Win7 fährt im abgesicherten Modus sofort herunter

spatz_66 · 23.10.2013, 14:17

Nach Windowsstart erscheint ein weisser Bildschirm.
Bei Start im abgesicherten Modus fährt das System nach dem Start sofort wieder herunter.

Anbei das FRST-Log.

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013
Ran by SYSTEM on MININT-Q9K49D6 on 23-10-2013 14:44:10
Running from H:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-29] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684776 2010-01-22] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM\...\Run: [QLBController] - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-01-28] (Hewlett-Packard Company)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Professional 6\pdfpro6hook.exe [1277952 2009-11-13] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF6 Registry Controller] - C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe [110880 2009-11-03] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [563736 2010-01-12] (PDF Complete Inc)
HKLM\...\Run: [Nuance PDF Reader-reminder] - C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM\...\Run: [NortonOnlineBackupReminder] - C:\Program Files\Symantec\Norton Online Backup\Activation\NOBuActivation.exe [3331944 2009-12-03] (Symantec Corporation)
HKLM\...\Run: [McAfee Managed Services Tray] - C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.Exe [476480 2010-02-17] (McAfee, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-09-24] (Apple Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [A1Webassistent] - C:\Program Files\A1\A1 Webassistent\A1Webassistent.exe [18977656 2012-02-08] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\runonceex: [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-11-23] (Sonic Solutions)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [ 2010-02-10] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [ 2010-02-10] ()
HKU\Karl\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2010-01-22] (Hewlett-Packard Company)
HKU\Karl\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [ 2009-05-05] (Acresso Corporation)
HKU\Karl\...\Run: [HPAdvisorDock] - C:\Program Files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [ 2010-02-10] ()
HKU\Karl\...\Winlogon: [Shell] explorer.exe,C:\Users\Karl\AppData\Roaming\Other.res [ 2013-08-29] () <==== ATTENTION 
Startup: C:\Users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.)
S2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [120832 2009-10-15] (Hewlett-Packard)
S2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [265272 2010-01-28] (Hewlett-Packard Company)
S2 McAfee SiteAdvisor Enterprise Service; C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe [222528 2009-08-07] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [170144 2010-02-04] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [141792 2010-02-08] (McAfee, Inc.)
S2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [893112 2009-05-08] (McAfee, Inc.)
S2 myAgtSvc; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [282824 2010-02-17] (McAfee, Inc.)
S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2010-01-12] (PDF Complete Inc)
S2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-11-03] (Nuance Communications, Inc.)
S2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe [229458 2010-01-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S2 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.)
S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [95728 2010-02-08] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [152736 2010-02-08] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [51720 2010-02-08] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [385184 2010-02-08] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [83912 2010-02-08] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [160912 2010-02-08] (McAfee, Inc.)
S1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [130424 2009-04-09] (McAfee, Inc.)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [73344 2010-01-30] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-23 14:43 - 2013-10-23 14:43 - 00000000 ____D C:\FRST
2013-10-21 14:21 - 2013-10-21 14:26 - 00052346 _____ C:\Windows\iis7.log
2013-10-21 14:11 - 2013-10-21 15:09 - 00000000 ____D C:\Windows\pss
2013-10-11 11:43 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-11 11:43 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-11 11:43 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-11 11:43 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-11 11:43 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-11 11:43 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-11 11:43 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-11 11:43 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-11 11:43 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-11 11:43 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-11 11:43 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-11 11:43 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-11 11:43 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-11 11:43 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-11 11:43 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-11 11:43 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-11 09:31 - 2013-10-11 10:30 - 00029184 ____H C:\Users\Karl\Documents\~WRL2702.tmp
2013-10-11 09:31 - 2013-10-11 10:09 - 00027648 ____H C:\Users\Karl\Documents\~WRL3493.tmp
2013-10-11 09:31 - 2013-10-11 10:07 - 00027136 ____H C:\Users\Karl\Documents\~WRL3785.tmp
2013-10-11 09:31 - 2013-10-11 10:05 - 00027136 ____H C:\Users\Karl\Documents\~WRL0722.tmp
2013-10-11 09:31 - 2013-10-11 10:01 - 00026624 ____H C:\Users\Karl\Documents\~WRL1822.tmp
2013-10-11 09:31 - 2013-10-11 09:42 - 00025088 ____H C:\Users\Karl\Documents\~WRL2852.tmp
2013-10-11 09:31 - 2013-10-11 09:31 - 00024064 ____H C:\Users\Karl\Documents\~WRL1466.tmp
2013-10-11 09:17 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-11 09:17 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-11 09:17 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-11 09:17 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-10-11 09:17 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-11 09:17 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-11 09:17 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-11 09:17 - 2013-08-29 02:50 - 00065536 _____ C:\Users\Karl\AppData\Roaming\Other.res
2013-10-11 09:17 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-11 09:17 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-11 09:17 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-11 09:17 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-11 09:17 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 09:17 - 2013-07-12 11:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-11 09:17 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-11 09:17 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-11 09:17 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-11 09:17 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-11 09:17 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-11 09:17 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-11 09:17 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-11 09:17 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-11 09:17 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-11 09:17 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-11 09:17 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-11 09:17 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-11 09:17 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-11 09:17 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-09-29 17:47 - 2013-09-29 17:47 - 00572421 _____ C:\Users\Karl\Documents\mathe.zip

==================== One Month Modified Files and Folders =======

2013-10-23 14:43 - 2013-10-23 14:43 - 00000000 ____D C:\FRST
2013-10-23 08:58 - 2013-04-18 13:54 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-23 08:58 - 2013-04-18 13:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-23 08:50 - 2010-03-31 04:00 - 01594326 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-23 08:32 - 2010-05-28 13:13 - 01281292 _____ C:\Windows\WindowsUpdate.log
2013-10-23 08:32 - 2010-03-31 04:40 - 00008553 _____ C:\Windows\System32\Config.MPF
2013-10-23 08:31 - 2009-07-14 05:34 - 00019760 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-23 08:31 - 2009-07-14 05:34 - 00019760 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-23 08:30 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-23 08:24 - 2013-02-16 16:44 - 00000000 ____D C:\Users\Karl\AppData\Roaming\Dropbox
2013-10-23 08:23 - 2009-07-14 05:39 - 00217957 _____ C:\Windows\setupact.log
2013-10-21 19:14 - 2013-02-16 16:47 - 00000000 ___RD C:\Users\Karl\Dropbox
2013-10-21 15:09 - 2013-10-21 14:11 - 00000000 ____D C:\Windows\pss
2013-10-21 14:26 - 2013-10-21 14:21 - 00052346 _____ C:\Windows\iis7.log
2013-10-21 14:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-10-21 14:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\inetsrv
2013-10-19 21:46 - 2010-03-31 04:47 - 00135046 _____ C:\Windows\PFRO.log
2013-10-19 21:01 - 2010-11-01 11:34 - 00000000 ____D C:\Users\Karl\Documents\Karl
2013-10-19 20:31 - 2012-09-12 19:26 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-12 09:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-10-12 08:15 - 2013-02-16 16:47 - 00000976 _____ C:\Users\Karl\Desktop\Dropbox.lnk
2013-10-11 16:58 - 2009-07-14 05:33 - 00456656 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-11 11:45 - 2013-07-31 11:42 - 00000000 ____D C:\Windows\System32\MRT
2013-10-11 11:44 - 2012-01-22 14:39 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-11 11:11 - 2010-11-01 11:35 - 00000000 ____D C:\Users\Karl\Documents\Tanja
2013-10-11 10:30 - 2013-10-11 09:31 - 00029184 ____H C:\Users\Karl\Documents\~WRL2702.tmp
2013-10-11 10:09 - 2013-10-11 09:31 - 00027648 ____H C:\Users\Karl\Documents\~WRL3493.tmp
2013-10-11 10:07 - 2013-10-11 09:31 - 00027136 ____H C:\Users\Karl\Documents\~WRL3785.tmp
2013-10-11 10:05 - 2013-10-11 09:31 - 00027136 ____H C:\Users\Karl\Documents\~WRL0722.tmp
2013-10-11 10:01 - 2013-10-11 09:31 - 00026624 ____H C:\Users\Karl\Documents\~WRL1822.tmp
2013-10-11 09:42 - 2013-10-11 09:31 - 00025088 ____H C:\Users\Karl\Documents\~WRL2852.tmp
2013-10-11 09:31 - 2013-10-11 09:31 - 00024064 ____H C:\Users\Karl\Documents\~WRL1466.tmp
2013-10-09 19:45 - 2012-04-08 10:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-10-09 19:45 - 2012-04-08 10:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-09-29 17:47 - 2013-09-29 17:47 - 00572421 _____ C:\Users\Karl\Documents\mathe.zip
2013-09-23 00:28 - 2013-10-11 11:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-23 00:28 - 2013-10-11 11:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-23 00:28 - 2013-10-11 11:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-23 00:27 - 2013-10-11 11:43 - 14335488 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-23 00:27 - 2013-10-11 11:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-23 00:27 - 2013-10-11 11:43 - 02876928 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-23 00:27 - 2013-10-11 11:43 - 02048512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-23 00:27 - 2013-10-11 11:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-23 00:27 - 2013-10-11 11:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-23 00:27 - 2013-10-11 11:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-23 00:27 - 2013-10-11 11:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-23 00:27 - 2013-10-11 11:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-23 00:27 - 2013-10-11 11:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-23 00:27 - 2013-10-11 11:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

Files to move or delete:
====================
C:\Users\Karl\AppData\Roaming\skype.ini


Some content of TEMP:
====================
C:\Users\Karl\AppData\Local\Temp\APNStub.exe
C:\Users\Karl\AppData\Local\Temp\HPQSi.exe
C:\Users\Karl\AppData\Local\Temp\ooxCP1..exe
C:\Users\Karl\AppData\Local\Temp\qtpxqyoydaulpouhkoyuguaxog.exe
C:\Users\Karl\AppData\Local\Temp\setup.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

12
Restore point made on: 2013-09-04 21:01:18
Restore point made on: 2013-09-12 22:43:58
Restore point made on: 2013-09-13 19:00:06
Restore point made on: 2013-09-14 14:48:28
Restore point made on: 2013-09-18 19:43:37
Restore point made on: 2013-09-24 21:38:53
Restore point made on: 2013-09-28 17:17:55
Restore point made on: 2013-10-01 19:58:56
Restore point made on: 2013-10-09 19:42:07
Restore point made on: 2013-10-11 09:12:19
Restore point made on: 2013-10-11 11:38:38
Restore point made on: 2013-10-15 20:43:42

==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 3000.27 MB
Available physical RAM: 2488.06 MB
Total Pagefile: 2998.54 MB
Available Pagefile: 2522.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.47 GB) (Free:247.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:5.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.82 GB) FAT32
Drive h: () (Removable) (Total:1.89 GB) (Free:1.88 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 3C5F7C9A)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: A76E3F50)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2013-10-12 09:41

==================== End Of Log ============================

schrauber · 23.10.2013, 17:21

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Karl\...\Winlogon: [Shell] explorer.exe,C:\Users\Karl\AppData\Roaming\Other.res [ 2013-08-29] () <==== ATTENTION 
C:\Users\Karl\AppData\Roaming\skype.ini
C:\Users\Karl\AppData\Roaming\skype.dat
C:\Users\Karl\AppData\Local\Temp\APNStub.exe
C:\Users\Karl\AppData\Local\Temp\HPQSi.exe
C:\Users\Karl\AppData\Local\Temp\ooxCP1..exe
C:\Users\Karl\AppData\Local\Temp\qtpxqyoydaulpouhkoyuguaxog.exe
C:\Users\Karl\AppData\Local\Temp\setup.exe
C:\Users\Karl\AppData\Roaming\Other.res

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Rechner normal starten.

spatz_66 · 24.10.2013, 08:18

Hallo Schrauber.

Danke für Deine Antwort.
Ich war ungeduldig und hatte in der Zwischenzeit Kapersky Rescue Disk 10 laufen lassen.
Dabei wurden einige Dateien entfernt - Windows startete wieder normal.

Ich habe natürlich trotzdem den Fix ausgeführt.
Anbei das Log.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-10-2013
Ran by SYSTEM at 2013-10-24 09:12:31 Run:1
Running from H:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Karl\...\Winlogon: [Shell] explorer.exe,C:\Users\Karl\AppData\Roaming\Other.res [ 2013-08-29] () <==== ATTENTION 
C:\Users\Karl\AppData\Roaming\skype.ini
C:\Users\Karl\AppData\Roaming\skype.dat
C:\Users\Karl\AppData\Local\Temp\APNStub.exe
C:\Users\Karl\AppData\Local\Temp\HPQSi.exe
C:\Users\Karl\AppData\Local\Temp\ooxCP1..exe
C:\Users\Karl\AppData\Local\Temp\qtpxqyoydaulpouhkoyuguaxog.exe
C:\Users\Karl\AppData\Local\Temp\setup.exe
C:\Users\Karl\AppData\Roaming\Other.res
*****************

HKU\Karl\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Karl\AppData\Roaming\skype.ini => Moved successfully.
"C:\Users\Karl\AppData\Roaming\skype.dat" => File/Directory not found.
C:\Users\Karl\AppData\Local\Temp\APNStub.exe => Moved successfully.
C:\Users\Karl\AppData\Local\Temp\HPQSi.exe => Moved successfully.
C:\Users\Karl\AppData\Local\Temp\ooxCP1..exe => Moved successfully.
"C:\Users\Karl\AppData\Local\Temp\qtpxqyoydaulpouhkoyuguaxog.exe" => File/Directory not found.
C:\Users\Karl\AppData\Local\Temp\setup.exe => Moved successfully.
"C:\Users\Karl\AppData\Roaming\Other.res" => File/Directory not found.

==== End of Fixlog ====

schrauber · 24.10.2013, 11:40

Kontrollscans im normalen Modus:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

spatz_66 · 24.10.2013, 13:56

Hallo Schrauber,

Hier die Logs:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.24.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Karl :: KARL-HP [Administrator]

24.10.2013 14:09:21
mbam-log-2013-10-24 (14-09-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219612
Laufzeit: 14 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

# AdwCleaner v3.010 - Bericht erstellt am 24/10/2013 um 14:28:32
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Karl - KARL-HP
# Gestartet von : D:\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Karl\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Karl\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\Karl\AppData\LocalLow\AskToolbar
Datei Gelöscht : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A5F2E68-7633-4E6D-84E9-F53E29678D9F}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A5F2E68-7633-4E6D-84E9-F53E29678D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Google Chrome v30.0.1599.101

[ Datei : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7685 octets] - [24/10/2013 14:25:22]
AdwCleaner[S0].txt - [7513 octets] - [24/10/2013 14:28:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7573 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:2)
OS: Windows 7 Home Premium x86
Ran by Karl on 24.10.2013 at 14:36:51,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{54071446-0061-44BC-B5B2-D5E6601958BD}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Karl\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.10.2013 at 14:40:29,07
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01
Ran by Karl (administrator) on KARL-HP on 24-10-2013 14:45:59
Running from D:\
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IDT, Inc.) C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe
(Andrea Electronics Corporation) C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MPF\MPFSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe
(McAfee, Inc.) C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files\A1\A1 Webassistent\A1Webassistent.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Dropbox, Inc.) C:\Users\Karl\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\windows\system32\prevhost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-29] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684776 2010-01-22] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM\...\Run: [QLBController] - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-01-28] (Hewlett-Packard Company)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Professional 6\pdfpro6hook.exe [1277952 2009-11-13] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF6 Registry Controller] - C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe [110880 2009-11-03] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [563736 2010-01-12] (PDF Complete Inc)
HKLM\...\Run: [Nuance PDF Reader-reminder] - C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM\...\Run: [NortonOnlineBackupReminder] - C:\Program Files\Symantec\Norton Online Backup\Activation\NOBuActivation.exe [3331944 2009-12-03] (Symantec Corporation)
HKLM\...\Run: [McAfee Managed Services Tray] - C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.Exe [476480 2010-02-17] (McAfee, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-09-24] (Apple Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [A1Webassistent] - C:\Program Files\A1\A1 Webassistent\A1Webassistent.exe [18977656 2012-02-08] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
HKLM\...\runonceex: [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-11-23] (Sonic Solutions)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [HPAdvisorDock] - C:\Program Files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1515576 2010-02-10] ()
MountPoints2: {6c02dfe6-1a8f-11e0-98a0-ab10ccfb95db} - D:\LaunchU3.exe -a
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [ 2010-02-10] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [ 2010-02-10] ()
Startup: C:\Users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Karl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.aon.at
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {80B7D2F3-3D57-4CF6-A8A6-3292946EC73F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {80B7D2F3-3D57-4CF6-A8A6-3292946EC73F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {80B7D2F3-3D57-4CF6-A8A6-3292946EC73F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100330203950.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt5.1.0.325.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.11 10.1.1.7

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Zeon Plus) - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (YouTube) - C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [120832 2009-10-15] (Hewlett-Packard)
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [265272 2010-01-28] (Hewlett-Packard Company)
R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe [222528 2009-08-07] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [170144 2010-02-04] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [141792 2010-02-08] (McAfee, Inc.)
R2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [893112 2009-05-09] (McAfee, Inc.)
R2 myAgtSvc; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [282824 2010-02-17] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2010-01-12] (PDF Complete Inc)
R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-11-03] (Nuance Communications, Inc.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe [229458 2010-01-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [95728 2010-02-08] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [152736 2010-02-08] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [51720 2010-02-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [385184 2010-02-08] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [83912 2010-02-08] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [160912 2010-02-08] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [130424 2009-04-09] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [73344 2010-01-30] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-24 14:40 - 2013-10-24 14:40 - 00001241 _____ C:\Users\Karl\Desktop\JRT.txt
2013-10-24 14:32 - 2013-10-24 14:32 - 00000000 ____D C:\windows\ERUNT
2013-10-24 14:25 - 2013-10-24 14:28 - 00000000 ____D C:\AdwCleaner
2013-10-23 18:36 - 2013-10-24 11:06 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-23 15:43 - 2013-10-23 15:43 - 00000000 ____D C:\FRST
2013-10-21 15:21 - 2013-10-21 15:26 - 00052346 _____ C:\windows\iis7.log
2013-10-21 15:11 - 2013-10-21 16:09 - 00000000 ____D C:\windows\pss
2013-10-11 12:43 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-11 12:43 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-11 12:43 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-11 12:43 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-11 12:43 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-11 12:43 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-11 12:43 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-11 12:43 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-11 12:43 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-11 12:43 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-11 12:43 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-11 12:43 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-11 12:43 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-11 12:43 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-11 12:43 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-11 12:43 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-10-11 10:31 - 2013-10-11 11:30 - 00029184 ____H C:\Users\Karl\Documents\~WRL2702.tmp
2013-10-11 10:31 - 2013-10-11 11:09 - 00027648 ____H C:\Users\Karl\Documents\~WRL3493.tmp
2013-10-11 10:31 - 2013-10-11 11:07 - 00027136 ____H C:\Users\Karl\Documents\~WRL3785.tmp
2013-10-11 10:31 - 2013-10-11 11:05 - 00027136 ____H C:\Users\Karl\Documents\~WRL0722.tmp
2013-10-11 10:31 - 2013-10-11 11:01 - 00026624 ____H C:\Users\Karl\Documents\~WRL1822.tmp
2013-10-11 10:31 - 2013-10-11 10:42 - 00025088 ____H C:\Users\Karl\Documents\~WRL2852.tmp
2013-10-11 10:31 - 2013-10-11 10:31 - 00024064 ____H C:\Users\Karl\Documents\~WRL1466.tmp
2013-10-11 10:17 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-10-11 10:17 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-11 10:17 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-10-11 10:17 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2013-10-11 10:17 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-11 10:17 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-11 10:17 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-10-11 10:17 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-10-11 10:17 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-11 10:17 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-10-11 10:17 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-11 10:17 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 10:17 - 2013-07-12 12:08 - 00146816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-11 10:17 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-11 10:17 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-10-11 10:17 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-10-11 10:17 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-11 10:17 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-10-11 10:17 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2013-10-11 10:17 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-11 10:17 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-11 10:17 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-11 10:17 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-11 10:17 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-11 10:17 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-11 10:17 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-11 10:17 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-09-29 18:47 - 2013-09-29 18:47 - 00572421 _____ C:\Users\Karl\Documents\mathe.zip

==================== One Month Modified Files and Folders =======

2013-10-24 14:45 - 2012-04-08 11:32 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-24 14:42 - 2009-07-14 06:34 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-24 14:42 - 2009-07-14 06:34 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-24 14:40 - 2013-10-24 14:40 - 00001241 _____ C:\Users\Karl\Desktop\JRT.txt
2013-10-24 14:40 - 2010-03-31 05:00 - 01594326 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-24 14:38 - 2010-05-28 14:13 - 01368782 _____ C:\windows\WindowsUpdate.log
2013-10-24 14:36 - 2013-02-16 17:47 - 00000000 ___RD C:\Users\Karl\Dropbox
2013-10-24 14:36 - 2013-02-16 17:44 - 00000000 ____D C:\Users\Karl\AppData\Roaming\Dropbox
2013-10-24 14:35 - 2012-09-12 20:26 - 00001090 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-24 14:35 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-24 14:35 - 2009-07-14 06:39 - 00218499 _____ C:\windows\setupact.log
2013-10-24 14:34 - 2010-03-31 05:40 - 00008553 _____ C:\windows\system32\Config.MPF
2013-10-24 14:32 - 2013-10-24 14:32 - 00000000 ____D C:\windows\ERUNT
2013-10-24 14:29 - 2010-03-31 05:47 - 00135418 _____ C:\windows\PFRO.log
2013-10-24 14:28 - 2013-10-24 14:25 - 00000000 ____D C:\AdwCleaner
2013-10-24 14:27 - 2012-09-12 20:26 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-24 11:06 - 2013-10-23 18:36 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-23 15:43 - 2013-10-23 15:43 - 00000000 ____D C:\FRST
2013-10-23 09:58 - 2013-04-18 14:54 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-23 09:58 - 2013-04-18 14:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-23 09:30 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-10-21 16:09 - 2013-10-21 15:11 - 00000000 ____D C:\windows\pss
2013-10-21 15:26 - 2013-10-21 15:21 - 00052346 _____ C:\windows\iis7.log
2013-10-21 15:26 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE
2013-10-21 15:21 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\inetsrv
2013-10-19 22:01 - 2012-04-22 10:20 - 00000254 _____ C:\windows\Tasks\HP Photo Creations Messager.job
2013-10-19 22:01 - 2010-11-01 12:34 - 00000000 ____D C:\Users\Karl\Documents\Karl
2013-10-19 21:31 - 2012-09-12 20:26 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-12 10:49 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-10-12 09:15 - 2013-02-16 17:47 - 00000976 _____ C:\Users\Karl\Desktop\Dropbox.lnk
2013-10-12 09:15 - 2013-02-16 17:44 - 00000000 ____D C:\Users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-11 17:58 - 2009-07-14 06:33 - 00456656 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-11 12:45 - 2013-07-31 12:42 - 00000000 ____D C:\windows\system32\MRT
2013-10-11 12:44 - 2012-01-22 15:39 - 78106760 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-11 12:11 - 2010-11-01 12:35 - 00000000 ____D C:\Users\Karl\Documents\Tanja
2013-10-11 11:30 - 2013-10-11 10:31 - 00029184 ____H C:\Users\Karl\Documents\~WRL2702.tmp
2013-10-11 11:09 - 2013-10-11 10:31 - 00027648 ____H C:\Users\Karl\Documents\~WRL3493.tmp
2013-10-11 11:07 - 2013-10-11 10:31 - 00027136 ____H C:\Users\Karl\Documents\~WRL3785.tmp
2013-10-11 11:05 - 2013-10-11 10:31 - 00027136 ____H C:\Users\Karl\Documents\~WRL0722.tmp
2013-10-11 11:01 - 2013-10-11 10:31 - 00026624 ____H C:\Users\Karl\Documents\~WRL1822.tmp
2013-10-11 10:42 - 2013-10-11 10:31 - 00025088 ____H C:\Users\Karl\Documents\~WRL2852.tmp
2013-10-11 10:31 - 2013-10-11 10:31 - 00024064 ____H C:\Users\Karl\Documents\~WRL1466.tmp
2013-10-09 20:45 - 2012-04-08 11:32 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-10-09 20:45 - 2012-04-08 11:32 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-29 18:47 - 2013-09-29 18:47 - 00572421 _____ C:\Users\Karl\Documents\mathe.zip

Some content of TEMP:
====================
C:\Users\Karl\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-12 10:41

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-10-2013 01
Ran by Karl at 2013-10-24 14:50:04
Running from D:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee® Total Protection™ Service (Disabled - Out of date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee® Total Protection™ Service (Disabled - Out of date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee® Total Protection™ Service (Disabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 6.1.2)
A1 Webassistent (Version: 4.2.0.168)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.1)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
aonFTP
aonFTP (Version: 1.0)
aonUpdate
aonUpdate (Version: 1.0)
Apple Application Support (Version: 1.3.2)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (Version: 2.1.3.127)
B010 (Version: 140.0.224.000)
Bonjour (Version: 2.0.3.0)
Broadcom 2070 Bluetooth 2.1 + EDR (Version: 6.2.1.1100)
BufferChm (Version: 140.0.212.000)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Cisco Systems VPN Client 5.0.06.0160 (Version: 5.0.6)
Compatibility Pack für 2007 Office System (Version: 12.0.6514.5001)
Corel Home Office - CS Templates (Version: 5.6)
Corel Home Office - CT Templates (Version: 5.6)
Corel Home Office - IPM (Version: 5.6)
Corel Home Office - JP Templates (Version: 5.6)
Corel Home Office - KR Templates (Version: 5.6)
Corel Home Office - Launcher (Version: 5.6)
Corel Home Office - Templates RU (Version: 5.6)
Corel Home Office - Templates1 (Version: 5.6)
Corel Home Office (Version: 5.0.85.588)
Corel Home Office (Version: 5.6)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
DirectX 9 Runtime (Version: 1.00.0000)
Dropbox (HKCU Version: 2.4.2)
Google Chrome (Version: 30.0.1599.101)
Google SketchUp 8 (Version: 3.0.4993)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.21.165)
GPBaseService2 (Version: 140.0.211.000)
Hotel Gigant
HP Advisor (Version: 3.4.10262.3295)
HP Customer Experience Enhancements (Version: 6.0.1.4)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (Version: 25.0.571.0)
HP Deskjet 3070 B611 series Hilfe (Version: 140.0.2.2)
HP ESU for Microsoft Windows 7 (Version: 1.1.1.1)
HP HotKey Support (Version: 3.5.14.1)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (Version: 1.0.0.5192)
HP Photosmart B010 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Setup (Version: 1.2.3557.3169)
HP Smart Web Printing 4.60 (Version: 4.60)
HP SoftPaq Download Manager (Version: 3.0.5.0)
HP Software Framework (Version: 3.5.17.1)
HP Software Setup (Version: 7.0.1.6)
HP Solution Center 14.0 (Version: 14.0)
HP Support Assistant (Version: 4.3.1.2)
HP Update (Version: 5.003.000.004)
HP User Guides 0190 (Version: 1.00.0000)
HP Web Camera (Version: 1.0.0)
HP Webcam (Version: 1.0.17.13)
HP Webcam Driver (Version: 6.1.7600.0028)
HP Wireless Assistant (Version: 3.50.10.1)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HPPhotoGadget (Version: 140.0.524.000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
IDT Audio (Version: 1.0.6268.0)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2057)
Intel® Matrix Storage Manager
iTunes (Version: 10.0.1.22)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Landwirtschafts Simulator 2011 (Version: 1.0)
LightScribe System Software (Version: 1.18.11.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 140.0.212.000)
McAfee Browser Protection Service (Version: 5.1.0.325)
McAfee Firewall Protection Service (Version: 5.1.0.325)
McAfee SiteAdvisor Enterprise Plus (Version: 3.0.0.479)
McAfee Virus and Spyware Protection Service (Version: 5.1.0.325)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Suite Activation Assistant (Version: 2.7)
Microsoft Office XP Professional mit FrontPage (Version: 10.0.2701.01)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
MORE! 2 Grammar Practice (Version: 1.2)
MORE! 2 Grammar Practice (Version: V1.2-AT)
MORE! 3 Grammar Practice (Version: 1.0)
MORE! 3 Grammar Practice (Version: V1.0-AT)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton Online Backup (Version: 2.0.0.34)
Nuance PDF Professional 6 (Version: 6.00.3205)
Nuance PDF Reader (Version: 6.00.0039)
PDF Complete Special Edition (Version: 3.5.116)
PS_AIO_07_B010_SW_Min (Version: 140.0.224.000)
QuickTime (Version: 7.68.75.0)
Realtek Ethernet Controller All-In-One Windows Driver (Version: 1.12.0011)
REALTEK Wireless LAN Software (Version: 1.00.10.0104)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.8.0)
Roxio Creator Business (Version: 10.3)
Roxio Creator Business v10 (Version: 3.8.0)
Roxio Creator Copy (Version: 3.8.0)
Roxio Creator Data (Version: 3.8.0)
Roxio Creator Tools (Version: 3.8.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio MyDVD (Version: 10.3.349)
Scan (Version: 140.0.80.000)
Scansoft PDF Professional
Shop for HP Supplies (Version: 14.0)
Skype™ 4.1 (Version: 4.1.179)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.213.000)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Status (Version: 140.0.214.000)
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (Version: 25.0.571.0)
Synaptics Pointing Device Driver (Version: 15.0.4.0)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Visual C++ 8.0 x86 Runtime Setup Package (Version: 1.0.0.0)
WebReg (Version: 140.0.212.017)
Windows 7 Default Setting (Version: 1.0.1.6)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414) (Version: 12/16/2009 6.2.0.9414)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
WinZip 12.0 (Version: 12.0.8252)

==================== Restore Points  =========================

12-09-2013 21:42:53 Windows Update
13-09-2013 17:59:00 Windows Update
14-09-2013 13:48:00 Windows Update
18-09-2013 18:43:12 Windows Update
24-09-2013 20:38:25 Windows Update
28-09-2013 16:17:25 Windows Update
01-10-2013 18:58:30 Windows Update
09-10-2013 18:41:52 Geplanter Prüfpunkt
11-10-2013 08:11:35 Windows Update
11-10-2013 10:38:28 Windows Update
15-10-2013 19:43:20 Windows Update
24-10-2013 12:10:40 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {14BE7CE7-41F2-470A-BB90-B40A78B51E5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)
Task: {48AE090E-7E77-465C-A406-87C996A72EDC} - System32\Tasks\{3F9B9A05-AEF3-41E2-A3EB-A6D93FE53608} => C:\Program Files\Landwirtschafts Simulator 2011\FarmingSimulator2011.exe [2011-01-18] (GIANTS Software GmbH)
Task: {555D2F4B-22AA-41E5-B6A6-2381D0C35008} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {5C6C94B7-4FDB-4B43-801F-4D1C35E6E908} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)
Task: {6388885B-5549-4ADD-9DE8-37ED5FBB0081} - System32\Tasks\{4B7034D0-BFC7-4370-A3EB-02B4FC04AF99} => C:\Program Files\Landwirtschafts Simulator 2011\FarmingSimulator2011.exe [2011-01-18] (GIANTS Software GmbH)
Task: {929524F2-82D3-40EB-BB75-3377E34C2CD3} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {B0AABE38-4841-400D-83E1-14CFA0D1B770} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-11-11] (Hewlett-Packard)
Task: {B96B9749-156A-4345-A1E0-D7728D5933BF} - System32\Tasks\{B46BD423-1381-41F6-926C-74B4F166E59B} => C:\Program Files\Landwirtschafts Simulator 2011\FarmingSimulator2011.exe [2011-01-18] (GIANTS Software GmbH)
Task: {CC49C4C4-4B37-46EF-A8F7-A9DA7683D99C} - System32\Tasks\{4A4D7F57-BD8F-4838-A2A7-113AD895C646} => C:\Program Files\Landwirtschafts Simulator 2011\FarmingSimulator2011.exe [2011-01-18] (GIANTS Software GmbH)
Task: {D9A7C394-7F55-420A-82DD-248E8A639C67} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {EED3AF87-D9F1-408A-84DB-8FB9D9679B2B} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-11-11] (Hewlett-Packard)
Task: {F02B2013-1E74-4571-936A-5DE1EB03309B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {F6DA92A6-0A4C-46B9-BD76-DAEEE5460F9F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F88C1C73-2FBE-4188-AA6E-965E80FCB6B6} - System32\Tasks\{B8AC732D-9FCF-47BC-9EC2-54ED4A6FF707} => C:\Program Files\Landwirtschafts Simulator 2011\FarmingSimulator2011.exe [2011-01-18] (GIANTS Software GmbH)
Task: {FE4E07EF-62D4-4A0C-806B-1E68B8C33BC7} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2010-08-10 00:01 - 2010-08-10 00:01 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2010-01-22 19:29 - 2010-01-22 19:29 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2010-01-22 19:30 - 2010-01-22 19:30 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2010-01-22 19:29 - 2010-01-22 19:29 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-12-29 22:31 - 2009-12-29 22:31 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Karl\AppData\Roaming\Dropbox\bin\libcef.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00061440 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00131072 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00018944 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00007680 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: McAfee Inc. mfewfpk
Description: McAfee Inc. mfewfpk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mfewfpk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 3000.27 MB
Available physical RAM: 1904.93 MB
Total Pagefile: 5998.82 MB
Available Pagefile: 4741.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.47 GB) (Free:248.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Removable) (Total:1.89 GB) (Free:1.88 GB) FAT
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.82 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 3C5F7C9A)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: A76E3F50)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

schrauber · 25.10.2013, 08:42

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Win7 fährt im abgesicherten Modus sofort herunter

Log-Analyse und Auswertung: Win7 fährt im abgesicherten Modus sofort herunter