Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert

schrauber · 24.10.2013, 06:53

Passwörter ändern ist Pflicht

Gern Geschehen

Robertus · 28.10.2013, 10:58

So ein Mist,
das Problem ist zurück!!! Ich weiß nicht wie das passieren konnte.
Beim Reinigen hatte ich extra alle Datenträger (Kamera-Speicherkarte, USB-Stick und Externe Festplatte) angeschlossen. Als ich aber gestern nach dem Fotographieren die Speicherkarte angeschlossen habe, waren wieder nur Links auf der Karte sichtbar. Der Test mit dem Stick war ebenfalls negativ.
Was soll ich jetzt machen? Alles nochmal von vorne???

schrauber · 28.10.2013, 13:57

erstmal nur frische FRST logs. Verseuchte Externe Medien anklemmen und nicht mehr abmachen.

Robertus · 28.10.2013, 15:13

Danke für deine schnelle Antwort.

FRST log

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by Robert (administrator) on JENNY on 28-10-2013 15:06:44
Running from C:\Users\Robert\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\atservice.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TOSHIBA Corporation) C:\Windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TEco.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TouchED\TouchED.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
() C:\Windows\System32\nwtray.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Dropbox, Inc.) C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(Microsoft Corporation) C:\FRST\Quarantine\ONENOTEM.EXE
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [TWebCamera] - C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TOSDCR] - C:\Program Files\Toshiba\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe [480608 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\Toshiba\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe [738616 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [TosSENotify] - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\Toshiba\TECO\TEco.exe [1324384 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [ClientAppLogon] - C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [307008 2009-12-22] (AuthenTec, Inc.)
HKLM\...\Run: [TouchED] - C:\Program Files\Toshiba\TouchED\TouchED.exe [118784 2005-09-01] (TOSHIBA Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [ITSecMng] - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [929272 2013-06-04] (Sophos Limited)
HKLM\...\Run: [NWTRAY] - C:\Windows\System32\nwtray.exe [34904 2012-03-27] ()
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [tmxnftcqgr] - C:\Users\Robert\AppData\Local\temp\tmxnftcqgr..vbs [116187 2013-08-03] () <===== ATTENTION
HKU\Administrator\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.)
HKU\Administrator\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-10-02] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL [ 2013-06-04] (Sophos Limited)
Lsa: [Authentication Packages] msv1_0 ncv1_0
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\FRST\Quarantine\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmxnftcqgr..vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0A10DF2B4A3CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {55FAF0F2-44D4-425f-B5F5-6B275B621EAB} URL = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 10.2.0.1 10.2.0.2

FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default
FF Homepage: hxxp://www.zeit.de/
FF NetworkProxy: "http", "91.228.53.28"
FF NetworkProxy: "http_port", 8089
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wolfram.com/Mathematica - C:\Program Files\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\DeviceDetection@logitech.com
FF Extension: FoxyProxy Basic - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\foxyproxy@eric.h.jung
FF Extension: YouTube Unblocker - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\youtubeunblocker@unblocker.yt
FF Extension: admin - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\admin@proxy-listen.de.xpi
FF Extension: DivXWebPlayer - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\DivXWebPlayer@divx.com.xpi
FF Extension: noscript - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: TrueSuite Website Log On - C:\Program Files\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

========================== Services (Whitelisted) =================

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 ATService; C:\Program Files\Fingerprint Sensor\atservice.exe [1819968 2009-12-22] (AuthenTec, Inc.)
R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [108352 2009-12-22] (AuthenTec, Inc)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-06-04] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-06-04] (Sophos Limited)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [237048 2013-06-04] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-10-20] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-06-04] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1468920 2013-06-04] (Sophos Limited)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-27] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [16984 2012-03-27] (Novell, Inc.)

==================== Drivers (Whitelisted) ====================

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] ()
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [91736 2012-03-27] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [90712 2012-03-27] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [60504 2012-03-27] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [111192 2012-03-27] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [22616 2012-03-27] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [27224 2012-03-27] (Novell, Inc.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-10-14] (Secunia)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [132424 2013-06-04] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2012-10-20] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33096 2013-06-04] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2012-10-20] (Sophos Plc)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
U3 nccache; C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys [26712 2012-03-27] (Novell, Inc.)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [65112 2012-03-27] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [64088 2012-03-27] (Novell, Inc.)
U3 ncpfsp; C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys [73816 2012-03-27] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [41048 2012-03-27] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [18520 2012-03-27] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [66136 2012-03-27] (Novell, Inc.)
U3 ndslpp; C:\Program Files\Novell\Client\XTier\Drivers\ndslpp.sys [20568 2012-03-27] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [30808 2012-03-27] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [45656 2012-03-27] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [27224 2012-03-27] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [22104 2012-03-27] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [28760 2012-03-27] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [45144 2012-03-27] (Novell, Inc.)
S3 catchme; \??\C:\Users\Robert\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-28 15:03 - 2013-10-28 15:03 - 01089183 _____ (Farbar) C:\Users\Robert\Desktop\FRST.exe
2013-10-26 10:29 - 2013-10-28 14:17 - 00000781 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-24 16:10 - 2013-10-24 16:10 - 00000000 ____D C:\Users\Robert\Desktop\Security
2013-10-22 18:25 - 2013-10-22 18:25 - 00000000 ____D C:\Users\Robert\AppData\Local\Tracker Software
2013-10-22 18:19 - 2013-10-22 18:19 - 00000000 ____D C:\Program Files\Foxit Software
2013-10-22 18:19 - 2013-06-09 20:59 - 00216064 _____ C:\Windows\system32\gcapi_dll.dll
2013-10-22 18:18 - 2012-08-21 12:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-10-22 18:16 - 2013-10-22 18:18 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-22 17:51 - 2013-10-22 17:51 - 00000000 ____D C:\Users\Robert\AppData\Local\Secunia PSI
2013-10-22 17:51 - 2013-10-22 17:51 - 00000000 ____D C:\Program Files\Secunia
2013-10-22 17:27 - 2013-10-22 17:29 - 00000851 _____ C:\DelFix.txt
2013-10-21 15:26 - 2013-10-21 15:27 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-21 13:51 - 2013-10-21 13:51 - 00000000 ____D C:\ProgramData\Oracle
2013-10-21 13:50 - 2013-10-21 13:50 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 13:50 - 2013-10-21 13:50 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 13:50 - 2013-10-21 13:50 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 13:50 - 2013-10-21 13:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-19 09:06 - 2013-10-22 17:27 - 00000000 ____D C:\Windows\ERUNT
2013-10-19 08:54 - 2013-10-19 08:56 - 00000000 ____D C:\AdwCleaner
2013-10-19 08:40 - 2013-10-19 08:40 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Malwarebytes
2013-10-19 08:40 - 2013-10-19 08:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-19 08:40 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-18 15:28 - 2013-10-22 17:23 - 00000000 ____D C:\Windows\erdnt
2013-10-18 15:26 - 2013-10-18 15:26 - 00000000 ____D C:\ProgramData\Panda Security
2013-10-18 15:26 - 2013-10-18 15:26 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2013-10-18 13:46 - 2013-10-28 15:06 - 00000000 ____D C:\FRST
2013-10-14 11:04 - 2013-10-14 11:04 - 00016024 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_x86.sys
2013-10-10 18:25 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-10 18:25 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-10 18:25 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-10 18:25 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-10 18:25 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-10 18:25 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-10 18:25 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 23:26 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 23:26 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 23:26 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 23:26 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 23:26 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 23:26 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 23:25 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 21:56 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 21:56 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 21:56 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 21:56 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-09 21:56 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 21:56 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 21:56 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 21:56 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 21:56 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 21:56 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 21:56 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 21:56 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 21:56 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 21:56 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 21:56 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 21:56 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 21:56 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 21:56 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 21:56 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 21:56 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 21:56 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 21:55 - 2013-07-12 11:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 21:55 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 21:55 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 21:55 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 21:55 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 21:55 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-07 19:14 - 2013-10-07 19:14 - 00000000 ____D C:\Users\Robert\Desktop\Der Pate 3

==================== One Month Modified Files and Folders =======

2013-10-28 15:06 - 2013-10-18 13:46 - 00000000 ____D C:\FRST
2013-10-28 15:06 - 2010-11-20 22:01 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-28 15:03 - 2013-10-28 15:03 - 01089183 _____ (Farbar) C:\Users\Robert\Desktop\FRST.exe
2013-10-28 15:00 - 2011-11-16 16:22 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Skype
2013-10-28 14:55 - 2011-11-15 17:21 - 01501273 _____ C:\Windows\WindowsUpdate.log
2013-10-28 14:51 - 2012-07-22 13:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-28 14:17 - 2013-10-26 10:29 - 00000781 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-28 09:38 - 2011-11-16 16:05 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Dropbox
2013-10-28 09:34 - 2009-07-14 05:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-28 09:34 - 2009-07-14 05:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-28 09:26 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-28 09:26 - 2009-07-14 05:39 - 00110160 _____ C:\Windows\setupact.log
2013-10-24 16:10 - 2013-10-24 16:10 - 00000000 ____D C:\Users\Robert\Desktop\Security
2013-10-24 16:10 - 2011-11-16 18:45 - 00281514 _____ C:\Windows\DPINST.LOG
2013-10-24 16:10 - 2011-04-29 16:26 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-10-24 16:08 - 2011-11-27 22:19 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-23 15:19 - 2013-07-15 12:15 - 00000000 _____ C:\Windows\system32\vireng.log
2013-10-23 15:09 - 2010-04-03 13:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-22 21:42 - 2011-01-14 14:46 - 00000000 ____D C:\Program Files\QuickTime
2013-10-22 18:25 - 2013-10-22 18:25 - 00000000 ____D C:\Users\Robert\AppData\Local\Tracker Software
2013-10-22 18:19 - 2013-10-22 18:19 - 00000000 ____D C:\Program Files\Foxit Software
2013-10-22 18:19 - 2011-12-11 17:42 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Foxit Software
2013-10-22 18:18 - 2013-10-22 18:16 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-22 18:18 - 2011-05-23 22:11 - 00000000 ____D C:\Program Files\iTunes
2013-10-22 18:16 - 2011-05-23 22:11 - 00000000 ____D C:\Program Files\iPod
2013-10-22 18:15 - 2011-11-16 16:32 - 00000000 ____D C:\Program Files\VLC
2013-10-22 17:51 - 2013-10-22 17:51 - 00000000 ____D C:\Users\Robert\AppData\Local\Secunia PSI
2013-10-22 17:51 - 2013-10-22 17:51 - 00000000 ____D C:\Program Files\Secunia
2013-10-22 17:29 - 2013-10-22 17:27 - 00000851 _____ C:\DelFix.txt
2013-10-22 17:27 - 2013-10-19 09:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-22 17:23 - 2013-10-18 15:28 - 00000000 ____D C:\Windows\erdnt
2013-10-22 17:19 - 2011-11-15 17:31 - 00000000 ____D C:\Users\Robert
2013-10-22 10:34 - 2012-05-14 13:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-22 10:34 - 2010-11-20 22:48 - 00096752 _____ C:\Windows\PFRO.log
2013-10-21 19:17 - 2013-04-11 17:41 - 00000000 ____D C:\Users\Robert\Desktop\entwickeln
2013-10-21 15:27 - 2013-10-21 15:26 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-21 13:51 - 2013-10-21 13:51 - 00000000 ____D C:\ProgramData\Oracle
2013-10-21 13:50 - 2013-10-21 13:50 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 13:50 - 2013-10-21 13:50 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 13:50 - 2013-10-21 13:50 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 13:50 - 2013-10-21 13:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 13:50 - 2008-07-21 13:43 - 00000000 ____D C:\Program Files\Java
2013-10-19 08:56 - 2013-10-19 08:54 - 00000000 ____D C:\AdwCleaner
2013-10-19 08:40 - 2013-10-19 08:40 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Malwarebytes
2013-10-19 08:40 - 2013-10-19 08:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-18 17:34 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2013-10-18 17:34 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-10-18 17:28 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-10-18 16:32 - 2009-07-14 03:03 - 52953088 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-10-18 16:32 - 2009-07-14 03:03 - 15990784 _____ C:\Windows\system32\config\SYSTEM.bak
2013-10-18 16:32 - 2009-07-14 03:03 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-10-18 16:32 - 2009-07-14 03:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-10-18 16:32 - 2009-07-14 03:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-10-18 15:26 - 2013-10-18 15:26 - 00000000 ____D C:\ProgramData\Panda Security
2013-10-18 15:26 - 2013-10-18 15:26 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2013-10-14 11:04 - 2013-10-14 11:04 - 00016024 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_x86.sys
2013-10-12 12:11 - 2011-11-16 16:22 - 00000000 ____D C:\ProgramData\Skype
2013-10-12 12:11 - 2009-08-14 11:32 - 00000000 ___RD C:\Program Files\Skype
2013-10-11 11:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-10-10 10:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 09:21 - 2009-07-14 05:33 - 00366296 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 09:19 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-09 23:33 - 2011-11-16 19:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 23:30 - 2013-07-20 18:31 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 23:28 - 2011-11-17 21:25 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 23:27 - 2010-11-21 19:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-08 23:51 - 2012-03-30 09:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-08 23:51 - 2011-11-15 17:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 19:14 - 2013-10-07 19:14 - 00000000 ____D C:\Users\Robert\Desktop\Der Pate 3

Files to move or delete:
====================
C:\Users\Robert\AppData\Local\temp\tmxnftcqgr..vbs


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 15:48

==================== End Of Log ============================

--- --- ---

Wusst nich ob du es wirklich brauchst, aber hier trotzdem die addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-10-2013
Ran by Robert at 2013-10-28 15:08:29
Running from C:\Users\Robert\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Sophos Anti-Virus (Enabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

==================== Installed Programs ======================

7-Zip 9.20
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
ALPS Touch Pad Driver (Version: 7.202.302.109)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
AuthenTec TrueSuite (Version: 2.0.0.57)
AuthenTec TrueSuite (Version: 3.0.1.66)
Bluetooth Stack for Windows by Toshiba (Version: v8.00.12(T))
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite DCP-7010 (Version: 1.0.1.0)
Cisco AnyConnect VPN Client (Version: 2.5.3054)
Citavi (Version: 3.4.0.2)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX-Setup (Version: 2.6.1.3)
Dropbox (HKCU Version: 2.0.22)
EASEUS Partition Master 9.1.0 Home Edition
ElsterFormular (Version: 14.1.11318)
eReg (Version: 1.20.138.34)
Foxit Reader (Version: 6.0.6.722)
Inquisit 3 Web Edition
IrfanView (remove only) (Version: 4.36)
iTunes (Version: 10.7.0.21)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Logitech SetPoint 6.32 (Version: 6.32.20)
LSI V92 MOH Application
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Mathematica Extras 9.0 (4092550) (Version: 9.0.1)
MD Adressbuch 2011
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0.1)
Mozilla Thunderbird 24.0.1 (x86 de) (Version: 24.0.1)
MSVCRT (Version: 15.4.2862.0708)
NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
NMAS Challenge Response Method (Version: 2.8.3.3)
NMAS Client (Version: 3.5.1.1)
Novell Client für Windows (Version: 2 SP2 (IR2a))
Panda USB Vaccine 1.0.1.4
PDF24 Creator 5.4.0
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Secunia PSI (3.0.0.8013) (Version: 3.0.0.8013)
Skype Click to Call (Version: 6.3.11079)
Skype™ 6.9 (Version: 6.9.106)
SopCast 3.5.0 (Version: 3.5.0)
Sophos Anti-Virus (Version: 10.2.9)
Sophos AutoUpdate (Version: 2.9.0.344)
TOSHIBA eco Utility (Version: 1.1.10.0)
TOSHIBA HDD Protection (Version: 2.2.0.0)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.0)
TOSHIBA PC Health Monitor (Version: 1.4.0.0)
TOSHIBA SD Memory Boot Utility (Version: 1.3.1.2)
TOSHIBA Touchpad Ein/Aus Utility V2.5.1.0 (Version: 2.5.1.0)
TOSHIBA Value Added Package (Version: 1.2.40)
TOSHIBA Web Camera Application (Version: 1.1.2.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.1.0 (Version: 2.1.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (Version: 9.0.1)
Zattoo4 4.0.5 (Version: 4.0.5)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:04 - 2013-10-18 17:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {B89B3CB4-EA40-47E8-8D2A-DAB9BE214DB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {FBC2C887-15BD-4C7A-A80A-EDFE57BE71D4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-03-12 16:40 - 2012-03-12 16:40 - 00016384 _____ () C:\Windows\system32\nls\DEUTSCH\NCLangIDR.DLL
2009-10-18 15:20 - 2009-10-18 15:20 - 07980344 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2009-11-03 13:26 - 2009-11-03 13:26 - 00058680 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-07-29 15:35 - 2009-07-29 15:35 - 00014648 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2009-08-26 17:55 - 2009-08-26 17:55 - 00520192 _____ () C:\Program Files\Toshiba\TECO\TecoPower.dll
2011-10-07 10:41 - 2011-10-07 10:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2011-11-21 20:18 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2011-07-29 00:09 - 2011-07-29 00:09 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-03-27 16:32 - 2012-03-27 16:32 - 00909400 _____ () C:\Windows\System32\NCNetProvider.DLL
2012-03-27 16:32 - 2012-03-27 16:32 - 00092760 _____ () C:\Windows\System32\NCLangID.dll
2012-03-27 16:32 - 2012-03-27 16:32 - 00156760 _____ () C:\Windows\System32\MAPBASE.dll
2012-03-27 16:32 - 2012-03-27 16:32 - 00230488 _____ () C:\Windows\System32\NWSHLXNT.dll
2012-03-12 16:40 - 2012-03-12 16:40 - 00016384 _____ () C:\Windows\System32\nls\DEUTSCH\NCLangIDR.DLL
2012-03-12 16:40 - 2012-03-12 16:40 - 00086528 _____ () C:\Windows\System32\nls\DEUTSCH\MAPBASER.DLL
2012-03-12 16:40 - 2012-03-12 16:40 - 00102400 _____ () C:\Windows\System32\nls\DEUTSCH\NWSHLXNTR.DLL
2012-03-12 16:40 - 2012-03-12 16:40 - 00496640 _____ () C:\Windows\System32\nls\DEUTSCH\NCNetProviderR.DLL
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Robert\AppData\Roaming\Dropbox\bin\libcef.dll
2009-08-03 18:17 - 2009-08-03 18:17 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-09-19 00:09 - 2013-09-19 00:09 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2011-12-04 22:54 - 2013-04-25 15:11 - 00122880 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\CitaviPickerCommunication.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.8) - Deutsch - Update "Adobe Reader X (10.1.8)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.8) - Deutsch - Update "Adobe Reader X (10.1.1)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.8) - Deutsch - Update "Adobe Reader X (10.1.2)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.8) - Deutsch - Update "Adobe Reader X (10.1.3)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.8) - Deutsch - Update "Adobe Reader X (10.1.4)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.8) - Deutsch - Update "Adobe Reader X (10.1.5)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.8) - Deutsch - Update "Adobe Reader X (10.1.6)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.8) - Deutsch - Update "Adobe Reader X (10.1.7)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/28/2013 09:44:10 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.8) - Deutsch - Update "Adobe Reader X (10.1.8)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/28/2013 09:44:10 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Adobe Reader X (10.1.8) - Deutsch - Update "Adobe Reader X (10.1.1)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (10/27/2013 02:55:35 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/26/2013 11:42:46 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/24/2013 09:06:28 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/23/2013 11:34:48 PM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (10/23/2013 03:38:27 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/23/2013 03:19:42 PM) (Source: Service Control Manager) (User: )
Description: Dienst "TOSHIBA Festplattenschutz" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/23/2013 03:19:39 PM) (Source: Service Control Manager) (User: )
Description: Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/22/2013 06:17:45 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/22/2013 06:11:03 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (10/22/2013 06:10:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Adobe Reader X (10.1.8) - DeutschAdobe Reader X (10.1.8)1638(NULL)(NULL)(NULL)

Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Adobe Reader X (10.1.8) - DeutschAdobe Reader X (10.1.1)1638(NULL)(NULL)(NULL)

Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Adobe Reader X (10.1.8) - DeutschAdobe Reader X (10.1.2)1638(NULL)(NULL)(NULL)

Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Adobe Reader X (10.1.8) - DeutschAdobe Reader X (10.1.3)1638(NULL)(NULL)(NULL)

Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Adobe Reader X (10.1.8) - DeutschAdobe Reader X (10.1.4)1638(NULL)(NULL)(NULL)

Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Adobe Reader X (10.1.8) - DeutschAdobe Reader X (10.1.5)1638(NULL)(NULL)(NULL)

Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Adobe Reader X (10.1.8) - DeutschAdobe Reader X (10.1.6)1638(NULL)(NULL)(NULL)

Error: (10/28/2013 02:16:33 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Adobe Reader X (10.1.8) - DeutschAdobe Reader X (10.1.7)1638(NULL)(NULL)(NULL)

Error: (10/28/2013 09:44:10 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Adobe Reader X (10.1.8) - DeutschAdobe Reader X (10.1.8)1638(NULL)(NULL)(NULL)

Error: (10/28/2013 09:44:10 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Adobe Reader X (10.1.8) - DeutschAdobe Reader X (10.1.1)1638(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Percentage of memory in use: 58%
Total physical RAM: 2937.16 MB
Available physical RAM: 1225.34 MB
Total Pagefile: 5872.62 MB
Available Pagefile: 3756.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.68 GB) (Free:4.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:90.37 GB) (Free:17.68 GB) NTFS
Drive f: (USB DISK) (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT
Drive g: () (Removable) (Total:7.39 GB) (Free:2.74 GB) FAT32
Drive h: (ROBERT) (Fixed) (Total:232.83 GB) (Free:11.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 435FE2AB)
Partition 1: (Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=90 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

========================================================
Disk: 3 (Size: 233 GB) (Disk ID: D0249070)
Partition 1: (Not Active) - (Size=233 GB) - (Type=0C)

==================== End Of Log ============================

schrauber · 28.10.2013, 19:17

Wieviel externe Medien sind angesteckt mit welchem Laufwerksbuchstaben?

Robertus · 28.10.2013, 19:22

3 externe Medien:
Stick F
Speicherkarte G
externe Festplatte H

Meine interne Festplatte ist partitioniert in
Laufwerk C und Laufwerk D (auf D sind die meisten Daten)

schrauber · 29.10.2013, 09:56

Falls noch nicht vorhanden, lade Dir OTM von OldTimer herunter.

Speichere die Datei auf deinem Desktop.
Sollte Dein Anti-Virus-Programm "Alarm" schlagen, bitte ignorieren und/oder OTM auf die Liste der Ausnahmen setzen.
Starte bitte die OTM.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Kopiere den Inhalt der folgenden Codebox komplett in die

Box.

Code:

ATTFilter

:files
C:\Users\Robert\AppData\Local\temp\tmxnftcqgr..vbs
F:\tmxnftcqgr..vbs
G:\tmxnftcqgr..vbs
H:\tmxnftcqgr..vbs
:commands
[emptytemp]

Klicke nun auf .
Bitte alles aus dem Ergebnisfenster ( ) herauskopieren
oder
den Inhalt der Datei C:\_OTM\MovedFiles\<datum_nr.>.log kopieren
und das Ergebnis in Deine nächste Antwort posten.
Schließe OTM

Sollte eine Datei oder ein Ordner nicht verschoben werden können, wirst Du eventuell aufgefordert, den PC neuzustarten damit der Prozess abgeschlossen werden kann. Sollte dies der Fall sein, bestätige das mit Ja..

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKCU\...\Run: [tmxnftcqgr] - C:\Users\Robert\AppData\Local\temp\tmxnftcqgr..vbs [116187 2013-08-03] () <===== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Robertus · 29.10.2013, 11:49

OTM-Results

Code:

ATTFilter

All processes killed
========== FILES ==========
File/Folder C:\Users\Robert\AppData\Local\temp\tmxnftcqgr..vbs not found.
File move failed. F:\tmxnftcqgr..vbs scheduled to be moved on reboot.
File move failed. G:\tmxnftcqgr..vbs scheduled to be moved on reboot.
File/Folder H:\tmxnftcqgr..vbs not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Robert
->Temp folder emptied: 26902760 bytes
->Temporary Internet Files folder emptied: 165740915 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 373023186 bytes
->Flash cache emptied: 4705 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11992986 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 6401016257 bytes
 
Total Files Cleaned = 6.655,00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 10292013_113627

Files moved on Reboot...
File F:\tmxnftcqgr..vbs not found!
File G:\tmxnftcqgr..vbs not found!
File C:\Windows\temp\Secunia PSI Agent\VLC_2.1.0_32-bit_SPS.exe not found!
File move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-10-2013
Ran by Robert at 2013-10-29 11:48:10 Run:1
Running from C:\Users\Robert\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...\Run: [tmxnftcqgr] - C:\Users\Robert\AppData\Local\temp\tmxnftcqgr..vbs [116187 2013-08-03] () <===== ATTENTION
         
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmxnftcqgr => Value not found.

==== End of Fixlog ====

schrauber · 29.10.2013, 15:54

Wie schauts mit den Sticks?

Frisches FRST log bitte noch.

Robertus · 29.10.2013, 17:33

Jo, konnte wieder normal was auf dem Stick speichern ohne, dass es zur Verknüpfung wird. Super!!!
Hab jetzt die ganzen Verknüpfungen gelöscht und deshalb nur noch versteckte Dateien auf den externen Medien. Ich kann aber das "versteckt"-Häckchen aus der Check-Box unter Datei-Eigenschaften nicht rausnehmen. Was kann ich tun, dass die Dateien wieder "normal" sind?

FRST-Log

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by Robert (administrator) on JENNY on 29-10-2013 17:29:10
Running from C:\Users\Robert\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\atservice.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TOSHIBA Corporation) C:\Windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TEco.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TouchED\TouchED.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
() C:\Windows\System32\nwtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Dropbox, Inc.) C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\FRST\Quarantine\ONENOTEM.EXE
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.WeblogonHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [TWebCamera] - C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TOSDCR] - C:\Program Files\Toshiba\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe [480608 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\Toshiba\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe [738616 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [TosSENotify] - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\Toshiba\TECO\TEco.exe [1324384 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [ClientAppLogon] - C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [307008 2009-12-22] (AuthenTec, Inc.)
HKLM\...\Run: [TouchED] - C:\Program Files\Toshiba\TouchED\TouchED.exe [118784 2005-09-01] (TOSHIBA Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [ITSecMng] - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [929272 2013-06-04] (Sophos Limited)
HKLM\...\Run: [NWTRAY] - C:\Windows\System32\nwtray.exe [34904 2012-03-27] ()
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\Administrator\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.)
HKU\Administrator\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-10-02] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL [ 2013-06-04] (Sophos Limited)
Lsa: [Authentication Packages] msv1_0 ncv1_0
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\FRST\Quarantine\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0A10DF2B4A3CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {55FAF0F2-44D4-425f-B5F5-6B275B621EAB} URL = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 10.2.0.1 10.2.0.2

FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default
FF Homepage: hxxp://www.zeit.de/
FF NetworkProxy: "http", "91.228.53.28"
FF NetworkProxy: "http_port", 8089
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wolfram.com/Mathematica - C:\Program Files\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\DeviceDetection@logitech.com
FF Extension: FoxyProxy Basic - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\foxyproxy@eric.h.jung
FF Extension: YouTube Unblocker - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\youtubeunblocker@unblocker.yt
FF Extension: admin - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\admin@proxy-listen.de.xpi
FF Extension: DivXWebPlayer - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\DivXWebPlayer@divx.com.xpi
FF Extension: noscript - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: TrueSuite Website Log On - C:\Program Files\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

========================== Services (Whitelisted) =================

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 ATService; C:\Program Files\Fingerprint Sensor\atservice.exe [1819968 2009-12-22] (AuthenTec, Inc.)
R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [108352 2009-12-22] (AuthenTec, Inc)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-06-04] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-06-04] (Sophos Limited)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [237048 2013-06-04] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-10-20] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-06-04] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1468920 2013-06-04] (Sophos Limited)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-27] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [16984 2012-03-27] (Novell, Inc.)

==================== Drivers (Whitelisted) ====================

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] ()
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [91736 2012-03-27] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [90712 2012-03-27] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [60504 2012-03-27] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [111192 2012-03-27] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [22616 2012-03-27] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [27224 2012-03-27] (Novell, Inc.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-10-14] (Secunia)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [132424 2013-06-04] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2012-10-20] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33096 2013-06-04] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2012-10-20] (Sophos Plc)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
U3 nccache; C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys [26712 2012-03-27] (Novell, Inc.)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [65112 2012-03-27] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [64088 2012-03-27] (Novell, Inc.)
U3 ncpfsp; C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys [73816 2012-03-27] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [41048 2012-03-27] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [18520 2012-03-27] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [66136 2012-03-27] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [30808 2012-03-27] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [45656 2012-03-27] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [27224 2012-03-27] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [22104 2012-03-27] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [28760 2012-03-27] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [45144 2012-03-27] (Novell, Inc.)
S3 catchme; \??\C:\Users\Robert\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-29 11:36 - 2013-10-29 11:36 - 00000000 ____D C:\_OTM
2013-10-29 11:34 - 2013-10-29 11:34 - 00522240 _____ (OldTimer Tools) C:\Users\Robert\Desktop\OTM.exe
2013-10-28 17:27 - 2013-10-28 17:37 - 00000000 ____D C:\Users\Robert\Desktop\PKV
2013-10-28 15:03 - 2013-10-28 15:03 - 01089183 _____ (Farbar) C:\Users\Robert\Desktop\FRST.exe
2013-10-26 10:29 - 2013-10-29 11:18 - 00000781 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-24 16:10 - 2013-10-24 16:10 - 00000000 ____D C:\Users\Robert\Desktop\Security
2013-10-22 18:25 - 2013-10-22 18:25 - 00000000 ____D C:\Users\Robert\AppData\Local\Tracker Software
2013-10-22 18:19 - 2013-10-22 18:19 - 00000000 ____D C:\Program Files\Foxit Software
2013-10-22 18:19 - 2013-06-09 20:59 - 00216064 _____ C:\Windows\system32\gcapi_dll.dll
2013-10-22 18:18 - 2012-08-21 12:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-10-22 18:16 - 2013-10-22 18:18 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-22 17:51 - 2013-10-22 17:51 - 00000000 ____D C:\Users\Robert\AppData\Local\Secunia PSI
2013-10-22 17:51 - 2013-10-22 17:51 - 00000000 ____D C:\Program Files\Secunia
2013-10-22 17:27 - 2013-10-22 17:29 - 00000851 _____ C:\DelFix.txt
2013-10-21 15:26 - 2013-10-21 15:27 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-21 13:51 - 2013-10-21 13:51 - 00000000 ____D C:\ProgramData\Oracle
2013-10-21 13:50 - 2013-10-21 13:50 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 13:50 - 2013-10-21 13:50 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 13:50 - 2013-10-21 13:50 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 13:50 - 2013-10-21 13:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-19 09:06 - 2013-10-22 17:27 - 00000000 ____D C:\Windows\ERUNT
2013-10-19 08:54 - 2013-10-19 08:56 - 00000000 ____D C:\AdwCleaner
2013-10-19 08:40 - 2013-10-19 08:40 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Malwarebytes
2013-10-19 08:40 - 2013-10-19 08:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-19 08:40 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-18 15:28 - 2013-10-22 17:23 - 00000000 ____D C:\Windows\erdnt
2013-10-18 15:26 - 2013-10-18 15:26 - 00000000 ____D C:\ProgramData\Panda Security
2013-10-18 15:26 - 2013-10-18 15:26 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2013-10-18 13:46 - 2013-10-28 15:06 - 00000000 ____D C:\FRST
2013-10-14 11:04 - 2013-10-14 11:04 - 00016024 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_x86.sys
2013-10-10 18:25 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-10 18:25 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-10 18:25 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-10 18:25 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-10 18:25 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-10 18:25 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-10 18:25 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 23:26 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 23:26 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 23:26 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 23:26 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 23:26 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 23:26 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 23:26 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 23:25 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 21:56 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 21:56 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 21:56 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 21:56 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-09 21:56 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 21:56 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 21:56 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 21:56 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 21:56 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 21:56 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 21:56 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 21:56 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 21:56 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 21:56 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 21:56 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 21:56 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 21:56 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 21:56 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 21:56 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 21:56 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 21:56 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 21:55 - 2013-07-12 11:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 21:55 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 21:55 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 21:55 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 21:55 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 21:55 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-07 19:14 - 2013-10-07 19:14 - 00000000 ____D C:\Users\Robert\Desktop\Der Pate 3

==================== One Month Modified Files and Folders =======

2013-10-29 17:30 - 2011-11-16 16:22 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Skype
2013-10-29 16:51 - 2012-07-22 13:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-29 12:38 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-29 12:20 - 2011-11-15 17:21 - 01664843 _____ C:\Windows\WindowsUpdate.log
2013-10-29 11:50 - 2009-07-14 05:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 11:50 - 2009-07-14 05:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 11:46 - 2011-11-16 16:05 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Dropbox
2013-10-29 11:42 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 11:42 - 2009-07-14 05:39 - 00110328 _____ C:\Windows\setupact.log
2013-10-29 11:36 - 2013-10-29 11:36 - 00000000 ____D C:\_OTM
2013-10-29 11:34 - 2013-10-29 11:34 - 00522240 _____ (OldTimer Tools) C:\Users\Robert\Desktop\OTM.exe
2013-10-29 11:18 - 2013-10-26 10:29 - 00000781 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-29 01:24 - 2011-11-16 19:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-29 01:24 - 2009-07-14 03:04 - 00000478 _____ C:\Windows\win.ini
2013-10-29 00:38 - 2010-11-20 22:01 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-28 17:37 - 2013-10-28 17:27 - 00000000 ____D C:\Users\Robert\Desktop\PKV
2013-10-28 15:06 - 2013-10-18 13:46 - 00000000 ____D C:\FRST
2013-10-28 15:03 - 2013-10-28 15:03 - 01089183 _____ (Farbar) C:\Users\Robert\Desktop\FRST.exe
2013-10-24 16:10 - 2013-10-24 16:10 - 00000000 ____D C:\Users\Robert\Desktop\Security
2013-10-24 16:10 - 2011-11-16 18:45 - 00281514 _____ C:\Windows\DPINST.LOG
2013-10-24 16:10 - 2011-04-29 16:26 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-10-24 16:08 - 2011-11-27 22:19 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-23 15:19 - 2013-07-15 12:15 - 00000000 _____ C:\Windows\system32\vireng.log
2013-10-23 15:09 - 2010-04-03 13:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-22 21:42 - 2011-01-14 14:46 - 00000000 ____D C:\Program Files\QuickTime
2013-10-22 18:25 - 2013-10-22 18:25 - 00000000 ____D C:\Users\Robert\AppData\Local\Tracker Software
2013-10-22 18:19 - 2013-10-22 18:19 - 00000000 ____D C:\Program Files\Foxit Software
2013-10-22 18:19 - 2011-12-11 17:42 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Foxit Software
2013-10-22 18:18 - 2013-10-22 18:16 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-22 18:18 - 2011-05-23 22:11 - 00000000 ____D C:\Program Files\iTunes
2013-10-22 18:16 - 2011-05-23 22:11 - 00000000 ____D C:\Program Files\iPod
2013-10-22 18:15 - 2011-11-16 16:32 - 00000000 ____D C:\Program Files\VLC
2013-10-22 17:51 - 2013-10-22 17:51 - 00000000 ____D C:\Users\Robert\AppData\Local\Secunia PSI
2013-10-22 17:51 - 2013-10-22 17:51 - 00000000 ____D C:\Program Files\Secunia
2013-10-22 17:29 - 2013-10-22 17:27 - 00000851 _____ C:\DelFix.txt
2013-10-22 17:27 - 2013-10-19 09:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-22 17:23 - 2013-10-18 15:28 - 00000000 ____D C:\Windows\erdnt
2013-10-22 17:19 - 2011-11-15 17:31 - 00000000 ____D C:\Users\Robert
2013-10-22 10:34 - 2012-05-14 13:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-22 10:34 - 2010-11-20 22:48 - 00096752 _____ C:\Windows\PFRO.log
2013-10-21 19:17 - 2013-04-11 17:41 - 00000000 ____D C:\Users\Robert\Desktop\entwickeln
2013-10-21 15:27 - 2013-10-21 15:26 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-21 13:51 - 2013-10-21 13:51 - 00000000 ____D C:\ProgramData\Oracle
2013-10-21 13:50 - 2013-10-21 13:50 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 13:50 - 2013-10-21 13:50 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 13:50 - 2013-10-21 13:50 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 13:50 - 2013-10-21 13:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 13:50 - 2008-07-21 13:43 - 00000000 ____D C:\Program Files\Java
2013-10-19 08:56 - 2013-10-19 08:54 - 00000000 ____D C:\AdwCleaner
2013-10-19 08:40 - 2013-10-19 08:40 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Malwarebytes
2013-10-19 08:40 - 2013-10-19 08:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-18 17:34 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2013-10-18 17:34 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-10-18 17:28 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-10-18 16:32 - 2009-07-14 03:03 - 52953088 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-10-18 16:32 - 2009-07-14 03:03 - 15990784 _____ C:\Windows\system32\config\SYSTEM.bak
2013-10-18 16:32 - 2009-07-14 03:03 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-10-18 16:32 - 2009-07-14 03:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-10-18 16:32 - 2009-07-14 03:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-10-18 15:26 - 2013-10-18 15:26 - 00000000 ____D C:\ProgramData\Panda Security
2013-10-18 15:26 - 2013-10-18 15:26 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2013-10-14 11:04 - 2013-10-14 11:04 - 00016024 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_x86.sys
2013-10-12 12:11 - 2011-11-16 16:22 - 00000000 ____D C:\ProgramData\Skype
2013-10-12 12:11 - 2009-08-14 11:32 - 00000000 ___RD C:\Program Files\Skype
2013-10-11 11:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-10-10 09:21 - 2009-07-14 05:33 - 00366296 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 09:19 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-09 23:30 - 2013-07-20 18:31 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 23:28 - 2011-11-17 21:25 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 23:27 - 2010-11-21 19:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-08 23:51 - 2012-03-30 09:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-08 23:51 - 2011-11-15 17:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 19:14 - 2013-10-07 19:14 - 00000000 ____D C:\Users\Robert\Desktop\Der Pate 3

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 15:48

==================== End Of Log ============================

--- --- ---

schrauber · 30.10.2013, 12:07

Start > in das Suchfeld CMD eingeben, Rechtsklick auf CMD als Admin starten.

attrib -s -h -r G:Ordner

Diesen Befehl anpassen, Laufwerksbuchstaben anpassen, Ordnernamen ersetzen. Den Befehl dann für jeden Ordner wiederholen.

Robertus · 30.10.2013, 14:28

Super! Danke!
Es scheint wieder alles beim Alten zu sein. Die Datenträger sind also jetzt clean? Dann kann ich sie alle vom Computer entfernen?

schrauber · 31.10.2013, 09:25

Genau. Mit Panda USB Vaccine noch einmal alles immunisieren.

Robertus · 31.10.2013, 11:24

Ok.
Und Panda lass ich jetzt einfach immer laufen?

schrauber · 01.11.2013, 10:44

ab und an. Und bitte noch ein frisches FRST log, dann räumen wir auf

24.10.2013, 06:53	#16
schrauber /// the machine /// TB-Ausbilder	Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Passwörter ändern ist Pflicht Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

28.10.2013, 13:57	#18
schrauber /// the machine /// TB-Ausbilder	Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert erstmal nur frische FRST logs. Verseuchte Externe Medien anklemmen und nicht mehr abmachen. __________________ __________________

28.10.2013, 19:17	#20
schrauber /// the machine /// TB-Ausbilder	Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Wieviel externe Medien sind angesteckt mit welchem Laufwerksbuchstaben? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

29.10.2013, 15:54	#24
schrauber /// the machine /// TB-Ausbilder	Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Wie schauts mit den Sticks? Frisches FRST log bitte noch. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

31.10.2013, 09:25	#28
schrauber /// the machine /// TB-Ausbilder	Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Genau. Mit Panda USB Vaccine noch einmal alles immunisieren. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert

Log-Analyse und Auswertung: Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert