GVU Tronjaner hat auch mich erwischt

cosinus · 30.08.2013, 12:59

Wäre schön wenn du die Logs trotzdem postest

timo_se · 30.08.2013, 13:50

Alles klar, habe ich nicht gespeichert also eben nochmal laufen lassen:

Code:

ATTFilter

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.30.03

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Timo Tischler :: NOTEBOOKTT [Administrator]

30.08.2013 14:22:38
mbam-log-2013-08-30 (14-22-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 274848
Laufzeit: 11 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

VG Timo

cosinus · 30.08.2013, 13:58

Ok, MBAM war auch aktuell

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

timo_se · 31.08.2013, 05:26

Hallo, Cookies habe ich deaktiviert (hatte ich aber auch bereits schon vor dem "Unfall").

Nee mit dem System läuft aktuell alles wieder

Vielen Dank nochmals.

VG Timo

cosinus · 01.09.2013, 15:47

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden.

Helfen kann dir dabei delfix:

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

timo_se · 02.09.2013, 11:13

Hello Again.....

seit heute früh meckert mein Norton und ich denke ich habe mir erneut (keine Ahnung wie)
2 Trojaner eingefangen..

FRST.TXT:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-09-2013 04
Ran by Timo Tischler (administrator) on NOTEBOOKTT on 02-09-2013 12:01:25
Running from C:\Users\Timo Tischler\Downloads
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13531680 2008-07-17] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-17] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-08] (Realtek Semiconductor)
HKLM\...\Run: [FIC HotKey] - C:\Program Files\Hotkey Utility\tray.exe [520192 2008-06-05] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-20] (Intel Corporation)
HKLM\...\Run: [PowerManager] - C:\Program Files\Power Manager\PM.exe [1675264 2008-05-22] ()
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [26704 2007-04-11] ()
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-02-18] (RealNetworks, Inc.)
HKLM\...\Run: [TrayServer] - C:\Program Files\MAGIX\Video_deluxe_17_Plus_Sonderedition_Download-Version\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM\...\Run: [iTunesHelper] - D:\iTunes\iTunesHelper.exe [421776 2012-09-10] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [144384 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [GoogleChromeAutoLaunch_02FD4696E8D584CA28380A4E066BEED4] - C:\Program Files\Google\Chrome\Application\chrome.exe [829392 2013-08-24] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update*] -  [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\Explorer: [NoDrives] 0
BootExecute: autocheck autochk * auto_reactivate \\?\Volume{8b33aa80-978c-11de-a815-806e6f6e6963}\bootwiz\asrm.bin

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://83.150.146.111/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://82.99.75.137/activex/AMC.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.174.1
Tcpip\..\Interfaces\{FF75917C-E18C-4378-809D-BBE54B81C17C}: [NameServer]192.168.174.254

FireFox:
========
FF ProfilePath: C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - D:\Programme\DIVX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - D:\Programme\DIVX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.688 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.688 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.688 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Firebug - C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Extensions\firebug@software.joehewitt.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Web Developer - C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\Timo Tischler\AppData\Roaming\Mozilla\Firefox\Profiles\0q1up566.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Winload Customized Web Search) - hxxp://www.google.com
CHR DefaultSuggestURL: (Winload Customized Web Search) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.6) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (DivX Web Player) - D:\Programme\DIVX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - D:\Programme\DIVX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Norton Identity Protection) - C:\Users\TIMOTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\TIMOTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\TIMOTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\TIMOTI~1\AppData\Local\Temp\tbch.crx

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [661072 2009-11-12] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-02-09] (Acronis)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S4 FSCLBaseUpdaterService; C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [65536 2007-06-04] ()
R2 lmab_device; C:\Windows\system32\LMabcoms.exe [593920 2009-09-06] ( )
S4 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2008-06-01] (Logitech Inc.)
S4 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2008-06-01] (Logitech Inc.)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 NMSAccessU; D:\Programme\CDBurnerXP\NMSAccessU.exe [71096 2009-07-13] ()
S4 O&O DriveLED; C:\Program Files\OO Software\DriveLED\oodlag.exe [529664 2009-09-28] (O&O Software GmbH)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] ()
R2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [139264 2011-04-11] (Oki Data Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S4 TestHandler; C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{630d094a-5ad6-4afb-b11c-d421014a516d}\   \...\???\{630d094a-5ad6-4afb-b11c-d421014a516d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-07-15] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-29] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2013-08-29] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130830.001\IDSvix86.sys [392792 2013-08-28] (Symantec Corporation)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2008-06-01] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2008-06-01] (Logitech Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2008-06-01] ()
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-05-10] (MBB Incorporated)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130901.019\NAVENG.SYS [93272 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130901.019\NAVEX15.SYS [1612376 2013-08-29] (Symantec Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R0 OODrvled; C:\Windows\System32\DRIVERS\OODrvled.sys [25608 2009-09-28] (O&O Software GmbH)
R0 SMR322; C:\Windows\System32\drivers\SMR322.SYS [98392 2013-09-02] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2011-03-18] (Samsung Electronics)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-08-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2010-02-09] (Acronis)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [42368 2008-09-28] (Todos Data System AB)
R1 WINIO; C:\Windows\system32\WinIo.sys [9336 2007-01-04] (hxxp://www.internals.com)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [116736 2011-05-10] (ZTE Corporation)
S2 adfs; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\TIMOTI~1\AppData\Local\Temp\catchme.sys [x]
U2 SharedAccess; 
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\afcdp.sys EF1AFA9752E468013584585666A3B119
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\ahcix86s.sys FBE4016F9EF3AB3DB547E40A936B6CD9
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Apfiltr.sys 2C29855AB6E1E476D026C8FC189F8B98
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys 6C6AC7CA8A034C15C52B35189BAD58EE
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys 3BEE52611F22C9C0023A98A4425E084F
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys DB5E008B3744DD60C8498CBBF2A1CFA6
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys 33E7AB50F87F97ABD9057205E27CB182
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\e1y6032.sys 8EEF52AD831471E323EE7364A8656D35
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys E1E3804F7C59EA3E14637C2A763F65E2
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 6D84DFC3B5C5052881BF50470D0C03D1
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 2407B8164E966755BC6A4242FC9DE31E
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 500A9814FD9446A8126858A5A7F7D273
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hitmanpro37.sys CE77439BAF613019D6B7658292D1E4A6
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys E5A0034847537EAEE3C00349D5C34C5F
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130830.001\IDSvix86.sys 715941AC16A273F986733BA9A2536368
C:\Windows\System32\DRIVERS\igdkmd32.sys 6FB1858D1F0923D122B0331865695041
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 219CA9A36D6DE2EC04F958C907673436
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\jraid.sys C36F3A1A4E8416EF43F30DEAB7701730
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 52FC17C8589F11747D01D3CF592673D0
C:\Windows\System32\Drivers\ksecpkg.sys 3E5474B03568CFAB834DA3C38E8C9EFA
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LVcKap.sys EDD5BDA3483A981C704E7413B69BEE89
C:\Windows\System32\DRIVERS\LVMVDrv.sys 97F5D626CFF8186C8F753AC2A5012798
C:\Windows\System32\DRIVERS\LVPr2Mon.sys C3C347951ED7C3600B5120DA740C2B93
C:\Windows\System32\DRIVERS\lvuvc.sys D19FD251D383BC203E34CFB63B8C10AC
C:\Windows\System32\drivers\massfilter.sys 79EC6C0033776F89DD5131241F0170E1
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130901.019\NAVENG.SYS 81E928EE3751FAF725C87CC17726C05D
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130901.019\NAVEX15.SYS E0C39FA6C76AE8ED53ABF043F35ECDFF
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v32.sys 58218EC6B61B1169CF54AAB0D00F5FE2
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmb.sys 28E36E677849174C910FAAEAD3E60E9E
C:\Windows\System32\drivers\ccdcmbo.sys 3823DEB17F9F6775DE0187A98FA0536D
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NuidFltr.sys CF7E041663119E09D2E118521ADA9300
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 1DBD6DF4B2D729D533CF8D4BD05D3F17
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\OODrvled.sys 911B1F6512D954EDF468D536790465CF
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 66D3415C159741ADE7038A277EFFF99F
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pccsmcfd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys C5B8D47A4688DE9D335204EA757C2240
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTSTOR.SYS 4F31CFDEBD0A5BC27D45E7EBFEFAAF6F
C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys 4F1E5B0FE7C8050668DBFADE8999AEFB
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\drivers\SMR322.SYS 0A07295A3A4BBEA54D9DFCEAEDFDA331
C:\Windows\System32\DRIVERS\snapman.sys 5BCEB1B306878035DACBA6DD18366EDA
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS C743E384E9EFCA10B41C60D406DE39C0
C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS FE9BD381778A344F0E39AE2D5E607D7F
C:\Windows\System32\DRIVERS\srv.sys C4A027B8C0BD3FC0699F41FA5E9E0C87
C:\Windows\System32\DRIVERS\srv2.sys 414BB592CAD8A79649D01F9D94318FB3
C:\Windows\System32\DRIVERS\srvnet.sys FF207D67700AA18242AAF985D3E7D8F4
C:\Windows\system32\Drivers\SSPORT.sys EF3458337D7341A05169CEFC73709264
C:\Windows\System32\Drivers\StarOpen.sys F92254B0BCFCD10CAAC7BCCC7CB7F467
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys EDB05BD63148796F23EA78506404A538
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS 5A193E5E0F0A776430E5D62A051C1E16
C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS 1773FB2920EBB3A8BAD0360618091470
C:\Windows\system32\Drivers\SYMEVENT.SYS F50D81D3E0C7A353F205562B89CD06D6
C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS 8C9B9036E301A9965CF15BEC91C58A12
C:\Windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS AF879C2A9DBF8529E1F8169B8BAC643C
C:\Windows\System32\DRIVERS\tap0901.sys 5C7C939BBD03784FE58C80578D065CC9
C:\Windows\System32\drivers\tcpip.sys 55E9965552741F3850CB22CBBA9671ED
C:\Windows\System32\DRIVERS\tcpip.sys 55E9965552741F3850CB22CBBA9671ED
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\DRIVERS\tdrpm258.sys 8DE3E45000BA8C9EBB16737D3F83E216
C:\Windows\System32\DRIVERS\shbecr.sys 4A766448821359DF6A0427A91782385A
C:\Windows\System32\drivers\tdtcp.sys 7156308896D34EA75A582F9A09E50C17
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5
C:\Windows\System32\DRIVERS\tosrfbd.sys 4AC571026155442678E3A0B564A374B1
C:\Windows\System32\Drivers\tosrfbnp.sys 181E217A7A326817D97946D045B3CB46
C:\Windows\System32\Drivers\tosrfcom.sys E90ACE3B4FA7A85F992BC21EB779C407
C:\Windows\System32\DRIVERS\Tosrfhid.sys D3F87C46C7C9E5DB99FBD3D17121B891
C:\Windows\System32\DRIVERS\tosrfnds.sys C52FD27B9ADF3A1F22CB90E6BCF9B0CB
C:\Windows\System32\DRIVERS\tosrfusb.sys 98C04A6432CE9C2AD328F57B9384D348
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerflt.sys B1B8BEE26227DAD9835019201552CB05
C:\Windows\System32\Drivers\usbaapl.sys 73B41F4EAD65F355962168D766AF0F2E
C:\Windows\System32\DRIVERS\usbccgp.sys C31AE588E403042632DC796CF09E30B0
C:\Windows\System32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys E4C436D914768CE965D5E659BA7EEBD8
C:\Windows\System32\DRIVERS\usbhub.sys BDCD7156EC37448F08633FD899823620
C:\Windows\system32\drivers\usbohci.sys EB2D819A639015253C871CDA09D91D58
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\drivers\usbser.sys 88701ECA76145E2C011C0EEFF0F7B70E
C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys 98E1FF1D732C6C7200B6C59D4FF8C1C3
C:\Windows\System32\DRIVERS\USBSTOR.SYS 1C4287739A93594E57E2A9E6A3ED7353
C:\Windows\system32\drivers\usbuhci.sys 22480BF4E5A09192E5E30BA4DDE79FA4
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 58DF9D2481A56EDDE167E51B334D44FD
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\WinIo.sys 819C68FF6C4C63886D636FFB2DABF5EF
C:\Windows\System32\DRIVERS\WinUsb.sys 30FC6E5448D0CBAAA95280EEEF7FEDAE
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E
C:\Windows\System32\DRIVERS\WUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252
C:\Windows\System32\DRIVERS\ZTEusbnet.sys 48B9F83939F56622FAB71B526D28D89F
C:\Windows\System32\DRIVERS\ZTEusbnmea.sys F6520E06C15DEA5AB7BB016309FE4BB3
C:\Windows\System32\DRIVERS\ZTEusbser6k.sys F6520E06C15DEA5AB7BB016309FE4BB3

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-02 11:59 - 2013-09-02 11:59 - 01085803 _____ (Farbar) C:\Users\Timo Tischler\Downloads\FRST.exe
2013-09-02 11:18 - 2013-09-02 11:18 - 00098392 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR322.SYS
2013-09-02 11:18 - 2013-09-02 11:18 - 00000020 _____ C:\Windows\system32\Drivers\SMR322.dat
2013-09-02 11:16 - 2013-09-02 11:16 - 02989560 _____ (Symantec Corporation) C:\Users\Timo Tischler\Downloads\NPE (1).exe
2013-09-02 11:16 - 2013-09-02 11:16 - 02986440 _____ (Symantec Corporation) C:\Users\Timo Tischler\Downloads\NPE (2).exe
2013-09-02 10:34 - 2013-09-02 10:34 - 00042219 _____ C:\Users\Timo Tischler\Downloads\SicherLoeschen_3.72.zip
2013-09-02 10:34 - 2013-09-02 10:34 - 00000000 ____D C:\Users\Timo Tischler\Downloads\SicherLoeschen_3.72
2013-09-01 08:18 - 2013-09-01 08:18 - 00994642 _____ C:\Users\Timo Tischler\Downloads\adwcleaner.exe
2013-08-31 22:04 - 2013-08-31 22:04 - 274984492 _____ C:\Users\Timo Tischler\Desktop\Lapponiakomplett.psd
2013-08-30 14:13 - 2013-09-02 11:13 - 00095191 _____ C:\ProgramData\nvModes.dat
2013-08-30 12:42 - 2013-08-30 12:42 - 00000798 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-30 12:41 - 2013-08-30 12:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Timo Tischler\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-30 12:22 - 2013-08-30 12:23 - 00000253 _____ C:\Users\Timo Tischler\Desktop\Fixlist.txt
2013-08-30 11:47 - 2013-08-30 11:47 - 00036718 _____ C:\Users\Timo Tischler\Desktop\FRST.txt
2013-08-30 11:46 - 2013-08-30 11:47 - 00026255 _____ C:\Users\Timo Tischler\Desktop\Addition.txt
2013-08-30 11:44 - 2013-08-30 11:44 - 00000087 _____ C:\ProgramData\lxdo.log
2013-08-30 11:33 - 2013-08-30 11:33 - 00002058 _____ C:\Users\Timo Tischler\Desktop\JRT.txt
2013-08-30 11:30 - 2013-08-30 11:30 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 11:28 - 2013-08-30 11:28 - 00026093 _____ C:\Users\Timo Tischler\Desktop\AdwCleaner[S0].txt
2013-08-30 11:21 - 2013-08-30 11:24 - 00000000 ____D C:\AdwCleaner
2013-08-30 11:19 - 2013-08-30 11:19 - 01023533 _____ (Thisisu) C:\Users\Timo Tischler\Downloads\JRT.exe
2013-08-30 06:10 - 2013-08-30 06:10 - 00000000 ____D C:\FRST
2013-08-30 00:16 - 2013-08-30 00:28 - 00000000 ____D C:\Windows\system32\MRT
2013-08-30 00:09 - 2013-08-30 00:09 - 00000000 ____D C:\Windows\system32\EventProviders
2013-08-29 23:58 - 2013-09-02 11:02 - 00258580 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-08-29 23:42 - 2013-08-30 06:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-29 23:37 - 2013-08-29 23:37 - 00000000 ____D C:\Users\Timo Tischler\Desktop\mmm
2013-08-29 23:36 - 2013-08-29 23:37 - 30091776 _____ (Microsoft Corporation) C:\Users\Timo Tischler\Downloads\IE10-Windows6.1-x86-de-de_b16521.exe
2013-08-29 23:33 - 2013-08-29 23:33 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Timo Tischler\Desktop\mbar-1.07.0.1005.exe
2013-08-29 23:26 - 2013-08-30 06:26 - 00000000 ____D C:\Windows\system32\Drivers\N360
2013-08-29 23:26 - 2013-08-30 03:10 - 00142496 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-08-29 23:26 - 2013-08-30 03:10 - 00007611 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-08-29 23:26 - 2013-08-30 00:02 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-29 23:26 - 2013-08-29 23:26 - 00000000 ____D C:\Program Files\Norton 360
2013-08-29 23:15 - 2013-08-29 23:15 - 00023754 _____ C:\ComboFix.txt
2013-08-29 22:55 - 2013-08-29 23:15 - 00000000 ____D C:\ComboFix
2013-08-29 22:55 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-29 22:55 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-29 22:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-29 22:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-29 22:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-29 22:55 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-29 22:55 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-29 22:55 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-29 22:54 - 2013-08-29 23:15 - 00000000 ____D C:\Qoobox
2013-08-29 22:53 - 2013-08-29 23:13 - 00000000 ____D C:\Windows\erdnt
2013-08-29 22:52 - 2013-08-29 17:14 - 05114906 ____R (Swearware) C:\Users\Timo Tischler\Desktop\ComboFix.exe
2013-08-29 22:48 - 2013-08-29 22:53 - 154147384 _____ (Symantec Corporation) C:\Users\Timo Tischler\Downloads\norton_360_setup.exe
2013-08-29 22:41 - 2013-08-29 22:41 - 00000000 ____D C:\found.004
2013-08-29 18:30 - 2013-08-29 18:30 - 00001048 _____ C:\Windows\system32\.crusader
2013-08-29 18:25 - 2013-08-29 18:37 - 00030976 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-08-29 18:24 - 2013-08-29 18:31 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 13:44 - 2013-09-02 10:37 - 00007607 _____ C:\Users\Timo Tischler\Desktop\Mappe1.xlsx
2013-08-26 19:13 - 2013-08-26 19:13 - 00081650 _____ C:\Users\Timo Tischler\Desktop\Preordersheet_EUR_SS14.xlsx
2013-08-25 13:12 - 2013-08-25 13:12 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\Okidata
2013-08-25 12:44 - 2013-09-01 16:34 - 00009266 _____ C:\Users\Timo Tischler\Desktop\Überweisungen.xlsx
2013-08-21 15:01 - 2013-08-21 15:01 - 00167547 _____ C:\Users\Timo Tischler\Desktop\Kopie von am 27 8 .xlsx
2013-08-21 10:13 - 2013-08-21 10:13 - 00265582 _____ C:\Users\Timo Tischler\Desktop\am 27 8 .xlsx
2013-08-18 20:32 - 2013-08-18 20:32 - 00051294 _____ C:\Users\Timo Tischler\Desktop\Lundhags Preorder 2014.xlsx
2013-08-17 13:35 - 2013-05-15 17:22 - 00354242 _____ C:\Users\Timo Tischler\Desktop\LOGO1.ai
2013-08-17 12:15 - 2013-08-17 12:15 - 00000000 ____D C:\Users\Timo Tischler\Downloads\Exigus_20130817121055
2013-08-17 12:11 - 2013-08-17 12:11 - 07224929 _____ C:\Users\Timo Tischler\Downloads\Exigus_20130817121055.zip

==================== One Month Modified Files and Folders =======

2013-09-02 11:59 - 2013-09-02 11:59 - 01085803 _____ (Farbar) C:\Users\Timo Tischler\Downloads\FRST.exe
2013-09-02 11:57 - 2010-02-09 13:58 - 00095191 _____ C:\ProgramData\nvModes.001
2013-09-02 11:42 - 2010-07-06 15:46 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-02 11:34 - 2012-04-21 19:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 11:28 - 2012-10-23 13:59 - 00000000 ____D C:\Users\TIMOTI~1\AppData\Local\NPE
2013-09-02 11:22 - 2010-05-30 20:54 - 00000000 ____D C:\Users\TIMOTI~1\AppData\Local\CrashDumps
2013-09-02 11:18 - 2013-09-02 11:18 - 00098392 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR322.SYS
2013-09-02 11:18 - 2013-09-02 11:18 - 00000020 _____ C:\Windows\system32\Drivers\SMR322.dat
2013-09-02 11:16 - 2013-09-02 11:16 - 02989560 _____ (Symantec Corporation) C:\Users\Timo Tischler\Downloads\NPE (1).exe
2013-09-02 11:16 - 2013-09-02 11:16 - 02986440 _____ (Symantec Corporation) C:\Users\Timo Tischler\Downloads\NPE (2).exe
2013-09-02 11:13 - 2013-08-30 14:13 - 00095191 _____ C:\ProgramData\nvModes.dat
2013-09-02 11:13 - 2010-02-09 12:52 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 11:13 - 2010-02-09 12:52 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 11:11 - 2013-05-16 05:51 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\Skype
2013-09-02 11:10 - 2010-02-09 13:43 - 02055994 _____ C:\Windows\WindowsUpdate.log
2013-09-02 11:06 - 2010-07-06 15:46 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-02 11:05 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 11:05 - 2009-07-14 06:39 - 25003542 _____ C:\Windows\setupact.log
2013-09-02 11:02 - 2013-08-29 23:58 - 00258580 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-09-02 10:53 - 2010-02-09 12:54 - 00000000 ____D C:\Users\Timo Tischler
2013-09-02 10:37 - 2013-08-29 13:44 - 00007607 _____ C:\Users\Timo Tischler\Desktop\Mappe1.xlsx
2013-09-02 10:34 - 2013-09-02 10:34 - 00042219 _____ C:\Users\Timo Tischler\Downloads\SicherLoeschen_3.72.zip
2013-09-02 10:34 - 2013-09-02 10:34 - 00000000 ____D C:\Users\Timo Tischler\Downloads\SicherLoeschen_3.72
2013-09-02 09:58 - 2009-09-02 10:10 - 00000000 ____D C:\Users\TIMOTI~1\AppData\Local\Google
2013-09-02 09:58 - 2009-09-02 10:00 - 00000000 ____D C:\Program Files\Google
2013-09-01 16:34 - 2013-08-25 12:44 - 00009266 _____ C:\Users\Timo Tischler\Desktop\Überweisungen.xlsx
2013-09-01 15:24 - 2013-07-27 19:31 - 00016341 _____ C:\Users\Timo Tischler\Desktop\Lundhags Order.xlsx
2013-09-01 08:18 - 2013-09-01 08:18 - 00994642 _____ C:\Users\Timo Tischler\Downloads\adwcleaner.exe
2013-08-31 22:04 - 2013-08-31 22:04 - 274984492 _____ C:\Users\Timo Tischler\Desktop\Lapponiakomplett.psd
2013-08-31 17:35 - 2012-12-06 21:23 - 00000000 ____D C:\Program Files\orgaMAX
2013-08-31 09:41 - 2008-08-12 06:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-30 17:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-30 14:51 - 2010-02-09 13:50 - 00233696 _____ C:\Users\TIMOTI~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-30 14:40 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-30 14:13 - 2009-07-14 06:33 - 03291984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-30 14:06 - 2010-02-09 21:45 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-08-30 14:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-30 14:02 - 2010-02-09 13:31 - 03450202 _____ C:\Windows\PFRO.log
2013-08-30 13:34 - 2008-08-12 06:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-30 12:42 - 2013-08-30 12:42 - 00000798 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-30 12:41 - 2013-08-30 12:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Timo Tischler\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-30 12:23 - 2013-08-30 12:22 - 00000253 _____ C:\Users\Timo Tischler\Desktop\Fixlist.txt
2013-08-30 11:47 - 2013-08-30 11:47 - 00036718 _____ C:\Users\Timo Tischler\Desktop\FRST.txt
2013-08-30 11:47 - 2013-08-30 11:46 - 00026255 _____ C:\Users\Timo Tischler\Desktop\Addition.txt
2013-08-30 11:45 - 2009-10-02 16:28 - 00067910 _____ C:\Windows\system32\LexFiles.ulf
2013-08-30 11:44 - 2013-08-30 11:44 - 00000087 _____ C:\ProgramData\lxdo.log
2013-08-30 11:44 - 2011-07-28 18:11 - 00000000 ____D C:\Program Files\MapCreator 2
2013-08-30 11:44 - 2011-06-17 13:14 - 00000000 ____D C:\Program Files\ImgBurn
2013-08-30 11:44 - 2011-04-08 11:22 - 00000084 _____ C:\Windows\WinInit.Ini
2013-08-30 11:44 - 2009-09-02 12:28 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2013-08-30 11:33 - 2013-08-30 11:33 - 00002058 _____ C:\Users\Timo Tischler\Desktop\JRT.txt
2013-08-30 11:30 - 2013-08-30 11:30 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 11:28 - 2013-08-30 11:28 - 00026093 _____ C:\Users\Timo Tischler\Desktop\AdwCleaner[S0].txt
2013-08-30 11:24 - 2013-08-30 11:21 - 00000000 ____D C:\AdwCleaner
2013-08-30 11:24 - 2009-10-07 16:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-30 11:19 - 2013-08-30 11:19 - 01023533 _____ (Thisisu) C:\Users\Timo Tischler\Downloads\JRT.exe
2013-08-30 06:26 - 2013-08-29 23:26 - 00000000 ____D C:\Windows\system32\Drivers\N360
2013-08-30 06:24 - 2009-12-03 18:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-30 06:20 - 2013-08-29 23:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-30 06:10 - 2013-08-30 06:10 - 00000000 ____D C:\FRST
2013-08-30 03:10 - 2013-08-29 23:26 - 00142496 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-08-30 03:10 - 2013-08-29 23:26 - 00007611 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-08-30 00:34 - 2010-02-09 13:52 - 01529160 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-30 00:28 - 2013-08-30 00:16 - 00000000 ____D C:\Windows\system32\MRT
2013-08-30 00:09 - 2013-08-30 00:09 - 00000000 ____D C:\Windows\system32\EventProviders
2013-08-30 00:02 - 2013-08-29 23:26 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-29 23:53 - 2008-08-12 06:37 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-29 23:38 - 2012-11-22 08:49 - 00003043 _____ C:\Windows\IE10_main.log
2013-08-29 23:38 - 2006-11-02 12:23 - 00000480 _____ C:\Windows\win.ini
2013-08-29 23:37 - 2013-08-29 23:37 - 00000000 ____D C:\Users\Timo Tischler\Desktop\mmm
2013-08-29 23:37 - 2013-08-29 23:36 - 30091776 _____ (Microsoft Corporation) C:\Users\Timo Tischler\Downloads\IE10-Windows6.1-x86-de-de_b16521.exe
2013-08-29 23:33 - 2013-08-29 23:33 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Timo Tischler\Desktop\mbar-1.07.0.1005.exe
2013-08-29 23:33 - 2009-09-18 08:25 - 00000039 _____ C:\Windows\vbaddin.ini
2013-08-29 23:26 - 2013-08-29 23:26 - 00000000 ____D C:\Program Files\Norton 360
2013-08-29 23:26 - 2010-05-22 20:13 - 00000000 ____D C:\ProgramData\Norton
2013-08-29 23:15 - 2013-08-29 23:15 - 00023754 _____ C:\ComboFix.txt
2013-08-29 23:15 - 2013-08-29 22:55 - 00000000 ____D C:\ComboFix
2013-08-29 23:15 - 2013-08-29 22:54 - 00000000 ____D C:\Qoobox
2013-08-29 23:15 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-08-29 23:15 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-08-29 23:13 - 2013-08-29 22:53 - 00000000 ____D C:\Windows\erdnt
2013-08-29 23:09 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-08-29 23:06 - 2011-07-28 16:41 - 00000000 ____D C:\Program Files\Hyperionics DB Toolbar
2013-08-29 22:53 - 2013-08-29 22:48 - 154147384 _____ (Symantec Corporation) C:\Users\Timo Tischler\Downloads\norton_360_setup.exe
2013-08-29 22:41 - 2013-08-29 22:41 - 00000000 ____D C:\found.004
2013-08-29 18:37 - 2013-08-29 18:25 - 00030976 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-08-29 18:31 - 2013-08-29 18:24 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 18:30 - 2013-08-29 18:30 - 00001048 _____ C:\Windows\system32\.crusader
2013-08-29 17:14 - 2013-08-29 22:52 - 05114906 ____R (Swearware) C:\Users\Timo Tischler\Desktop\ComboFix.exe
2013-08-28 13:09 - 2013-06-07 17:05 - 00000000 ____D C:\Users\Timo Tischler\Desktop\ZWISCHENABLAGE AKTUELL
2013-08-26 19:13 - 2013-08-26 19:13 - 00081650 _____ C:\Users\Timo Tischler\Desktop\Preordersheet_EUR_SS14.xlsx
2013-08-25 13:12 - 2013-08-25 13:12 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\Okidata
2013-08-24 14:52 - 2013-07-25 16:41 - 00010161 _____ C:\Users\Timo Tischler\Desktop\VERKAUF.xlsx
2013-08-23 09:50 - 2009-09-15 07:46 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\UseNeXT
2013-08-21 15:01 - 2013-08-21 15:01 - 00167547 _____ C:\Users\Timo Tischler\Desktop\Kopie von am 27 8 .xlsx
2013-08-21 10:13 - 2013-08-21 10:13 - 00265582 _____ C:\Users\Timo Tischler\Desktop\am 27 8 .xlsx
2013-08-18 21:03 - 2010-03-26 18:54 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\vlc
2013-08-18 20:32 - 2013-08-18 20:32 - 00051294 _____ C:\Users\Timo Tischler\Desktop\Lundhags Preorder 2014.xlsx
2013-08-17 21:22 - 2010-03-31 15:15 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\dvdcss
2013-08-17 12:15 - 2013-08-17 12:15 - 00000000 ____D C:\Users\Timo Tischler\Downloads\Exigus_20130817121055
2013-08-17 12:11 - 2013-08-17 12:11 - 07224929 _____ C:\Users\Timo Tischler\Downloads\Exigus_20130817121055.zip
2013-08-15 16:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-08-10 12:05 - 2013-07-22 15:08 - 00000000 ____D C:\Users\Timo Tischler\Desktop\Ausrüstungsverkauf
2013-08-10 11:25 - 2013-05-22 22:27 - 00000000 ____D C:\Users\Timo Tischler\Desktop\XXXXXXCHANGE FLYERWERKSTATT LAPPLAND
2013-08-05 16:00 - 2010-03-16 19:08 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
ZeroAccess:
C:\Users\TIMOTI~1\AppData\Local\Google\Desktop\Install\{630d094a-5ad6-4afb-b11c-d421014a516d}
ZeroAccess:
C:\Program Files\Google\Desktop\Install\{630d094a-5ad6-4afb-b11c-d421014a516d}
C:\ProgramData\nvModes.dat
C:\Users\TIMOTI~1\AppData\Local\Temp\fygsejcuyykaurleouy.bfg
C:\Users\TIMOTI~1\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\TIMOTI~1\AppData\Local\Temp\Garmin Software Updates\BaseCamp.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\D3DCompiler_43.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\Opera-12.16-1860.i386.autoupdate.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\opera.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\opera.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\OperaUpgrader.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\updatechecker\opera_autoupdate.exe
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\mapi\OperaMAPI.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\gstreamer.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstaudioconvert.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstaudioresample.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstautodetect.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstcoreplugins.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstdecodebin2.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstdirectsound.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstffmpegcolorspace.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstoggdec.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwaveform.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwavparse.dll
C:\Users\TIMOTI~1\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwebmdec.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {current}
resumeobject            {ab2ccf87-6874-11dd-816a-ca656e8d5a34}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {048a3594-1571-11df-8e04-00140b6424fe}
device                  ramdisk=[C:]\Recovery\048a3594-1571-11df-8e04-00140b6424fe\Winre.wim,{048a3595-1571-11df-8e04-00140b6424fe}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\048a3594-1571-11df-8e04-00140b6424fe\Winre.wim,{048a3595-1571-11df-8e04-00140b6424fe}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {572bcd56-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[\Device\HarddiskVolume1]\sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path                    \windows\system32\boot\winload.exe
description             Windows Recovery Environment
osdevice                ramdisk=[\Device\HarddiskVolume1]\sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {048a3594-1571-11df-8e04-00140b6424fe}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {ab2ccf87-6874-11dd-816a-ca656e8d5a34}
nx                      OptIn

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {ab2ccf87-6874-11dd-816a-ca656e8d5a34}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows-Legacybetriebssystem-Ladeprogramm
-----------------------------------------
Bezeichner              {ntldr}
device                  partition=C:
path                    \ntldr
description             Frhere Windows-Version

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {048a3595-1571-11df-8e04-00140b6424fe}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\048a3594-1571-11df-8e04-00140b6424fe\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description             Ramdisk Device Options
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \boot\boot.sdi



LastRegBack: 2013-09-01 10:02

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt

Code:

ATTFilter

 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-09-2013 04
Ran by Timo Tischler at 2013-09-02 12:05:00
Running from C:\Users\Timo Tischler\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
AAC Decoder (Version: 7.1.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
AC3Filter 1.62b (Version: 1.62b)
Acronis*True*Image*Home (Version: 13.0.6053)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.1.1)
Adobe Acrobat 8.1.1 Professional (Version: 8.1.1)
Adobe After Effects CS3 (Version: 8)
Adobe After Effects CS3 Presets (Version: 8)
Adobe After Effects CS3 Third Party Content (Version: 3)
Adobe AIR (Version: 1.1.0.5790)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color EU Recommended Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Extra Settings CS4 (Version: 2.0)
Adobe Creative Suite 3 Master Collection (Version: 1.0)
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (Version: 1.0)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe Dreamweaver CS3 (Version: 9.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Fireworks CS3 (Version: 9.0)
Adobe Flash CS3 (Version: 9.0)
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Flash Video Encoder (Version: 2.0)
Adobe Fonts All (Version: 2.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Reader 9 - Deutsch (Version: 9.0.0)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.2.602)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AdobeColorCommonSetRGB (Version: 2.0)
AHV content for Acrobat and Flash (Version: 1)
ALPS Touch Pad Driver
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Artisteer 2 (Version: 2.0)
AutoUpdate (Version: 1.1)
AviSynth 2.5
AXIS Media Control Embedded
Bluetooth Stack for Windows by Toshiba (Version: v6.00.05(FSC))
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-J5910DW (Version: 1.0.5.0)
CDBurnerXP (Version: 4.2.7.1878)
cGPSmapper Free 0100d
cobra (Version: 12.01.1299)
DHTML Editing Component (Version: 6.02.0001)
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.1.0.2)
DivX Web Player (Version: 1.5.0)
ezMS v1.03
Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)
Free Video to DVD Converter version 1.6.22.804
Free Video to iPod Converter version 5.0.6.221 (Version: 5.0.6.221)
Free YouTube to MP3 Converter version 3.11.37.1212 (Version: 3.11.37.1212)
FSCLounge (Version: 1.0.0)
Fujitsu Siemens Computers Recovery (Version: 1.3.9)
Garmin BaseCamp (Version: 4.0.2)
Garmin Communicator Plugin (Version: 2.9.3)
Garmin MapInstall (Version: 3.14.4)
Garmin TOPO Deutschland v3 (Version: 3.0.0.0)
Garmin TransAlpin v2 (Version: 2.0.0.0)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.5)
GmapTool 0.6.0b
Google Chrome (Version: 29.0.1547.62)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
GPL Ghostscript 8.64
H.264 Decoder (Version: 1.1.0)
Handelsbanken card reader (Version: 1.00.0000)
Hotkey Utility (Version: 1.5.5)
HyperCam 2 (Version: 2.25.01)
Hyperionics DB Toolbar
IcoFX 1.6.4
ImgBurn (Version: 2.5.5.0)
Incomedia WebSite X5 v10 - Evolution (Version: 10.0.2.24)
Incomedia WebSite X5 v8 - Evolution
Incomedia WebSite X5 v9 - Evolution (Version: 9.0.0.1654)
Intel(R) Network Connections Drivers
Intel® Matrix Storage Manager
iSpring Free 5 (Version: 5.5.0)
iTunes (Version: 10.7.0.21)
IZArc 4.1.2 (Version: 4.1.2)
Java 2 Runtime Environment, SE v1.4.2_19 (Version: 1.4.2_19)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 30 (Version: 6.0.300)
LameACM
Launch Pad 1.0.3 (Version: 1.0.3)
LetsTrade Komponenten
Lexmark Software deinstallieren
Logitech QuickCam (Version: 11.51.1056)
Logitech QuickCam-Treiberpaket
LogoMaker 2.0
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6)
MAGIX Video deluxe 17 Plus Sonderedition Download-Version (Version: 10.0.11.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MapCreator 2 (Version: 2.0)
MapTk (MapToolKit)
Media Add-ons für Acronis True Image Home 2010 (Version: 13.0.6053)
MF60 Mobile Hotspot (Version: 1.0.0.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MKV Splitter (Version: 1.0.1)
MobileMe Control Panel (Version: 2.6.0.35)
Mozilla Firefox (3.6.10) (Version: 3.6.10 (de))
MSVC80_x86 (Version: 1.0.1.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.27.0)
Nokia Maps Updater 1.0.12 (Version: 1.0.12)
Nokia PC-Internetzugang (Version: 2.0.1.2)
Norton 360 (Version: 20.4.0.40)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
NVIDIA Drivers (Version: 1.7)
O&O DriveLED (Version: 3.0.1945)
O&O MediaRecovery (Version: 4.1.1322)
OKI Alert Info (Version: 1.3.0)
OKI Color Swatch-Dienstprogramm (Version: 2.1.11)
OKI Configuration Tool (Version: 1.6.0)
OKI Device Setting (Version: 1.6.0)
OKI Network Extension (Version: 1.00.000)
OKI Network Setting (Version: 1.0.2)
OKI PDF Print Direct (Version: 3.4.5)
OKI Storage Manager (Version: 1.0.2)
OKI User Setting (Version: 1.4.0)
OpenVPN 2.1.1 (Version: 2.1.1)
Opera 12.12 (Version: 12.12.1707)
orgaMAX Business Software (Version: 12.0)
OziExplorer 3.95
PaperPort Image Printer (Version: 1.00.0001)
PC Connectivity Solution (Version: 10.6.1.0)
PDF Settings CS4 (Version: 9.0)
PHOTOfunSTUDIO 6.0 BD Edition (Version: 6.00.025)
PlayReady PC runtime (Version: 1)
Power Manager 2.8.3 (Version: 2.8.3)
PowerPoint to Flash Converter 3000 7.4
Presto! Forms 3.60.10 (Version: 3.60.10)
Presto! PageManager 7.12.20 (Version: 7.12.20)
PSFtp Version 1.8 (Version: 1.8.1.354)
QuickTime (Version: 7.66.71.0)
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0 (Version: 1.0.0)
Safari (Version: 5.31.21.10)
Scansoft PDF Professional
Skype™ 6.3 (Version: 6.3.107)
SPOT Firmware Updater
SPOT Updater 1.1 (Version: 1.1)
SpyHunter (Version: 4.11.10.4138)
SSH Secure Shell
StarMoney (Version: 1.0)
StarMoney 6.0 S-Edition (Version: 6.0)
SystemDiagnostics (Version: 2.04.0006)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
UseNeXT by Tangysoft
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VCRedistSetup (Version: 1.0.0)
VLC media player 1.0.5 (Version: 1.0.5)
VNC Free Edition 4.1.3 (Version: 4.1.3)
VoiceOver Kit (Version: 1.20.128.0)
Winamp (Version: 5.572 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinSCP 4.3.9 (Version: 4.3.9)
WPF Toolkit June 2009 (Version 3.5.40619.1) (Version: 3.5.40619.1)
 

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2006-11-02 12:23 - 2013-08-29 23:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3489D856-B811-4192-B139-434DA6C93ACF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {3501EE4A-0959-4F49-B82C-9B84106AF0DF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1908418406-1939059217-2638421699-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-02-09] (RealNetworks, Inc.)
Task: {3BF6AA5A-8C17-49F1-B0BA-F7B9854B145E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-08-04] (Microsoft Corporation)
Task: {43CE6190-2C14-451B-BB29-9565B5ED2753} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {4D6787D9-819B-48A6-9D95-0A8940368204} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1908418406-1939059217-2638421699-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-02-09] (RealNetworks, Inc.)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs No File
Task: {5AAAD918-FC45-433A-A271-BE3E191A9685} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {6614838B-A08B-4725-8511-CD97E45AD270} - System32\Tasks\User_Feed_Synchronization-{498E3D17-8CF9-48B2-B70E-9E13D21D43CE} => C:\Windows\system32\msfeedssync.exe [2011-06-17] (Microsoft Corporation)
Task: {6696ABF5-14ED-4B23-8962-C6F1E13BB7C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-06] (Google Inc.)
Task: {78148ACB-4274-4EDC-AAB8-FFEBEAF548A6} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2009-07-14] (Microsoft Corporation)
Task: {ABF28068-C51C-4999-88DA-51024CCCFC03} - System32\Tasks\{3570ECD7-DC5E-441A-B8A4-700401ACC139} => D:\Program Files\Skype\Phone\Skype.exe No File
Task: {C8261BCE-B117-4368-8E3B-4624AD8D1499} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {DAD49146-D949-4927-BF61-B5461804B266} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs No File
Task: {E9599562-BDAF-4CEE-8C4C-C95563692F1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Timo Tischler\Desktop\ComboFix.exe:com.apple.metadata?kMDItemDownloadedDate
AlternateDataStreams: C:\Users\Timo Tischler\Desktop\ComboFix.exe:com.apple.metadata?kMDItemWhereFroms
AlternateDataStreams: C:\Users\Timo Tischler\Desktop\ComboFix.exe:com.apple.quarantine

==================== Faulty Device Manager Devices =============

Could not list Devices.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2013 11:58:43 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/02/2013 11:28:47 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (09/02/2013 11:28:46 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (09/02/2013 11:28:45 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (09/02/2013 11:28:43 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (09/02/2013 11:28:41 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (09/02/2013 11:22:50 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (09/02/2013 11:22:29 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00046892
ID des fehlerhaften Prozesses: 0xcb8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (09/02/2013 11:22:22 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (09/02/2013 11:22:21 AM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.


System errors:
=============
Error: (09/02/2013 00:05:08 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 178 Mal passiert.

Error: (09/02/2013 00:05:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%183

Error: (09/02/2013 00:04:40 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 177 Mal passiert.

Error: (09/02/2013 00:04:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%183

Error: (09/02/2013 00:04:20 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 176 Mal passiert.

Error: (09/02/2013 00:04:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%183

Error: (09/02/2013 00:03:59 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 175 Mal passiert.

Error: (09/02/2013 00:03:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%183

Error: (09/02/2013 00:03:34 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 174 Mal passiert.

Error: (09/02/2013 00:03:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%183


Microsoft Office Sessions:
=========================
Error: (08/30/2013 06:22:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 24168 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (08/06/2013 07:43:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6454 seconds with 1020 seconds of active time.  This session ended with a crash.

Error: (07/28/2013 01:38:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4925 seconds with 3540 seconds of active time.  This session ended with a crash.

Error: (04/22/2013 10:41:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3164 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (03/08/2013 05:56:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 32699 seconds with 2580 seconds of active time.  This session ended with a crash.

Error: (02/07/2013 08:58:07 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1274 seconds with 1020 seconds of active time.  This session ended with a crash.

Error: (11/15/2012 04:35:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 28453 seconds with 3060 seconds of active time.  This session ended with a crash.

Error: (07/13/2012 05:01:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 19349 seconds with 1800 seconds of active time.  This session ended with a crash.

Error: (06/27/2012 04:19:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23521 seconds with 4560 seconds of active time.  This session ended with a crash.

Error: (12/01/2011 09:05:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 666 seconds with 120 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 74%
Total physical RAM: 3032.81 MB
Available physical RAM: 776.08 MB
Total Pagefile: 6063.9 MB
Available Pagefile: 2933.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.29 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:92.21 GB) (Free:12.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:364.76 GB) (Free:263.25 GB) NTFS
Drive f: () (Fixed) (Total:1863.01 GB) (Free:1845.16 GB) NTFS
Drive l: () (Network) (Total:298.09 GB) (Free:136.06 GB) NTFS
Drive p: () (Network) (Total:298.09 GB) (Free:136.06 GB) NTFS
Drive v: () (Network) (Total:298.09 GB) (Free:136.06 GB) NTFS
Drive x: (Alte Daten) (Network) (Total:297.6 GB) (Free:91.75 GB) NTFS
Drive y: (Daten) (Network) (Total:297.6 GB) (Free:91.75 GB) NTFS
Drive z: (share) (Network) (Total:916.32 GB) (Free:916.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 8A879E46)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=92 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 2EF9D6DB)
Partition 1: (Not Active) - (Size=-198627982848) - (Type=07 NTFS)

==================== End Of Log ============================

Lohnt sich das was oder soll ich NEU aufsetzten?

Viele Grüße und Danke
Timo

cosinus · 02.09.2013, 11:28

So kann ich dir nicht helfen..was genau meckert Norton?!

timo_se · 02.09.2013, 11:39

Hi das sind die 2 Funde:

Code:

ATTFilter

Dateiname: 800000cb.@
Bedrohungsname: Trojan.Gen.2
Vollst‰ndiger Pfad: c:\program files\google\desktop\install\{630d094a-5ad6-4afb-b11c-d421014a516d}\   \...\???\{630d094a-5ad6-4afb-b11c-d421014a516d}\u\800000cb.@

____________________________

Details
Unbekannte Community-Verbreitung,† Unbekanntes Alter,† Risiko Hoch

Ursprung
Heruntergeladen von?†Unbekannt

Aktivit‰t
Ausgef¸hrte Aktionen: Ausgef¸hrte Aktionen: 1

____________________________


Auf Computern ab†02.09.2013 um 12:31:39
Zuletzt verwendet†02.09.2013 um 12:31:39
Start-Element†Nein
Gestarted†Nein

____________________________


Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.

Unbekannt
Diese Dateiversion ist nicht bekannt.

Hoch
Das Risiko dieser Datei ist hoch.

Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einf¸gen oder anh‰ngen.



____________________________



Quelle: externe Medien
?

____________________________

Dateiaktionen

Datei: c:\program files\google\desktop\install\{630d094a-5ad6-4afb-b11c-d421014a516d}\   \...\???\{630d094a-5ad6-4afb-b11c-d421014a516d}\u\800000cb.@Blockiert
____________________________


Dateiabdruck - SHA:
9568ebe8385be586ca1b319403a5b3bb9a8041f725b293f2ba556f28ace8ec8c
Dateiabdruck - MD5:
Nicht verf¸gbar

und

Code:

ATTFilter

Dateiname: 80000000.@
Bedrohungsname: Trojan.Zeroaccess.C
Vollst‰ndiger Pfad: c:\program files\google\desktop\install\{630d094a-5ad6-4afb-b11c-d421014a516d}\   \...\???\{630d094a-5ad6-4afb-b11c-d421014a516d}\u\80000000.@

____________________________

Details
Unbekannte Community-Verbreitung,† Unbekanntes Alter,† Risiko Hoch

Ursprung
Heruntergeladen von?†Unbekannt

Aktivit‰t
Ausgef¸hrte Aktionen: Ausgef¸hrte Aktionen: 1

____________________________


Auf Computern ab†02.09.2013 um 12:31:39
Zuletzt verwendet†02.09.2013 um 12:31:39
Start-Element†Nein
Gestarted†Nein

____________________________


Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.

Unbekannt
Diese Dateiversion ist nicht bekannt.

Hoch
Das Risiko dieser Datei ist hoch.

Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einf¸gen oder anh‰ngen.



____________________________



Quelle: externe Medien
?

____________________________

Dateiaktionen

Datei: c:\program files\google\desktop\install\{630d094a-5ad6-4afb-b11c-d421014a516d}\   \...\???\{630d094a-5ad6-4afb-b11c-d421014a516d}\u\80000000.@Blockiert
____________________________


Dateiabdruck - SHA:
c6ef688b67a40a078cae57457b8f308de0e9aac66c4c3eae4f7ed3b5547d9393
Dateiabdruck - MD5:
Nicht verf¸gbar

VG Timo

cosinus · 02.09.2013, 11:57

Tja, ZeroAccess hat sich erneut breitgemacht. War in den vorherigen Logs von FRST nciht zu sehen. Ich hab dich ja gewarnt in dem Lesestoff-Posting zum Rootkit, das am Ende doch nur die Neuinstallation von Windows bleiben kann

30.08.2013, 12:59	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GVU Tronjaner hat auch mich erwischt Wäre schön wenn du die Logs trotzdem postest __________________ Logfiles bitte immer in CODE-Tags posten

02.09.2013, 11:28	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GVU Tronjaner hat auch mich erwischt So kann ich dir nicht helfen..was genau meckert Norton?! __________________ Logfiles bitte immer in CODE-Tags posten

02.09.2013, 11:57	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GVU Tronjaner hat auch mich erwischt Tja, ZeroAccess hat sich erneut breitgemacht. War in den vorherigen Logs von FRST nciht zu sehen. Ich hab dich ja gewarnt in dem Lesestoff-Posting zum Rootkit, das am Ende doch nur die Neuinstallation von Windows bleiben kann __________________ Logfiles bitte immer in CODE-Tags posten

GVU Tronjaner hat auch mich erwischt

Log-Analyse und Auswertung: GVU Tronjaner hat auch mich erwischt