Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 09.02.2014, 17:07   #1
NewtonZ4
 
Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt - Standard

Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt



Hi, ich hab das Problem, dass sich beim Starten des PCs jedes mal der Bundestrojaner oeffnet. Habe den abgesicherten Modus probiert, jedoch startet der PC dann jedes mal neu und laesst sich somit nur normal starten.

Hab jetzt die OTLpe Anleitung befolgt und folgende LogFile>

HTML-Code:
OTL logfile created on: 2/9/2014 3:23:01 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186.15 Gb Total Space | 102.83 Gb Free Space | 55.24% Space Free | Partition Type: NTFS
Drive D: | 184.99 Gb Total Space | 179.59 Gb Free Space | 97.08% Space Free | Partition Type: NTFS
Drive E: | 953.73 Mb Total Space | 952.64 Mb Free Space | 99.89% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2013/11/16 09:08:46 | 000,174,592 | ---- | M] (Sato Corporation) [Auto] -- C:\ProgramData\gcl81ha.dss -- (Winmgmt)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/05/12 02:53:24 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/12/15 12:29:42 | 000,014,848 | ---- | M] () [On_Demand] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011/04/20 03:17:28 | 004,896,720 | ---- | M] (ETU Software GmbH) [Auto] -- C:\Program Files\HSETU\ApplicationService\ApplicationService.exe -- (HSETUApplicationService)
SRV - [2009/12/02 11:09:54 | 000,246,272 | ---- | M] () [Auto] -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/10/01 10:38:46 | 000,554,264 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/08/26 08:26:44 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/08/25 02:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/16 17:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 08:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/10 17:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 09:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/03 10:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 10:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/08/23 09:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/07/05 21:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS -- (SRTSP)
DRV - [2012/07/05 21:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2012/06/06 23:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys -- (ccSet_NIS)
DRV - [2012/05/30 21:15:18 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/30 21:15:18 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/25 14:45:09 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120604.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/25 14:45:09 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120604.033\NAVENG.SYS -- (NAVENG)
DRV - [2012/05/21 20:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\NIS\1309010.00E\symefa.sys -- (SymEFA)
DRV - [2012/04/27 19:18:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120602.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/04/17 21:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2012/04/17 20:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS -- (SymIRON)
DRV - [2012/04/02 18:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/03/26 15:20:30 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/15 12:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/07/25 13:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\NIS\1309010.00E\symds.sys -- (SymDS)
DRV - [2009/10/29 12:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/29 12:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/29 12:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/10/29 12:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/10/12 09:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 08:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/15 13:05:56 | 000,967,168 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\tdrpm139.sys -- (tdrpman139) Acronis Try&Decide and Restore Points filter (build 139)
DRV - [2009/07/15 13:05:42 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2009/07/15 13:05:42 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/07/15 13:05:38 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/10/09 07:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008/10/09 07:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008/07/28 22:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/15 12:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/05/02 03:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/02 03:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 03:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 03:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/28 09:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/22 17:36:32 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/15 03:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/10 14:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/02/27 12:36:02 | 000,141,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/09 07:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/20 07:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/30 04:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/10/18 04:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
[color=#E56717]========== Standard Registry (All) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\kohls_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
IE - HKU\kohls_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\kohls_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\kohls_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\kohls_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\kohls_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\kohls_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\kohls_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 20:01:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/01/31 21:18:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2014/02/09 08:16:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/12 02:53:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/10 17:07:16 | 000,000,000 | ---D | M]
 
[2009/12/25 09:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kohls\AppData\Roaming\Mozilla\Extensions
[2009/07/17 05:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kohls\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/12/25 09:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kohls\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/02/05 15:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\322w2j1y.default\extensions
[2009/09/03 06:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\322w2j1y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/20 07:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\322w2j1y.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/12/18 10:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default\extensions
[2010/07/06 11:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/09/17 16:18:29 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default\extensions\toolbar@ask.com
[2011/12/14 10:58:38 | 000,002,449 | ---- | M] () -- C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default\searchplugins\safesearch.xml
[2011/12/20 13:38:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/12 02:53:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/14 10:55:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- 
[2012/05/12 02:53:24 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/06 11:57:38 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/30 15:33:42 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/01/02 06:18:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/01/02 06:18:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/01/02 06:18:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/01/02 06:18:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/01/02 06:18:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/01/02 06:18:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/01/02 06:18:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/05/12 02:53:21 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/12 02:53:21 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/12 02:53:21 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/05/12 02:53:21 | 000,003,413 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/05/12 02:53:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/05/12 02:53:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/05/12 02:53:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\kohls_ON_C\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\kohls_ON_C\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe]  File not found
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [jswtrayutil]  File not found
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\kohls_ON_C..\Run: [{69A9AEA7-6DD1-E35B-636F-989B6C4F1C1B}]  File not found
O4 - HKU\kohls_ON_C..\Run: [avupdate]  File not found
O4 - HKU\kohls_ON_C..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\kohls_ON_C..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\kohls_ON_C..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\kohls_ON_C..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\kohls\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ah18lcg.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\kohls_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.76\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.179.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{15ecd2ce-eecf-11de-85eb-001e33a39b3a}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O33 - MountPoints2\{6e230ee0-0d48-11e0-8b48-001e33a39b3a}\Shell - "" = AutoRun
O33 - MountPoints2\{6e230ee0-0d48-11e0-8b48-001e33a39b3a}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{6e230ee4-0d48-11e0-8b48-001e33a39b3a}\Shell - "" = AutoRun
O33 - MountPoints2\{6e230ee4-0d48-11e0-8b48-001e33a39b3a}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{6e230ee7-0d48-11e0-8b48-001e33a39b3a}\Shell - "" = AutoRun
O33 - MountPoints2\{6e230ee7-0d48-11e0-8b48-001e33a39b3a}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: bcdeplay - (C:\Windows\system32\cleamapi.dll) -  File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/11/16 09:08:46 | 000,174,592 | ---- | C] (Sato Corporation) -- C:\ProgramData\gcl81ha.dss
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014/02/09 08:17:09 | 000,002,591 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaufmann.lnk
[2014/02/09 08:17:04 | 095,025,368 | ---- | M] () -- C:\ProgramData\ah18lcg.bxx
[2014/02/09 08:16:59 | 000,000,000 | ---- | M] () -- C:\ProgramData\ah18lcg.fvv
[2014/02/09 08:16:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/09 08:16:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/09 08:16:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2014/02/09 08:16:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/08 11:49:07 | 002,546,616 | -H-- | M] () -- C:\Users\kohls\AppData\Local\IconCache.db
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/11/16 09:09:30 | 000,000,279 | ---- | C] () -- C:\ProgramData\ah18lcg.reg
[2013/11/16 09:08:50 | 000,000,000 | ---- | C] () -- C:\ProgramData\ah18lcg.fvv
[2013/11/16 09:08:47 | 095,025,368 | ---- | C] () -- C:\ProgramData\ah18lcg.bxx
[2011/10/12 20:07:29 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/05/02 03:49:35 | 000,129,348 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/03/15 10:52:16 | 000,131,917 | ---- | C] () -- C:\Windows\unstall.exe
[2010/10/06 10:00:30 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/09/24 12:55:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 12:55:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 12:55:07 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009/07/23 07:09:55 | 000,000,680 | ---- | C] () -- C:\Users\kohls\AppData\Local\d3d9caps.dat
[2009/07/21 09:34:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/07/20 09:23:32 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009/07/17 05:41:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/16 09:13:30 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/15 06:52:37 | 000,039,936 | ---- | C] () -- C:\Users\kohls\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/15 04:10:34 | 002,546,616 | -H-- | C] () -- C:\Users\kohls\AppData\Local\IconCache.db
[2009/07/15 04:04:25 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/07/15 04:04:25 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/07/15 04:04:25 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/07/15 04:04:25 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/07/15 03:38:02 | 000,097,752 | ---- | C] () -- C:\Users\kohls\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/10/07 10:02:35 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/10/07 10:02:35 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/10/07 10:02:35 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/10/07 10:02:35 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/10/07 10:02:35 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/10/07 10:02:35 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/10/07 09:54:03 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/10/07 09:43:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/10/07 08:54:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/07 08:40:10 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/10/07 08:38:21 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/10/07 08:38:21 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/10/07 08:38:20 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/10/07 08:38:20 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/01/21 02:16:22 | 001,601,828 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/01/21 02:15:58 | 000,689,462 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 02:15:58 | 000,151,368 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/01/20 21:24:38 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,368,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:37:35 | 000,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:35 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:34:41 | 000,197,632 | ---- | C] () -- C:\Windows\System32\ir32_32.dll
[2006/11/02 05:33:01 | 000,645,858 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,122,806 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 05:23:31 | 000,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2006/11/02 02:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2006/11/02 02:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2006/11/02 02:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2006/11/02 02:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2006/11/02 02:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2006/11/02 02:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2006/11/02 02:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2006/11/02 02:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2006/11/02 02:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2006/11/02 02:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2006/11/02 02:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2006/11/02 02:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2006/11/02 02:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2006/11/02 02:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2006/11/02 02:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2006/11/02 02:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2006/11/02 02:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 02:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 02:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 02:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 01:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2004/09/16 07:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\System32\drivers\ADFUUD.SYS
[2004/09/16 07:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\ADFUUD.SYS
[2003/02/20 10:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/07/15 13:16:48 | 000,000,000 | ---D | M] -- C:\Users\kohls\AppData\Roaming\Acronis
[2010/06/28 01:50:59 | 000,000,000 | ---D | M] -- C:\Users\kohls\AppData\Roaming\Acwu
[2012/02/27 09:27:00 | 000,000,000 | ---D | M] -- C:\Users\kohls\AppData\Roaming\HSETU
[2009/11/06 10:17:25 | 000,000,000 | ---D | M] -- C:\Users\kohls\AppData\Roaming\ICQ
[2012/03/02 08:43:34 | 000,000,000 | ---D | M] -- C:\Users\kohls\AppData\Roaming\InstalSoft
[2011/08/14 02:55:52 | 000,000,000 | ---D | M] -- C:\Users\kohls\AppData\Roaming\Loeros
[2011/08/11 16:10:14 | 000,000,000 | ---D | M] -- C:\Users\kohls\AppData\Roaming\Qewito
[2010/06/24 03:43:17 | 000,000,000 | ---D | M] -- C:\Users\kohls\AppData\Roaming\Subaag
[2010/12/28 14:54:10 | 000,000,000 | ---D | M] -- C:\Users\kohls\AppData\Roaming\T-Mobile
[2010/12/27 15:26:40 | 000,000,000 | ---D | M] -- C:\Users\kohls\AppData\Roaming\T-Mobile Internet Manager
[2009/12/25 09:50:17 | 000,000,000 | ---D | M] -- C:\Users\kohls\AppData\Roaming\TomTom
[2009/07/15 05:07:19 | 000,000,000 | ---D | M] -- C:\Users\kohls\AppData\Roaming\Toshiba
[2009/07/15 13:16:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Acronis
[2009/07/15 03:32:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/15 03:32:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/07/15 03:32:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/02/27 10:50:20 | 000,000,000 | ---D | M] -- C:\ProgramData\HSETU
[2009/07/21 14:41:48 | 000,000,000 | ---D | M] -- C:\ProgramData\IsolatedStorage
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/07/15 03:32:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/12/25 09:56:15 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom
[2008/10/07 10:04:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Toshiba
[2009/07/15 03:38:07 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2008/10/07 10:01:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2009/07/15 03:32:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/12/16 10:23:44 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2011/01/02 06:19:23 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2014/02/08 11:49:46 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >
HTML-Code:
OTL Extras logfile created on: 2/9/2014 3:23:01 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186.15 Gb Total Space | 102.83 Gb Free Space | 55.24% Space Free | Partition Type: NTFS
Drive D: | 184.99 Gb Total Space | 179.59 Gb Free Space | 97.08% Space Free | Partition Type: NTFS
Drive E: | 953.73 Mb Total Space | 952.64 Mb Free Space | 99.89% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1476183312-564281682-92577615-1000]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{079F8518-81AA-45A2-BA0C-A2E2A74118C8}" = Kaufmann
"{07C9627A-CA0B-2AA2-062E-204359DF7BA1}" = Catalyst Control Center Core Implementation
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0EFB2016-41D2-5F30-8F60-25250F6DABDD}" = CCC Help Thai
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1E57A11B-AB65-C6D1-F999-B3B37AB2298E}" = Catalyst Control Center Localization Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27265B80-303E-EFFF-6052-B11F91B634C3}" = Catalyst Control Center Localization Italian
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2920435D-CE92-5024-1694-DFD43A5FF074}" = Catalyst Control Center Localization Greek
"{2CD6D3D2-1EFC-F0B4-1761-FD4FA7F8750F}" = CCC Help Finnish
"{358004B9-3A16-87FF-4487-4D6F0C70E52F}" = Catalyst Control Center Localization Russian
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{38A3E884-313A-7AE0-11BC-482DE0C8766A}" = CCC Help Czech
"{3BB12DBC-0A8E-ECE2-F179-D06B99B8CD02}" = Catalyst Control Center Localization Czech
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E0E28DC-DA90-1BA2-FA36-AA3C2E4FB74A}" = Catalyst Control Center Graphics Previews Vista
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C90501F-864B-5AC4-867D-6AC35BE50721}" = ccc-utility
"{55398A75-13E0-570F-BD16-2EE5D9E5523D}" = Catalyst Control Center Localization Norwegian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F131988-3326-AD64-1817-D76A2FE3C2D3}" = CCC Help Chinese Traditional
"{5FBF37CD-B7F9-564C-BDFC-73D970CF7AF2}" = CCC Help Italian
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61C63422-E5E2-8576-2B82-0E01F5AD2538}" = CCC Help English
"{61F90A4F-AD49-7FFB-F027-5B2CB64F0A70}" = Catalyst Control Center Graphics Light
"{629044C7-745A-64B8-467F-2F93ED50008B}" = CCC Help Chinese Standard
"{65BF23C0-4EF9-27CC-7B6F-190F4008A569}" = Catalyst Control Center Localization Polish
"{65D602E4-DCDE-0743-6A0A-F1A203449F47}" = CCC Help German
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{6B4874CA-13CF-2477-B697-B448201B56B6}" = CCC Help Norwegian
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6EB0B23B-AA51-6F4E-C94C-C1015ED61EEC}" = CCC Help Japanese
"{70495081-1DC8-AD4B-C197-12138B8FBC9E}" = CCC Help Danish
"{71B929E2-3556-93DB-DEC0-FD56D3EFB473}" = Catalyst Control Center Localization Chinese Traditional
"{71C47830-182D-79FA-0790-0366E6E2C2EB}" = Catalyst Control Center Localization Spanish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 3.76
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77CAD946-C573-6647-B222-B6870C072932}" = CCC Help Korean
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E83516C-931B-870F-5CDF-01FDF9A4AEF0}" = Catalyst Control Center Localization Turkish
"{86728841-C151-B8E4-43C6-DD289DE570B6}" = Catalyst Control Center Localization Swedish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86DBA852-5D5E-1856-D828-620E792EDC0D}" = Catalyst Control Center Localization Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88BA2601-8A62-7AB7-DB8A-7AA2840B7C87}" = Catalyst Control Center Localization Thai
"{8B587895-7716-1B99-5D85-3CA4AAF8A0F4}" = Catalyst Control Center Localization Dutch
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9244F321-0BBD-9D4A-C1FB-6437E3D0550D}" = Catalyst Control Center Localization German
"{93F3EBDD-4007-C233-7320-977AC0941054}" = CCC Help Turkish
"{94AB6CE0-DB26-7048-2A5B-4647EA1FC693}" = ccc-core-static
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A103C127-2168-4493-8D01-4BF180BED12C}" = CCC Help Portuguese
"{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}" = ATI Catalyst Install Manager
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AC2EE52D-05CD-8140-5D29-5AA29590971E}" = CCC Help French
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B02A78AE-EA3B-8261-AEBC-8221E22DCC1E}" = CCC Help Polish
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1D67B62-35A8-A9A1-AA74-F6A495C8271A}" = Catalyst Control Center Localization Danish
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.2
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BC2EA92A-A5A9-A137-5204-F150EDB05DB3}" = CCC Help Hungarian
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BC713970-8C3C-852B-4139-636F21114B7F}" = CCC Help Dutch
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5F1A9C4-C041-2E95-5D7E-EF56CED2B522}" = Skins
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D32D873B-71AC-4BD5-813E-C11B590D58C8}" = Uponor HSE-san 4.9 DE
"{D7CC05AF-067D-0D1A-1E4D-9DCBCDCC2D41}" = Catalyst Control Center Graphics Full New
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0FC3A5D-CF52-ABA7-92EF-D9794F372121}" = Catalyst Control Center Graphics Full Existing
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EA7D1919-A6BF-979A-E3A2-F753E23D45FA}" = Catalyst Control Center Localization Hungarian
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED2BC5D9-20EE-FBB6-8483-240F19EFCAA5}" = CCC Help Swedish
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0345A2F-1D78-0AEA-7CBB-CEF48622EB44}" = Catalyst Control Center Localization Portuguese
"{F0646787-1A2F-34E9-A61D-9DAD69F606F8}" = CCC Help Spanish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F50E4D66-5280-FDF8-7F55-2E47FCF23E7D}" = Catalyst Control Center Localization Korean
"{F67E6AE5-F87B-025F-2D6B-26491304393F}" = CCC Help Russian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9DAAC4B-5E3F-1D39-9D4B-6998664EF402}" = Catalyst Control Center Localization Finnish
"{F9F66B99-C1B3-ACEA-1F80-404CC4DD96BF}" = Catalyst Control Center Localization French
"{FA493449-3E34-4E05-8CA7-26A42E9F180E}" = CCC Help Greek
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Heimeier EasyPlan" = Heimeier EasyPlan 3.0.1 
"Heimeier Ventilauslegung" = Heimeier Ventilauslegung 1.4.0 
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"myphotobook" = myphotobook 3.6
"NIS" = Norton Internet Security
"OpenVPN" = OpenVPN 2.2.2
"OVplan" = OVplan 3.1.4 
"OVselect" = OVselect 3.2.0 
"OVsim" = OVsim 2.0.2 
"Picasa 3" = Picasa 3
"ST6UNST #1" = DELTA
"ST6UNST #2" = DELTA (C:\GHFakt\)
"ST6UNST #3" = DELTA (C:\GHFakt\) #3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
 
< End of report >
Besten Dank im Voraus

Alt 09.02.2014, 17:41   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt - Standard

Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt



hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 09.02.2014, 18:11   #3
NewtonZ4
 
Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt - Standard

Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt



Hallo Schrauber,

ich komme dort nicht hin. Wenn ich "Computer reparieren" auswähle startet der Rechner ganz normal und ich hänge wieder am Bundes Trojaner.

Nachtrag: Jetzte läuft es doch...


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-02-2014
Ran by SYSTEM on MINWINPC on 09-02-2014 18:09:42
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] - cfFncEnabler.exe
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-09-26] (Chicony)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [jswtrayutil] - "C:\Program Files\Jumpstart\jswtrayutil.exe"
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4365688 2008-10-01] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [962464 2008-10-01] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [165144 2008-10-01] (Acronis)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [UIExec] - C:\Program Files\Mobile Partner Manager\UIExec.exe [132096 2009-12-02] ()
HKLM\...\Run: [DataCardMonitor] - C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2010-12-28] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [888488 2011-09-08] ({StringFileInfo_CompanyName})
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-26] (Apple Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\kohls\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\kohls\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\kohls\...\Run: [{69A9AEA7-6DD1-E35B-636F-989B6C4F1C1B}] - [X]
HKU\kohls\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] - C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\kohls\...\Run: [avupdate] - [X]
HKU\kohls\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\kohls\...\Policies\system: [DisableTaskMgr] 1
HKU\kohls.V2\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\kohls.V2\...\Run: [Skype] - C:\Program Files\Skype\\Phone\Skype.exe [13351304 2010-09-02] (Skype Technologies S.A.)
HKU\kohls.V2\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247144 2009-11-13] (TomTom)
HKU\kohls.V2\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\kohls.V2\...\Run: [{69A9AEA7-6DD1-E35B-636F-989B6C4F1C1B}] - C:\Users\kohls\AppData\Roaming\Acwu\feibf.exe
HKU\kohls.V2\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\kohls\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ah18lcg.lnk
ShortcutTarget: ah18lcg.lnk -> C:\ProgramData\gcl81ha.dss (Sato Corporation)
HKLM\...\AppCertDlls: [bcdeplay] -> C:\Windows\system32\cleamapi.dll

========================== Services (Whitelisted) =================

S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [554264 2008-10-01] (Acronis)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION)
S2 HSETUApplicationService; C:\Program Files\HSETU\ApplicationService\ApplicationService.exe [4896720 2011-04-20] (ETU Software GmbH)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-13] (Microsoft Corporation)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
S3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [77824 2008-08-24] (Toshiba)
S2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-08-26] (Toshiba Europe GmbH)
S2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S2 UI Assistant Service; C:\Program Files\Mobile Partner Manager\AssistantServices.exe [246272 2009-12-02] ()
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 Winmgmt; C:\ProgramData\gcl81ha.dss [174592 2013-11-16] (Sato Corporation)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx86.sys [821880 2012-04-02] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-05-30] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-05-30] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120602.001\IDSvix86.sys [368248 2012-04-27] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120604.033\NAVENG.SYS [87928 2012-05-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120604.033\NAVEX15.SYS [1589752 2012-05-25] (Symantec Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.)
S0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2009-07-15] (Acronis)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-03-26] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-17] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS [345208 2012-04-17] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S0 tdrpman139; C:\Windows\System32\DRIVERS\tdrpm139.sys [967168 2009-07-15] (Acronis)
S2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2009-07-15] (Acronis)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [112640 2009-10-20] (Huawei Technologies Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DRIVERS\athr.sys 8BE56F8300E1C37B578DA23C71816B7A
C:\Windows\System32\DRIVERS\atikmdag.sys A2B6478963451A99C28DA8133B648142
C:\Windows\System32\DRIVERS\AtiPcie.sys 4AA1EB65481C392955939E735D27118B
C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx86.sys A503D32AE26F77CB942AED530112EDAA
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\drivers\BMLoad.sys D002033C1A37F6AF51B5F0BA6D0211BC
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys ACE85AF1C31F68BDFEE9333F6592917E
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 988670D8343EF9835FB3659DB71B2EFA
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys FCE87BA643D5E9A8B6E0378508D1B22D
C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 115DC729465A8C386615207F28875255
C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61
C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\System32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\System32\DRIVERS\FwLnk.sys CBC22823628544735625B280665E434E
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\DRIVERS\VSTAZL3.SYS 46D67209550973257601A533E2AC5785
C:\Windows\System32\DRIVERS\HSX_DPV.sys CC267848CB3508E72762BE65734E764D
C:\Windows\System32\DRIVERS\HSXHWAZL.sys A2882945CC4B6E3E4E9E825590438888
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\System32\DRIVERS\ewusbmdm.sys 0515065A3C7E8869DD01253E987C5BD1
C:\Windows\System32\DRIVERS\ewusbdev.sys A259D3619AA23D4562581067F85E2006
C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120602.001\IDSvix86.sys F9069CE7A7B9F9BA75D009B0CE3D7601
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys B9CBD3DEA7CA02868621173BF7A2AF9F
C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\jswpslwf.sys 11AD410F41AF42BA12E63187E3EC141A
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\System32\drivers\massfilter.sys 59A2783ABA6019BED0C843C706E10A6A
C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76
C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\System32\drivers\msahci.sys 5457DCFA7C0DA43522F4D9D4049C1472
C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120604.033\NAVENG.SYS F11033730B38260B6892E837C457FB4B
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120604.033\NAVEX15.SYS 4E4E7C0259D3BB97DE24A636C0E06ABA
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmb.sys C82F4CC10AD315B6D6BCB14D0A7CAD66
C:\Windows\System32\drivers\ccdcmbo.sys 60EF5F5621D7832F00A3F190A0C905E2
C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\System32\DRIVERS\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\Drivers\PxHelp20.sys 49452BFCEC22F36A7A9B9C2181BC3042
C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\System32\drivers\RtHDMIV.sys C853AE16CCF5033C0CBA0855390F5C7F
C:\Windows\System32\DRIVERS\Rtlh86.sys 7157E70A90CCE49DEB8885D23A073A39
C:\Windows\System32\drivers\RTSTOR.SYS 9FF7D9CF3A5F296613588B0E8DB83AFE
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\System32\DRIVERS\snman380.sys 5CE1CF27620B144E212D407CDB14D339
C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS 7BB297CADA42903328E92425D9761DA6
C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS 475FCF0F28D845BF1C8ABAC27F19003E
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS 690FA0E61B90084C4D9A721BD4F3D779
C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS 8F88EDB211B12537D2DC2A6D73D6067C
C:\Windows\system32\Drivers\SYMEVENT.SYS 555FB450FE6908600310E990738B41D6
C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS 2C356CCA706505CF63CBE39D532B9236
C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS 40C6E6417C8B7D7FCF82CFBE71525795
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 55F6E55CC2430CA8713387106FA79817
C:\Windows\System32\DRIVERS\tap0901.sys 8CF6E2AE1707D82E904ECCA68CEF8B87
C:\Windows\System32\drivers\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D
C:\Windows\System32\DRIVERS\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D
C:\Windows\System32\Drivers\tcpipBM.sys DCFEB82CA988598CEB8F83148616038E
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\DRIVERS\tdcmdpst.sys 1825BCEB47BF41C5A9F0E44DE82FC27A
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\DRIVERS\tdrpm139.sys E22BF1642FCE508E1123543C8A51255B
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tifsfilt.sys 6DCB8DDB481CD3C40FA68593723B4D89
C:\Windows\System32\DRIVERS\timntr.sys 394FC70B88B7958FA85798BBC76D140A
C:\Windows\System32\DRIVERS\tos_sps32.sys 1EA5F27C29405BF49799FECA77186DA9
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\System32\DRIVERS\TVALZ_O.SYS 792A8B80F8188ABA4B2BE271583F3E46
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\DRIVERS\usbser_lowerflt.sys BB16932A4189E82D6C455042C11849B6
C:\Windows\System32\Drivers\usbaapl.sys EAFE1E00739AFE6C51487A050E772E17
C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2
C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888
C:\Windows\System32\DRIVERS\usbohci.sys D457EBD0C3A8B3A3A144355B5EE91CBC
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbser.sys 8E6C378A885D6FFDA8F05E8D27B95C0E
C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys E748D50B3B2EC7F40A2BA67FB094CF01
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\Drivers\usbvideo.sys 73FF24E21B690625A58109637DDA0DF7
C:\Windows\System32\Drivers\UVCFTR_S.SYS 237C444FBD1C697A2E3FA60F02C61F22
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\HSX_CNXT.sys 0ACD399F5DB3DF1B58903CF4949AB5A8
C:\Windows\system32\drivers\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\DRIVERS\WSDPrint.sys 4422AC5ED8D4C2F0DB63E71D4C069DD7
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\xaudio.sys DAB33CFA9DD24251AAA389FF36B64D4B
C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys 3862318F85BE7A91957ADA5E814ED58C
C:\Windows\System32\DRIVERS\ZTEusbnmea.sys 3862318F85BE7A91957ADA5E814ED58C
C:\Windows\System32\DRIVERS\ZTEusbser6k.sys 3862318F85BE7A91957ADA5E814ED58C

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-09 12:30 - 2014-02-09 12:32 - 00000000 ____D () C:\FRST
2014-02-09 12:25 - 2014-02-09 12:25 - 00030826 _____ () C:\Extras.Txt
2014-02-09 12:21 - 2014-02-09 12:25 - 00107492 _____ () C:\OTL.Txt

==================== One Month Modified Files and Folders =======

2014-02-09 12:32 - 2014-02-09 12:30 - 00000000 ____D () C:\FRST
2014-02-09 12:30 - 2009-08-10 03:17 - 00000000 ____D () C:\users\kohls.V2
2014-02-09 12:30 - 2006-11-02 03:18 - 00000000 ___RD () C:\users\Public
2014-02-09 12:25 - 2014-02-09 12:25 - 00030826 _____ () C:\Extras.Txt
2014-02-09 12:25 - 2014-02-09 12:21 - 00107492 _____ () C:\OTL.Txt
2014-02-09 12:16 - 2009-07-15 00:37 - 00000000 ____D () C:\users\kohls
2014-02-09 05:17 - 2013-11-16 06:08 - 95025368 ____T () C:\ProgramData\ah18lcg.bxx
2014-02-09 05:16 - 2013-11-16 06:08 - 00000000 _____ () C:\ProgramData\ah18lcg.fvv
2014-02-09 05:16 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-09 05:16 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-08 09:00 - 2009-07-15 00:15 - 01907219 _____ () C:\Windows\WindowsUpdate.log
2014-02-08 08:45 - 2012-01-20 13:01 - 00004316 _____ () C:\Windows\setupact.log
2014-01-10 08:24 - 2012-02-27 07:42 - 00000000 ____D () C:\Users\kohls\AppData\Local\CrashDumps

Files to move or delete:
====================
C:\ProgramData\ah18lcg.bxx
C:\ProgramData\ah18lcg.fvv
C:\ProgramData\ah18lcg.reg
C:\ProgramData\gcl81ha.dss
C:\Users\kohls\aawsepersonal.exe
C:\Users\kohls\ar505deu.exe
C:\Users\kohls\diskchart.exe
C:\Users\kohls\FeieList.dat
C:\Users\kohls\GebuList.dat
C:\Users\kohls\GHALARM.EXE
C:\Users\kohls\GHTERMIN.EXE
C:\Users\kohls\info.exe
C:\Users\kohls\MitaList.dat
C:\Users\kohls\system_mechanic.exe
C:\Users\kohls.V2\system_mechanic.exe


Some content of TEMP:
====================
C:\Users\kohls\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\kohls\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\kohls\AppData\Local\Temp\dQCd.dll
C:\Users\kohls\AppData\Local\Temp\setup.exe
C:\Users\kohls\AppData\Local\Temp\_isEAF8.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-11-10 02:42:22
Restore point made on: 2013-11-10 15:00:12
Restore point made on: 2013-11-11 15:00:06
Restore point made on: 2013-11-12 15:00:06
Restore point made on: 2013-11-13 15:00:17
Restore point made on: 2013-11-14 15:00:16
Restore point made on: 2013-11-15 15:00:16
Restore point made on: 2013-11-16 15:00:21
Restore point made on: 2013-11-16 18:00:20
Restore point made on: 2013-11-17 15:00:07
Restore point made on: 2013-11-20 12:29:57
Restore point made on: 2013-11-21 15:00:08
Restore point made on: 2013-11-24 04:57:56
Restore point made on: 2013-11-29 11:29:36
Restore point made on: 2013-12-08 03:09:40
Restore point made on: 2013-12-13 10:39:13
Restore point made on: 2013-12-20 18:00:24
Restore point made on: 2013-12-22 05:30:21
Restore point made on: 2013-12-25 15:02:31
Restore point made on: 2014-01-02 03:24:54
Restore point made on: 2014-01-02 17:25:35
Restore point made on: 2014-01-03 15:00:18
Restore point made on: 2014-01-04 15:00:18

==================== BCD ================================


Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {e2a7af9c-9472-11dd-a904-001e333329d1}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[F:]\Sources\Boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path                    \windows\system32\boot\winload.exe
description             Windows Recovery Environment
osdevice                ramdisk=[F:]\Sources\Boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {e2a7af9c-9472-11dd-a904-001e333329d1}
nx                      OptIn

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {e2a7af9c-9472-11dd-a904-001e333329d1}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows-Legacybetriebssystem-Ladeprogramm
-----------------------------------------
Bezeichner              {ntldr}
device                  unknown
path                    \ntldr
description             Frhere Windows-Version

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description             Ramdisk Device Options
ramdisksdidevice        partition=F:
ramdisksdipath          \boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 3836.91 MB
Available physical RAM: 3285.56 MB
Total Pagefile: 3502.3 MB
Available Pagefile: 3344.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.97 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:186.15 GB) (Free:102.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:184.99 GB) (Free:179.58 GB) NTFS
Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.22 GB) NTFS
Drive g: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.92 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 373 GB) (Disk ID: F087FDDC)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=186 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=185 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 954 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=954 MB) - (Type=06)


LastRegBack: 2014-02-08 08:50

==================== End Of Log ============================
         
--- --- ---
__________________

Geändert von NewtonZ4 (09.02.2014 um 19:04 Uhr)

Alt 10.02.2014, 12:45   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt - Standard

Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM\...\Run: [jswtrayutil] - "C:\Program Files\Jumpstart\jswtrayutil.exe"
Startup: C:\Users\kohls\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ah18lcg.lnk
ShortcutTarget: ah18lcg.lnk -> C:\ProgramData\gcl81ha.dss (Sato Corporation)
S2 Winmgmt; C:\ProgramData\gcl81ha.dss [174592 2013-11-16] (Sato Corporation)
2014-02-09 05:17 - 2013-11-16 06:08 - 95025368 ____T () C:\ProgramData\ah18lcg.bxx
2014-02-09 05:16 - 2013-11-16 06:08 - 00000000 _____ () C:\ProgramData\ah18lcg.fvv
C:\ProgramData\ah18lcg.bxx
C:\ProgramData\ah18lcg.fvv
C:\ProgramData\ah18lcg.reg
C:\ProgramData\gcl81ha.dss
C:\Users\kohls\aawsepersonal.exe
C:\Users\kohls\ar505deu.exe
C:\Users\kohls\diskchart.exe
C:\Users\kohls\FeieList.dat
C:\Users\kohls\GebuList.dat
C:\Users\kohls\GHALARM.EXE
C:\Users\kohls\GHTERMIN.EXE
C:\Users\kohls\info.exe
C:\Users\kohls\MitaList.dat
C:\Users\kohls\system_mechanic.exe
C:\Users\kohls.V2\system_mechanic.exe
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.02.2014, 19:39   #5
NewtonZ4
 
Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt - Standard

Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt



Hey Schrauber,

Fix It durchgeführt mit folgendem Ergebniss.

Der Rechner startet "normal", ohne Bundestrojaner.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-02-2014
Ran by SYSTEM at 2014-02-10 19:37:55 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [jswtrayutil] - "C:\Program Files\Jumpstart\jswtrayutil.exe"
Startup: C:\Users\kohls\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ah18lcg.lnk
ShortcutTarget: ah18lcg.lnk -> C:\ProgramData\gcl81ha.dss (Sato Corporation)
S2 Winmgmt; C:\ProgramData\gcl81ha.dss [174592 2013-11-16] (Sato Corporation)
2014-02-09 05:17 - 2013-11-16 06:08 - 95025368 ____T () C:\ProgramData\ah18lcg.bxx
2014-02-09 05:16 - 2013-11-16 06:08 - 00000000 _____ () C:\ProgramData\ah18lcg.fvv
C:\ProgramData\ah18lcg.bxx
C:\ProgramData\ah18lcg.fvv
C:\ProgramData\ah18lcg.reg
C:\ProgramData\gcl81ha.dss
C:\Users\kohls\aawsepersonal.exe
C:\Users\kohls\ar505deu.exe
C:\Users\kohls\diskchart.exe
C:\Users\kohls\FeieList.dat
C:\Users\kohls\GebuList.dat
C:\Users\kohls\GHALARM.EXE
C:\Users\kohls\GHTERMIN.EXE
C:\Users\kohls\info.exe
C:\Users\kohls\MitaList.dat
C:\Users\kohls\system_mechanic.exe
C:\Users\kohls.V2\system_mechanic.exe
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\jswtrayutil => Value deleted successfully.
C:\Users\kohls\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ah18lcg.lnk => Moved successfully.
C:\ProgramData\gcl81ha.dss => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\ah18lcg.bxx => Moved successfully.
C:\ProgramData\ah18lcg.fvv => Moved successfully.
"C:\ProgramData\ah18lcg.bxx" => File/Directory not found.
"C:\ProgramData\ah18lcg.fvv" => File/Directory not found.
C:\ProgramData\ah18lcg.reg => Moved successfully.
"C:\ProgramData\gcl81ha.dss" => File/Directory not found.
C:\Users\kohls\aawsepersonal.exe => Moved successfully.
C:\Users\kohls\ar505deu.exe => Moved successfully.
C:\Users\kohls\diskchart.exe => Moved successfully.
C:\Users\kohls\FeieList.dat => Moved successfully.
C:\Users\kohls\GebuList.dat => Moved successfully.
C:\Users\kohls\GHALARM.EXE => Moved successfully.
C:\Users\kohls\GHTERMIN.EXE => Moved successfully.
C:\Users\kohls\info.exe => Moved successfully.
C:\Users\kohls\MitaList.dat => Moved successfully.
C:\Users\kohls\system_mechanic.exe => Moved successfully.
C:\Users\kohls.V2\system_mechanic.exe => Moved successfully.

==== End of Fixlog ====
         


Geändert von NewtonZ4 (10.02.2014 um 20:05 Uhr)

Alt 11.02.2014, 17:31   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt - Standard

Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt



Ab jetzt alles im normalen Modus:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
--> Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt

Alt 12.02.2014, 10:37   #7
NewtonZ4
 
Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt - Standard

Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt



Hallo schrauber,

anliegende schinmal die ersten Logs.

Malewarebyte:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.10.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
kohls :: KOHLS-PC [Administrator]

10.02.2014 20:50:59
mbam-log-2014-02-10 (20-50-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232975
Laufzeit: 36 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{69A9AEA7-6DD1-E35B-636F-989B6C4F1C1B} (Trojan.ZbotR.Gen) -> Daten: C:\Users\kohls\AppData\Roaming\Acwu\feibf.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\kohls\AppData\Local\Temp\dQCd.dll (Trojan.Winlock.Reveton) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\kohls\AppData\Local\Temp\gcl81ha.dss (Trojan.Winlock.Reveton) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\gcl81ha.dss (Trojan.Winlock.Reveton) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\kohls\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\kohls\AppData\Roaming\Adobe\plugs\mmc49.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v3.018 - Bericht erstellt am 10/02/2014 um 20:08:04
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : kohls - KOHLS-PC
# Gestartet von : C:\Users\kohls\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\kohls\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\kohls\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\kohls\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default\Extensions\toolbar@ask.com
Datei Gelöscht : C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default\searchplugins\safesearch.xml
Datei Gelöscht : C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{344FA0D0-9BF8-42D8-88CB-8FA9D703FE85}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{344FA0D0-9BF8-42D8-88CB-8FA9D703FE85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v12.0 (de)

[ Datei : C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.asktb.AviraIDW-TS", "1319796236139");
Zeile gelöscht : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xmlns=\"hxxp://websearch.ask.com/widgets\">\n  <widget_url>hxxps://aviratoolbar.idwatchdog.com/toolbar[...]
Zeile gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Zeile gelöscht : user_pref("extensions.asktb.cbid", "JM");
Zeile gelöscht : user_pref("extensions.asktb.config-updated", true);
Zeile gelöscht : user_pref("extensions.asktb.crumb", "2011.07.02+04.38.46-toolbar011iad-DE-T2xkZW5idXJnLEdlcm1hbnk%3D");
Zeile gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar");
Zeile gelöscht : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Zeile gelöscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Zeile gelöscht : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0101");
Zeile gelöscht : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Zeile gelöscht : user_pref("extensions.asktb.first-restart-after-config-update", true);
Zeile gelöscht : user_pref("extensions.asktb.fresh-install", false);
Zeile gelöscht : user_pref("extensions.asktb.guid", "a0e296bc-8b3d-47cd-94c4-a2db155cab6e");
Zeile gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Zeile gelöscht : user_pref("extensions.asktb.if", "first");
Zeile gelöscht : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Zeile gelöscht : user_pref("extensions.asktb.l", "dis");
Zeile gelöscht : user_pref("extensions.asktb.last-config-req", "1388656429544");
Zeile gelöscht : user_pref("extensions.asktb.last-search-timestamp", "1384597410304");
Zeile gelöscht : user_pref("extensions.asktb.last-v", "3.14.0.100010");
Zeile gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Zeile gelöscht : user_pref("extensions.asktb.location", "Oldenburg,Germany");
Zeile gelöscht : user_pref("extensions.asktb.new-tab-opt-out", true);
Zeile gelöscht : user_pref("extensions.asktb.notification-shown", true);
Zeile gelöscht : user_pref("extensions.asktb.o", "100000080");
Zeile gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Zeile gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Zeile gelöscht : user_pref("extensions.asktb.r", "20");
Zeile gelöscht : user_pref("extensions.asktb.sa", "NO");
Zeile gelöscht : user_pref("extensions.asktb.search-history-queries", "start.levates.at||levates.at||start.levates.at/login||kilometerpauschale||kernbohrpreise||benrad vrk||led fernseher||aufhebungs Arbeitsvetrag||sof[...]
Zeile gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Zeile gelöscht : user_pref("extensions.asktb.silent-upgrade", true);
Zeile gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Zeile gelöscht : user_pref("extensions.asktb.themeid", "");
Zeile gelöscht : user_pref("extensions.asktb.to", "");
Zeile gelöscht : user_pref("extensions.asktb.v", "3.14.0.100015");
Zeile gelöscht : user_pref("extensions.enabledAddons", "toolbar@ask.com:3.14.0.100015,{972ce4c6-7e08-4474-a285-3208198ce6fd}:12.0");

*************************

AdwCleaner[R0].txt - [10580 octets] - [10/02/2014 20:07:15]
AdwCleaner[S0].txt - [10405 octets] - [10/02/2014 20:08:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10466 octets] ##########
         
Junkware Removal Tool:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by kohls on 10.02.2014 at 22:35:24,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.02.2014 at 22:40:55,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Un dhier die FRST Logs.


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014 01
Ran by kohls (administrator) on KOHLS-PC on 12-02-2014 10:33:56
Running from C:\Users\kohls\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ETU Software GmbH) C:\Program Files\HSETU\ApplicationService\ApplicationService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [] - [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1476183312-564281682-92577615-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1476183312-564281682-92577615-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1476183312-564281682-92577615-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-1476183312-564281682-92577615-1000\...\MountPoints2: {15ecd2ce-eecf-11de-85eb-001e33a39b3a} - G:\InstallTomTomHOME.exe
HKU\S-1-5-21-1476183312-564281682-92577615-1000\...\MountPoints2: {87ebdbf0-722f-11de-9774-001e33a39b3a} - D:\setup.exe
HKLM\...\AppCertDlls: [bcdeplay] -> C:\Windows\system32\cleamapi.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {F5B740A0-B437-43B5-9612-400C070E8424} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE;
SearchScopes: HKCU - {F5B740A0-B437-43B5-9612-400C070E8424} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE_de___DE336
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-11-01]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-05-13]
FF Extension: Adblock Plus - C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-02-11]

========================== Services (Whitelisted) =================

R2 HSETUApplicationService; C:\Program Files\HSETU\ApplicationService\ApplicationService.exe [4896720 2011-04-20] (ETU Software GmbH)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [1098968 2014-01-21] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-02-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-02-10] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140211.001\IDSvix86.sys [394456 2014-02-09] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-11] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140211.020\NAVENG.SYS [93272 2014-02-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140211.020\NAVEX15.SYS [1612376 2014-02-10] (Symantec Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-02-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1501000.012\SYMTDIV.SYS [383576 2013-09-26] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-12 10:33 - 2014-02-12 10:35 - 00013622 _____ () C:\Users\kohls\Desktop\FRST.txt
2014-02-12 10:33 - 2014-02-12 10:33 - 01139712 _____ (Farbar) C:\Users\kohls\Desktop\FRST.exe
2014-02-12 10:32 - 2014-02-12 10:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-12 10:32 - 2014-02-12 10:32 - 00000000 _____ () C:\Windows\setupact.log
2014-02-12 10:29 - 2014-02-12 10:29 - 00006826 _____ () C:\Windows\PFRO.log
2014-02-12 10:27 - 2014-02-12 10:27 - 00243256 _____ () C:\Users\kohls\Documents\cc_20140212_102725.reg
2014-02-12 10:25 - 2014-02-12 10:25 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-02-12 10:25 - 2014-02-06 19:00 - 00112640 _____ () C:\Windows\system32\ff_vfw.dll
2014-02-12 10:25 - 2013-12-01 14:10 - 00218200 _____ () C:\Windows\system32\unrar.dll
2014-02-12 10:25 - 2013-03-17 18:21 - 03649536 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll
2014-02-12 10:25 - 2012-07-21 12:54 - 00122880 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2014-02-12 10:25 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\system32\lagarith.dll
2014-02-12 10:25 - 2011-06-24 16:44 - 00243200 _____ () C:\Windows\system32\xvidvfw.dll
2014-02-12 10:25 - 2011-06-24 16:28 - 00650752 _____ () C:\Windows\system32\xvidcore.dll
2014-02-12 09:59 - 2014-02-12 10:06 - 00000004 _____ () C:\ScrubRetValFile.txt
2014-02-12 09:55 - 2014-02-12 09:55 - 00000000 ____D () C:\Users\kohls\AppData\Roaming\OpenOffice
2014-02-12 09:53 - 2014-02-12 09:53 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-02-12 09:51 - 2014-02-12 09:52 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-02-11 19:04 - 2014-02-11 19:05 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-11 18:35 - 2014-02-11 18:35 - 01139712 _____ (Farbar) C:\Users\kohls\Downloads\FRST.exe
2014-02-11 14:25 - 2014-02-11 14:25 - 01166132 _____ () C:\Users\kohls\Desktop\adwcleaner.exe
2014-02-11 10:23 - 2014-02-11 10:23 - 00000927 _____ () C:\Users\kohls\Desktop\Auslogics DiskDefrag.lnk
2014-02-11 10:23 - 2014-02-11 10:23 - 00000000 ____D () C:\ProgramData\Auslogics
2014-02-11 10:23 - 2014-02-11 10:23 - 00000000 ____D () C:\Program Files\Auslogics
2014-02-11 10:15 - 2014-02-11 10:15 - 00000000 ____D () C:\Windows\pss
2014-02-11 10:07 - 2014-02-11 10:07 - 00378922 _____ () C:\Users\kohls\Documents\cc_20140211_100719.reg
2014-02-11 10:03 - 2014-02-11 10:03 - 00000000 ____D () C:\Users\kohls\AppData\Local\Macromedia
2014-02-11 09:51 - 2014-02-12 10:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-11 09:51 - 2014-02-11 09:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-11 09:44 - 2014-02-11 09:44 - 00000000 ____D () C:\Users\kohls\Documents\Ulead DVD MovieFactory
2014-02-11 09:22 - 2014-02-11 09:22 - 00000769 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-11 09:22 - 2014-02-11 09:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-10 22:35 - 2014-02-10 22:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-10 20:49 - 2014-02-10 20:49 - 00000911 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-10 20:13 - 2005-02-18 10:17 - 00007246 _____ () C:\Users\kohls.V2\Lidl UK Sicherheit-Englisch.sxw
2014-02-10 20:13 - 2004-11-09 13:21 - 00000089 _____ () C:\Users\kohls.V2\miri.txt
2014-02-10 20:13 - 2004-11-04 14:14 - 00000131 _____ () C:\Users\kohls.V2\legionellen.txt
2014-02-10 20:13 - 2004-03-26 12:54 - 00018432 _____ () C:\Users\kohls.V2\Lampe&M. UK Th. Heath Re..xls
2014-02-10 20:13 - 2004-03-26 10:55 - 00017920 _____ () C:\Users\kohls.V2\Lampe&M. UK Rechnungen.xls
2014-02-10 20:13 - 2003-05-09 14:52 - 00015360 _____ () C:\Users\kohls.V2\Lampe&Martens Rechnungsaufstellung.xls
2014-02-10 20:12 - 2004-12-22 15:31 - 00000001 _____ () C:\Users\kohls.V2\mwstplus.spz
2014-02-10 20:12 - 2003-05-08 16:13 - 00016384 _____ () C:\Users\kohls.V2\Nachforderung Tecklenburg.xls
2014-02-10 20:09 - 2014-01-02 10:55 - 00000000 ____D () C:\Users\kohls.V2\Desktop\Geschäftsbriefe ab Oktober 2013
2014-02-10 20:09 - 2013-11-16 16:00 - 00000000 ____D () C:\Users\kohls.V2\Documents\Bilder
2014-02-10 20:09 - 2013-11-16 15:34 - 00000000 ____D () C:\Users\kohls.V2\Documents\perfection2
2014-02-10 20:09 - 2013-04-18 10:57 - 00000000 ____D () C:\Users\kohls.V2\dag
2014-02-10 20:09 - 2013-04-11 11:32 - 00000000 ____D () C:\Users\kohls.V2\Desktop\xy
2014-02-10 20:09 - 2012-05-01 12:23 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\Apple Computer
2014-02-10 20:09 - 2012-04-12 17:59 - 00000000 ____D () C:\Users\kohls.V2\Desktop\effget
2014-02-10 20:09 - 2012-03-13 10:48 - 00000000 ____D () C:\Users\kohls.V2\Documents\Uponor HSE DE
2014-02-10 20:09 - 2012-03-02 14:43 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\InstalSoft
2014-02-10 20:09 - 2012-02-27 15:27 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\HSETU
2014-02-10 20:09 - 2012-02-27 15:26 - 00000000 ____D () C:\Users\kohls.V2\Documents\HSETU
2014-02-10 20:09 - 2012-02-27 15:23 - 00000000 ____D () C:\Users\kohls.V2\Desktop\KaufmannVoll2.3.30.0
2014-02-10 20:09 - 2011-12-29 20:17 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-02-10 20:09 - 2011-11-10 21:55 - 00000000 ____D () C:\Users\kohls.V2\Documents\Symantec
2014-02-10 20:09 - 2011-08-14 08:55 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\Loeros
2014-02-10 20:09 - 2011-08-11 22:10 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\Qewito
2014-02-10 20:09 - 2011-07-22 08:48 - 00000000 ____D () C:\Users\kohls.V2\Desktop\ec Power
2014-02-10 20:09 - 2011-07-21 13:34 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAGRA
2014-02-10 20:09 - 2011-03-05 10:31 - 00000000 ____D () C:\Users\kohls.V2\Desktop\Österreich Bilder 2011
2014-02-10 20:09 - 2011-03-05 09:23 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\WinRAR
2014-02-10 20:09 - 2010-12-28 20:54 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\T-Mobile
2014-02-10 20:09 - 2010-12-27 21:26 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\T-Mobile Internet Manager
2014-02-10 20:07 - 2014-02-11 18:36 - 00000000 ____D () C:\AdwCleaner
2014-02-10 20:07 - 2014-02-09 16:58 - 01037530 _____ (Thisisu) C:\Users\kohls\Desktop\JRT.exe
2014-02-09 21:30 - 2014-02-12 10:33 - 00000000 ____D () C:\FRST
2014-02-09 21:25 - 2014-02-09 21:25 - 00030826 _____ () C:\Extras.Txt
2014-02-09 21:21 - 2014-02-09 21:25 - 00107492 _____ () C:\OTL.Txt

==================== One Month Modified Files and Folders =======

2014-02-12 10:35 - 2014-02-12 10:33 - 00013622 _____ () C:\Users\kohls\Desktop\FRST.txt
2014-02-12 10:34 - 2009-07-15 09:15 - 02082700 _____ () C:\Windows\WindowsUpdate.log
2014-02-12 10:33 - 2014-02-12 10:33 - 01139712 _____ (Farbar) C:\Users\kohls\Desktop\FRST.exe
2014-02-12 10:33 - 2014-02-09 21:30 - 00000000 ____D () C:\FRST
2014-02-12 10:32 - 2014-02-12 10:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-12 10:32 - 2014-02-12 10:32 - 00000000 _____ () C:\Windows\setupact.log
2014-02-12 10:30 - 2006-11-02 13:47 - 00387320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-12 10:30 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-12 10:30 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-12 10:29 - 2014-02-12 10:29 - 00006826 _____ () C:\Windows\PFRO.log
2014-02-12 10:29 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-12 10:28 - 2014-02-11 09:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-12 10:28 - 2006-11-02 14:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-12 10:27 - 2014-02-12 10:27 - 00243256 _____ () C:\Users\kohls\Documents\cc_20140212_102725.reg
2014-02-12 10:25 - 2014-02-12 10:25 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-02-12 10:21 - 2008-10-08 09:03 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-12 10:21 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-12 10:18 - 2012-03-23 12:57 - 00000000 ____D () C:\Users\kohls\Desktop\effget
2014-02-12 10:17 - 2009-07-15 11:07 - 00000000 ____D () C:\Users\kohls\AppData\Roaming\Adobe
2014-02-12 10:14 - 2009-07-15 09:38 - 00103760 _____ () C:\Users\kohls\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-12 10:06 - 2014-02-12 09:59 - 00000004 _____ () C:\ScrubRetValFile.txt
2014-02-12 09:55 - 2014-02-12 09:55 - 00000000 ____D () C:\Users\kohls\AppData\Roaming\OpenOffice
2014-02-12 09:53 - 2014-02-12 09:53 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-02-12 09:52 - 2014-02-12 09:51 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-02-12 09:47 - 2008-01-21 08:16 - 01601828 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 19:05 - 2014-02-11 19:04 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-11 18:36 - 2014-02-10 20:07 - 00000000 ____D () C:\AdwCleaner
2014-02-11 18:35 - 2014-02-11 18:35 - 01139712 _____ (Farbar) C:\Users\kohls\Downloads\FRST.exe
2014-02-11 17:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\IME
2014-02-11 14:25 - 2014-02-11 14:25 - 01166132 _____ () C:\Users\kohls\Desktop\adwcleaner.exe
2014-02-11 13:59 - 2011-11-10 21:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-11 10:23 - 2014-02-11 10:23 - 00000927 _____ () C:\Users\kohls\Desktop\Auslogics DiskDefrag.lnk
2014-02-11 10:23 - 2014-02-11 10:23 - 00000000 ____D () C:\ProgramData\Auslogics
2014-02-11 10:23 - 2014-02-11 10:23 - 00000000 ____D () C:\Program Files\Auslogics
2014-02-11 10:22 - 2011-11-10 21:36 - 00000000 ____D () C:\ProgramData\Norton
2014-02-11 10:21 - 2011-12-29 20:16 - 00000000 ____D () C:\Users\kohls\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-02-11 10:20 - 2011-11-10 21:40 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-02-11 10:15 - 2014-02-11 10:15 - 00000000 ____D () C:\Windows\pss
2014-02-11 10:14 - 2011-11-10 21:41 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2014-02-11 10:14 - 2011-11-10 21:41 - 00008194 _____ () C:\Windows\system32\Drivers\SYMEVENT.CAT
2014-02-11 10:14 - 2011-11-10 21:39 - 00000000 ____D () C:\Program Files\Norton Internet Security
2014-02-11 10:07 - 2014-02-11 10:07 - 00378922 _____ () C:\Users\kohls\Documents\cc_20140211_100719.reg
2014-02-11 10:03 - 2014-02-11 10:03 - 00000000 ____D () C:\Users\kohls\AppData\Local\Macromedia
2014-02-11 10:01 - 2012-02-27 16:42 - 00000000 ____D () C:\Users\kohls\AppData\Local\CrashDumps
2014-02-11 10:01 - 2008-10-07 14:21 - 00000000 ____D () C:\Windows\Panther
2014-02-11 09:51 - 2014-02-11 09:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-11 09:51 - 2011-05-14 12:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-11 09:50 - 2009-07-15 11:07 - 00000000 ____D () C:\Users\kohls\AppData\Local\Adobe
2014-02-11 09:48 - 2008-10-07 15:58 - 00000000 ____D () C:\ProgramData\Ulead Systems
2014-02-11 09:48 - 2008-10-07 15:58 - 00000000 ____D () C:\Program Files\Common Files\Ulead Systems
2014-02-11 09:47 - 2008-10-07 15:38 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-11 09:46 - 2009-07-15 12:29 - 00000000 ____D () C:\Program Files\Adobe
2014-02-11 09:46 - 2008-10-07 16:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-11 09:46 - 2008-10-07 16:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-11 09:44 - 2014-02-11 09:44 - 00000000 ____D () C:\Users\kohls\Documents\Ulead DVD MovieFactory
2014-02-11 09:37 - 2012-05-12 08:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-11 09:37 - 2008-10-07 15:51 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-02-11 09:25 - 2009-07-17 11:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-11 09:22 - 2014-02-11 09:22 - 00000769 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-11 09:22 - 2014-02-11 09:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-11 09:18 - 2009-07-15 10:08 - 00000000 ____D () C:\Users\kohls\AppData\Local\Toshiba
2014-02-11 09:06 - 2013-09-18 23:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-11 09:03 - 2008-01-21 08:15 - 00000000 ____D () C:\Windows\system32\de
2014-02-11 09:03 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-02-11 09:03 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-02-11 09:03 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-02-11 09:03 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-02-11 09:03 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-10 22:35 - 2014-02-10 22:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-10 21:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tapi
2014-02-10 21:14 - 2009-07-21 15:17 - 00000000 ____D () C:\ProgramData\Skype
2014-02-10 21:10 - 2009-07-15 10:08 - 00000000 ____D () C:\Users\kohls\AppData\Local\Google
2014-02-10 21:09 - 2012-02-27 17:25 - 00000000 ____D () C:\Program Files\OpenVPN
2014-02-10 21:03 - 2010-09-07 19:45 - 00000000 ____D () C:\Windows\system32\SupportAppCB
2014-02-10 21:02 - 2010-09-07 19:47 - 00000136 _____ () C:\GPEapSim.log
2014-02-10 20:49 - 2014-02-10 20:49 - 00000911 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-10 20:49 - 2010-07-06 13:46 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-10 20:39 - 2009-07-15 19:04 - 00000000 ____D () C:\Program Files\Common Files\Acronis
2014-02-10 20:35 - 2010-01-12 13:09 - 00000000 ____D () C:\Program Files\IKEA HomePlanner
2014-02-10 20:24 - 2010-10-26 21:26 - 00000000 ____D () C:\Program Files\Amazon
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Lohner Kältedienst
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Lidl-Mill
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Lidl-England
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Lidl-Baub-neu
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\LIDL Benwell
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\LIDL allgemein
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Lehmwerder Grundleitungen Pflegeheim
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Lehmwerder Bautagebuch
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Lampe & Martens Schriftverkehr
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Kündigung Mitarbeiter
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\KSK Stuhr
2014-02-10 20:13 - 2009-08-10 12:17 - 00000000 ____D () C:\Users\kohls.V2
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Office97SR
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\oeg
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Nicole
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Neue Halle
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Netto Stuhr
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Nachkalkulation-Stundenberechnung
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Nachkalkulation 2004
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\muster
2014-02-10 19:42 - 2009-07-15 10:07 - 00000954 _____ () C:\Users\kohls\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-10 19:41 - 2009-07-15 09:37 - 00000000 ____D () C:\Users\kohls
2014-02-09 21:30 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-02-09 21:25 - 2014-02-09 21:25 - 00030826 _____ () C:\Extras.Txt
2014-02-09 21:25 - 2014-02-09 21:21 - 00107492 _____ () C:\OTL.Txt
2014-02-09 16:58 - 2014-02-10 20:07 - 01037530 _____ (Thisisu) C:\Users\kohls\Desktop\JRT.exe
2014-02-06 19:00 - 2014-02-12 10:25 - 00112640 _____ () C:\Windows\system32\ff_vfw.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-12 09:47

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-02-2014 01
Ran by kohls at 2014-02-12 10:35:29
Running from C:\Users\kohls\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 2.1.6 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4 - Adobe Systems Incorporated)
Atheros Driver Installation Program (Version: 5.0 - Atheros)
Atheros Wi-Fi Protected Setup Library (Version:  - Atheros)
ATI Catalyst Install Manager (Version: 3.0.664.0 - ATI Technologies, Inc.)
Auslogics DiskDefrag (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)
Catalyst Control Center Core Implementation (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0422.2139.36895 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Czech (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Danish (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Dutch (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help English (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Finnish (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help French (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help German (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Greek (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Italian (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Japanese (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Korean (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Polish (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Russian (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Spanish (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Swedish (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Thai (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Turkish (Version: 2008.0422.2138.36895 - ATI) Hidden
ccc-core-static (Version: 2008.0422.2139.36895 - Ihr Firmenname) Hidden
ccc-utility (Version: 2008.0422.2139.36895 - ATI) Hidden
CCleaner (Version: 4.10 - Piriform)
DELTA (C:\GHFakt\) #3 (Version:  - )
DELTA (C:\GHFakt\) (Version:  - )
DELTA (Version:  - )
Free DWG Viewer 6.2 (Version: 6.2 - IGC)
Free PDF to Word Doc Converter v1.1 (Version: 1.1 - www.hellopdf.com)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.70.00.50 - Conexant)
Heimeier EasyPlan 3.0.1  (Version: 3.0.1 - )
Heimeier Ventilauslegung 1.4.0  (Version: 1.4.0 - Heimeier Metallwerk GmbH & Co.KG)
Java Auto Updater (Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (Version: 6.0.200 - Sun Microsystems, Inc.)
Kaufmann (Version: 2.3.30.0 - ETU Software GmbH)
K-Lite Mega Codec Pack 10.3.0 (Version: 10.3.0 - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0 (x86 de) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (Version: 27.0 - Mozilla)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (Version: 21.1.0.18 - Symantec Corporation)
OpenOffice 4.0.1 (Version: 4.01.9714 - Apache Software Foundation)
OVplan 3.1.4  (Version: 3.1.4 - )
OVselect 3.2.0  (Version: 3.2.0 - OVENTROP)
OVsim 2.0.2  (Version: 2.0.2 - OVENTROP)
QuickTime (Version: 7.69.80.9 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (Version:  - Realtek Semiconductor Corp.)
Skins (Version: 2008.0422.2139.36895 - ATI) Hidden
Synaptics Pointing Device Driver (Version: 10.1.8.0 - Synaptics)
Tools für Microsoft SQL Server 2005 Express Edition (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.3042.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Uponor HSE-san 4.9 DE (Version: 4.90.000 - Uponor HSE)
Windows Media Encoder 9-Reihe (Version:  - )
Windows Media Encoder 9-Reihe (Version: 9.00.3374 - Microsoft Corporation) Hidden
WinRAR (Version:  - )

==================== Restore Points  =========================

12-02-2014 09:16:21 Installed Microsoft Fix it 50154

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {A03BBB6B-8682-4979-8952-4DE71DF3EB59} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {A5761848-B716-46F7-A409-B9BB81449F76} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - kohls => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {B25497FB-77BF-4FBF-99E4-4154DDB49B7B} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {D6DE9315-47F2-4A55-BE2B-7A4E62316755} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-11] (Adobe Systems Incorporated)
Task: {DDDF644F-2B45-43A4-BAEB-E649CB455705} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {DFE3E185-5CEB-4B05-B4BA-C0652F4BBE62} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F3716CDF-2881-46B7-882D-34C775CD0B24} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-10-07 14:38 - 2008-04-22 21:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-03-05 09:22 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2014-02-11 09:25 - 2014-02-11 09:25 - 03583600 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\kohls\Fw Bedienungsanl. Vitodens 200 UK.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kaufmann.lnk => C:\Windows\pss\Kaufmann.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2014 10:31:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 09:56:40 AM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: c94
Anfangszeit: 01cf27ce11f61d06
Zeitpunkt der Beendigung: 37471

Error: (02/12/2014 09:41:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 09:34:19 AM) (Source: Windows Search Service) (User: )
Description: Der Filterhostprozess kann nicht initialisiert werden. Der Vorgang wird abgebrochen.


Details:
	Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.   (0x800705b4)

Error: (02/12/2014 09:32:16 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: SendErrorToErrLog: Betriebssystemfehler 8(Für diesen Befehl ist nicht genügend Speicher verfügbar.).

Error: (02/11/2014 07:05:40 PM) (Source: Perflib) (User: )
Description: SYSTEMC:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe

Error: (02/11/2014 06:38:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/12/2014 10:30:55 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/12/2014 10:30:29 AM) (Source: netbt) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.33
registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (02/12/2014 10:29:58 AM) (Source: Microsoft-Windows-ResourcePublication) (User: NT-AUTORITÄT)
Description: Provider\Microsoft.Base.Publication/Publication/Computer

Error: (02/12/2014 09:41:16 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/12/2014 09:40:10 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 12.02.2014 um 09:39:00 unerwartet heruntergefahren.

Error: (02/11/2014 06:38:24 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (02/12/2014 10:31:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 09:56:40 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.0.6002.18005c9401cf27ce11f61d0637471

Error: (02/12/2014 09:41:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 09:34:19 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.   (0x800705b4)

Error: (02/12/2014 09:32:16 AM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: SendErrorToErrLog8(Für diesen Befehl ist nicht genügend Speicher verfügbar.)

Error: (02/11/2014 07:05:40 PM) (Source: Perflib)(User: )
Description: SYSTEMC:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe

Error: (02/11/2014 06:38:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-02-11 18:49:28.478
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp8D97.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 18:49:27.916
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp8D97.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 18:49:27.339
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp8D97.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 18:49:26.746
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp8D97.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 18:49:21.692
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp7324.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 18:49:21.130
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp7324.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 18:49:20.568
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp7324.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 18:49:19.960
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp7324.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 17:19:04.707
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 17:19:04.114
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 3580.91 MB
Available physical RAM: 2086.69 MB
Total Pagefile: 7350.3 MB
Available Pagefile: 5939.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.29 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:186.15 GB) (Free:129.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:184.99 GB) (Free:179.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 373 GB) (Disk ID: F087FDDC)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=186 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=185 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 13.02.2014, 05:51   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt - Standard

Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.02.2014, 18:37   #9
NewtonZ4
 
Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt - Standard

Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt



Hallo schrauber,

sorry für die Unterbrechung. War ein paar Tage offline.

Ne, weitere Probleme sind derzeit nicht da.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c06f85aa634e924d8f4cadb9dc06cebb
# engine=17087
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-15 06:53:24
# local_time=2014-02-15 07:53:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3591 16777213 100 90 296632 155086989 0 0
# compatibility_mode=5892 16776574 100 100 71536145 230023132 0 0
# scanned=214074
# found=2
# cleaned=0
# scan_time=8460
sh=5B82DBB7785ACB5C5B46749B7D9A0FFEC8D6AB15 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NAO trojan" ac=I fn="C:\Users\kohls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\21248e9d-23182837"
sh=6ECF40DF33DA54B6EA7691CDD441CBB5BDB13F61 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2008-5353.I trojan" ac=I fn="C:\Users\kohls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\422684b3-5f6fa097"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.79  
 Windows Vista Service Pack 2 x86 (UAC is disabled!)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 Java(TM) 6 Update 20  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 	12.0.0.44  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by kohls (administrator) on KOHLS-PC on 16-02-2014 18:35:51
Running from C:\Users\kohls\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ETU Software GmbH) C:\Program Files\HSETU\ApplicationService\ApplicationService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1476183312-564281682-92577615-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1476183312-564281682-92577615-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1476183312-564281682-92577615-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-1476183312-564281682-92577615-1000\...\MountPoints2: {15ecd2ce-eecf-11de-85eb-001e33a39b3a} - G:\InstallTomTomHOME.exe
HKU\S-1-5-21-1476183312-564281682-92577615-1000\...\MountPoints2: {87ebdbf0-722f-11de-9774-001e33a39b3a} - D:\setup.exe
HKLM\...\AppCertDlls: [bcdeplay] -> C:\Windows\system32\cleamapi.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=tsee&bmod=tsee;
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {F5B740A0-B437-43B5-9612-400C070E8424} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE;
SearchScopes: HKCU - DefaultScope {F5B740A0-B437-43B5-9612-400C070E8424} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE_de___DE336
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKCU - {F5B740A0-B437-43B5-9612-400C070E8424} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE_de___DE336
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-11-01]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-05-13]
FF Extension: Adblock Plus - C:\Users\kohls\AppData\Roaming\Mozilla\Firefox\Profiles\v0l0pold.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-02-11]

========================== Services (Whitelisted) =================

R2 HSETUApplicationService; C:\Program Files\HSETU\ApplicationService\ApplicationService.exe [4896720 2011-04-20] (ETU Software GmbH)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [1098968 2014-01-21] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-02-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-02-10] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140214.001\IDSvix86.sys [394456 2014-02-09] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-11] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140215.007\NAVENG.SYS [93272 2014-02-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140215.007\NAVEX15.SYS [1612376 2014-02-10] (Symantec Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-02-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1501000.012\SYMTDIV.SYS [383576 2013-09-26] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-16 18:35 - 2014-02-16 18:36 - 00014475 _____ () C:\Users\kohls\Desktop\FRST.txt
2014-02-16 18:35 - 2014-02-16 18:35 - 00000000 ____D () C:\Users\kohls\Desktop\FRST-OlderVersion
2014-02-16 18:34 - 2014-02-16 18:34 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-16 18:31 - 2014-02-16 18:31 - 00921000 _____ (Oracle Corporation) C:\Users\kohls\Downloads\jxpiinstall.exe
2014-02-16 18:21 - 2014-02-16 18:21 - 00987425 _____ () C:\Users\kohls\Desktop\SecurityCheck.exe
2014-02-16 03:01 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-16 03:01 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-16 03:01 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-16 03:01 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-16 03:01 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-16 03:01 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-16 03:01 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-16 03:01 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-16 03:01 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-16 03:01 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-16 03:01 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-16 03:01 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-16 03:01 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-16 03:01 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-16 03:01 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-16 03:01 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-15 17:48 - 2014-02-15 17:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-15 17:34 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-15 17:29 - 2014-02-15 17:29 - 00000000 ____D () C:\Program Files\ESET
2014-02-15 17:28 - 2014-02-15 17:29 - 02347384 _____ (ESET) C:\Users\kohls\Downloads\esetsmartinstaller_enu.exe
2014-02-12 10:33 - 2014-02-16 18:35 - 01141248 _____ (Farbar) C:\Users\kohls\Desktop\FRST.exe
2014-02-12 10:32 - 2014-02-12 10:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-12 10:32 - 2014-02-12 10:32 - 00000000 _____ () C:\Windows\setupact.log
2014-02-12 10:29 - 2014-02-16 18:16 - 00066032 _____ () C:\Windows\PFRO.log
2014-02-12 10:27 - 2014-02-12 10:27 - 00243256 _____ () C:\Users\kohls\Documents\cc_20140212_102725.reg
2014-02-12 10:25 - 2014-02-12 10:25 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-02-12 10:25 - 2014-02-06 19:00 - 00112640 _____ () C:\Windows\system32\ff_vfw.dll
2014-02-12 10:25 - 2013-12-01 14:10 - 00218200 _____ () C:\Windows\system32\unrar.dll
2014-02-12 10:25 - 2013-03-17 18:21 - 03649536 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll
2014-02-12 10:25 - 2012-07-21 12:54 - 00122880 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2014-02-12 10:25 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\system32\lagarith.dll
2014-02-12 10:25 - 2011-06-24 16:44 - 00243200 _____ () C:\Windows\system32\xvidvfw.dll
2014-02-12 10:25 - 2011-06-24 16:28 - 00650752 _____ () C:\Windows\system32\xvidcore.dll
2014-02-12 09:59 - 2014-02-12 10:06 - 00000004 _____ () C:\ScrubRetValFile.txt
2014-02-12 09:55 - 2014-02-12 09:55 - 00000000 ____D () C:\Users\kohls\AppData\Roaming\OpenOffice
2014-02-12 09:53 - 2014-02-12 09:53 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-02-12 09:51 - 2014-02-12 09:52 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-02-11 19:04 - 2014-02-11 19:05 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-11 18:35 - 2014-02-11 18:35 - 01139712 _____ (Farbar) C:\Users\kohls\Downloads\FRST.exe
2014-02-11 14:25 - 2014-02-11 14:25 - 01166132 _____ () C:\Users\kohls\Desktop\adwcleaner.exe
2014-02-11 10:23 - 2014-02-11 10:23 - 00000927 _____ () C:\Users\kohls\Desktop\Auslogics DiskDefrag.lnk
2014-02-11 10:23 - 2014-02-11 10:23 - 00000000 ____D () C:\ProgramData\Auslogics
2014-02-11 10:23 - 2014-02-11 10:23 - 00000000 ____D () C:\Program Files\Auslogics
2014-02-11 10:15 - 2014-02-11 10:15 - 00000000 ____D () C:\Windows\pss
2014-02-11 10:07 - 2014-02-11 10:07 - 00378922 _____ () C:\Users\kohls\Documents\cc_20140211_100719.reg
2014-02-11 10:03 - 2014-02-11 10:03 - 00000000 ____D () C:\Users\kohls\AppData\Local\Macromedia
2014-02-11 09:51 - 2014-02-16 18:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-11 09:51 - 2014-02-11 09:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-11 09:44 - 2014-02-11 09:44 - 00000000 ____D () C:\Users\kohls\Documents\Ulead DVD MovieFactory
2014-02-11 09:22 - 2014-02-11 09:22 - 00000769 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-11 09:22 - 2014-02-11 09:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-10 22:35 - 2014-02-10 22:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-10 20:49 - 2014-02-10 20:49 - 00000911 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-10 20:13 - 2005-02-18 10:17 - 00007246 _____ () C:\Users\kohls.V2\Lidl UK Sicherheit-Englisch.sxw
2014-02-10 20:13 - 2004-11-09 13:21 - 00000089 _____ () C:\Users\kohls.V2\miri.txt
2014-02-10 20:13 - 2004-11-04 14:14 - 00000131 _____ () C:\Users\kohls.V2\legionellen.txt
2014-02-10 20:13 - 2004-03-26 12:54 - 00018432 _____ () C:\Users\kohls.V2\Lampe&M. UK Th. Heath Re..xls
2014-02-10 20:13 - 2004-03-26 10:55 - 00017920 _____ () C:\Users\kohls.V2\Lampe&M. UK Rechnungen.xls
2014-02-10 20:13 - 2003-05-09 14:52 - 00015360 _____ () C:\Users\kohls.V2\Lampe&Martens Rechnungsaufstellung.xls
2014-02-10 20:12 - 2004-12-22 15:31 - 00000001 _____ () C:\Users\kohls.V2\mwstplus.spz
2014-02-10 20:12 - 2003-05-08 16:13 - 00016384 _____ () C:\Users\kohls.V2\Nachforderung Tecklenburg.xls
2014-02-10 20:09 - 2014-01-02 10:55 - 00000000 ____D () C:\Users\kohls.V2\Desktop\Geschäftsbriefe ab Oktober 2013
2014-02-10 20:09 - 2013-11-16 16:00 - 00000000 ____D () C:\Users\kohls.V2\Documents\Bilder
2014-02-10 20:09 - 2013-11-16 15:34 - 00000000 ____D () C:\Users\kohls.V2\Documents\perfection2
2014-02-10 20:09 - 2013-04-18 10:57 - 00000000 ____D () C:\Users\kohls.V2\dag
2014-02-10 20:09 - 2013-04-11 11:32 - 00000000 ____D () C:\Users\kohls.V2\Desktop\xy
2014-02-10 20:09 - 2012-05-01 12:23 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\Apple Computer
2014-02-10 20:09 - 2012-04-12 17:59 - 00000000 ____D () C:\Users\kohls.V2\Desktop\effget
2014-02-10 20:09 - 2012-03-13 10:48 - 00000000 ____D () C:\Users\kohls.V2\Documents\Uponor HSE DE
2014-02-10 20:09 - 2012-03-02 14:43 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\InstalSoft
2014-02-10 20:09 - 2012-02-27 15:27 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\HSETU
2014-02-10 20:09 - 2012-02-27 15:26 - 00000000 ____D () C:\Users\kohls.V2\Documents\HSETU
2014-02-10 20:09 - 2012-02-27 15:23 - 00000000 ____D () C:\Users\kohls.V2\Desktop\KaufmannVoll2.3.30.0
2014-02-10 20:09 - 2011-12-29 20:17 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-02-10 20:09 - 2011-11-10 21:55 - 00000000 ____D () C:\Users\kohls.V2\Documents\Symantec
2014-02-10 20:09 - 2011-08-14 08:55 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\Loeros
2014-02-10 20:09 - 2011-08-11 22:10 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\Qewito
2014-02-10 20:09 - 2011-07-22 08:48 - 00000000 ____D () C:\Users\kohls.V2\Desktop\ec Power
2014-02-10 20:09 - 2011-07-21 13:34 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAGRA
2014-02-10 20:09 - 2011-03-05 10:31 - 00000000 ____D () C:\Users\kohls.V2\Desktop\Österreich Bilder 2011
2014-02-10 20:09 - 2011-03-05 09:23 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\WinRAR
2014-02-10 20:09 - 2010-12-28 20:54 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\T-Mobile
2014-02-10 20:09 - 2010-12-27 21:26 - 00000000 ____D () C:\Users\kohls.V2\AppData\Roaming\T-Mobile Internet Manager
2014-02-10 20:07 - 2014-02-11 18:36 - 00000000 ____D () C:\AdwCleaner
2014-02-10 20:07 - 2014-02-09 16:58 - 01037530 _____ (Thisisu) C:\Users\kohls\Desktop\JRT.exe
2014-02-09 21:30 - 2014-02-16 18:35 - 00000000 ____D () C:\FRST
2014-02-09 21:25 - 2014-02-09 21:25 - 00030826 _____ () C:\Extras.Txt
2014-02-09 21:21 - 2014-02-09 21:25 - 00107492 _____ () C:\OTL.Txt

==================== One Month Modified Files and Folders =======

2014-02-16 18:36 - 2014-02-16 18:35 - 00014475 _____ () C:\Users\kohls\Desktop\FRST.txt
2014-02-16 18:35 - 2014-02-16 18:35 - 00000000 ____D () C:\Users\kohls\Desktop\FRST-OlderVersion
2014-02-16 18:35 - 2014-02-12 10:33 - 01141248 _____ (Farbar) C:\Users\kohls\Desktop\FRST.exe
2014-02-16 18:35 - 2014-02-09 21:30 - 00000000 ____D () C:\FRST
2014-02-16 18:34 - 2014-02-16 18:34 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-16 18:34 - 2010-07-06 17:57 - 00000000 ____D () C:\Program Files\Java
2014-02-16 18:31 - 2014-02-16 18:31 - 00921000 _____ (Oracle Corporation) C:\Users\kohls\Downloads\jxpiinstall.exe
2014-02-16 18:28 - 2014-02-11 09:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-16 18:28 - 2008-10-07 16:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-16 18:23 - 2008-01-21 08:16 - 01723590 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-16 18:21 - 2014-02-16 18:21 - 00987425 _____ () C:\Users\kohls\Desktop\SecurityCheck.exe
2014-02-16 18:21 - 2009-07-15 09:15 - 01251550 _____ () C:\Windows\WindowsUpdate.log
2014-02-16 18:18 - 2012-05-12 08:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 18:17 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-16 18:17 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 18:17 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-16 18:16 - 2014-02-12 10:29 - 00066032 _____ () C:\Windows\PFRO.log
2014-02-16 15:15 - 2006-11-02 14:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-16 03:37 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-16 03:08 - 2013-09-18 23:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:06 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-15 17:49 - 2014-02-15 17:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-15 17:29 - 2014-02-15 17:29 - 00000000 ____D () C:\Program Files\ESET
2014-02-15 17:29 - 2014-02-15 17:28 - 02347384 _____ (ESET) C:\Users\kohls\Downloads\esetsmartinstaller_enu.exe
2014-02-12 10:54 - 2009-07-15 09:37 - 00000000 ____D () C:\Users\kohls
2014-02-12 10:42 - 2009-07-15 10:02 - 00000000 ____D () C:\Program Files\CONEXANT
2014-02-12 10:32 - 2014-02-12 10:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-12 10:32 - 2014-02-12 10:32 - 00000000 _____ () C:\Windows\setupact.log
2014-02-12 10:30 - 2006-11-02 13:47 - 00387320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-12 10:27 - 2014-02-12 10:27 - 00243256 _____ () C:\Users\kohls\Documents\cc_20140212_102725.reg
2014-02-12 10:25 - 2014-02-12 10:25 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-02-12 10:21 - 2008-10-08 09:03 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-12 10:21 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-12 10:18 - 2012-03-23 12:57 - 00000000 ____D () C:\Users\kohls\Desktop\effget
2014-02-12 10:17 - 2009-07-15 11:07 - 00000000 ____D () C:\Users\kohls\AppData\Roaming\Adobe
2014-02-12 10:14 - 2009-07-15 09:38 - 00103760 _____ () C:\Users\kohls\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-12 10:06 - 2014-02-12 09:59 - 00000004 _____ () C:\ScrubRetValFile.txt
2014-02-12 09:55 - 2014-02-12 09:55 - 00000000 ____D () C:\Users\kohls\AppData\Roaming\OpenOffice
2014-02-12 09:53 - 2014-02-12 09:53 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-02-12 09:52 - 2014-02-12 09:51 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-02-11 19:05 - 2014-02-11 19:04 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-11 18:36 - 2014-02-10 20:07 - 00000000 ____D () C:\AdwCleaner
2014-02-11 18:35 - 2014-02-11 18:35 - 01139712 _____ (Farbar) C:\Users\kohls\Downloads\FRST.exe
2014-02-11 17:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\IME
2014-02-11 14:25 - 2014-02-11 14:25 - 01166132 _____ () C:\Users\kohls\Desktop\adwcleaner.exe
2014-02-11 13:59 - 2011-11-10 21:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-11 10:23 - 2014-02-11 10:23 - 00000927 _____ () C:\Users\kohls\Desktop\Auslogics DiskDefrag.lnk
2014-02-11 10:23 - 2014-02-11 10:23 - 00000000 ____D () C:\ProgramData\Auslogics
2014-02-11 10:23 - 2014-02-11 10:23 - 00000000 ____D () C:\Program Files\Auslogics
2014-02-11 10:22 - 2011-11-10 21:36 - 00000000 ____D () C:\ProgramData\Norton
2014-02-11 10:21 - 2011-12-29 20:16 - 00000000 ____D () C:\Users\kohls\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-02-11 10:20 - 2011-11-10 21:40 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-02-11 10:15 - 2014-02-11 10:15 - 00000000 ____D () C:\Windows\pss
2014-02-11 10:14 - 2011-11-10 21:41 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2014-02-11 10:14 - 2011-11-10 21:41 - 00008194 _____ () C:\Windows\system32\Drivers\SYMEVENT.CAT
2014-02-11 10:14 - 2011-11-10 21:39 - 00000000 ____D () C:\Program Files\Norton Internet Security
2014-02-11 10:07 - 2014-02-11 10:07 - 00378922 _____ () C:\Users\kohls\Documents\cc_20140211_100719.reg
2014-02-11 10:03 - 2014-02-11 10:03 - 00000000 ____D () C:\Users\kohls\AppData\Local\Macromedia
2014-02-11 10:01 - 2012-02-27 16:42 - 00000000 ____D () C:\Users\kohls\AppData\Local\CrashDumps
2014-02-11 10:01 - 2008-10-07 14:21 - 00000000 ____D () C:\Windows\Panther
2014-02-11 09:51 - 2014-02-11 09:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-11 09:51 - 2011-05-14 12:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-11 09:50 - 2009-07-15 11:07 - 00000000 ____D () C:\Users\kohls\AppData\Local\Adobe
2014-02-11 09:48 - 2008-10-07 15:58 - 00000000 ____D () C:\ProgramData\Ulead Systems
2014-02-11 09:48 - 2008-10-07 15:58 - 00000000 ____D () C:\Program Files\Common Files\Ulead Systems
2014-02-11 09:47 - 2008-10-07 15:38 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-11 09:46 - 2009-07-15 12:29 - 00000000 ____D () C:\Program Files\Adobe
2014-02-11 09:46 - 2008-10-07 16:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-11 09:44 - 2014-02-11 09:44 - 00000000 ____D () C:\Users\kohls\Documents\Ulead DVD MovieFactory
2014-02-11 09:37 - 2008-10-07 15:51 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-02-11 09:22 - 2014-02-11 09:22 - 00000769 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-11 09:22 - 2014-02-11 09:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-11 09:18 - 2009-07-15 10:08 - 00000000 ____D () C:\Users\kohls\AppData\Local\Toshiba
2014-02-11 09:03 - 2008-01-21 08:15 - 00000000 ____D () C:\Windows\system32\de
2014-02-11 09:03 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-02-11 09:03 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-02-11 09:03 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-02-11 09:03 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-02-10 22:35 - 2014-02-10 22:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-10 21:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tapi
2014-02-10 21:14 - 2009-07-21 15:17 - 00000000 ____D () C:\ProgramData\Skype
2014-02-10 21:10 - 2009-07-15 10:08 - 00000000 ____D () C:\Users\kohls\AppData\Local\Google
2014-02-10 21:09 - 2012-02-27 17:25 - 00000000 ____D () C:\Program Files\OpenVPN
2014-02-10 21:03 - 2010-09-07 19:45 - 00000000 ____D () C:\Windows\system32\SupportAppCB
2014-02-10 21:02 - 2010-09-07 19:47 - 00000136 _____ () C:\GPEapSim.log
2014-02-10 20:49 - 2014-02-10 20:49 - 00000911 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-10 20:49 - 2010-07-06 13:46 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-10 20:39 - 2009-07-15 19:04 - 00000000 ____D () C:\Program Files\Common Files\Acronis
2014-02-10 20:35 - 2010-01-12 13:09 - 00000000 ____D () C:\Program Files\IKEA HomePlanner
2014-02-10 20:24 - 2010-10-26 21:26 - 00000000 ____D () C:\Program Files\Amazon
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Lohner Kältedienst
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Lidl-Mill
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Lidl-England
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Lidl-Baub-neu
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\LIDL Benwell
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\LIDL allgemein
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Lehmwerder Grundleitungen Pflegeheim
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Lehmwerder Bautagebuch
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Lampe & Martens Schriftverkehr
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Kündigung Mitarbeiter
2014-02-10 20:13 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\KSK Stuhr
2014-02-10 20:13 - 2009-08-10 12:17 - 00000000 ____D () C:\Users\kohls.V2
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Office97SR
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\oeg
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Nicole
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Neue Halle
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Netto Stuhr
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Nachkalkulation-Stundenberechnung
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\Nachkalkulation 2004
2014-02-10 20:12 - 2010-02-06 11:19 - 00000000 ____D () C:\Users\kohls.V2\muster
2014-02-10 19:42 - 2009-07-15 10:07 - 00000954 _____ () C:\Users\kohls\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-09 21:30 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-02-09 21:25 - 2014-02-09 21:25 - 00030826 _____ () C:\Extras.Txt
2014-02-09 21:25 - 2014-02-09 21:21 - 00107492 _____ () C:\OTL.Txt
2014-02-09 16:58 - 2014-02-10 20:07 - 01037530 _____ (Thisisu) C:\Users\kohls\Desktop\JRT.exe
2014-02-06 19:00 - 2014-02-12 10:25 - 00112640 _____ () C:\Windows\system32\ff_vfw.dll
2014-02-05 09:58 - 2014-02-16 03:01 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-16 03:01 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-16 03:01 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-16 03:01 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-16 03:01 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-16 03:01 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-16 03:01 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-16 03:01 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-16 03:01 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-16 03:01 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-16 03:01 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-16 03:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-16 03:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-16 03:01 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-16 03:01 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-16 03:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-16 18:22

==================== End Of Log ============================
         
--- --- ---




Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by kohls at 2014-02-16 18:36:23
Running from C:\Users\kohls\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 2.1.6 - Hewlett-Packard) Hidden
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (Version: 10.1.9 - Adobe Systems Incorporated)
Atheros Driver Installation Program (Version: 5.0 - Atheros)
Atheros Wi-Fi Protected Setup Library (Version:  - Atheros)
ATI Catalyst Install Manager (Version: 3.0.664.0 - ATI Technologies, Inc.)
Auslogics DiskDefrag (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)
Catalyst Control Center Core Implementation (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0422.2139.36895 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Czech (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Danish (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Dutch (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help English (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Finnish (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help French (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help German (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Greek (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Italian (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Japanese (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Korean (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Polish (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Russian (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Spanish (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Swedish (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Thai (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Turkish (Version: 2008.0422.2138.36895 - ATI) Hidden
ccc-core-static (Version: 2008.0422.2139.36895 - Ihr Firmenname) Hidden
ccc-utility (Version: 2008.0422.2139.36895 - ATI) Hidden
CCleaner (Version: 4.10 - Piriform)
DELTA (C:\GHFakt\) #3 (Version:  - )
DELTA (C:\GHFakt\) (Version:  - )
DELTA (Version:  - )
ESET Online Scanner v3 (Version:  - )
Free DWG Viewer 6.2 (Version: 6.2 - IGC)
Free PDF to Word Doc Converter v1.1 (Version: 1.1 - www.hellopdf.com)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.2.0 - Conexant Systems)
Heimeier EasyPlan 3.0.1  (Version: 3.0.1 - )
Heimeier Ventilauslegung 1.4.0  (Version: 1.4.0 - Heimeier Metallwerk GmbH & Co.KG)
Java Auto Updater (Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (Version: 6.0.200 - Sun Microsystems, Inc.)
Kaufmann (Version: 2.3.30.0 - ETU Software GmbH)
K-Lite Mega Codec Pack 10.3.0 (Version: 10.3.0 - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (Version: 21.1.0.18 - Symantec Corporation)
OpenOffice 4.0.1 (Version: 4.01.9714 - Apache Software Foundation)
OVplan 3.1.4  (Version: 3.1.4 - )
OVselect 3.2.0  (Version: 3.2.0 - OVENTROP)
OVsim 2.0.2  (Version: 2.0.2 - OVENTROP)
QuickTime (Version: 7.69.80.9 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (Version:  - Realtek Semiconductor Corp.)
Skins (Version: 2008.0422.2139.36895 - ATI) Hidden
Synaptics Pointing Device Driver (Version: 10.1.8.0 - Synaptics)
Tools für Microsoft SQL Server 2005 Express Edition (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.3042.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Uponor HSE-san 4.9 DE (Version: 4.90.000 - Uponor HSE)
Windows Media Encoder 9-Reihe (Version:  - )
Windows Media Encoder 9-Reihe (Version: 9.00.3374 - Microsoft Corporation) Hidden
WinRAR (Version:  - )

==================== Restore Points  =========================

12-02-2014 09:16:21 Installed Microsoft Fix it 50154
12-02-2014 09:41:44 Windows Update
15-02-2014 19:37:13 Geplanter Prüfpunkt
16-02-2014 02:00:13 Windows Update
16-02-2014 17:33:54 Installed Java 7 Update 51

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {057CF947-4338-4A06-916B-B8CA5C698D31} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - kohls => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {A03BBB6B-8682-4979-8952-4DE71DF3EB59} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {B25497FB-77BF-4FBF-99E4-4154DDB49B7B} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {D6DE9315-47F2-4A55-BE2B-7A4E62316755} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-11] (Adobe Systems Incorporated)
Task: {DDDF644F-2B45-43A4-BAEB-E649CB455705} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {DFE3E185-5CEB-4B05-B4BA-C0652F4BBE62} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F3716CDF-2881-46B7-882D-34C775CD0B24} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-10-07 14:38 - 2008-04-22 21:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-03-05 09:22 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2014-02-15 17:48 - 2014-02-15 17:49 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\kohls\Fw Bedienungsanl. Vitodens 200 UK.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kaufmann.lnk => C:\Windows\pss\Kaufmann.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2014 06:17:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 03:26:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2014 05:27:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 10:50:44 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003

Error: (02/12/2014 10:31:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 09:56:40 AM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: c94
Anfangszeit: 01cf27ce11f61d06
Zeitpunkt der Beendigung: 37471

Error: (02/12/2014 09:41:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 09:34:19 AM) (Source: Windows Search Service) (User: )
Description: Der Filterhostprozess kann nicht initialisiert werden. Der Vorgang wird abgebrochen.


Details:
	Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.   (0x800705b4)

Error: (02/12/2014 09:32:16 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: SendErrorToErrLog: Betriebssystemfehler 8(Für diesen Befehl ist nicht genügend Speicher verfügbar.).

Error: (02/11/2014 07:05:40 PM) (Source: Perflib) (User: )
Description: SYSTEMC:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe


System errors:
=============
Error: (02/16/2014 06:29:28 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (02/16/2014 06:29:28 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (02/16/2014 06:29:27 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/16/2014 06:18:09 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/16/2014 06:17:43 PM) (Source: DCOM) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (02/16/2014 06:17:28 PM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{01F8A5A2-575C-4545-86F4-717673C80679} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (02/16/2014 06:17:09 PM) (Source: Print) (User: NT-AUTORITÄT)
Description: Der Druckspooler konnte den Drucker HP LaserJet 2100 PCL6 nicht unter dem Namen HP LaserJet 2100 PCL6 freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.

Error: (02/16/2014 03:27:30 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/15/2014 05:27:29 PM) (Source: DCOM) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (02/15/2014 05:27:11 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (02/16/2014 06:17:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 03:26:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2014 05:27:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 10:50:44 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003 
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (02/12/2014 10:31:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 09:56:40 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.0.6002.18005c9401cf27ce11f61d0637471

Error: (02/12/2014 09:41:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 09:34:19 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.   (0x800705b4)

Error: (02/12/2014 09:32:16 AM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: SendErrorToErrLog8(Für diesen Befehl ist nicht genügend Speicher verfügbar.)

Error: (02/11/2014 07:05:40 PM) (Source: Perflib)(User: )
Description: SYSTEMC:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe


CodeIntegrity Errors:
===================================
  Date: 2014-02-11 18:49:28.478
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp8D97.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 18:49:27.916
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp8D97.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 18:49:27.339
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp8D97.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 18:49:26.746
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp8D97.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 18:49:21.692
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp7324.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 18:49:21.130
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp7324.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 18:49:20.568
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp7324.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 18:49:19.960
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kohls\AppData\Local\Temp\tmp7324.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 17:19:04.707
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 17:19:04.114
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 3580.91 MB
Available physical RAM: 1906.95 MB
Total Pagefile: 7384.3 MB
Available Pagefile: 6011.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.29 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:186.15 GB) (Free:121.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:184.99 GB) (Free:179.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 373 GB) (Disk ID: F087FDDC)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=186 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=185 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Geändert von NewtonZ4 (16.02.2014 um 19:03 Uhr)

Alt 17.02.2014, 13:37   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt - Standard

Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt



Java, Flash und Adobe updaten.


Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM\...\AppCertDlls: [bcdeplay] -> C:\Windows\system32\cleamapi.dll
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt
32 bit, avira, bho, error, excel, flash player, format, install.exe, installation, java/exploit.agent.nao, java/exploit.cve-2008-5353.i, logfile, malware.trace, mp3, problem, registry, rundll, schannel.dll, security, software, symantec, trojan.agent.gen, trojan.winlock.reveton, trojan.zbotr.gen, trojaner




Ähnliche Themen: Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt


  1. GVU-Trojaner abgesicherter Modus in Win 7 geht nicht
    Plagegeister aller Art und deren Bekämpfung - 01.05.2014 (13)
  2. GVU Trojaner WinXP Abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 26.11.2013 (7)
  3. Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt
    Log-Analyse und Auswertung - 04.11.2013 (3)
  4. gvu trojaner - abgesicherter modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (2)
  5. Landespolizeidirection virus abgesicherter modus funkt nicht otlpe ok
    Log-Analyse und Auswertung - 21.10.2013 (7)
  6. GVU Trojaner - Kein abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (3)
  7. Windows XP: GVU Trojaner, abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (3)
  8. GVU Trojaner - Abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 27.07.2013 (15)
  9. GVU Trojaner - Abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (13)
  10. GVU Trojaner (abgesicherter modus geht nicht)
    Plagegeister aller Art und deren Bekämpfung - 21.06.2013 (38)
  11. GVU-Trojaner Win7 32Bit (Abgesicherter Modus geht nicht)
    Plagegeister aller Art und deren Bekämpfung - 17.06.2013 (49)
  12. GVU Trojaner abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 30.05.2013 (5)
  13. WinXP - weißer Startscreen (Maus da) - abgesicherter Modus nicht möglich, startet neu - OTLpe Scan ok, was nun
    Log-Analyse und Auswertung - 29.05.2013 (13)
  14. GVU-Trojaner blockt PC - abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (7)
  15. GVU Trojaner - F8 abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (4)
  16. GVU Trojaner - Computer gesperrt - Abgesicherter Modus nicht nutzbar - Scan mit OTL eingefügt
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (12)
  17. Bundespolizei-Trojaner: Abgesicherter Modus geht nicht mehr
    Log-Analyse und Auswertung - 05.12.2012 (8)

Zum Thema Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt - Hi, ich hab das Problem, dass sich beim Starten des PCs jedes mal der Bundestrojaner oeffnet. Habe den abgesicherten Modus probiert, jedoch startet der PC dann jedes mal neu und - Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt...
Archiv
Du betrachtest: Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.