadt\AppData\Roaming\2433f433
2013-08-13 21:55 - 2013-08-13 21:55 - 01084717 _____ C:\Users\paugstadt\AppData\Local\2433f433
HKU\paugstadt\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\PAUGST~1\AppData\Local\Temp\kiugqxfkkjbwkbyxd.exe [ 2013-08-13] (Valve Corporation) <===== ATTENTION
HKU\paugstadt\...\Winlogon: [Shell] cmd.exe [ 2008-01-20] (Microsoft Corporation) <==== ATTENTION 
HKU\paugstadt\...\Command Processor: "C:\Users\PAUGST~1\AppData\Local\Temp\kiugqxfkkjbwkbyxd.exe" <===== ATTENTION!
         

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

• Starte deinen Rechner erneut in die Reparaturoptionen
• Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Hallo Leo, hier kommt die Fixlog.txt

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-08-2013
Ran by SYSTEM at 2013-08-14 15:07:40 Run:2
Running from H:\
Boot Mode: Recovery

==============================================

"C:\Users\PAUGST~1\AppData\Local\Temp\kiugqxfkkjbwkbyxd.exe" => File/Directory not found.
"C:\Users\PAUGST~1\AppData\Local\Temp\kiugqxfkkjbwkbyxd.dll" => File/Directory not found.
"C:\ProgramData\2433f433" => File/Directory not found.
"C:\Users\paugstadt\AppData\Roaming\2433f433" => File/Directory not found.
"C:\Users\paugstadt\AppData\Local\2433f433" => File/Directory not found.
HKU\paugstadt\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value not found.
HKU\paugstadt\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
HKU\paugstadt\Software\Microsoft\Command Processor\\AutoRun => Value not found.

==== End of Fixlog ====
         

Und startet der Rechner wieder normal oder ist immer noch der Sperrbildschirm im Weg?

Hallo Leo, der Sperrbildschirm ist verschwunden. Vielen Dank für die Unterstützung. Super. Momentan ist der Rechner aber sehr langsam. Es läuft kein Scan. Ich werde das System noch einmal starten. Nochmals Danke. Gruß Saturn13

Dann verschiebe die frst.exe vom USB-Stick auf den Desktop.

• Starte dann FRST.
• Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
• Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
• Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

hier kommen die beiden logfiles

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-08-2013
Ran by paugstadt at 2013-08-14 16:03:41
Running from C:\Users\paugstadt\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

32 Bit HP CIO Components Installer (Version: 6.1.2)
7-Zip 9.22beta
8500A909_BasicWeb (Version: 140.0.000.000)
8500A909_Help_BasicWeb (Version: 1.00.0000)
Abelssoft Backup (Version: 2.2)
Acronis*True*Image*Home 2011 (Version: 14.0.6942)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Acrobat  8 Standard - English, Français, Deutsch (Version: 8.1.5)
Adobe Acrobat 8.1.5 - CPSID_49013
Adobe Acrobat 8.1.5 Standard (Version: 8.1.5)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe GoLive 6.0 (DEU) (Version: 6.0)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Adobe SVG Viewer 3.0 (Version:  3.0)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.657.0)
Bing Bar (Version: 7.0.609.0)
Bluetooth Stack for Windows by Toshiba (Version: v7.10.10(T))
BMWi-Softwarepaket 9.2 (Version: 9.2.0)
Bonjour (Version: 3.0.0.10)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
Brother MFL-Pro Suite (Version: 1.00)
BrowserProtect
BufferChm (Version: 140.0.213.000)
Camera Assistant Software for Toshiba (Version: 1.7.175.0123)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0130.1509.26922)
Catalyst Control Center Graphics Full Existing (Version: 2008.0130.1509.26922)
Catalyst Control Center Graphics Full New (Version: 2008.0130.1509.26922)
Catalyst Control Center Graphics Light (Version: 2008.0130.1509.26922)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Dutch (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization French (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization German (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Italian (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Japanese (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Korean (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Portuguese (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Spanish (Version: 2008.0130.1509.26922)
Catalyst Control Center Localization Swedish (Version: 2008.0130.1509.26922)
CCC Help Chinese Standard (Version: 2008.0130.1508.26922)
CCC Help Chinese Traditional (Version: 2008.0130.1508.26922)
CCC Help Dutch (Version: 2008.0130.1508.26922)
CCC Help English (Version: 2008.0130.1508.26922)
CCC Help French (Version: 2008.0130.1508.26922)
CCC Help German (Version: 2008.0130.1508.26922)
CCC Help Italian (Version: 2008.0130.1508.26922)
CCC Help Japanese (Version: 2008.0130.1508.26922)
CCC Help Korean (Version: 2008.0130.1508.26922)
CCC Help Portuguese (Version: 2008.0130.1508.26922)
CCC Help Spanish (Version: 2008.0130.1508.26922)
CCC Help Swedish (Version: 2008.0130.1508.26922)
ccc-core-static (Version: 2008.0130.1509.26922)
ccc-utility (Version: 2008.0130.1509.26922)
CD/DVD Drive Acoustic Silencer (Version: 2.02.00)
CDBurnerXP (Version: 4.5.1.4003)
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
Cockpit (Version: 1.0.168)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.36.6.0)
Crystal Reports for .NET Framework 2.0 (x86) (Version: 10.2.0)
Delta Chrome Toolbar (Version: 1.0.0.0)
Delta toolbar   (Version: 1.8.10.0)
Desktop SMS (Version: 1.2.0)
devolo dLAN Wireless extender Konfiguration (Version: 1.0.0.0)
devolo dLAN-Konfigurationsassistent (Version: 14.0.0.0)
devolo EasyShare (Version: 4.0.0.0)
devolo Informer (Version: 22.0.0.0)
DVD MovieFactory for TOSHIBA (Version: 5.51)
ElsterFormular (Version: 14.1.11318)
eReg (Version: 1.20.138.34)
erLT (Version: 1.20.0137)
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (Version: 2.0.0.1)
Free YouTube Downloader Converter
Google Earth (Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
Google Update Helper (Version: 1.3.21.153)
Haufe iDesk-Browser (Version: 10.10.14.0000)
Haufe iDesk-Browser (Version: 8.07.16.5590)
Haufe iDesk-Service (Version: 11.07.19.8023)
Hauppauge German Help Files and Resources
Hauppauge WinTV
Hauppauge WinTV DVB-T EPG Service
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV TV Services
HDAUDIO Soft Data Fax Modem with SmartCP
HDMI Control Manager (Version: 1.6)
HP Officejet Pro 8500 A909 Series (Version: 14.0)
Huawei modem
Iminent (Version: 6.4.56.0)
Intel® Matrix Storage Manager
InterVideo FilterSDK for Hauppauge
iTunes (Version: 11.0.2.26)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Java(TM) 6 Update 29 (Version: 6.0.290)
Katechismus 1.0  (Version: 1.0)
Lexware Info Service (Version: 2.80.00.0007)
Logitech SetPoint 6.20 (Version: 6.20.64)
MAGIX Digital Foto Maker SE 4.1.0.835 (D) (Version: 4.1.0.835)
MAGIX Foto Suite 1.12.0.89 (D) (Version: 1.12.0.89)
MAGIX Online Druck Service 2.3.2.0 (D) (Version: 2.3.2.0)
Marvell Miniport Driver (Version: 10.51.4.3)
Mein CEWE FOTOBUCH (Version: 5.0.1)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office XP Web Components (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Microsoft Works (Version: 9.7.0621)
Microsoft XML Parser (Version: 8.0.7820.0)
Microsoft XML Parser (Version: 8.20.8730.4)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_x86 (Version: 1.0.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
myphotobook 3.5 (Version: 3.5)
NetWaiting (Version: 2.5.52)
Network (Version: 140.0.215.000)
Nokia Connectivity Cable Driver (Version: 7.1.92.0)
Nokia Map Loader (Version: 3.0.28)
Nokia Ovi Player (Version: 2.1.10304)
Nokia PC Suite (Version: 7.1.62.1)
Nokia Software Updater (Version: 02.04.006.41579)
Nokia Suite (Version: 3.6.36.0)
Nokia_Multimedia_Common_Components_2_5 (Version: 2.6.86)
Norton Internet Security (Version: 19.9.1.14)
O2Micro Flash Memory Card Reader Driver (x86) (Version: 3.19.1)
Online Foto Print System ( OFPS - 1NIGHTPRINT.de )
PaperPort Image Printer (Version: 1.00.0000)
PC Connectivity Solution (Version: 12.0.48.0)
PC-Kaufmann Startpaket 2013
PDF Architect (Version: 1.0.52.8917)
PDFCreator (Version: 1.6.2)
pdfforge Toolbar v6.7 (Version: 6.7)
Prism Video Converter
QuickSteuer 2008 (Version: 14.00)
QuickSteuer 2009 (Version: 15.00.00.0034)
QuickSteuer 2010 (Version: 16.14.00.0002)
QuickSteuer 2011 (Version: 17.08.00.0006)
QuickSteuer 2012 (Version: 18.09.00.0003)
QuickSteuer Wissens-Center 2008 (Version: 14.0.0.0)
QuickSteuer Wissens-Center 2009 (Version: 15.0.1.0)
QuickSteuer Wissens-Center 2011 (Version: 17.10.0.0)
QuickSteuer Wissens-Center 2012 (Version: 18.1.0.0)
QuickTime (Version: 7.73.80.64)
Rossmann Fotowelt Software 4.9 (Version: 4.9)
Sage BankCom (Version: 2.00.0000)
Sage HBCI-Kontaktverwaltung (Version: 3.0)
Sage SAIP (Version: 1.0.1.115)
Sagede.Shared.Elster.Setup (Version: 1.0.0.0.21)
Sagede.Shared.Elster.Setup (Version: 1.0.0.0.7)
Scan (Version: 140.0.167.000)
ScanSoft PaperPort 11 (Version: 11.1.0000)
Servicepack Datumsaktualisierung (Version: 1.00.00.0005)
Skins (Version: 2008.0130.1509.26922)
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.6 (Version: 6.6.106)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Steuer Update 14.01 (Version: 14.01)
Steuer Update 15.09 (Version: 15.09)
Synaptics Pointing Device Driver (Version: 10.1.7.0)
TeamViewer 8 (Version: 8.0.17396)
T-Home Dialerschutz-Software
T-Mobile web'n'walk Manager (Version: 3.1.0)
Toolbox (Version: 140.0.428.000)
TOSHIBA Assist (Version: 2.01.04)
TOSHIBA Benutzerhandbücher (Version: 7.33)
TOSHIBA ConfigFree (Version: 7.1.26)
TOSHIBA Disc Creator (Version: 2.0.1.1.a)
TOSHIBA DVD PLAYER (Version: 1.20.10)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 1.0.3.32)
TOSHIBA Hardware Setup (Version: 3.00.01.00)
Toshiba Online Product Information (Version: 1.00.0012)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b)
TOSHIBA SD Memory Utilities (Version: 1.8.1.1)
TOSHIBA Supervisor Password (Version: 3.00.01.00)
TOSHIBA Value Added Package (Version: 1.1.14)
TRDCReminder (Version: 1.00.0014)
TRORDCLauncher (Version: 1.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
VTPlus32 für WinTV (German)
WashAndGo (Version: 17.7)
WebReg (Version: 140.0.213.017)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Encoder 9-Reihe
Windows Media Encoder 9-Reihe (Version: 9.00.3374)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
Yahoo! Detect
 

==================== Restore Points  =========================

22-06-2013 21:56:43 Geplanter Prüfpunkt
23-06-2013 21:53:08 Geplanter Prüfpunkt
11-07-2013 06:31:15 Windows Update
24-07-2013 15:02:34 Geplanter Prüfpunkt
14-08-2013 08:59:29 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {34B446B7-D6BA-42C9-BD9E-4195AA21FBA4} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {3B41D2FD-50F1-4D54-978C-A3266B4AFDF6} - System32\Tasks\User_Feed_Synchronization-{DA693D99-7DB6-4A16-A3F6-041B08DF87AE} => C:\Windows\system32\msfeedssync.exe [2011-05-20] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3CBDA5B9-499C-4963-A7EF-554CF431C9AA} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {59B0987D-014F-4348-98E0-7C5D861C145C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5BD3EE58-CBCE-4C75-BF27-133ECD32EA8B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10] (Google Inc.)
Task: {72FD39B2-AA09-49F6-BF14-4A4200D17533} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10] (Google Inc.)
Task: {89D150A1-AF65-4E5E-8052-7330791FFA52} - System32\Tasks\BrowserProtect => C:\Windows\system32\sc.exe [2006-11-02] (Microsoft Corporation)
Task: {93C05B86-2EE7-4ED3-AD71-48BC1DBAA46E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {A0645FC6-7F3B-4C40-BF18-708FD5BEB81C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {BA5CF01C-7796-49A1-B960-C3CB0D2E951F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {C902A018-F213-41B9-B162-A476EB57CED0} - System32\Tasks\AbelssoftPreloader => C:\Program Files\WashAndGo\AbelssoftPreloader.exe [2012-10-05] (Microsoft)
Task: {D5062C16-82CD-4B51-9C64-1399F7D66632} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\AbelssoftPreloader.job => C:\Program Files\WashAndGo\AbelssoftPreloader.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-6zu4-Adapter #7
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #9
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #13
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth RFCOMM
Description: Bluetooth RFCOMM
Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}
Manufacturer: TOSHIBA
Service: tosrfcom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2013 03:52:38 PM) (Source: Microsoft Office 11) (User: )
Description: Accepted Safe Mode action : Microsoft Office Outlook.

Error: (08/14/2013 03:49:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 03:28:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 11:22:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 10:54:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 10:46:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 10:34:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 09:19:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 09:18:23 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindex kann nicht gelesen werden.   (0xc0041800)

Error: (08/14/2013 09:18:23 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindex kann nicht gelesen werden.   (0xc0041800)


System errors:
=============
Error: (08/14/2013 03:52:06 PM) (Source: Service Control Manager) (User: )
Description: ServiceLayer%%1053

Error: (08/14/2013 03:52:06 PM) (Source: Service Control Manager) (User: )
Description: 30000ServiceLayer

Error: (08/14/2013 03:52:06 PM) (Source: DCOM) (User: )
Description: 1053ServiceLayer{ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error: (08/14/2013 03:49:39 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/14/2013 03:49:27 PM) (Source: Service Control Manager) (User: )
Description: Tosrfcom

Error: (08/14/2013 03:49:27 PM) (Source: Service Control Manager) (User: )
Description: Automatisches LiveUpdate - Scheduler%%3

Error: (08/14/2013 03:49:27 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (08/14/2013 03:49:18 PM) (Source: ipnathlp) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.32 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.

Error: (08/14/2013 03:46:21 PM) (Source: ipnathlp) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (08/14/2013 03:45:42 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection


Microsoft Office Sessions:
=========================
Error: (08/14/2013 03:52:38 PM) (Source: Microsoft Office 11)(User: )
Description: Microsoft Office OutlookOutlook konnte zuletzt nicht korrekt gestartet werden.  Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, so dass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?

Error: (08/14/2013 03:49:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 03:28:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 11:22:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 10:54:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 10:46:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 10:34:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 09:19:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 09:18:23 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindex kann nicht gelesen werden.   (0xc0041800)

Error: (08/14/2013 09:18:23 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindex kann nicht gelesen werden.   (0xc0041800)


CodeIntegrity Errors:
===================================
  Date: 2013-08-14 16:03:18.549
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-14 16:03:18.208
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-14 16:03:17.852
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-14 16:03:17.476
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-14 16:03:17.100
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-14 16:03:16.747
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-14 16:03:08.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130715.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-14 16:03:08.644
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130715.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-14 16:03:08.306
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130715.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-14 16:03:07.984
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130715.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 61%
Total physical RAM: 3069.48 MB
Available physical RAM: 1173.24 MB
Total Pagefile: 6347.21 MB
Available Pagefile: 4181.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.64 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:117.54 GB) (Free:13.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:232.89 GB) (Free:232.66 GB) NTFS
Drive f: (Data) (Fixed) (Total:113.88 GB) (Free:108.71 GB) NTFS
Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive i: () (Removable) (Total:14.91 GB) (Free:12.65 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 22741035)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=114 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 25D1610F)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================
         

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-08-2013
Ran by paugstadt (administrator) on 14-08-2013 16:01:58
Running from C:\Users\paugstadt\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(T-Systems International GmbH) C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe
(Hauppauge Computer Works) C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(O2Micro International) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(Interactive Digital Media) C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
(Hauppauge Inc.) C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(T-Systems International GmbH) C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Iminent) C:\Program Files\Iminent\Iminent.exe
(Iminent) C:\Program Files\Iminent\Iminent.Messengers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Iminent) C:\Program Files\Common Files\Umbrella\umbrella.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
() C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ReModem.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Farbar) C:\Users\paugstadt\Desktop\FRST (2).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe [x]
HKLM\...\Run: [Desktop SMS] - C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [topi] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [HDMICtrlMan] - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-01-25] (TOSHIBA Corporation.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [EPGServiceTool] - C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe [688128 2008-04-17] (Hauppauge Inc.)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM\...\Run: [ScanSoft PDF Professional 3.0-reminder] - "C:\Program Files\ScanSoft\PDF Professional 3.0\Ereg\ereg.exe" -r "C:\ProgramData\ScanSoft\PDF Professional\3\Ereg\ereg.ini" [x]
HKLM\...\Run: [NWEReboot] -  [x]
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKLM\...\Run: [NokiaMusic FastStart] - C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe [2192672 2010-03-04] (Nokia)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [T-Home Dialerschutz-Software] - C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH)
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1352272 2010-10-29] (Logitech, Inc.)
HKLM\...\Run: [SAOB Monitor] - C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [391232 2011-02-01] (Acronis)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [SearchSettings] - "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" [x]
HKLM\...\Run: [Iminent] - C:\Program Files\Iminent\Iminent.exe [1074736 2013-01-25] (Iminent)
HKLM\...\Run: [IminentMessenger] - C:\Program Files\Iminent\Iminent.Messengers.exe [884784 2013-01-25] (Iminent)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKCU\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-12-29] ()
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [] -  [x]
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
MountPoints2: {56c43f12-e94e-11de-b283-97853001cdc0} - H:\LaunchU3.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Aktualisierungsagent.lnk
ShortcutTarget: Aktualisierungsagent.lnk -> C:\Program Files\T-Mobile\web'n'walk Manager\AutoUpdateSrv.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\paugstadt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\paugstadt\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&tt=060213_9105_2&babsrc=SP_ss&mntrId=6ca28172000000000000001f3cb93aa5
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU -&Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://photoservice.fujicolor.de/ips-opdata//19780615/activex/IPSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: haufereader - No CLSID Value - 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FE1F4513-6461-4D33-8AF5-7318CDDBD895}: [NameServer]192.168.2.1

Chrome: 
=======
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\PAUGST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0
CHR Extension: (Iminent) - C:\Users\PAUGST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.13.4.1_0
CHR Extension: (SaveByclick) - C:\Users\PAUGST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcmjmjlpggahbbegfoeabpamhminedca\1
CHR Extension: () - C:\Users\PAUGST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\paugstadt\AppData\Roaming\Delta\delta.crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805024 2011-02-01] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-12-28] (Acronis)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 DFSVC; C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH)
R2 EPGService; C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [436224 2008-04-09] (Hauppauge Computer Works)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 HauppaugeTVServer; C:\PROGRA~1\WinTV\HCWTVS~1.EXE [815104 2008-03-31] (Hauppauge Computer Works)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-13] (Symantec Corporation)
R2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 SProtection; C:\Program Files\Common Files\Umbrella\umbrella.exe [2864448 2013-08-06] (Iminent)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
R3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.)
R3 DFSYS; C:\Program Files\T-Online\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-12-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-09] (Symantec Corporation)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130813.001\IDSvix86.sys [386720 2013-07-19] (Symantec Corporation)
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37328 2010-08-24] (Logitech, Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130814.002\NAVENG.SYS [93272 2013-08-14] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130814.002\NAVEX15.SYS [1611992 2013-08-14] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2007-02-07] (CACE Technologies)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-04-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS [345208 2012-04-18] (Symantec Corporation)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-14 16:01 - 2013-08-14 12:25 - 01068733 _____ (Farbar) C:\Users\paugstadt\Desktop\FRST (2).exe
2013-08-14 15:58 - 2013-08-14 12:25 - 01068733 _____ (Farbar) C:\Users\paugstadt\Desktop\FRST.exe
2013-08-14 11:08 - 2013-08-14 11:16 - 00000000 ____D C:\Windows\system32\MRT
2013-08-05 16:13 - 2013-08-05 16:13 - 00000322 _____ C:\Users\paugstadt\Downloads\Jutta_Kricheldorff.vcf
2013-07-30 06:15 - 2013-07-30 06:15 - 00002044 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-15 08:46 - 2013-07-15 08:46 - 06997504 _____ C:\Users\paugstadt\Downloads\PPP-Praesentation_150Jahre_DE_05 07 2013.ppt

==================== One Month Modified Files and Folders =======

2013-08-14 22:50 - 2013-08-14 22:50 - 00000000 ____D C:\FRST
2013-08-14 22:37 - 2008-08-01 20:03 - 00000000 ____D C:\Users\paugstadt
2013-08-14 22:37 - 2006-11-02 13:18 - 00000000 __RSD C:\Windows\Media
2013-08-14 22:37 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2013-08-14 22:37 - 2006-11-02 12:22 - 67633152 _____ C:\Windows\system32\config\software_previous
2013-08-14 22:37 - 2006-11-02 12:22 - 39321600 _____ C:\Windows\system32\config\system_previous
2013-08-14 22:36 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-08-14 22:36 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-14 22:36 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2013-08-14 22:30 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-08-14 22:30 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-08-14 15:52 - 2009-03-23 09:39 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\Skype
2013-08-14 15:49 - 2012-12-28 17:01 - 00000274 _____ C:\Windows\Tasks\AbelssoftPreloader.job
2013-08-14 15:49 - 2008-09-15 17:54 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-08-14 15:48 - 2010-05-10 16:14 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-14 15:48 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-14 15:48 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-14 15:48 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-14 15:46 - 2013-01-03 08:17 - 01389650 _____ C:\Windows\WindowsUpdate.log
2013-08-14 15:46 - 2006-11-02 15:01 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-14 15:37 - 2012-04-30 06:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-14 12:25 - 2013-08-14 16:01 - 01068733 _____ (Farbar) C:\Users\paugstadt\Desktop\FRST (2).exe
2013-08-14 12:25 - 2013-08-14 15:58 - 01068733 _____ (Farbar) C:\Users\paugstadt\Desktop\FRST.exe
2013-08-14 11:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-14 11:22 - 2006-11-02 12:22 - 44564480 _____ C:\Windows\system32\config\components_previous
2013-08-14 11:22 - 2006-11-02 12:22 - 00524288 _____ C:\Windows\system32\config\default_previous
2013-08-14 11:18 - 2013-01-03 08:13 - 00019250 _____ C:\Windows\PFRO.log
2013-08-14 11:16 - 2013-08-14 11:08 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 07:13 - 2010-05-10 16:14 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-10 09:44 - 2011-01-24 16:07 - 00000432 _____ C:\Windows\BRWMARK.INI
2013-08-08 21:47 - 2013-04-30 19:25 - 00000000 ____D C:\Users\PAUGST~1\AppData\Local\Smartbar
2013-08-08 21:47 - 2012-10-30 11:39 - 00000000 ____D C:\Users\PAUGST~1\AppData\Local\Macromedia
2013-08-08 21:47 - 2012-10-29 12:25 - 00000000 ____D C:\Users\PAUGST~1\AppData\Local\Mozilla
2013-08-08 21:47 - 2012-08-23 16:38 - 00000000 ____D C:\Users\PAUGST~1\AppData\Local\Microsoft Help
2013-08-08 21:47 - 2012-04-28 16:45 - 00000000 ____D C:\Users\PAUGST~1\AppData\Local\Microsoft Games
2013-08-08 21:47 - 2011-10-10 12:15 - 00000000 ____D C:\Users\PAUGST~1\AppData\Local\Haufe Mediengruppe
2013-08-08 21:47 - 2011-02-26 18:43 - 00000000 ____D C:\Users\PAUGST~1\AppData\Local\Logishrd
2013-08-08 21:47 - 2010-11-17 17:06 - 00000000 ____D C:\Users\PAUGST~1\AppData\Local\CrashDumps
2013-08-08 07:50 - 2009-03-23 09:39 - 00000000 ___RD C:\Program Files\Skype
2013-08-08 07:50 - 2009-03-23 09:39 - 00000000 ____D C:\ProgramData\Skype
2013-08-07 06:52 - 2013-02-07 09:24 - 00000000 ____D C:\Program Files\Common Files\Umbrella
2013-08-06 08:34 - 2013-01-03 10:54 - 00039709 _____ C:\Windows\setupact.log
2013-08-05 16:13 - 2013-08-05 16:13 - 00000322 _____ C:\Users\paugstadt\Downloads\Jutta_Kricheldorff.vcf
2013-07-30 06:15 - 2013-07-30 06:15 - 00002044 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-30 06:14 - 2008-02-15 19:04 - 00000000 ____D C:\Program Files\Google
2013-07-15 08:46 - 2013-07-15 08:46 - 06997504 _____ C:\Users\paugstadt\Downloads\PPP-Praesentation_150Jahre_DE_05 07 2013.ppt

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-14 15:55

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Dann so weiter. Ist der Rechner danach immer noch so langsam?


Schritt 1

• Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
• Suche und deinstalliere dort der Reihe nach folgende Einträge:
  • Delta Chrome Toolbar
  • Delta toolbar
  • Iminent
• Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.

Schritt 2

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Starte noch einmal FRST.

• Ändere keine der Voreinstellungen und drücke auf Scan.
• Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
• Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

• Log von AdwCleaner
• Log von FRST

Moin Leo,

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.306 - Datei am 15/08/2013 um 08:09:00 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : paugstadt - PAUGSTADT-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\paugstadt\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Ordner Gefunden : C:\Program Files\Iminent
Ordner Gefunden : C:\Program Files\Yontoo
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\BrowserProtect
Ordner Gefunden : C:\ProgramData\ClickIT
Ordner Gefunden : C:\ProgramData\SaveByClick
Ordner Gefunden : C:\ProgramData\SaveByclick
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Ordner Gefunden : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcmjmjlpggahbbegfoeabpamhminedca
Ordner Gefunden : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gefunden : C:\Users\paugstadt\AppData\Local\PackageAware
Ordner Gefunden : C:\Users\paugstadt\AppData\Local\Smartbar
Ordner Gefunden : C:\Users\paugstadt\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\paugstadt\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\paugstadt\AppData\LocalLow\Softonic
Ordner Gefunden : C:\Users\paugstadt\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\paugstadt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gefunden : C:\Users\paugstadt\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Users\paugstadt\AppData\Roaming\Yontoo
Ordner Gefunden : C:\Windows\system32\BrowserProtect

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\5d558fdbbc3deb43
Schlüssel Gefunden : HKCU\Software\AppDataLow\SProtector
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\pdfforge
Schlüssel Gefunden : HKCU\Software\Search Settings
Schlüssel Gefunden : HKCU\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\5d558fdbbc3deb43
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserProtect
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\Software\pdfforge
Schlüssel Gefunden : HKLM\Software\Search Settings
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKLM\Software\SP Global
Schlüssel Gefunden : HKLM\Software\SProtector
Schlüssel Gefunden : HKLM\Software\Tarma Installer
Schlüssel Gefunden : HKU\S-1-5-21-3671231364-3856783457-3385489719-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-3671231364-3856783457-3385489719-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16502

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013
[HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [14696 octets] - [15/08/2013 08:09:00]

########## EOF - C:\AdwCleaner[R1].txt - [14757 octets] ##########
         

Hallo Leo, hier kommt die Logdatei von AdwCleaner

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.306 - Datei am 15/08/2013 um 08:12:15 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : paugstadt - PAUGSTADT-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\paugstadt\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Ordner Gelöscht : C:\Program Files\Iminent
Ordner Gelöscht : C:\Program Files\Yontoo
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\ClickIT
Ordner Gelöscht : C:\ProgramData\SaveByClick
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Ordner Gelöscht : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcmjmjlpggahbbegfoeabpamhminedca
Ordner Gelöscht : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\paugstadt\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\paugstadt\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\paugstadt\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\paugstadt\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\paugstadt\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\paugstadt\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\paugstadt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\paugstadt\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\paugstadt\AppData\Roaming\Yontoo
Ordner Gelöscht : C:\Windows\system32\BrowserProtect

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\5d558fdbbc3deb43
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\5d558fdbbc3deb43
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16502

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=8973eb9b-7b02-4895-ae89-1f01ae9bbb52&searchtype=ds&q={searchTerms}&installDate=30/04/2013 --> hxxp://www.google.com

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\paugstadt\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [14827 octets] - [15/08/2013 08:09:00]
AdwCleaner[R2].txt - [14888 octets] - [15/08/2013 08:11:12]
AdwCleaner[S1].txt - [14319 octets] - [15/08/2013 08:12:15]

########## EOF - C:\AdwCleaner[S1].txt - [14380 octets] ##########
         

Hier die Logdatei von FRST
FRST Logfile:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-08-2013
Ran by paugstadt (administrator) on 15-08-2013 08:27:39
Running from I:\
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(T-Systems International GmbH) C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe
(Hauppauge Computer Works) C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(O2Micro International) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(Interactive Digital Media) C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Hauppauge Inc.) C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(T-Systems International GmbH) C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe [x]
HKLM\...\Run: [Desktop SMS] - C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [topi] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [HDMICtrlMan] - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-01-25] (TOSHIBA Corporation.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [EPGServiceTool] - C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe [688128 2008-04-17] (Hauppauge Inc.)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM\...\Run: [ScanSoft PDF Professional 3.0-reminder] - "C:\Program Files\ScanSoft\PDF Professional 3.0\Ereg\ereg.exe" -r "C:\ProgramData\ScanSoft\PDF Professional\3\Ereg\ereg.ini" [x]
HKLM\...\Run: [NWEReboot] -  [x]
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKLM\...\Run: [NokiaMusic FastStart] - C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe [2192672 2010-03-04] (Nokia)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [T-Home Dialerschutz-Software] - C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH)
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1352272 2010-10-29] (Logitech, Inc.)
HKLM\...\Run: [SAOB Monitor] - C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [391232 2011-02-01] (Acronis)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKCU\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-12-29] ()
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [] -  [x]
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
MountPoints2: {56c43f12-e94e-11de-b283-97853001cdc0} - H:\LaunchU3.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Aktualisierungsagent.lnk
ShortcutTarget: Aktualisierungsagent.lnk -> C:\Program Files\T-Mobile\web'n'walk Manager\AutoUpdateSrv.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\paugstadt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\paugstadt\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU -&Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://photoservice.fujicolor.de/ips-opdata//19780615/activex/IPSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: haufereader - No CLSID Value - 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FE1F4513-6461-4D33-8AF5-7318CDDBD895}: [NameServer]192.168.2.1

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805024 2011-02-01] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-12-28] (Acronis)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 DFSVC; C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH)
R2 EPGService; C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [436224 2008-04-09] (Hauppauge Computer Works)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 HauppaugeTVServer; C:\PROGRA~1\WinTV\HCWTVS~1.EXE [815104 2008-03-31] (Hauppauge Computer Works)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-13] (Symantec Corporation)
R2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
R3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.)
R3 DFSYS; C:\Program Files\T-Online\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-12-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-09] (Symantec Corporation)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130813.001\IDSvix86.sys [386720 2013-07-19] (Symantec Corporation)
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37328 2010-08-24] (Logitech, Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130814.008\NAVENG.SYS [93272 2013-08-14] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130814.008\NAVEX15.SYS [1611992 2013-08-14] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2007-02-07] (CACE Technologies)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-04-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS [345208 2012-04-18] (Symantec Corporation)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-15 08:11 - 2013-08-15 08:11 - 00014888 _____ C:\AdwCleaner[R2].txt
2013-08-15 08:09 - 2013-08-15 08:09 - 00014827 _____ C:\AdwCleaner[R1].txt
2013-08-15 08:08 - 2013-08-15 08:08 - 00666633 _____ C:\Users\paugstadt\Downloads\adwcleaner.exe
2013-08-14 22:50 - 2013-08-14 22:50 - 00000000 ____D C:\FRST
2013-08-14 21:04 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 21:04 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 21:04 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 21:03 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 21:03 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 16:17 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 16:17 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 16:17 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 16:17 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 16:17 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 16:17 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-14 16:17 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-14 16:17 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 16:17 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 16:17 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 16:17 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 16:17 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-14 16:17 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-14 16:17 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 16:17 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 16:17 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 16:04 - 2013-08-14 16:04 - 00032519 _____ C:\Users\paugstadt\Desktop\FRST.txt
2013-08-14 16:03 - 2013-08-14 16:04 - 00028852 _____ C:\Users\paugstadt\Desktop\Addition.txt
2013-08-14 16:02 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 16:02 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 16:02 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 16:01 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 16:01 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 16:01 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 16:01 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 11:08 - 2013-08-14 21:10 - 00000000 ____D C:\Windows\system32\MRT
2013-08-05 16:13 - 2013-08-05 16:13 - 00000322 _____ C:\Users\paugstadt\Downloads\Jutta_Kricheldorff.vcf
2013-07-30 06:15 - 2013-07-30 06:15 - 00002044 _____ C:\Users\Public\Desktop\Google Earth.lnk

==================== One Month Modified Files and Folders =======

2013-08-15 08:22 - 2009-03-23 09:39 - 00000000 ____D C:\Users\paugstadt\AppData\Roaming\Skype
2013-08-15 08:18 - 2012-12-28 17:01 - 00000274 _____ C:\Windows\Tasks\AbelssoftPreloader.job
2013-08-15 08:18 - 2010-05-10 16:14 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-15 08:18 - 2008-09-15 17:54 - 00000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-08-15 08:17 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 08:17 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-15 08:17 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-15 08:13 - 2013-01-03 08:17 - 01604515 _____ C:\Windows\WindowsUpdate.log
2013-08-15 08:13 - 2010-05-10 16:14 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-15 08:13 - 2006-11-02 15:01 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-15 08:12 - 2013-08-15 08:12 - 00014450 _____ C:\AdwCleaner[S1].txt
2013-08-15 08:11 - 2013-08-15 08:11 - 00014888 _____ C:\AdwCleaner[R2].txt
2013-08-15 08:09 - 2013-08-15 08:09 - 00014827 _____ C:\AdwCleaner[R1].txt
2013-08-15 08:08 - 2013-08-15 08:08 - 00666633 _____ C:\Users\paugstadt\Downloads\adwcleaner.exe
2013-08-15 08:04 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-15 08:03 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 07:36 - 2012-04-30 06:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-15 07:27 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-14 22:50 - 2013-08-14 22:50 - 00000000 ____D C:\FRST
2013-08-14 22:37 - 2008-08-01 20:03 - 00000000 ____D C:\Users\paugstadt
2013-08-14 22:37 - 2006-11-02 13:18 - 00000000 __RSD C:\Windows\Media
2013-08-14 22:37 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2013-08-14 22:37 - 2006-11-02 12:22 - 67633152 _____ C:\Windows\system32\config\software_previous
2013-08-14 22:37 - 2006-11-02 12:22 - 39321600 _____ C:\Windows\system32\config\system_previous
2013-08-14 22:36 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-08-14 22:36 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2013-08-14 22:30 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-08-14 22:30 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-08-14 21:10 - 2013-08-14 11:08 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 21:01 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-14 17:32 - 2011-01-24 16:07 - 00000432 _____ C:\Windows\BRWMARK.INI
2013-08-14 16:46 - 2013-01-03 08:13 - 00020152 _____ C:\Windows\PFRO.log
2013-08-14 16:40 - 2013-02-07 09:24 - 00000862 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-08-14 16:21 - 2008-01-21 09:16 - 01608370 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 16:17 - 2006-11-02 12:23 - 00000240 _____ C:\Windows\win.ini
2013-08-14 16:04 - 2013-08-14 16:04 - 00032519 _____ C:\Users\paugstadt\Desktop\FRST.txt
2013-08-14 16:04 - 2013-08-14 16:03 - 00028852 _____ C:\Users\paugstadt\Desktop\Addition.txt
2013-08-14 11:22 - 2006-11-02 12:22 - 44564480 _____ C:\Windows\system32\config\components_previous
2013-08-14 11:22 - 2006-11-02 12:22 - 00524288 _____ C:\Windows\system32\config\default_previous
2013-08-08 21:47 - 2012-10-30 11:39 - 00000000 ____D C:\Users\PAUGST~1\AppData\Local\Macromedia
2013-08-08 21:47 - 2012-10-29 12:25 - 00000000 ____D C:\Users\PAUGST~1\AppData\Local\Mozilla
2013-08-08 21:47 - 2012-08-23 16:38 - 00000000 ____D C:\Users\PAUGST~1\AppData\Local\Microsoft Help
2013-08-08 21:47 - 2012-04-28 16:45 - 00000000 ____D C:\Users\PAUGST~1\AppData\Local\Microsoft Games
2013-08-08 21:47 - 2011-10-10 12:15 - 00000000 ____D C:\Users\PAUGST~1\AppData\Local\Haufe Mediengruppe
2013-08-08 21:47 - 2011-02-26 18:43 - 00000000 ____D C:\Users\PAUGST~1\AppData\Local\Logishrd
2013-08-08 21:47 - 2010-11-17 17:06 - 00000000 ____D C:\Users\PAUGST~1\AppData\Local\CrashDumps
2013-08-08 07:50 - 2009-03-23 09:39 - 00000000 ___RD C:\Program Files\Skype
2013-08-08 07:50 - 2009-03-23 09:39 - 00000000 ____D C:\ProgramData\Skype
2013-08-06 08:34 - 2013-01-03 10:54 - 00039709 _____ C:\Windows\setupact.log
2013-08-05 16:13 - 2013-08-05 16:13 - 00000322 _____ C:\Users\paugstadt\Downloads\Jutta_Kricheldorff.vcf
2013-07-30 06:15 - 2013-07-30 06:15 - 00002044 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-30 06:14 - 2008-02-15 19:04 - 00000000 ____D C:\Program Files\Google
2013-07-25 04:40 - 2013-08-14 16:17 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 04:32 - 2013-08-14 16:17 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 04:30 - 2013-08-14 16:17 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 04:26 - 2013-08-14 16:17 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 04:26 - 2013-08-14 16:17 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 04:25 - 2013-08-14 16:17 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-25 04:24 - 2013-08-14 16:17 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-25 04:24 - 2013-08-14 16:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 04:23 - 2013-08-14 16:17 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 04:23 - 2013-08-14 16:17 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 04:23 - 2013-08-14 16:17 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 04:23 - 2013-08-14 16:17 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-25 04:23 - 2013-08-14 16:17 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-25 04:22 - 2013-08-14 16:17 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 04:22 - 2013-08-14 16:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 04:22 - 2013-08-14 16:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-17 21:41 - 2013-08-14 21:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-15 08:22

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---

Hallo Leo, seit dem Trojaner-Befall lässt sich das Windows-Sicherheitscenter nicht mehr einschalten. Hast du da auch eine Lösung?

Hallo,

Zitat:

seit dem Trojaner-Befall lässt sich das Windows-Sicherheitscenter nicht mehr einschalten. Hast du da auch eine Lösung?

Dann schauen wir mal, was dort das Problem ist..


Downloade dir bitte Farbar Service Scanner

• Starte das Tool mit Doppelklick auf die FSS.exe
• Gehe sicher, dass folgende Optionen angehakt sind.
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
• Klicke auf Scan.
• Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Hier kommt die FSS.txt

Code: Alles auswählenAufklappen

ATTFilter

Farbar Service Scanner Version: 14-08-2013 01
Ran by paugstadt (administrator) on 15-08-2013 at 13:48:41
Running from "C:\Users\paugstadt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FA6W91OG"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-14 21:04] - [2013-07-05 06:53] - 0905664 ____A (Microsoft Corporation) D18D53974FD715D50FC76F9FFE1C830D

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 16:01] - [2013-07-08 06:16] - 0133120 ____A (Microsoft Corporation) 684C130BBC6DB681BAD4920A4C944AA5

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         

Hallo Lea, das Sicherheitscenter lässt sich noch nicht einschalten. Gruß Raimund

Ja das Sicherheitscenter wurde vermurkst.

Lade die wscsvc.reg herunter, führe sie aus und bestätige das Hinzufügen zur Registrierungsdatenbank. Starte dann den Rechner neu auf. Läuft das Sicherheitscenter danach?

(Du kannst auch WinDefend.reg wieder hinzufügen. Aber der Defender sollte nicht laufen, das ist ok so.)

Das Sicherheitscenter ist jetzt eingeschaltet. Besten Dank für deine Unterstützung. Gruß Raimund