Windows Vista: Polizei Virus/Trojaner

squirrel22 · 29.10.2013, 14:25

Hallo!

Ich habe mir gestern den Polizei Virus eingefangen (Österr. Version)
Mein erster Schritt war, mit der Kaspersky Rescue Disk und dem Windowsunlocker
wieder Zugriff auf meinen Laptop zu erhalten.
Dann habe ich den AdwCleaner drüber laufen lassen und
anschließend die relevanten Scans wie hier im Forum empfohlen ebenfalls laufen lassen. Gmer scheint noch etwas zu finden.
Weitere verdächtige Files bereits isoliert:
lf8mqr8z0.reg 1kb
lf8mqr8z0.pss 61kb
lf8mqr8z0.fvv 0kb
lf8mqr8z0.bxx 92.799 kb
0z8rqm8fl.dss 136kb

Bitte um Eure Hilfe! Vielen Dank im voraus,
anbei die einzelnen LogFiles:

Code:

ATTFilter

# AdwCleaner v3.010 - Bericht erstellt am 29/10/2013 um 10:58:03
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : admin - *****-MOBIL2
# Gestartet von : F:\rescue\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\Uniblue\DriverScanner
[!] Ordner Gelöscht : C:\Users\admin\AppData\Local\OpenCandy
[!] Ordner Gelöscht : C:\Users\admin\AppData\Roaming\OpenCandy
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\aqf28n1b.default\.autoreg

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Uniblue\DriverScanner

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16457


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5yp4lv7.default\prefs.js ]


[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\aqf28n1b.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3305 octets] - [29/10/2013 10:52:04]
AdwCleaner[S0].txt - [2691 octets] - [29/10/2013 10:58:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2751 octets] ##########

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:13 on 29/10/2013 (admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by admin (administrator) on ******-MOBIL2 on 29-10-2013 11:18:39
Running from F:\rescue
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Hewlett-Packard Corporation) C:\Windows\system32\Hpservice.exe
(Validity Sensors, Inc.) C:\Windows\system32\vfsFPService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Windows\system32\WTablet\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [441344 2008-08-05] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1561384 2008-07-17] (Synaptics, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [MacDrive 9 application] - C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe [509952 2013-02-19] (Mediafour Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [] - [x]
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1814440 2013-09-21] (Valve Corporation)
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1084840 2012-05-16] (Nokia)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKCU\...\Run: [HP Deskjet 3070 B611 series (NET)] - C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
MountPoints2: {8981533e-25d8-11e3-b492-00247e40ce9b} - G:\LaunchU3.exe -a
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-06] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [TVAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [206120 2008-09-24] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-09-25] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-05-26] (Apple Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [hpWirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [DVDAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DpAgent] - C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe [814144 2008-07-14] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-09-25] (CyberLink)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2009-03-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [40376 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [640440 2010-09-22] (Adobe Systems Inc.)
HKU\Buchhaltung\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Pavilion&pf=cnnb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6796FEE5-2792-4E17-A635-8255B021D84A} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKLM - {6796FEE5-2792-4E17-A635-8255B021D84A} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKLM - {84F73379-8BFA-44E6-82B4-603FEA480A2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {A2ED3E4A-3283-4805-BBFA-D4115EDBA85F} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM-x32 - {6796FEE5-2792-4E17-A635-8255B021D84A} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKLM-x32 - {84F73379-8BFA-44E6-82B4-603FEA480A2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 - {A2ED3E4A-3283-4805-BBFA-D4115EDBA85F} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - {4B985E42-B6D8-48B8-8A20-7F2988C99231} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {6796FEE5-2792-4E17-A635-8255B021D84A} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKCU - {84F73379-8BFA-44E6-82B4-603FEA480A2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {A2ED3E4A-3283-4805-BBFA-D4115EDBA85F} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5yp4lv7.default
FF Homepage: hxxp://www.orf.at/
FF NetworkProxy: "type", 0
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5yp4lv7.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: defaults - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5yp4lv7.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFF
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe [89088 2008-06-26] (Andrea Electronics Corporation)
R2 MacDrive9Service; C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe [180736 2013-02-19] (Mediafour Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe [251904 2008-08-05] (IDT, Inc.)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [6245744 2010-03-08] (Wacom Technology, Corp.)
R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-09-24] ()
R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-09-24] ()
R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [719152 2008-09-16] (Validity Sensors, Inc.)
R2 vfsFPService; C:\Windows\SysWow64\vfsFPService.exe [599344 2008-09-16] (Validity Sensors, Inc.)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [58496 2008-01-21] (Microsoft Corporation)
S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2009-09-27] ()
S1 Aspi32; C:\Windows\SysWow64\Drivers\Aspi32.sys [25244 2009-10-05] (Adaptec)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-09-27] ()
R3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [306560 2008-06-10] (AVerMedia TECHNOLOGIES, Inc.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [70344 2011-05-06] (EldoS Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-01] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-01] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131024.001\IDSvia64.sys [521816 2013-10-24] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-09-27] ()
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [323208 2013-01-24] (Mediafour Corporation)
R0 MDPMGRNT; C:\Windows\System32\DRIVERS\MDPMGRNT.SYS [41680 2012-11-28] (Mediafour Corporation)
R0 MDRAID; C:\Windows\System32\DRIVERS\MDRAID.sys [187120 2012-11-28] (Mediafour Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131024.007\ENG64.SYS [126040 2013-10-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131024.007\EX64.SYS [2099288 2013-10-24] (Symantec Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S3 SxSmemcd; C:\Windows\System32\DRIVERS\SxSmemcd.sys [57856 2007-07-25] (Sony Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-08] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMTDIV.SYS [457304 2013-04-25] (Symantec Corporation)
R3 vfs101a; C:\Windows\System32\drivers\vfs101a.sys [49968 2008-09-16] (Validity Sensors, Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
U4 eabfiltr; 
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SYMDNS; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMDNS.SYS [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
S3 SYMREDRV; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMREDRV.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-29 11:13 - 2013-10-29 11:13 - 00000000 _____ C:\Users\admin\defogger_reenable
2013-10-29 11:10 - 2013-10-29 11:14 - 00000000 ____D C:\Users\admin\Documents\Anti_vir_scan2910
2013-10-29 11:09 - 2013-10-29 11:09 - 00000000 ____D C:\FRST
2013-10-29 10:51 - 2013-10-29 11:07 - 00000000 ____D C:\AdwCleaner
2013-10-29 02:26 - 2013-10-29 03:27 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-29 00:07 - 2013-10-29 00:29 - 00000291 _____ C:\ProgramData\lf8mqr8z0.reg
2013-10-29 00:06 - 2013-10-29 00:29 - 95025368 ____T C:\ProgramData\lf8mqr8z0.bxx
2013-10-29 00:06 - 2013-10-29 00:29 - 00000000 _____ C:\ProgramData\lf8mqr8z0.fvv
2013-10-29 00:06 - 2013-10-29 00:06 - 00139264 _____ (Sekizenkan Company) C:\ProgramData\0z8rqm8fl.dss
2013-10-29 00:06 - 2013-10-29 00:06 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\lf8mqr8z0.pss
2013-10-22 21:06 - 2013-10-22 21:07 - 00000000 ____D C:\Users\admin\Documents\tramticket
2013-10-14 00:23 - 2013-10-14 00:23 - 00042137 _____ C:\Users\admin\Downloads\flm303-class01.mp4.G62FG56TD1XI.torrent

==================== One Month Modified Files and Folders =======

2013-10-29 11:14 - 2013-10-29 11:10 - 00000000 ____D C:\Users\admin\Documents\Anti_vir_scan2910
2013-10-29 11:13 - 2013-10-29 11:13 - 00000000 _____ C:\Users\admin\defogger_reenable
2013-10-29 11:13 - 2009-06-09 17:42 - 00000000 ____D C:\Users\admin
2013-10-29 11:09 - 2013-10-29 11:09 - 00000000 ____D C:\FRST
2013-10-29 11:08 - 2012-01-26 18:17 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-29 11:07 - 2013-10-29 10:51 - 00000000 ____D C:\AdwCleaner
2013-10-29 11:07 - 2012-12-20 00:11 - 00000000 ____D C:\Users\admin\AppData\Roaming\Dropbox
2013-10-29 11:07 - 2009-03-19 03:33 - 01145854 _____ C:\Windows\WindowsUpdate.log
2013-10-29 11:06 - 2010-09-11 10:38 - 00000000 ____D C:\Users\admin\AppData\Roaming\WTablet
2013-10-29 11:00 - 2011-10-20 11:13 - 00000000 ____D C:\ProgramData\Uniblue
2013-10-29 11:00 - 2006-11-02 16:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 11:00 - 2006-11-02 16:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 11:00 - 2006-11-02 16:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 10:58 - 2009-03-19 03:33 - 00003204 _____ C:\Windows\bthservsdp.dat
2013-10-29 10:58 - 2006-11-02 16:42 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-29 10:54 - 2008-10-27 09:30 - 00673502 _____ C:\Windows\system32\perfh007.dat
2013-10-29 10:54 - 2008-10-27 09:30 - 00145482 _____ C:\Windows\system32\perfc007.dat
2013-10-29 10:54 - 2006-11-02 13:46 - 01565124 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-29 10:47 - 2012-11-07 15:17 - 00007916 _____ C:\Users\admin\AppData\Local\d3d9caps.dat
2013-10-29 03:27 - 2013-10-29 02:26 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-29 01:14 - 2006-11-02 16:21 - 05028400 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-29 00:42 - 2012-08-31 16:42 - 00000000 ____D C:\Windows\pss
2013-10-29 00:42 - 2009-06-09 17:47 - 00000000 ___RD C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-29 00:29 - 2013-10-29 00:07 - 00000291 _____ C:\ProgramData\lf8mqr8z0.reg
2013-10-29 00:29 - 2013-10-29 00:06 - 95025368 ____T C:\ProgramData\lf8mqr8z0.bxx
2013-10-29 00:29 - 2013-10-29 00:06 - 00000000 _____ C:\ProgramData\lf8mqr8z0.fvv
2013-10-29 00:09 - 2013-09-02 11:56 - 00010180 _____ C:\Windows\PFRO.log
2013-10-29 00:06 - 2013-10-29 00:06 - 00139264 _____ (Sekizenkan Company) C:\ProgramData\0z8rqm8fl.dss
2013-10-29 00:06 - 2013-10-29 00:06 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\lf8mqr8z0.pss
2013-10-28 23:53 - 2009-06-14 16:38 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2013-10-28 23:52 - 2012-11-11 02:11 - 00000000 ____D C:\Users\admin\AppData\Local\Firestorm
2013-10-28 19:49 - 2012-02-03 14:37 - 00002413 _____ C:\Users\Public\Desktop\Skype.lnk
2013-10-28 12:58 - 2011-10-20 11:12 - 00000000 ____D C:\Users\admin\AppData\Roaming\Winamp
2013-10-28 12:43 - 2009-06-15 11:54 - 00000000 ____D C:\Projects
2013-10-27 17:49 - 2013-03-22 18:24 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-24 11:52 - 2012-12-20 00:17 - 00000000 ___RD C:\Users\admin\Dropbox
2013-10-24 11:39 - 2012-10-22 14:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-22 21:07 - 2013-10-22 21:06 - 00000000 ____D C:\Users\admin\Documents\tramticket
2013-10-22 21:05 - 2013-09-27 16:06 - 00001430 _____ C:\Windows\setupact.log
2013-10-22 00:04 - 2011-02-15 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-21 10:26 - 2012-05-09 15:18 - 00000000 ____D C:\Users\admin\Documents\screeno_Buchhaltung
2013-10-21 09:58 - 2012-07-18 10:39 - 00000000 ____D C:\Users\Public\HBPData
2013-10-21 09:58 - 2012-07-18 10:39 - 00000000 ____D C:\Program Files (x86)\HBP
2013-10-20 19:59 - 2012-08-13 05:22 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForadmin
2013-10-20 19:59 - 2012-08-13 05:22 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForadmin.job
2013-10-17 01:08 - 2011-04-26 14:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2013-10-14 00:23 - 2013-10-14 00:23 - 00042137 _____ C:\Users\admin\Downloads\flm303-class01.mp4.G62FG56TD1XI.torrent

Files to move or delete:
====================
C:\Users\admin\AppData\Roaming\skype.ini
C:\ProgramData\0z8rqm8fl.dss
C:\ProgramData\lf8mqr8z0.reg


Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\~tmf1117433543836776269.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-29 11:12

==================== End Of Log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-10-2013
Ran by admin at 2013-10-29 11:19:11
Running from F:\rescue
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

µTorrent (x32 Version: 2.2.1)
3100_3200_3300_Help (x32 Version: 82.0.242.000)
3100_3200_3300trb (x32 Version: 82.0.242.000)
3200 (x32 Version: 82.0.242.000)
64 Bit HP CIO Components Installer (Version: 1.0.0)
7-Zip 9.20 (x32)
ACID Pro 7.0 (x32 Version: 7.0.653)
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.2.443)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0)
Activation Assistant for the 2007 Microsoft Office suites (x32)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.4.6)
Adobe Acrobat 9.4.6 - CPSID_83708 (x32)
Adobe After Effects CS4 (x32 Version: 9)
Adobe After Effects CS4 Presets (x32 Version: 9)
Adobe After Effects CS4 Template Projects & Footage (x32 Version: 9)
Adobe After Effects CS4 Third Party Content (x32 Version: 9)
Adobe AIR (x32 Version: 3.4.0.2710)
Adobe Anchor Service CS4 (x32 Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Bridge CS4 (x32 Version: 3)
Adobe CMaps CS4 (x32 Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0)
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0)
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color Video Profiles AE CS4 (x32 Version: 2.0)
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)
Adobe Community Help (x32 Version: 3.5.23)
Adobe ConnectNow Add-in (HKCU)
Adobe Contribute CS4 (x32 Version: 5.0)
Adobe Creative Suite 4 Master Collection (x32 Version: 4.0)
Adobe Creative Suite 5 Master Collection (x32 Version: 5.0)
Adobe CS4 American English Speech Analysis Models (x32 Version: 1)
Adobe CS4 French Speech Analysis Models (x32 Version: 1)
Adobe CS4 German Speech Analysis Models (x32 Version: 1)
Adobe CS4 International English Speech Analysis Models (x32 Version: 1)
Adobe CS4 Italian Speech Analysis Models (x32 Version: 1)
Adobe CS4 Japanese Speech Analysis Models (x32 Version: 1)
Adobe CS4 Korean Speech Analysis Models (x32 Version: 1)
Adobe CS4 Spanish Speech Analysis Models (x32 Version: 1)
Adobe CSI CS4 (x32 Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (x32 Version: 2.0)
Adobe Device Central CS4 (x32 Version: 2)
Adobe Dreamweaver CS4 (x32 Version: 10.0)
Adobe Drive CS4 x64 (Version: 1)
Adobe Dynamiclink Support (x32 Version: 1)
Adobe Encore CS4 (x32 Version: 4)
Adobe Encore CS4 Codecs (x32 Version: 4)
Adobe Encore CS4 Library (x32 Version: 4)
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0)
Adobe Extension Manager CS4 (x32 Version: 2.0)
Adobe Flash CS4 (x32 Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (x32 Version: 3.0)
Adobe Flash CS4 STI-en (x32 Version: 10.0)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.2.54)
Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.171)
Adobe Fonts All (x32 Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Illustrator CS4 (x32 Version: 14.0)
Adobe Linguistics CS4 (x32 Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Encoder CS4 (x32 Version: 1.0)
Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0)
Adobe Media Encoder CS4 Dolby (x32 Version: 1.0)
Adobe Media Encoder CS4 Exporter (x32 Version: 1.0)
Adobe Media Encoder CS4 Importer (x32 Version: 1.0)
Adobe Media Player (x32 Version: 1.8)
Adobe MotionPicture Color Files CS4 (x32 Version: 2.0)
Adobe OnLocation CS4 (x32 Version: 4)
Adobe Output Module (x32 Version: 2.0)
Adobe PDF Library Files CS4 (x32 Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (x32 Version: 11.0)
Adobe Photoshop CS4 Support (x32 Version: 11.0)
Adobe Premiere Pro CS4 (x32 Version: 4)
Adobe Premiere Pro CS4 Functional Content (x32 Version: 4)
Adobe Premiere Pro CS4 Third Party Content (x32 Version: 4)
Adobe Reader 9.1 - Deutsch (x32 Version: 9.1.0)
Adobe Search for Help (x32 Version: 1.0)
Adobe Service Manager Extension (x32 Version: 1.0)
Adobe Setup (x32 Version: 2.0)
Adobe Soundbooth CS4 (x32 Version: 2)
Adobe Soundbooth CS4 Codecs (x32 Version: 2)
Adobe Type Support CS4 (x32 Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (x32 Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (x32 Version: 2.0)
AdobeColorCommonSetCMYK (x32 Version: 2.0)
AdobeColorCommonSetRGB (x32 Version: 2.0)
AIO_CDB_ProductContext (x32 Version: 82.0.242.000)
AIO_CDB_Software (x32 Version: 82.0.242.000)
AIO_CDB_ToolboxIni64 (Version: 82.0.242.000)
AIO_Scan (x32 Version: 82.0.173.000)
AOL Toolbar 5.0 (x32 Version: 5.2.78.2)
Apple Software Update (x32 Version: 2.1.1.116)
Assassin's Creed (x32 Version: 1.02)
Auslogics Disk Defrag (x32 Version: version 3.4)
AVerMedia A309 (MiniCard, DVB-T) 1.0.64.45 (x32 Version: 1.0.64.45)
Avid EDL Manager (x32 Version: 27.5.2)
Avid FilmScribe (x32 Version: 27.5.2)
Avid Log Exchange (x32 Version: 27.5.2)
Avid Media Composer (x32 Version: 5.5.2)
Avid MediaLog (x32 Version: 27.5.2)
Bejeweled® 3 (x32 Version: 1.1.13.4753)
BufferChm (x32 Version: 82.0.173.000)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.7.0.4)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.3.9)
Canon MOV Decoder (x32 Version: 1.4.0.15)
Canon MOV Encoder (x32 Version: 1.2.0.10)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.3.0.15)
Canon Utilities CameraWindow (x32 Version: 7.3.0.4)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (x32 Version: 6.5.0.3)
Canon Utilities Digital Photo Professional 3.7 (x32 Version: 3.7.1.1)
Canon Utilities EOS Utility (x32 Version: 2.7.0.2)
Canon Utilities MyCamera (x32 Version: 7.3.0.5)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities Picture Style Editor (x32 Version: 1.6.0.0)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (x32 Version: 1.8.0.1)
Canon Utilities WFT-E1/E2/E3/E4/E5 Utility (x32 Version: 3.4.0.2)
Canon Utilities ZoomBrowser EX (x32 Version: 6.4.1.11)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.2.2.11)
CCleaner (Version: 3.19)
CINEMA 4D 11.514 (Version: 11.514)
CINEMA 4D 12.048 (Version: 12.048)
CINEMA 4D 13.061 (Version: 13.061)
CINEMA 4D 14.041 (Version: 14.041)
CINEMA 4D Demo 11.514 (Version: 11.514)
CINEMA 4D Demo 12.021 (Version: 12.021)
CINEMA 4D Release 11 (x32)
CINEMA 4D Release 11 Architecture Extension Kit (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.4518.1014)
Connect (x32 Version: 1.0.0.1)
Copy (x32 Version: 82.0.188.000)
CustomerResearchQFolder (x32 Version: 1.00.0000)
CyberLink DVD Suite (x32 Version: 6.0.2203)
Destinations (x32 Version: 82.0.173.000)
DeviceManagementQFolder (x32 Version: 1.00.0000)
Diablo II (HKCU)
Diablo II (x32)
DigitalPersona Personal 3.1.0 (Version: 3.1.0.3276)
DocProc (x32 Version: 8.1.0.0)
DocProcQFolder (x32 Version: 1.00.0000)
Dropbox (HKCU Version: 2.0.22)
ESU for Microsoft Vista (x32 Version: 1.0.0)
eSupportQFolder (x32 Version: 1.00.0000)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Fallout 3 (x32 Version: 1.00.0000)
Fax (x32 Version: 82.0.188.000)
Firestorm-Release (remove only) (x32 Version: 4.4.2.34167)
Free RAR Extract Frog (x32 Version: 1.80)
Gothic 3 (x32 Version: 1.0.0)
GoToMeeting 5.5.0.1132 (HKCU Version: 5.5.0.1132)
HBP (C:\Program Files (x86)\HBP) (x32 Version: )
HP Customer Experience Enhancements (x32 Version: 6.0.1.3)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (Version: 25.0.571.0)
HP Deskjet 3070 B611 series Hilfe (x32 Version: 140.0.2.2)
HP Doc Viewer (x32 Version: 1.01.0005)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Integrated Module with Bluetooth wireless technology 6.0.1.6204 (Version: 6.0.1.6204)
HP MediaSmart DVD (x32 Version: 2.0.2126)
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2125)
HP MediaSmart SmartMenu (Version: 2.0.8)
HP MediaSmart TV (x32 Version: 2.0.0924)
HP MediaSmart Webcam (x32 Version: 2.0.0926)
HP OCR Software 8.0 (Version: 8.0)
HP Photosmart Essential (x32 Version: 1.12.0.46)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0)
HP Quick Launch Buttons (x32 Version: 6.50.13.1)
HP Solution Center 8.0 (Version: 8.0)
HP Total Care Advisor (x32 Version: 2.4.4821.2785)
HP Update (x32 Version: 4.000.009.002)
HP User Guides 0115 (x32 Version: 1.04.0000)
HP Wireless Assistant (x32 Version: 3.00 K2)
HPProductAssistant (x32 Version: 82.0.173.000)
HPSSupply (x32 Version: 2.1.3.0000)
HPTCSSetup (x32 Version: 1.1.1963.2799)
IDT Audio (x32 Version: 1.0.6047.5)
inSSIDer 3 (x32 Version: 3.0.6.42)
Interlok driver setup x64 (Version: 5.9.0)
Java Auto Updater (x32 Version: 2.1.6.0)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
Java(TM) 6 Update 7 (x32 Version: 1.6.0.70)
Java(TM) 7 Update 5 (x32 Version: 7.0.50)
JavaFX 2.1.1 (x32 Version: 2.1.1)
JMicron JMB38X Flash Media Controller (x32 Version: 1.00.18.07)
Keying Suite 64-bit (Version: 11.0.1)
Keying Suite 64-bit (x32 Version: 11.0.1)
kuler (x32 Version: 2.0)
LabelPrint (x32 Version: 2.5.0926)
LightScribe System Software  1.14.17.1 (x32 Version: 1.14.17.1)
MacDrive 9 Pro (Version: 9.0.6.4)
Magic Bullet Colorista II 64 Bit (Version: 1.0.1)
Magic Bullet Colorista II 64 Bit (x32 Version: 1.0.1)
MarketResearch (x32 Version: 82.0.174.000)
Mastering Effects Bundle 2 for Sound Forge Pro (x32 Version: 2.00)
MetaSync (x32 Version: 27.5.2)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Games for Windows - LIVE (x32 Version: 3.0.89.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.0.19.0)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.4518.1014)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.6361.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
mIRC (x32 Version: 7.29)
mocha Pro V3.0.2-5102 (Version: 3.02.5102)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVC80_x64 (Version: 1.0.1.0)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86 (x32 Version: 1.0.1.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
muvee Reveal (x32 Version: 7.0.35.6951)
My HP Games (x32 Version: 1.0.0.62)
NetDeviceManager64 (Version: 82.0.173.000)
Nexus Mod Manager (Version: 0.13.1)
NirSoft Wireless Network Watcher (x32)
Noise Reduction Plug-in 2.0i (x32 Version: 2.0.455)
Nokia Connectivity Cable Driver (x32 Version: 7.1.78.0)
Nokia Map Loader (x32 Version: 3.0.22)
Nokia PC Suite (x32 Version: 7.1.51.0)
Nokia Software Updater (x32 Version: 02.06.001.43673)
Nokia Suite (x32 Version: 3.4.49.0)
Norton Internet Security (x32 Version: 20.4.0.40)
Notepad++ (x32 Version: 5.9.2)
Nuke 6.2v1
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33)
NVIDIA 3D Vision Controller-Treiber 302.59 (Version: 302.59)
NVIDIA Grafiktreiber 302.59 (Version: 302.59)
NVIDIA HD-Audiotreiber 1.3.15.0 (Version: 1.3.15.0)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213)
NVIDIA Systemsteuerung 302.59 (Version: 302.59)
Origin (x32 Version: 9.1.10.2728)
PC Connectivity Solution (x32 Version: 12.0.17.0)
PDF Settings CS4 (x32 Version: 9.0)
PDF Settings CS5 (x32 Version: 10.0)
Pegasus Mail (x32)
PhotoNow! (x32 Version: 1.1.5615)
Photoshop Camera Raw (x32 Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Pidgin (x32 Version: 2.10.4)
Pixel Bender Toolkit (x32 Version: 1.0)
Power2Go (x32 Version: 6.0.2202)
PowerDirector (x32 Version: 7.0.2201)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.11)
ProtectSmart Hard Drive Protection (Version: 3.10.1.7)
PVSonyDll (Version: 1.00.0001)
PxMergeModule (x32 Version: 1.00.0000)
QLBCASL (x32 Version: 6.40.17.2)
QuickTime (x32 Version: 7.62.14.0)
Realtek 8169 8168 8101E 8102E Ethernet Driver (x32 Version: 1.00.0000)
Scan (x32 Version: 8.1.0.0)
SecondLifeViewer (remove only) (x32)
Sentinel Protection Installer 7.4.0 (x32 Version: 7.4.0)
Shot Designer (x32 Version: 1.1.78)
SimCity™ (x32 Version: 1.0.0.0)
Skype™ 5.5 (x32 Version: 5.5.124)
SolutionCenter (x32 Version: 82.0.188.000)
Sony CD Architect 5.2 (x32 Version: 5.2.240)
Sony Noise Reduction Plug-In 2.0h (x32 Version: 2.0.451)
Sony Sound Forge 9.0 (x32 Version: 9.0.441)
Sound Forge Pro 10.0 (x32 Version: 10.0.474)
SPORE Creature Creator Trial Edition (x32 Version: 1.00.0000)
StarCraft II (x32 Version: 2.0.11.26825)
Status (x32 Version: 82.0.173.000)
Steam (x32 Version: 1.0.0.0)
Subtitle Workshop 2.51 (x32)
Suite Shared Configuration CS4 (x32 Version: 1.0)
SuperMailer 5.10 (x32)
Synaptics Pointing Device Driver (Version: 11.2.0.0)
SynthEyes (x32 Version: 8.0.1007)
System Requirements Lab for Intel (x32 Version: 4.5.9.0)
The Elder Scrolls V: Skyrim (x32)
Toolbox (x32 Version: 82.0.173.000)
Trapcode Particular v2 (x32)
Trapcode Suite 64-bit (Version: 11.0.2)
Trapcode Suite 64-bit (x32 Version: 11.0.2)
TrayApp (x32 Version: 82.0.188.000)
TURBULENCE.4D R11.5 Beta2p1 (x32 Version: Beta2p1)
TurbulenceRuntime (x32 Version: 1.0.0)
UnloadSupport (x32 Version: 1.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Validity Sensors software (Version: 2.7.500)
VLC media player 2.0.2 (Version: 2.0.2)
Wacom Tablett (x32)
WebReg (x32 Version: 82.0.173.000)
Winamp (x32 Version: 5.621 )
WinDirStat 1.1.2 (HKCU)
Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (Version: 09/04/2008 2.6.0.0)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Xilisoft HD Video Converter 6 (x32 Version: 6.6.0.0623)

==================== Restore Points  =========================

13-09-2013 11:03:05 Geplanter Prüfpunkt
15-09-2013 17:51:31 Geplanter Prüfpunkt
19-09-2013 15:43:59 Geplanter Prüfpunkt
20-09-2013 19:06:39 Geplanter Prüfpunkt
22-09-2013 12:55:55 Geplanter Prüfpunkt
24-09-2013 12:28:00 Geplanter Prüfpunkt
25-09-2013 12:59:55 Geplanter Prüfpunkt
26-09-2013 22:00:04 Geplanter Prüfpunkt
19-10-2013 11:20:20 Geplanter Prüfpunkt
20-10-2013 15:45:17 Geplanter Prüfpunkt
21-10-2013 10:06:42 Geplanter Prüfpunkt
22-10-2013 15:27:32 Geplanter Prüfpunkt
23-10-2013 11:56:03 Geplanter Prüfpunkt
25-10-2013 17:40:13 Geplanter Prüfpunkt
27-10-2013 18:27:27 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1B8C6AB4-8A8B-49B5-99FE-81944667ABDA} - System32\Tasks\{2B97425E-AED1-45A4-AD15-B18C4A9D7118} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2863705F-3D7A-4BF8-BC48-53C842C08E26} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {35A987B7-7B7A-43BC-A33D-F3A392DE49BD} - System32\Tasks\AdobeAAMUpdater-1.0-screeno-mobil2-admin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {779776FC-886B-43BB-94DB-0D5D7E9C7B30} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {80E2B48D-C033-4877-9A2F-9E053941068E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {80EFB117-0BF8-4480-B3C3-DCE7510564FE} - System32\Tasks\Microsoft\Windows\RestartManager\{2E89C2F9-3D25-4787-B4E9-D1648DF1E5A8} => C:\Windows\System32\RmClient.exe [2006-11-02] (Microsoft Corporation)
Task: {9F7F5D91-248E-45D5-B326-D06CE2617B65} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-24] (Microsoft Corporation)
Task: {B11FE2B7-24E2-44AC-9B28-3648F7CE0D17} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe [2008-01-21] (Microsoft Corporation)
Task: {D500FC6A-C483-4366-A1DA-5FD8EDB9CB53} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-04] (Symantec Corporation)
Task: {E85C8387-FFBA-4A68-9502-35F371F13DEF} - System32\Tasks\HPCeeScheduleForadmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\HPCeeScheduleForadmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-02-09 01:56 - 2011-02-09 01:56 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2008-06-19 13:59 - 2008-06-19 13:59 - 00167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2008-09-24 18:07 - 2008-09-24 18:07 - 00074536 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus64.dll
2008-10-27 02:45 - 2008-10-06 09:54 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
2008-09-24 18:08 - 2008-09-24 18:08 - 00267656 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
2008-09-24 18:08 - 2008-09-24 18:08 - 00038184 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
2013-06-19 00:41 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 08506280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 02353576 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 01013672 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00363944 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 02480552 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 01346472 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00205736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 02652584 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00032680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00035240 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00206760 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 11166120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00276392 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2012-05-16 12:46 - 2012-05-16 12:46 - 00391056 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2012-05-16 12:46 - 2012-05-16 12:46 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2012-05-16 14:44 - 2012-05-16 14:44 - 00437672 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00445864 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00520104 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00720296 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2012-05-16 14:44 - 2012-05-16 14:44 - 00604072 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2012-05-16 12:45 - 2012-05-16 12:45 - 00110080 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
2007-07-12 13:55 - 2007-07-12 13:55 - 01581056 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2007-08-14 13:59 - 2007-08-14 13:59 - 06365184 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2007-07-12 13:55 - 2007-07-12 13:55 - 00131072 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\admin\AppData\Roaming\Dropbox\bin\libcef.dll
2008-09-24 18:08 - 2008-09-24 18:08 - 00349480 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll
2008-09-25 18:42 - 2008-09-25 18:42 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\admin\Cookies:3Bgrmfn91Flmjoc2Bhuni14YR
AlternateDataStreams: C:\Users\admin\Cookies:BySDur7g7bEE6dhw5P7dRLBRka
AlternateDataStreams: C:\Users\admin\Cookies:ZYkmRA80KkEWhyDhwVZV3jV9LC
AlternateDataStreams: C:\Users\admin\Lokale Einstellungen:E7bxoyeraG8aPWibZekoh
AlternateDataStreams: C:\Users\admin\AppData\Local:E7bxoyeraG8aPWibZekoh
AlternateDataStreams: C:\Users\admin\AppData\Local\Anwendungsdaten:E7bxoyeraG8aPWibZekoh
AlternateDataStreams: C:\Users\admin\AppData\Local\Elv5qQdZMK1:pvvjGxp8OJu58G5ST
AlternateDataStreams: C:\Users\admin\AppData\Local\Temporary Internet Files:BT9AbDHCTbRGJiA79s8juLmjgP
AlternateDataStreams: C:\Users\admin\AppData\Local\Temporary Internet Files:lU2fNJ0VZGcs3qSWIGJBGC2RDo

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart 3200 series
Description: Photosmart 3200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet 3390
Description: HP LaserJet 3390
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2013 11:06:59 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (10/29/2013 11:01:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2013 10:47:59 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (10/29/2013 10:45:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2013 10:33:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2013 01:50:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2013 01:09:06 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (10/29/2013 00:59:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (10/29/2013 00:37:41 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (10/29/2013 00:37:13 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


System errors:
=============
Error: (10/29/2013 11:03:03 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (10/29/2013 11:03:03 AM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (10/29/2013 11:01:53 AM) (Source: Service Control Manager) (User: )
Description: acedrv07
Aspi32

Error: (10/29/2013 11:00:43 AM) (Source: volmgr) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.

Error: (10/29/2013 11:00:37 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Aspi32.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (10/29/2013 11:00:02 AM) (Source: volmgr) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.

Error: (10/29/2013 10:46:55 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (10/29/2013 10:46:55 AM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (10/29/2013 10:45:14 AM) (Source: Service Control Manager) (User: )
Description: acedrv07
Aspi32

Error: (10/29/2013 10:44:06 AM) (Source: volmgr) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.


Microsoft Office Sessions:
=========================
Error: (10/29/2013 11:06:59 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (10/29/2013 11:01:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2013 10:47:59 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (10/29/2013 10:45:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2013 10:33:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2013 01:50:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2013 01:09:06 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (10/29/2013 00:59:26 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (10/29/2013 00:37:41 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (10/29/2013 00:37:13 AM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


CodeIntegrity Errors:
===================================
  Date: 2013-10-29 11:00:41.470
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-29 11:00:41.392
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-29 10:44:05.107
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-29 10:44:05.029
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-29 10:32:43.793
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-29 10:32:43.715
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-29 10:29:44.807
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-29 10:29:44.713
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-29 10:27:12.275
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-29 10:27:12.197
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 4062.25 MB
Available physical RAM: 1976.37 MB
Total Pagefile: 4157.5 MB
Available Pagefile: 1939.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:453.82 GB) (Free:23.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.94 GB) (Free:1.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:1.87 GB) (Free:0.16 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9E3B397D)
Partition 1: (Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 309E7FF5)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-29 11:54:50
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-60ZAT0 rev.01.01A01 465,76GB
Running: nb0ipvpy.exe; Driver: C:\Users\admin\AppData\Local\Temp\kftiypod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                        suspicious modification

---- User code sections - GMER 2.1 ----

.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                           0000000077889758 5 bytes JMP 000000010021091c
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                         00000000778898a8 5 bytes JMP 0000000100210048
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                  0000000077889938 5 bytes JMP 00000001002102ee
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                               0000000077889a88 5 bytes JMP 00000001002104b2
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                       0000000077889ab8 5 bytes JMP 00000001002109fe
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                               0000000077889ae8 5 bytes JMP 0000000100210ae0
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                            0000000077889b00 5 bytes JMP 0000000100020050
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                               000000007788a208 5 bytes JMP 000000010021012a
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                   000000007788a2e0 5 bytes JMP 0000000100210758
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                             000000007788a2f8 5 bytes JMP 0000000100210676
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                 000000007788a7d0 5 bytes JMP 00000001002103d0
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                           000000007788b24c 5 bytes JMP 0000000100210594
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                       000000007788b4d4 5 bytes JMP 000000010021083a
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                              000000007788b624 5 bytes JMP 000000010021020c
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293                                      0000000075962eb8 7 bytes JMP 00000001002202f4
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170                                  000000007596834f 7 bytes JMP 0000000100210d8a
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255                                      0000000075989fb3 7 bytes JMP 0000000100210ca6
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193                                      000000007598a079 7 bytes JMP 00000001002203d8
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143                           00000000759c6629 7 bytes JMP 0000000100210f52
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270                                   00000000759c673c 7 bytes JMP 0000000100210bc2
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251                            00000000759c6dd4 7 bytes JMP 0000000100220210
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419                                00000000759c6f7c 2 bytes JMP 0000000100220048
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 422                                00000000759c6f7f 4 bytes [85, 8A, EB, F9]
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187                               00000000759c729c 7 bytes JMP 0000000100210e6e
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA + 338                                   0000000076e06539 7 bytes JMP 000000010022059e
.text     F:\rescue\nb0ipvpy.exe[5548] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874                                  0000000076e2ab52 7 bytes JMP 00000001002204bc

---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                        suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                        suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                        suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                        suspicious modification

---- Threads - GMER 2.1 ----

Thread    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [1440:1632]                                               000007fefc20b8ec
Thread    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [1440:1696]                                               000007fefb9001d0
Thread    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [1440:1700]                                               000007fefb900c84
Thread    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [1440:1704]                                               000007fefb9016b8
Thread    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [1440:1708]                                               000007fefb901e84
Thread     [1044:3968]                                                                                                            000000007790810d
Thread     [1044:3256]                                                                                                            000000007388c59c
Thread     [1044:2536]                                                                                                            000000007388c59c
Thread     [1044:3944]                                                                                                            000000007388c59c
Thread     [1044:2624]                                                                                                            000000007388c59c
Thread     [1044:3604]                                                                                                            000000007388c59c
Thread     [1044:3796]                                                                                                            000000007388c59c
Thread     [1044:3636]                                                                                                            000000007388c59c
Thread     [1044:1112]                                                                                                            000000007388c59c
Thread     [1044:1532]                                                                                                            000000007388c59c
Thread     [1044:3276]                                                                                                            000000007388c59c
Thread     [1044:3964]                                                                                                            000000007388c59c
Thread     [1044:1908]                                                                                                            000000007388c59c
Thread     [1044:2308]                                                                                                            000000007787dd19
Thread     [1044:3868]                                                                                                            000000007388c59c
Thread     [1044:3920]                                                                                                            000000007388c59c
Thread     [1044:3888]                                                                                                            000000007388c59c
Thread     [1044:3304]                                                                                                            0000000075e0c224
Thread     [1044:3916]                                                                                                            000000007388c59c
Thread     [1044:720]                                                                                                             000000007388c59c
Thread     [1044:5972]                                                                                                            0000000076ec3402
Thread     [1044:3592]                                                                                                            000000007787dd19

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e40ce9b                                             
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e40ce9b@00266842f803                                0x0F 0x18 0x42 0x6F ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e40ce9b@001cd4427e78                                0x9F 0x8F 0x12 0xCC ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e40ce9b@78ca041a677f                                0xBD 0xE3 0x0D 0x51 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{07be7a3d-5e87-4b47-8a6f-a952f310102d}@Dhcpv6State  0
Reg       HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e40ce9b (not active ControlSet)                         
Reg       HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e40ce9b@00266842f803                                    0x0F 0x18 0x42 0x6F ...
Reg       HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e40ce9b@001cd4427e78                                    0x9F 0x8F 0x12 0xCC ...
Reg       HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e40ce9b@78ca041a677f                                    0xBD 0xE3 0x0D 0x51 ...

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                   unknown MBR code

---- EOF - GMER 2.1 ----

Gmer konnte kein File saven, deswegen direkt ins Clipboard kopiert.
Hoffe alles ist da! Danke nochmal! LG Squirrel

schrauber · 29.10.2013, 15:38

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

squirrel22 · 29.10.2013, 17:54

hi!

anbei der combofix log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-10-28.01 - admin 29.10.2013  16:14:36.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.4062.2008 [GMT 1:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-28 bis 2013-10-29  ))))))))))))))))))))))))))))))
.
.
2013-10-29 15:43 . 2013-10-29 15:43	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-10-29 15:43 . 2013-10-29 15:43	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2013-10-29 15:43 . 2013-10-29 15:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-10-29 15:43 . 2013-10-29 15:43	--------	d-----w-	c:\users\Buchhaltung\AppData\Local\temp
2013-10-29 10:09 . 2013-10-29 10:09	--------	d-----w-	C:\FRST
2013-10-29 09:51 . 2013-10-29 10:07	--------	d-----w-	C:\AdwCleaner
2013-10-29 01:26 . 2013-10-29 02:27	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2013-10-21 23:04 . 2013-10-21 23:04	74648	----a-w-	c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-10-21 23:04 . 2013-10-21 23:04	271256	----a-w-	c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-10-21 23:04 . 2013-10-21 23:04	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2013-10-21 23:04 . 2013-10-21 23:04	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2013-10-21 23:04 . 2013-10-21 23:04	27544	----a-w-	c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-10-21 23:04 . 2013-10-21 23:04	170232	----a-w-	c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-10-21 23:04 . 2013-10-21 23:04	107416	----a-w-	c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-09-21 1814440]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-06 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2008-09-24 206120]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-25 1152296]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-05-26 413696]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2008-07-14 814144]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-25 189736]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-03-11 611712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 994856]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-20 c:\windows\Tasks\HPCeeScheduleForadmin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 02:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MacDriveVolumeIcon]
@="{6B21AF46-EE37-40D0-A707-C06C17D06CE9}"
[HKEY_CLASSES_ROOT\CLSID\{6B21AF46-EE37-40D0-A707-C06C17D06CE9}]
2012-11-28 10:34	231936	----a-w-	c:\program files\Mediafour\MacDrive 9\MDVolumeIcons.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MacDriveVolumeIconReadOnly]
@="{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}"
[HKEY_CLASSES_ROOT\CLSID\{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}]
2012-11-28 10:34	231936	----a-w-	c:\program files\Mediafour\MacDrive 9\MDVolumeIcons.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-17 1561384]
"MacDrive 9 application"="c:\program files\Mediafour\MacDrive 9\MacDrive.exe" [2013-02-19 509952]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.orf.at/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-AT\local\search.html
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5yp4lv7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.orf.at/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-03-19 04:26; otis@digitalpersona.com; c:\program files (x86)\DigitalPersona\Bin\FirefoxExt
FF - ExtSQL: !HIDDEN! 2009-08-10 00:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files (x86)\AVerMedia\AVerMedia A309 (MiniCard
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-10-29  16:58:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-10-29 15:58
.
Vor Suchlauf: 24 Verzeichnis(se), 24.542.842.880 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 23.773.347.840 Bytes frei
.
- - End Of File - - 86F15DEC08E41B1912C4E28615E62749

--- --- ---
588AE8F0C685C02BA11F30D9CD7E61A0

und quarantied files:

Code:

ATTFilter

2013-10-29 15:56:52 . 2013-10-29 15:56:52               80 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SmartMenu.reg.dat
2013-10-29 15:56:52 . 2013-10-29 15:56:52               80 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SysTrayApp.reg.dat
2013-10-29 15:56:28 . 2013-10-29 15:56:28              153 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-WMPNSCFG.reg.dat
2013-10-29 15:56:28 . 2013-10-29 15:56:28               97 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-AdobeBridge.reg.dat
2013-10-29 15:36:49 . 2013-10-29 15:36:49            7,505 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-10-29 15:09:08 . 2013-10-29 15:09:08               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log

danke & lg,
sq.

schrauber · 30.10.2013, 12:12

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

squirrel22 · 31.10.2013, 02:36

hier die nächsten scans:
(Gmer sagt immer noch: INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification und Disk \Device\Harddisk0\DR0 unknown MBR code ---> weiss nicht ob das noch etwas zu bedeuten hat?)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.30.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: *****-MOBIL2 [Administrator]

31.10.2013 00:52:56
mbam-log-2013-10-31 (00-52-56).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Dateisystem | P2P
Durchsuchte Objekte: 274043
Laufzeit: 1 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

# AdwCleaner v3.010 - Bericht erstellt am 31/10/2013 um 00:58:40
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : admin - *****-MOBIL2
# Gestartet von : F:\rescue\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16457


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5yp4lv7.default\prefs.js ]


[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\aqf28n1b.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3305 octets] - [29/10/2013 10:52:04]
AdwCleaner[R1].txt - [1017 octets] - [31/10/2013 00:56:56]
AdwCleaner[S0].txt - [2831 octets] - [29/10/2013 10:58:03]
AdwCleaner[S1].txt - [940 octets] - [31/10/2013 00:58:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [999 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows (TM) Vista Home Premium x64
Ran by admin on 31.10.2013 at  1:06:26,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6796FEE5-2792-4E17-A635-8255B021D84A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A2ED3E4A-3283-4805-BBFA-D4115EDBA85F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6796FEE5-2792-4E17-A635-8255B021D84A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A2ED3E4A-3283-4805-BBFA-D4115EDBA85F}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{1F3C0DB9-CF74-48E7-9D14-2189898F4D23}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.10.2013 at  1:15:29,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by admin (administrator) on ****-MOBIL2 on 31-10-2013 01:18:54
Running from F:\rescue
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard Corporation) C:\Windows\system32\Hpservice.exe
(Validity Sensors, Inc.) C:\Windows\system32\vfsFPService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Windows\system32\WTablet\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [441344 2008-08-05] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1561384 2008-07-17] (Synaptics, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [MacDrive 9 application] - C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe [509952 2013-02-19] (Mediafour Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1814440 2013-09-21] (Valve Corporation)
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1084840 2012-05-16] (Nokia)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKCU\...\Run: [HP Deskjet 3070 B611 series (NET)] - C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-06] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [TVAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [206120 2008-09-24] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-09-25] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-05-26] (Apple Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [hpWirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [DVDAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DpAgent] - C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe [814144 2008-07-14] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-09-25] (CyberLink)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2009-03-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [40376 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [640440 2010-09-22] (Adobe Systems Inc.)
HKU\Buchhaltung\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Pavilion&pf=cnnb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6796FEE5-2792-4E17-A635-8255B021D84A} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKLM - {6796FEE5-2792-4E17-A635-8255B021D84A} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKLM - {84F73379-8BFA-44E6-82B4-603FEA480A2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {A2ED3E4A-3283-4805-BBFA-D4115EDBA85F} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM-x32 - {84F73379-8BFA-44E6-82B4-603FEA480A2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {4B985E42-B6D8-48B8-8A20-7F2988C99231} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {84F73379-8BFA-44E6-82B4-603FEA480A2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5yp4lv7.default
FF Homepage: hxxp://www.orf.at/
FF NetworkProxy: "type", 0
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5yp4lv7.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: defaults - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5yp4lv7.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFF
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe [89088 2008-06-26] (Andrea Electronics Corporation)
R2 MacDrive9Service; C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe [180736 2013-02-19] (Mediafour Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe [251904 2008-08-05] (IDT, Inc.)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [6245744 2010-03-08] (Wacom Technology, Corp.)
R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-09-24] ()
R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-09-24] ()
R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [719152 2008-09-16] (Validity Sensors, Inc.)
R2 vfsFPService; C:\Windows\SysWow64\vfsFPService.exe [599344 2008-09-16] (Validity Sensors, Inc.)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [58496 2008-01-21] (Microsoft Corporation)
S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2009-09-27] ()
S1 Aspi32; C:\Windows\SysWow64\Drivers\Aspi32.sys [25244 2009-10-05] (Adaptec)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-09-27] ()
R3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [306560 2008-06-10] (AVerMedia TECHNOLOGIES, Inc.)
S1 Beep; No ImagePath
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [70344 2011-05-06] (EldoS Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-10-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-01] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131024.001\IDSvia64.sys [521816 2013-10-24] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-09-27] ()
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [323208 2013-01-24] (Mediafour Corporation)
R0 MDPMGRNT; C:\Windows\System32\DRIVERS\MDPMGRNT.SYS [41680 2012-11-28] (Mediafour Corporation)
R0 MDRAID; C:\Windows\System32\DRIVERS\MDRAID.sys [187120 2012-11-28] (Mediafour Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131024.007\ENG64.SYS [126040 2013-10-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131024.007\EX64.SYS [2099288 2013-10-24] (Symantec Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S3 SxSmemcd; C:\Windows\System32\DRIVERS\SxSmemcd.sys [57856 2007-07-25] (Sony Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-08] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMTDIV.SYS [457304 2013-04-25] (Symantec Corporation)
R3 vfs101a; C:\Windows\System32\drivers\vfs101a.sys [49968 2008-09-16] (Validity Sensors, Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
U4 eabfiltr; 
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SYMDNS; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMDNS.SYS [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
S3 SYMREDRV; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMREDRV.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-31 01:15 - 2013-10-31 01:15 - 00001574 _____ C:\Users\admin\Desktop\JRT.txt
2013-10-31 01:06 - 2013-10-31 01:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-31 01:05 - 2013-10-30 17:49 - 01033335 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2013-10-31 00:48 - 2013-10-31 00:48 - 00000948 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-31 00:47 - 2013-10-31 00:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-31 00:47 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-29 16:58 - 2013-10-29 16:58 - 00021690 _____ C:\ComboFix.txt
2013-10-29 16:09 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-29 16:09 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-29 16:09 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-29 16:09 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-29 16:09 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-29 16:09 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-29 16:09 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-29 16:09 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-29 16:07 - 2013-10-29 16:58 - 00000000 ____D C:\Qoobox
2013-10-29 16:06 - 2013-10-29 16:56 - 00000000 ____D C:\Windows\erdnt
2013-10-29 16:01 - 2013-10-29 15:55 - 05137071 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2013-10-29 11:13 - 2013-10-29 11:13 - 00000000 _____ C:\Users\admin\defogger_reenable
2013-10-29 11:10 - 2013-10-29 11:58 - 00000000 ____D C:\Users\admin\Documents\Anti_vir_scan2910
2013-10-29 11:09 - 2013-10-29 11:09 - 00000000 ____D C:\FRST
2013-10-29 10:51 - 2013-10-31 00:58 - 00000000 ____D C:\AdwCleaner
2013-10-29 02:26 - 2013-10-29 03:27 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-22 21:06 - 2013-10-22 21:07 - 00000000 ____D C:\Users\admin\Documents\tramticket
2013-10-14 00:23 - 2013-10-14 00:23 - 00042137 _____ C:\Users\admin\Downloads\flm303-class01.mp4.G62FG56TD1XI.torrent

==================== One Month Modified Files and Folders =======

2013-10-31 01:15 - 2013-10-31 01:15 - 00001574 _____ C:\Users\admin\Desktop\JRT.txt
2013-10-31 01:12 - 2009-03-19 03:33 - 01195170 _____ C:\Windows\WindowsUpdate.log
2013-10-31 01:06 - 2013-10-31 01:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-31 01:04 - 2012-01-26 18:17 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-31 01:02 - 2012-12-20 00:11 - 00000000 ____D C:\Users\admin\AppData\Roaming\Dropbox
2013-10-31 01:01 - 2010-09-11 10:38 - 00000000 ____D C:\Users\admin\AppData\Roaming\WTablet
2013-10-31 01:01 - 2006-11-02 16:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-31 01:01 - 2006-11-02 16:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-31 01:01 - 2006-11-02 16:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-31 00:59 - 2009-03-19 03:33 - 00003204 _____ C:\Windows\bthservsdp.dat
2013-10-31 00:58 - 2013-10-29 10:51 - 00000000 ____D C:\AdwCleaner
2013-10-31 00:58 - 2006-11-02 16:42 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-31 00:48 - 2013-10-31 00:48 - 00000948 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-31 00:48 - 2013-10-31 00:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-31 00:48 - 2012-12-20 00:17 - 00000000 ___RD C:\Users\admin\Dropbox
2013-10-31 00:46 - 2008-10-27 09:30 - 00673502 _____ C:\Windows\system32\perfh007.dat
2013-10-31 00:46 - 2008-10-27 09:30 - 00145482 _____ C:\Windows\system32\perfc007.dat
2013-10-31 00:46 - 2006-11-02 13:46 - 01565124 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-30 17:49 - 2013-10-31 01:05 - 01033335 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2013-10-29 20:41 - 2009-10-14 22:32 - 00000000 ____D C:\Users\admin\Documents\texte
2013-10-29 16:58 - 2013-10-29 16:58 - 00021690 _____ C:\ComboFix.txt
2013-10-29 16:58 - 2013-10-29 16:07 - 00000000 ____D C:\Qoobox
2013-10-29 16:58 - 2006-11-02 14:33 - 00000000 __RHD C:\Users\Default
2013-10-29 16:56 - 2013-10-29 16:06 - 00000000 ____D C:\Windows\erdnt
2013-10-29 16:48 - 2006-11-02 13:34 - 00000215 _____ C:\Windows\system.ini
2013-10-29 16:47 - 2013-09-02 11:56 - 00010732 _____ C:\Windows\PFRO.log
2013-10-29 16:45 - 2006-11-02 13:33 - 87293952 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-10-29 16:45 - 2006-11-02 13:33 - 52690944 _____ C:\Windows\system32\config\COMPONENTS.bak
2013-10-29 16:45 - 2006-11-02 13:33 - 26476544 _____ C:\Windows\system32\config\SYSTEM.bak
2013-10-29 16:45 - 2006-11-02 13:33 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-10-29 16:45 - 2006-11-02 13:33 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-10-29 16:45 - 2006-11-02 13:33 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-10-29 15:55 - 2013-10-29 16:01 - 05137071 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2013-10-29 12:14 - 2011-07-26 04:57 - 00000000 ____D C:\Windows\Minidump
2013-10-29 12:14 - 2009-03-19 03:29 - 00301189 _____ C:\Windows\Minidump\Mini102913-01.dmp
2013-10-29 11:58 - 2013-10-29 11:10 - 00000000 ____D C:\Users\admin\Documents\Anti_vir_scan2910
2013-10-29 11:13 - 2013-10-29 11:13 - 00000000 _____ C:\Users\admin\defogger_reenable
2013-10-29 11:13 - 2009-06-09 17:42 - 00000000 ____D C:\Users\admin
2013-10-29 11:09 - 2013-10-29 11:09 - 00000000 ____D C:\FRST
2013-10-29 11:00 - 2011-10-20 11:13 - 00000000 ____D C:\ProgramData\Uniblue
2013-10-29 10:47 - 2012-11-07 15:17 - 00007916 _____ C:\Users\admin\AppData\Local\d3d9caps.dat
2013-10-29 03:27 - 2013-10-29 02:26 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-29 01:14 - 2006-11-02 16:21 - 05028400 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-29 00:42 - 2012-08-31 16:42 - 00000000 ____D C:\Windows\pss
2013-10-29 00:42 - 2009-06-09 17:47 - 00000000 ___RD C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-28 23:53 - 2009-06-14 16:38 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2013-10-28 23:52 - 2012-11-11 02:11 - 00000000 ____D C:\Users\admin\AppData\Local\Firestorm
2013-10-28 19:49 - 2012-02-03 14:37 - 00002413 _____ C:\Users\Public\Desktop\Skype.lnk
2013-10-28 12:58 - 2011-10-20 11:12 - 00000000 ____D C:\Users\admin\AppData\Roaming\Winamp
2013-10-28 12:43 - 2009-06-15 11:54 - 00000000 ____D C:\Projects
2013-10-27 17:49 - 2013-03-22 18:24 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-24 11:39 - 2012-10-22 14:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-22 21:07 - 2013-10-22 21:06 - 00000000 ____D C:\Users\admin\Documents\tramticket
2013-10-22 21:05 - 2013-09-27 16:06 - 00001430 _____ C:\Windows\setupact.log
2013-10-22 00:04 - 2011-02-15 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-21 10:26 - 2012-05-09 15:18 - 00000000 ____D C:\Users\admin\Documents\****_Buchhaltung
2013-10-21 09:58 - 2012-07-18 10:39 - 00000000 ____D C:\Users\Public\HBPData
2013-10-21 09:58 - 2012-07-18 10:39 - 00000000 ____D C:\Program Files (x86)\HBP
2013-10-20 19:59 - 2012-08-13 05:22 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForadmin
2013-10-20 19:59 - 2012-08-13 05:22 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForadmin.job
2013-10-17 01:08 - 2011-04-26 14:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2013-10-14 00:23 - 2013-10-14 00:23 - 00042137 _____ C:\Users\admin\Downloads\flm303-class01.mp4.G62FG56TD1XI.torrent

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\admin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-31 01:07

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-10-2013
Ran by admin at 2013-10-31 01:19:26
Running from F:\rescue
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

µTorrent (x32 Version: 2.2.1)
3100_3200_3300_Help (x32 Version: 82.0.242.000)
3100_3200_3300trb (x32 Version: 82.0.242.000)
3200 (x32 Version: 82.0.242.000)
64 Bit HP CIO Components Installer (Version: 1.0.0)
7-Zip 9.20 (x32)
ACID Pro 7.0 (x32 Version: 7.0.653)
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.2.443)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0)
Activation Assistant for the 2007 Microsoft Office suites (x32)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.4.6)
Adobe Acrobat 9.4.6 - CPSID_83708 (x32)
Adobe After Effects CS4 (x32 Version: 9)
Adobe After Effects CS4 Presets (x32 Version: 9)
Adobe After Effects CS4 Template Projects & Footage (x32 Version: 9)
Adobe After Effects CS4 Third Party Content (x32 Version: 9)
Adobe AIR (x32 Version: 3.4.0.2710)
Adobe Anchor Service CS4 (x32 Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Bridge CS4 (x32 Version: 3)
Adobe CMaps CS4 (x32 Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0)
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0)
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color Video Profiles AE CS4 (x32 Version: 2.0)
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)
Adobe Community Help (x32 Version: 3.5.23)
Adobe ConnectNow Add-in (HKCU)
Adobe Contribute CS4 (x32 Version: 5.0)
Adobe Creative Suite 4 Master Collection (x32 Version: 4.0)
Adobe Creative Suite 5 Master Collection (x32 Version: 5.0)
Adobe CS4 American English Speech Analysis Models (x32 Version: 1)
Adobe CS4 French Speech Analysis Models (x32 Version: 1)
Adobe CS4 German Speech Analysis Models (x32 Version: 1)
Adobe CS4 International English Speech Analysis Models (x32 Version: 1)
Adobe CS4 Italian Speech Analysis Models (x32 Version: 1)
Adobe CS4 Japanese Speech Analysis Models (x32 Version: 1)
Adobe CS4 Korean Speech Analysis Models (x32 Version: 1)
Adobe CS4 Spanish Speech Analysis Models (x32 Version: 1)
Adobe CSI CS4 (x32 Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (x32 Version: 2.0)
Adobe Device Central CS4 (x32 Version: 2)
Adobe Dreamweaver CS4 (x32 Version: 10.0)
Adobe Drive CS4 x64 (Version: 1)
Adobe Dynamiclink Support (x32 Version: 1)
Adobe Encore CS4 (x32 Version: 4)
Adobe Encore CS4 Codecs (x32 Version: 4)
Adobe Encore CS4 Library (x32 Version: 4)
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0)
Adobe Extension Manager CS4 (x32 Version: 2.0)
Adobe Flash CS4 (x32 Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (x32 Version: 3.0)
Adobe Flash CS4 STI-en (x32 Version: 10.0)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.2.54)
Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.171)
Adobe Fonts All (x32 Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Illustrator CS4 (x32 Version: 14.0)
Adobe Linguistics CS4 (x32 Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Encoder CS4 (x32 Version: 1.0)
Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0)
Adobe Media Encoder CS4 Dolby (x32 Version: 1.0)
Adobe Media Encoder CS4 Exporter (x32 Version: 1.0)
Adobe Media Encoder CS4 Importer (x32 Version: 1.0)
Adobe Media Player (x32 Version: 1.8)
Adobe MotionPicture Color Files CS4 (x32 Version: 2.0)
Adobe OnLocation CS4 (x32 Version: 4)
Adobe Output Module (x32 Version: 2.0)
Adobe PDF Library Files CS4 (x32 Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (x32 Version: 11.0)
Adobe Photoshop CS4 Support (x32 Version: 11.0)
Adobe Premiere Pro CS4 (x32 Version: 4)
Adobe Premiere Pro CS4 Functional Content (x32 Version: 4)
Adobe Premiere Pro CS4 Third Party Content (x32 Version: 4)
Adobe Reader 9.1 - Deutsch (x32 Version: 9.1.0)
Adobe Search for Help (x32 Version: 1.0)
Adobe Service Manager Extension (x32 Version: 1.0)
Adobe Setup (x32 Version: 2.0)
Adobe Soundbooth CS4 (x32 Version: 2)
Adobe Soundbooth CS4 Codecs (x32 Version: 2)
Adobe Type Support CS4 (x32 Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (x32 Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (x32 Version: 2.0)
AdobeColorCommonSetCMYK (x32 Version: 2.0)
AdobeColorCommonSetRGB (x32 Version: 2.0)
AIO_CDB_ProductContext (x32 Version: 82.0.242.000)
AIO_CDB_Software (x32 Version: 82.0.242.000)
AIO_CDB_ToolboxIni64 (Version: 82.0.242.000)
AIO_Scan (x32 Version: 82.0.173.000)
AOL Toolbar 5.0 (x32 Version: 5.2.78.2)
Apple Software Update (x32 Version: 2.1.1.116)
Assassin's Creed (x32 Version: 1.02)
Auslogics Disk Defrag (x32 Version: version 3.4)
AVerMedia A309 (MiniCard, DVB-T) 1.0.64.45 (x32 Version: 1.0.64.45)
Avid EDL Manager (x32 Version: 27.5.2)
Avid FilmScribe (x32 Version: 27.5.2)
Avid Log Exchange (x32 Version: 27.5.2)
Avid Media Composer (x32 Version: 5.5.2)
Avid MediaLog (x32 Version: 27.5.2)
Bejeweled® 3 (x32 Version: 1.1.13.4753)
BufferChm (x32 Version: 82.0.173.000)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.7.0.4)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.3.9)
Canon MOV Decoder (x32 Version: 1.4.0.15)
Canon MOV Encoder (x32 Version: 1.2.0.10)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.3.0.15)
Canon Utilities CameraWindow (x32 Version: 7.3.0.4)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (x32 Version: 6.5.0.3)
Canon Utilities Digital Photo Professional 3.7 (x32 Version: 3.7.1.1)
Canon Utilities EOS Utility (x32 Version: 2.7.0.2)
Canon Utilities MyCamera (x32 Version: 7.3.0.5)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities Picture Style Editor (x32 Version: 1.6.0.0)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (x32 Version: 1.8.0.1)
Canon Utilities WFT-E1/E2/E3/E4/E5 Utility (x32 Version: 3.4.0.2)
Canon Utilities ZoomBrowser EX (x32 Version: 6.4.1.11)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.2.2.11)
CCleaner (Version: 3.19)
CINEMA 4D 11.514 (Version: 11.514)
CINEMA 4D 12.048 (Version: 12.048)
CINEMA 4D 13.061 (Version: 13.061)
CINEMA 4D 14.041 (Version: 14.041)
CINEMA 4D Demo 11.514 (Version: 11.514)
CINEMA 4D Demo 12.021 (Version: 12.021)
CINEMA 4D Release 11 (x32)
CINEMA 4D Release 11 Architecture Extension Kit (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.4518.1014)
Connect (x32 Version: 1.0.0.1)
Copy (x32 Version: 82.0.188.000)
CustomerResearchQFolder (x32 Version: 1.00.0000)
CyberLink DVD Suite (x32 Version: 6.0.2203)
Destinations (x32 Version: 82.0.173.000)
DeviceManagementQFolder (x32 Version: 1.00.0000)
Diablo II (HKCU)
Diablo II (x32)
DigitalPersona Personal 3.1.0 (Version: 3.1.0.3276)
DocProc (x32 Version: 8.1.0.0)
DocProcQFolder (x32 Version: 1.00.0000)
Dropbox (HKCU Version: 2.0.22)
ESU for Microsoft Vista (x32 Version: 1.0.0)
eSupportQFolder (x32 Version: 1.00.0000)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Fallout 3 (x32 Version: 1.00.0000)
Fax (x32 Version: 82.0.188.000)
Firestorm-Release (remove only) (x32 Version: 4.4.2.34167)
Free RAR Extract Frog (x32 Version: 1.80)
Gothic 3 (x32 Version: 1.0.0)
GoToMeeting 5.5.0.1132 (HKCU Version: 5.5.0.1132)
HBP (C:\Program Files (x86)\HBP) (x32 Version: )
HP Customer Experience Enhancements (x32 Version: 6.0.1.3)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (Version: 25.0.571.0)
HP Deskjet 3070 B611 series Hilfe (x32 Version: 140.0.2.2)
HP Doc Viewer (x32 Version: 1.01.0005)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Integrated Module with Bluetooth wireless technology 6.0.1.6204 (Version: 6.0.1.6204)
HP MediaSmart DVD (x32 Version: 2.0.2126)
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2125)
HP MediaSmart SmartMenu (Version: 2.0.8)
HP MediaSmart TV (x32 Version: 2.0.0924)
HP MediaSmart Webcam (x32 Version: 2.0.0926)
HP OCR Software 8.0 (Version: 8.0)
HP Photosmart Essential (x32 Version: 1.12.0.46)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0)
HP Quick Launch Buttons (x32 Version: 6.50.13.1)
HP Solution Center 8.0 (Version: 8.0)
HP Total Care Advisor (x32 Version: 2.4.4821.2785)
HP Update (x32 Version: 4.000.009.002)
HP User Guides 0115 (x32 Version: 1.04.0000)
HP Wireless Assistant (x32 Version: 3.00 K2)
HPProductAssistant (x32 Version: 82.0.173.000)
HPSSupply (x32 Version: 2.1.3.0000)
HPTCSSetup (x32 Version: 1.1.1963.2799)
IDT Audio (x32 Version: 1.0.6047.5)
inSSIDer 3 (x32 Version: 3.0.6.42)
Interlok driver setup x64 (Version: 5.9.0)
Java Auto Updater (x32 Version: 2.1.6.0)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
Java(TM) 6 Update 7 (x32 Version: 1.6.0.70)
Java(TM) 7 Update 5 (x32 Version: 7.0.50)
JavaFX 2.1.1 (x32 Version: 2.1.1)
JMicron JMB38X Flash Media Controller (x32 Version: 1.00.18.07)
Keying Suite 64-bit (Version: 11.0.1)
Keying Suite 64-bit (x32 Version: 11.0.1)
kuler (x32 Version: 2.0)
LabelPrint (x32 Version: 2.5.0926)
LightScribe System Software  1.14.17.1 (x32 Version: 1.14.17.1)
MacDrive 9 Pro (Version: 9.0.6.4)
Magic Bullet Colorista II 64 Bit (Version: 1.0.1)
Magic Bullet Colorista II 64 Bit (x32 Version: 1.0.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 82.0.174.000)
Mastering Effects Bundle 2 for Sound Forge Pro (x32 Version: 2.00)
MetaSync (x32 Version: 27.5.2)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Games for Windows - LIVE (x32 Version: 3.0.89.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.0.19.0)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.4518.1014)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.6361.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
mIRC (x32 Version: 7.29)
mocha Pro V3.0.2-5102 (Version: 3.02.5102)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVC80_x64 (Version: 1.0.1.0)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86 (x32 Version: 1.0.1.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
muvee Reveal (x32 Version: 7.0.35.6951)
My HP Games (x32 Version: 1.0.0.62)
NetDeviceManager64 (Version: 82.0.173.000)
Nexus Mod Manager (Version: 0.13.1)
NirSoft Wireless Network Watcher (x32)
Noise Reduction Plug-in 2.0i (x32 Version: 2.0.455)
Nokia Connectivity Cable Driver (x32 Version: 7.1.78.0)
Nokia Map Loader (x32 Version: 3.0.22)
Nokia PC Suite (x32 Version: 7.1.51.0)
Nokia Software Updater (x32 Version: 02.06.001.43673)
Nokia Suite (x32 Version: 3.4.49.0)
Norton Internet Security (x32 Version: 20.4.0.40)
Notepad++ (x32 Version: 5.9.2)
Nuke 6.2v1
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33)
NVIDIA 3D Vision Controller-Treiber 302.59 (Version: 302.59)
NVIDIA Grafiktreiber 302.59 (Version: 302.59)
NVIDIA HD-Audiotreiber 1.3.15.0 (Version: 1.3.15.0)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213)
NVIDIA Systemsteuerung 302.59 (Version: 302.59)
Origin (x32 Version: 9.1.10.2728)
PC Connectivity Solution (x32 Version: 12.0.17.0)
PDF Settings CS4 (x32 Version: 9.0)
PDF Settings CS5 (x32 Version: 10.0)
Pegasus Mail (x32)
PhotoNow! (x32 Version: 1.1.5615)
Photoshop Camera Raw (x32 Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Pidgin (x32 Version: 2.10.4)
Pixel Bender Toolkit (x32 Version: 1.0)
Power2Go (x32 Version: 6.0.2202)
PowerDirector (x32 Version: 7.0.2201)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.11)
ProtectSmart Hard Drive Protection (Version: 3.10.1.7)
PVSonyDll (Version: 1.00.0001)
PxMergeModule (x32 Version: 1.00.0000)
QLBCASL (x32 Version: 6.40.17.2)
QuickTime (x32 Version: 7.62.14.0)
Realtek 8169 8168 8101E 8102E Ethernet Driver (x32 Version: 1.00.0000)
Scan (x32 Version: 8.1.0.0)
SecondLifeViewer (remove only) (x32)
Sentinel Protection Installer 7.4.0 (x32 Version: 7.4.0)
Shot Designer (x32 Version: 1.1.78)
SimCity™ (x32 Version: 1.0.0.0)
Skype™ 5.5 (x32 Version: 5.5.124)
SolutionCenter (x32 Version: 82.0.188.000)
Sony CD Architect 5.2 (x32 Version: 5.2.240)
Sony Noise Reduction Plug-In 2.0h (x32 Version: 2.0.451)
Sony Sound Forge 9.0 (x32 Version: 9.0.441)
Sound Forge Pro 10.0 (x32 Version: 10.0.474)
SPORE Creature Creator Trial Edition (x32 Version: 1.00.0000)
StarCraft II (x32 Version: 2.0.11.26825)
Status (x32 Version: 82.0.173.000)
Steam (x32 Version: 1.0.0.0)
Subtitle Workshop 2.51 (x32)
Suite Shared Configuration CS4 (x32 Version: 1.0)
SuperMailer 5.10 (x32)
Synaptics Pointing Device Driver (Version: 11.2.0.0)
SynthEyes (x32 Version: 8.0.1007)
System Requirements Lab for Intel (x32 Version: 4.5.9.0)
The Elder Scrolls V: Skyrim (x32)
Toolbox (x32 Version: 82.0.173.000)
Trapcode Particular v2 (x32)
Trapcode Suite 64-bit (Version: 11.0.2)
Trapcode Suite 64-bit (x32 Version: 11.0.2)
TrayApp (x32 Version: 82.0.188.000)
TURBULENCE.4D R11.5 Beta2p1 (x32 Version: Beta2p1)
TurbulenceRuntime (x32 Version: 1.0.0)
UnloadSupport (x32 Version: 1.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Validity Sensors software (Version: 2.7.500)
VLC media player 2.0.2 (Version: 2.0.2)
Wacom Tablett (x32)
WebReg (x32 Version: 82.0.173.000)
Winamp (x32 Version: 5.621 )
WinDirStat 1.1.2 (HKCU)
Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (Version: 09/04/2008 2.6.0.0)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Xilisoft HD Video Converter 6 (x32 Version: 6.6.0.0623)

==================== Restore Points  =========================

13-09-2013 11:03:05 Geplanter Prüfpunkt
15-09-2013 17:51:31 Geplanter Prüfpunkt
19-09-2013 15:43:59 Geplanter Prüfpunkt
20-09-2013 19:06:39 Geplanter Prüfpunkt
22-09-2013 12:55:55 Geplanter Prüfpunkt
24-09-2013 12:28:00 Geplanter Prüfpunkt
25-09-2013 12:59:55 Geplanter Prüfpunkt
26-09-2013 22:00:04 Geplanter Prüfpunkt
19-10-2013 11:20:20 Geplanter Prüfpunkt
20-10-2013 15:45:17 Geplanter Prüfpunkt
21-10-2013 10:06:42 Geplanter Prüfpunkt
22-10-2013 15:27:32 Geplanter Prüfpunkt
23-10-2013 11:56:03 Geplanter Prüfpunkt
25-10-2013 17:40:13 Geplanter Prüfpunkt
27-10-2013 18:27:27 Geplanter Prüfpunkt
29-10-2013 15:07:04 Geplanter Prüfpunkt
29-10-2013 15:09:27 ComboFix created restore point

==================== Hosts content: ==========================

2006-11-02 13:34 - 2013-10-29 16:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1B8C6AB4-8A8B-49B5-99FE-81944667ABDA} - System32\Tasks\{2B97425E-AED1-45A4-AD15-B18C4A9D7118} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2863705F-3D7A-4BF8-BC48-53C842C08E26} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {35A987B7-7B7A-43BC-A33D-F3A392DE49BD} - System32\Tasks\AdobeAAMUpdater-1.0-screeno-mobil2-admin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {779776FC-886B-43BB-94DB-0D5D7E9C7B30} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {80E2B48D-C033-4877-9A2F-9E053941068E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {80EFB117-0BF8-4480-B3C3-DCE7510564FE} - System32\Tasks\Microsoft\Windows\RestartManager\{2E89C2F9-3D25-4787-B4E9-D1648DF1E5A8} => C:\Windows\System32\RmClient.exe [2006-11-02] (Microsoft Corporation)
Task: {9F7F5D91-248E-45D5-B326-D06CE2617B65} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-24] (Microsoft Corporation)
Task: {B11FE2B7-24E2-44AC-9B28-3648F7CE0D17} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe [2008-01-21] (Microsoft Corporation)
Task: {D500FC6A-C483-4366-A1DA-5FD8EDB9CB53} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-04] (Symantec Corporation)
Task: {E85C8387-FFBA-4A68-9502-35F371F13DEF} - System32\Tasks\HPCeeScheduleForadmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\HPCeeScheduleForadmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2008-06-19 13:59 - 2008-06-19 13:59 - 00167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2008-09-24 18:07 - 2008-09-24 18:07 - 00074536 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus64.dll
2008-10-27 02:45 - 2008-10-06 09:54 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
2008-09-24 18:08 - 2008-09-24 18:08 - 00267656 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
2008-09-24 18:08 - 2008-09-24 18:08 - 00038184 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
2013-06-19 00:41 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 08506280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 02353576 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 01013672 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00363944 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 02480552 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 01346472 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00205736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 02652584 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00032680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00035240 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00206760 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 11166120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00276392 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2012-05-16 12:46 - 2012-05-16 12:46 - 00391056 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2012-05-16 12:46 - 2012-05-16 12:46 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2012-05-16 14:44 - 2012-05-16 14:44 - 00437672 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00445864 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00520104 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2012-05-16 14:45 - 2012-05-16 14:45 - 00720296 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2012-05-16 14:44 - 2012-05-16 14:44 - 00604072 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2012-05-16 12:45 - 2012-05-16 12:45 - 00110080 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
2007-07-12 13:55 - 2007-07-12 13:55 - 01581056 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2007-08-14 13:59 - 2007-08-14 13:59 - 06365184 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2007-07-12 13:55 - 2007-07-12 13:55 - 00131072 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\admin\AppData\Roaming\Dropbox\bin\libcef.dll
2008-09-24 18:08 - 2008-09-24 18:08 - 00349480 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll
2008-09-25 18:42 - 2008-09-25 18:42 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\admin\Cookies:3Bgrmfn91Flmjoc2Bhuni14YR
AlternateDataStreams: C:\Users\admin\Cookies:BySDur7g7bEE6dhw5P7dRLBRka
AlternateDataStreams: C:\Users\admin\Cookies:ZYkmRA80KkEWhyDhwVZV3jV9LC
AlternateDataStreams: C:\Users\admin\Lokale Einstellungen:E7bxoyeraG8aPWibZekoh
AlternateDataStreams: C:\Users\admin\AppData\Local:E7bxoyeraG8aPWibZekoh
AlternateDataStreams: C:\Users\admin\AppData\Local\Anwendungsdaten:E7bxoyeraG8aPWibZekoh
AlternateDataStreams: C:\Users\admin\AppData\Local\Elv5qQdZMK1:pvvjGxp8OJu58G5ST
AlternateDataStreams: C:\Users\admin\AppData\Local\Temporary Internet Files:BT9AbDHCTbRGJiA79s8juLmjgP
AlternateDataStreams: C:\Users\admin\AppData\Local\Temporary Internet Files:lU2fNJ0VZGcs3qSWIGJBGC2RDo

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart 3200 series
Description: Photosmart 3200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet 3390
Description: HP LaserJet 3390
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-10-31 01:00:54.222
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-31 01:00:54.144
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-31 00:53:51.939
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131022.001\BHDrvx64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-31 00:53:51.860
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131022.001\BHDrvx64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-31 00:53:51.774
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131022.001\BHDrvx64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-31 00:53:51.688
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131022.001\BHDrvx64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-31 00:53:51.582
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131022.001\BHDrvx64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-31 00:53:51.468
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131022.001\BHDrvx64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-30 01:17:08.617
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-30 01:17:08.539
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 50%
Total physical RAM: 4062.25 MB
Available physical RAM: 2004.77 MB
Total Pagefile: 4153.5 MB
Available Pagefile: 1995.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:453.82 GB) (Free:21.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.94 GB) (Free:1.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:1.87 GB) (Free:0.06 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9E3B397D)
Partition 1: (Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 309E7FF5)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

Danke fürs anschauen!!!

schrauber · 31.10.2013, 10:18

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

squirrel22 · 01.11.2013, 22:49

Hi,
so wie es aussieht hat eset doch noch etwas gefunden:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a46f946c38c8af44af7834044391a28a
# engine=15721
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-01 08:29:38
# local_time=2013-11-01 09:29:38 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3591 16777213 100 91 336025 145934363 0 0
# compatibility_mode=5892 16776574 100 100 47447992 220861684 0 0
# scanned=763526
# found=5
# cleaned=0
# scan_time=29724
sh=61FC716B570C5F23ADAE001EAC78FF8DEE935303 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NZG trojan" ac=I fn="C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\431ef002-4c418904"
sh=2D9411F203C0120570E2CC93F024BF448064DDCD ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-0507.W trojan" ac=I fn="C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\34822166-537c21ae"
sh=5EB3DCEE7DECA4E5C72210E70182571B268333AF ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2465.CF trojan" ac=I fn="C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\3dae1e07-557e1293"
sh=91AC252D8E47ABE5770414A3C1B605131B981D07 ft=1 fh=b2fa5fa20503b338 vn="Win64/Disabler.A trojan" ac=I fn="C:\Users\admin\Documents\Anti_vir_scan2910\viren_archiv\____lf8mqr8z0.pss"
sh=D29CE709CA5A878F57291825828C359168F98FC5 ft=1 fh=af45c4852c7028be vn="a variant of Win32/Kryptik.BNTH trojan" ac=I fn="C:\Users\admin\Documents\Anti_vir_scan2910\viren_archiv\_____0z8rqm8fl.dss"

bzw:

Code:

ATTFilter

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\431ef002-4c418904	Java/Exploit.Agent.NZG trojan
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\34822166-537c21ae	Java/Exploit.CVE-2012-0507.W trojan
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\3dae1e07-557e1293	a variant of Java/Exploit.CVE-2013-2465.CF trojan
C:\Users\admin\Documents\Anti_vir_scan2910\viren_archiv\____lf8mqr8z0.pss	Win64/Disabler.A trojan
C:\Users\admin\Documents\Anti_vir_scan2910\viren_archiv\_____0z8rqm8fl.dss	a variant of Win32/Kryptik.BNTH trojan

wobei die .pss u. dss dateien schon isoliert sind.
was die java sachen betrifft ... was soll ich da machen?

hier noch security check:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.74  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 JavaFX 2.1.1    
 Java(TM) 6 Update 31  
 Java(TM) 7 Update 5  
 Java(TM) 6 Update 7  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (24.0) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

und neuer frst:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by admin (administrator) on *****-MOBIL2 on 01-11-2013 22:40:32
Running from F:\rescue
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Hewlett-Packard Corporation) C:\Windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Validity Sensors, Inc.) C:\Windows\system32\vfsFPService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Windows\system32\WTablet\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [441344 2008-08-05] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1561384 2008-07-17] (Synaptics, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [MacDrive 9 application] - C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe [509952 2013-02-19] (Mediafour Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1814440 2013-09-21] (Valve Corporation)
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1084840 2012-05-16] (Nokia)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKCU\...\Run: [HP Deskjet 3070 B611 series (NET)] - C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-06] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [TVAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [206120 2008-09-24] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-09-25] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-05-26] (Apple Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [hpWirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [DVDAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DpAgent] - C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe [814144 2008-07-14] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-09-25] (CyberLink)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2009-03-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [40376 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [640440 2010-09-22] (Adobe Systems Inc.)
HKU\Buchhaltung\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Pavilion&pf=cnnb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6796FEE5-2792-4E17-A635-8255B021D84A} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKLM - {6796FEE5-2792-4E17-A635-8255B021D84A} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKLM - {84F73379-8BFA-44E6-82B4-603FEA480A2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {A2ED3E4A-3283-4805-BBFA-D4115EDBA85F} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM-x32 - {84F73379-8BFA-44E6-82B4-603FEA480A2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - DefaultScope {4B985E42-B6D8-48B8-8A20-7F2988C99231} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {4B985E42-B6D8-48B8-8A20-7F2988C99231} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {84F73379-8BFA-44E6-82B4-603FEA480A2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5yp4lv7.default
FF Homepage: hxxp://www.orf.at/
FF NetworkProxy: "type", 0
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5yp4lv7.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: defaults - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5yp4lv7.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFF
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe [89088 2008-06-26] (Andrea Electronics Corporation)
R2 MacDrive9Service; C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe [180736 2013-02-19] (Mediafour Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe [251904 2008-08-05] (IDT, Inc.)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [6245744 2010-03-08] (Wacom Technology, Corp.)
R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-09-24] ()
R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-09-24] ()
R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [719152 2008-09-16] (Validity Sensors, Inc.)
R2 vfsFPService; C:\Windows\SysWow64\vfsFPService.exe [599344 2008-09-16] (Validity Sensors, Inc.)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [58496 2008-01-21] (Microsoft Corporation)
S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2009-09-27] ()
S1 Aspi32; C:\Windows\SysWow64\Drivers\Aspi32.sys [25244 2009-10-05] (Adaptec)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-09-27] ()
R3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [306560 2008-06-10] (AVerMedia TECHNOLOGIES, Inc.)
S1 Beep; No ImagePath
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [70344 2011-05-06] (EldoS Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-10-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-01] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131024.001\IDSvia64.sys [521816 2013-10-24] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-09-27] ()
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [323208 2013-01-24] (Mediafour Corporation)
R0 MDPMGRNT; C:\Windows\System32\DRIVERS\MDPMGRNT.SYS [41680 2012-11-28] (Mediafour Corporation)
R0 MDRAID; C:\Windows\System32\DRIVERS\MDRAID.sys [187120 2012-11-28] (Mediafour Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131024.007\ENG64.SYS [126040 2013-10-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131024.007\EX64.SYS [2099288 2013-10-24] (Symantec Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S3 SxSmemcd; C:\Windows\System32\DRIVERS\SxSmemcd.sys [57856 2007-07-25] (Sony Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-08] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMTDIV.SYS [457304 2013-04-25] (Symantec Corporation)
R3 vfs101a; C:\Windows\System32\drivers\vfs101a.sys [49968 2008-09-16] (Validity Sensors, Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
U4 eabfiltr; 
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SYMDNS; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMDNS.SYS [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
S3 SYMREDRV; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMREDRV.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-01 22:26 - 2013-11-01 22:26 - 00891167 _____ C:\Users\admin\Desktop\SecurityCheck.exe
2013-11-01 13:08 - 2013-11-01 13:08 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-01 13:07 - 2013-11-01 13:07 - 02347384 _____ (ESET) C:\Users\admin\Downloads\esetsmartinstaller_enu.exe
2013-10-31 01:15 - 2013-10-31 01:15 - 00001574 _____ C:\Users\admin\Desktop\JRT.txt
2013-10-31 01:06 - 2013-10-31 01:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-31 01:05 - 2013-10-30 17:49 - 01033335 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2013-10-31 00:48 - 2013-10-31 00:48 - 00000948 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-31 00:47 - 2013-10-31 00:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-31 00:47 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-29 16:58 - 2013-10-29 16:58 - 00021690 _____ C:\ComboFix.txt
2013-10-29 16:09 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-29 16:09 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-29 16:09 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-29 16:09 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-29 16:09 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-29 16:09 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-29 16:09 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-29 16:09 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-29 16:07 - 2013-10-29 16:58 - 00000000 ____D C:\Qoobox
2013-10-29 16:06 - 2013-10-29 16:56 - 00000000 ____D C:\Windows\erdnt
2013-10-29 16:01 - 2013-10-29 15:55 - 05137071 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2013-10-29 11:13 - 2013-10-29 11:13 - 00000000 _____ C:\Users\admin\defogger_reenable
2013-10-29 11:10 - 2013-10-29 11:58 - 00000000 ____D C:\Users\admin\Documents\Anti_vir_scan2910
2013-10-29 11:09 - 2013-10-29 11:09 - 00000000 ____D C:\FRST
2013-10-29 10:51 - 2013-10-31 00:58 - 00000000 ____D C:\AdwCleaner
2013-10-29 02:26 - 2013-10-29 03:27 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-22 21:06 - 2013-10-22 21:07 - 00000000 ____D C:\Users\admin\Documents\tramticket
2013-10-14 00:23 - 2013-10-14 00:23 - 00042137 _____ C:\Users\admin\Downloads\flm303-class01.mp4.G62FG56TD1XI.torrent

==================== One Month Modified Files and Folders =======

2013-11-01 22:26 - 2013-11-01 22:26 - 00891167 _____ C:\Users\admin\Desktop\SecurityCheck.exe
2013-11-01 22:25 - 2009-03-19 03:33 - 01239435 _____ C:\Windows\WindowsUpdate.log
2013-11-01 21:05 - 2006-11-02 16:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-01 21:05 - 2006-11-02 16:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-01 16:48 - 2009-06-14 16:38 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2013-11-01 13:13 - 2008-10-27 09:30 - 00673502 _____ C:\Windows\system32\perfh007.dat
2013-11-01 13:13 - 2008-10-27 09:30 - 00145482 _____ C:\Windows\system32\perfc007.dat
2013-11-01 13:13 - 2006-11-02 13:46 - 01565124 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-01 13:08 - 2013-11-01 13:08 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-01 13:07 - 2013-11-01 13:07 - 02347384 _____ (ESET) C:\Users\admin\Downloads\esetsmartinstaller_enu.exe
2013-10-31 12:48 - 2012-02-03 14:37 - 00002413 _____ C:\Users\Public\Desktop\Skype.lnk
2013-10-31 12:35 - 2012-12-20 00:17 - 00000000 ___RD C:\Users\admin\Dropbox
2013-10-31 12:35 - 2012-12-20 00:11 - 00000000 ____D C:\Users\admin\AppData\Roaming\Dropbox
2013-10-31 12:28 - 2012-01-26 18:17 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-31 12:23 - 2010-09-11 10:38 - 00000000 ____D C:\Users\admin\AppData\Roaming\WTablet
2013-10-31 12:23 - 2009-06-09 17:42 - 00000000 ____D C:\Users\admin
2013-10-31 12:22 - 2006-11-02 16:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-31 05:13 - 2012-11-11 02:11 - 00000000 ____D C:\Users\admin\AppData\Local\Firestorm
2013-10-31 01:15 - 2013-10-31 01:15 - 00001574 _____ C:\Users\admin\Desktop\JRT.txt
2013-10-31 01:06 - 2013-10-31 01:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-31 00:59 - 2009-03-19 03:33 - 00003204 _____ C:\Windows\bthservsdp.dat
2013-10-31 00:58 - 2013-10-29 10:51 - 00000000 ____D C:\AdwCleaner
2013-10-31 00:58 - 2006-11-02 16:42 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-31 00:48 - 2013-10-31 00:48 - 00000948 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-31 00:48 - 2013-10-31 00:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-30 17:49 - 2013-10-31 01:05 - 01033335 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2013-10-29 20:41 - 2009-10-14 22:32 - 00000000 ____D C:\Users\admin\Documents\texte
2013-10-29 16:58 - 2013-10-29 16:58 - 00021690 _____ C:\ComboFix.txt
2013-10-29 16:58 - 2013-10-29 16:07 - 00000000 ____D C:\Qoobox
2013-10-29 16:58 - 2006-11-02 14:33 - 00000000 __RHD C:\Users\Default
2013-10-29 16:56 - 2013-10-29 16:06 - 00000000 ____D C:\Windows\erdnt
2013-10-29 16:48 - 2006-11-02 13:34 - 00000215 _____ C:\Windows\system.ini
2013-10-29 16:47 - 2013-09-02 11:56 - 00010732 _____ C:\Windows\PFRO.log
2013-10-29 16:45 - 2006-11-02 13:33 - 87293952 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-10-29 16:45 - 2006-11-02 13:33 - 52690944 _____ C:\Windows\system32\config\COMPONENTS.bak
2013-10-29 16:45 - 2006-11-02 13:33 - 26476544 _____ C:\Windows\system32\config\SYSTEM.bak
2013-10-29 16:45 - 2006-11-02 13:33 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-10-29 16:45 - 2006-11-02 13:33 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-10-29 16:45 - 2006-11-02 13:33 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-10-29 15:55 - 2013-10-29 16:01 - 05137071 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2013-10-29 12:14 - 2011-07-26 04:57 - 00000000 ____D C:\Windows\Minidump
2013-10-29 12:14 - 2009-03-19 03:29 - 00301189 _____ C:\Windows\Minidump\Mini102913-01.dmp
2013-10-29 11:58 - 2013-10-29 11:10 - 00000000 ____D C:\Users\admin\Documents\Anti_vir_scan2910
2013-10-29 11:13 - 2013-10-29 11:13 - 00000000 _____ C:\Users\admin\defogger_reenable
2013-10-29 11:09 - 2013-10-29 11:09 - 00000000 ____D C:\FRST
2013-10-29 11:00 - 2011-10-20 11:13 - 00000000 ____D C:\ProgramData\Uniblue
2013-10-29 10:47 - 2012-11-07 15:17 - 00007916 _____ C:\Users\admin\AppData\Local\d3d9caps.dat
2013-10-29 03:27 - 2013-10-29 02:26 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-29 01:14 - 2006-11-02 16:21 - 05028400 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-29 00:42 - 2012-08-31 16:42 - 00000000 ____D C:\Windows\pss
2013-10-29 00:42 - 2009-06-09 17:47 - 00000000 ___RD C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-28 12:58 - 2011-10-20 11:12 - 00000000 ____D C:\Users\admin\AppData\Roaming\Winamp
2013-10-28 12:43 - 2009-06-15 11:54 - 00000000 ____D C:\Projects
2013-10-27 17:49 - 2013-03-22 18:24 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-24 11:39 - 2012-10-22 14:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-22 21:07 - 2013-10-22 21:06 - 00000000 ____D C:\Users\admin\Documents\tramticket
2013-10-22 21:05 - 2013-09-27 16:06 - 00001430 _____ C:\Windows\setupact.log
2013-10-22 00:04 - 2011-02-15 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-21 10:26 - 2012-05-09 15:18 - 00000000 ____D C:\Users\admin\Documents\****_Buchhaltung
2013-10-21 09:58 - 2012-07-18 10:39 - 00000000 ____D C:\Users\Public\HBPData
2013-10-21 09:58 - 2012-07-18 10:39 - 00000000 ____D C:\Program Files (x86)\HBP
2013-10-20 19:59 - 2012-08-13 05:22 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForadmin
2013-10-20 19:59 - 2012-08-13 05:22 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForadmin.job
2013-10-17 01:08 - 2011-04-26 14:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2013-10-14 00:23 - 2013-10-14 00:23 - 00042137 _____ C:\Users\admin\Downloads\flm303-class01.mp4.G62FG56TD1XI.torrent

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\admin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-31 12:28

==================== End Of Log ============================

--- --- ---

--- --- ---

bitte noch um info was ich mit den java-trojanern machen soll. vielen dank!
lg,
squr.

schrauber · 02.11.2013, 18:30

Java, Flash und Adobe updaten. Java Cache leeren wir jetzt.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.

Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

squirrel22 · 06.11.2013, 03:30

Hallo Schrauber,

ok, melde mich dann wenn ich alles erledigt habe. Momentan gerade etwas stressig bei mir.
lg,
squirrel

Hi Schrauber!

Noch eine Frage:
seit den letzten Änderungen läuft meine Festplatte auf einmal ständig.
Vor allem die Datei SearchProtocolHost.exe greift ständig auf meine Platte zu.
Ich sehe diesen Prozess weder im normalen Task Manager, noch in GMER oder anderen.
Auch über die Management Console kann ich Windows Search nicht abschalten.

Ist das ein ganz normaler Windows Vorgang, oder ist das eventuell auch ein Virus?

Danke und lg,
Squirrel

schrauber · 06.11.2013, 14:54

Das ist Windows Desktop Search, der indiziert die Platte. Am besten deinstallieren oder abschalten. Findest im Netz super viele Leute die das nervt.

06.11.2013, 14:54	#10
schrauber /// the machine /// TB-Ausbilder	Windows Vista: Polizei Virus/Trojaner Das ist Windows Desktop Search, der indiziert die Platte. Am besten deinstallieren oder abschalten. Findest im Netz super viele Leute die das nervt. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows Vista: Polizei Virus/Trojaner

Log-Analyse und Auswertung: Windows Vista: Polizei Virus/Trojaner