Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32" (https://www.trojaner-board.de/138391-benutzeranmeldung-trojaner-bekaempfung-zeigt-nur-noch-cmd-box-windows-system-32-a.html)

wh56 17.07.2013 22:07
Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32"
 
Hallo Team,

ich habe mir in meinem Windows 8 System einen Bundestrojaner eingefangen. Jedoch nur auf einem Benutzer-Account (nicht Admin). Über mein Adminkonto habe ich noch Zugang auf den Rechner und habe entsprechend Anleitung hier im Forum. Beitrag http://www.trojaner-board.de/134453-...tzerkonto.html die Bekämpfung gestartet. Es wurden die Files gefunden und auch beseitigt. Auch alle anderen Benutzer-Accounts sind nicht befallen.

Wenn ich nun versuche mich wieder an dem infizierten Account an zu melden ist die Trojanerseite weg. Es erscheint aber ein schwarzer Bildschirm mit einer CMD-Box. Die zeigt nur Windows\system 32.
Wie muss ich vorgehen um das Problem zu beseitigen und wieder auf meinen Account zu zu greifen.
Leider ist der GMER nicht sauber durchgelaufen, da er an nicht gesteckten Speichermedien hängen bleibt. Ich hoffe Ihr könnt mit meinen Anhängen etwas anfangen

Danke im vorraus für Eure Unterstützung
wh56

cosinus 18.07.2013 03:14
Hallo und :hallo:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


wh56 18.07.2013 18:34
Hallo Cosinus
danke für Deine schnelle Antwort.
In der Anlage die beiden Dateien


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 02
Ran by ** ** (administrator) on 18-07-2013 12:58:25
Running from C:\Users\** **\Downloads
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\system32\brsvc01a.exe
(brother Industries Ltd) C:\Windows\system32\brss01a.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(REINER SCT) C:\Windows\system32\cjpcsc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Greenshot\Greenshot.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe

==================== Registry (Whitelisted) ==================

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Lukas **\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Lukas **\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\Lukas **\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray                                                                                                                                                                                                                  [ 2012-01-10] (Nokia)
HKU\Lukas **\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\Lukas **\...\RunOnce: [WAB Migrate] - %ProgramFiles%\Windows Mail\wab.exe /Upgrade [ 2012-07-26] (Microsoft Corporation)
HKU\Lukas **\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Lukas **\...\Policies\system: [LogonHoursAction] 2
HKU\Mechtild **\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\Mechtild **\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\Mechtild **\...\Run: [PC Suite Tray] - "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [ 2010-05-14] (Nokia)
HKU\Mechtild **\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\Mechtild **\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mechtild **\...\Policies\system: [LogonHoursAction] 2
HKU\Nelson Canga\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\Nelson Canga\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\Nelson Canga\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\Nelson Canga\...\RunOnce: [WAB Migrate] - %ProgramFiles%\Windows Mail\wab.exe /Upgrade [ 2012-07-26] (Microsoft Corporation)
HKU\Nelson Canga\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Nelson Canga\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\UpdatusUser\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray                                                                                                                                                                                                                  [ 2012-01-10] (Nokia)
HKU\UpdatusUser\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\** ** (Wrk)\...\Run: [Greenshot] - "C:\Program Files\Greenshot\Greenshot.exe" [x]
HKU\** ** (Wrk)\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\** ** (Wrk)\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe [x] <===== ATTENTION
HKU\** ** (Wrk)\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\** ** (Wrk)\...\Policies\system: [LogonHoursAction] 2
HKU\** ** (Wrk)\...\Winlogon: [Shell] cmd.exe [ 2012-07-26] (Microsoft Corporation) <==== ATTENTION
HKU\** ** (Wrk)\...\Command Processor: "C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe" <===== ATTENTION!
IMEO\mediabuilder.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\nsu3ui.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\paprport.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\pdfdirect.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\pppagevw.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\ppscandr.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\scannerwizard.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\teamviewer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\trueimagelauncher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62

FireFox:
========
FF ProfilePath: C:\Users\** **\AppData\Roaming\Mozilla\Firefox\Profiles\k915aems.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\** **\AppData\Roaming\Mozilla\Firefox\Profiles\k915aems.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [fe_9.0@nokia.com] C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF HKLM\...\Thunderbird\Extensions: [te_9.0@nokia.com] C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"]},"first_run_tabs":["hxxp://www.google.com/","hxxp://welcome_page"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Norton Identity Safe) - C:\Users\** ** (Wrk)\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0\npcoplgn.dll (Symantec Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

========================== Services (Whitelisted) =================

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [846576 2012-05-10] (Acronis)
S4 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-01-17] (Acronis)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [508848 2011-05-09] (REINER SCT)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MCLIENT; C:\Program Files\Norton Management\Engine\3.2.0.19\diMaster.dll [535416 2012-10-11] (Symantec Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13864 2012-07-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-12-06] (Protect Software GmbH)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENT\0302000.013\ccSetx86.sys [134304 2012-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-11-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-11-19] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\system32\drivers\ftdibus.sys [57672 2009-06-10] (FTDI Ltd.)
S3 GigasetGenericUSB; C:\Windows\system32\DRIVERS\GigasetGenericUSB.sys [44032 2013-03-05] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130716.001\IDSvix86.sys [386720 2012-11-19] (Symantec Corporation)
R3 LMouFilt; C:\Windows\system32\DRIVERS\LMouFilt.Sys [39608 2012-09-18] (Logitech, Inc.)
R0 m5287; C:\Windows\System32\drivers\m5287.sys [76544 2004-12-15] (ULi Electronics Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130716.017\NAVENG.SYS [93272 2013-05-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130716.017\NAVEX15.SYS [1611992 2013-05-31] (Symantec Corporation)
R3 Ph3xIB32; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [1311232 2011-05-31] (NXP Semiconductors)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-01-11] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10200 2013-01-11] ()
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NIS\1404000.028\SYMELAM.SYS [21400 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
R3 teamviewervpn; C:\Windows\system32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [125472 2013-03-27] (Acronis)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2013-03-27] (Acronis)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x86.sys [249200 2012-10-02] (Marvell)
U3 idsvc;
U3 pxryiuog; \??\C:\Users\WILHEL~1\AppData\Local\Temp\pxryiuog.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-18 12:58 - 2013-07-18 12:58 - 00000000 ____D C:\FRST
2013-07-18 12:56 - 2013-07-18 12:56 - 01218860 _____ (Farbar) C:\Users\** **\Downloads\FRST.exe
2013-07-17 22:34 - 2013-07-17 22:55 - 00021385 _____ C:\Users\** **\Desktop\GMER.log
2013-07-16 23:19 - 2013-07-17 23:02 - 00084450 _____ C:\Users\** **\Downloads\Extras.Txt
2013-07-16 23:17 - 2013-07-17 23:02 - 00128916 _____ C:\Users\** **\Downloads\OTL.Txt
2013-07-16 23:12 - 2013-07-16 23:12 - 00377856 _____ C:\Users\** **\Downloads\gmer_2.1.19163.exe
2013-07-16 23:05 - 2013-07-16 23:05 - 00602112 _____ (OldTimer Tools) C:\Users\** **\Downloads\OTL.exe
2013-07-16 23:04 - 2013-07-16 23:04 - 00000490 _____ C:\Users\** **\Downloads\defogger_disable.log
2013-07-16 23:04 - 2013-07-16 23:04 - 00000000 _____ C:\Users\** **\defogger_reenable
2013-07-16 23:02 - 2013-07-16 23:02 - 00050477 _____ C:\Users\** **\Downloads\Defogger.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-16 18:46 - 2013-07-17 22:59 - 00001284 _____ C:\Users\** **\Desktop\checkup.txt
2013-07-16 18:40 - 2013-07-16 18:40 - 00891022 _____ C:\Users\** **\Downloads\SecurityCheck.exe
2013-07-16 05:26 - 2013-07-17 23:01 - 00000333 _____ C:\Users\** **\Desktop\eset Ergebnisse.txt
2013-07-10 06:45 - 2013-07-10 06:45 - 02347384 _____ (ESET) C:\Users\** **\Downloads\esetsmartinstaller_enu.exe
2013-07-10 06:45 - 2013-07-10 06:45 - 00000000 ____D C:\Program Files\ESET
2013-07-10 06:40 - 2013-07-10 06:40 - 00171096 _____ C:\WINDOWS\Minidump\071013-32265-01.dmp
2013-07-10 06:31 - 2013-07-10 06:30 - 04745728 _____ (AVAST Software) C:\Users\** **\Desktop\aswMBR.exe
2013-07-10 06:30 - 2013-07-10 06:30 - 04745728 _____ (AVAST Software) C:\Users\** **\Downloads\aswMBR.exe
2013-07-09 22:55 - 2013-07-09 22:55 - 00001082 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Users\** **\AppData\Roaming\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-09 22:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-07-09 22:54 - 2013-07-09 22:54 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\** **\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-09 21:26 - 2013-07-09 21:26 - 00156240 _____ C:\WINDOWS\Minidump\070913-29453-01.dmp
2013-06-28 19:11 - 2013-06-28 19:11 - 00000000 ____D C:\Users\Mechtild **\AppData\Roaming\TeamViewer
2013-06-20 20:08 - 2013-06-20 20:08 - 00001764 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-06-20 20:07 - 2013-06-20 20:08 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-20 20:07 - 2013-06-20 20:08 - 00000000 ____D C:\Program Files\iTunes
2013-06-20 20:07 - 2013-06-20 20:07 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2013-07-18 12:58 - 2013-07-18 12:58 - 00000000 ____D C:\FRST
2013-07-18 12:56 - 2013-07-18 12:56 - 01218860 _____ (Farbar) C:\Users\** **\Downloads\FRST.exe
2013-07-18 12:53 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-07-17 23:02 - 2013-07-16 23:19 - 00084450 _____ C:\Users\** **\Downloads\Extras.Txt
2013-07-17 23:02 - 2013-07-16 23:17 - 00128916 _____ C:\Users\** **\Downloads\OTL.Txt
2013-07-17 23:01 - 2013-07-16 05:26 - 00000333 _____ C:\Users\** **\Desktop\eset Ergebnisse.txt
2013-07-17 22:59 - 2013-07-16 18:46 - 00001284 _____ C:\Users\** **\Desktop\checkup.txt
2013-07-17 22:55 - 2013-07-17 22:34 - 00021385 _____ C:\Users\** **\Desktop\GMER.log
2013-07-17 22:34 - 2013-01-04 00:31 - 00000000 ___RD C:\Users\** **\Desktop
2013-07-17 22:26 - 2012-04-11 20:05 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-17 20:50 - 2013-01-04 00:54 - 01631347 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-17 19:46 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-07-17 19:14 - 2013-02-11 22:08 - 03672987 _____ C:\WINDOWS\setupact.log
2013-07-17 19:14 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-16 23:12 - 2013-07-16 23:12 - 00377856 _____ C:\Users\** **\Downloads\gmer_2.1.19163.exe
2013-07-16 23:05 - 2013-07-16 23:05 - 00602112 _____ (OldTimer Tools) C:\Users\** **\Downloads\OTL.exe
2013-07-16 23:04 - 2013-07-16 23:04 - 00000490 _____ C:\Users\** **\Downloads\defogger_disable.log
2013-07-16 23:04 - 2013-07-16 23:04 - 00000000 _____ C:\Users\** **\defogger_reenable
2013-07-16 23:04 - 2013-01-04 00:31 - 00000000 ____D C:\Users\** **
2013-07-16 23:02 - 2013-07-16 23:02 - 00050477 _____ C:\Users\** **\Downloads\Defogger.exe
2013-07-16 21:58 - 2010-04-13 21:00 - 00000000 ____D C:\Users\Mechtild **\AppData\Roaming\TuneUp Software
2013-07-16 21:37 - 2010-01-17 00:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 21:16 - 2010-01-23 11:17 - 75699896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-16 20:55 - 2012-12-17 21:40 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-07-16 20:55 - 2012-12-17 21:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-07-16 20:55 - 2012-12-17 21:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-07-16 20:55 - 2010-10-06 15:59 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-07-16 20:55 - 2010-01-17 10:48 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-16 18:42 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-07-16 18:40 - 2013-07-16 18:40 - 00891022 _____ C:\Users\** **\Downloads\SecurityCheck.exe
2013-07-16 18:35 - 2013-02-19 22:41 - 00019200 _____ C:\WINDOWS\PFRO.log
2013-07-16 18:34 - 2012-07-26 06:17 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-07-16 18:25 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\IME
2013-07-16 18:25 - 2011-06-07 23:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-15 22:14 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-07-10 06:45 - 2013-07-10 06:45 - 02347384 _____ (ESET) C:\Users\** **\Downloads\esetsmartinstaller_enu.exe
2013-07-10 06:45 - 2013-07-10 06:45 - 00000000 ____D C:\Program Files\ESET
2013-07-10 06:40 - 2013-07-10 06:40 - 00171096 _____ C:\WINDOWS\Minidump\071013-32265-01.dmp
2013-07-10 06:40 - 2013-02-19 22:05 - 286054769 _____ C:\WINDOWS\MEMORY.DMP
2013-07-10 06:40 - 2013-01-13 16:40 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-10 06:30 - 2013-07-10 06:31 - 04745728 _____ (AVAST Software) C:\Users\** **\Desktop\aswMBR.exe
2013-07-10 06:30 - 2013-07-10 06:30 - 04745728 _____ (AVAST Software) C:\Users\** **\Downloads\aswMBR.exe
2013-07-10 06:16 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\twain_32
2013-07-09 22:55 - 2013-07-09 22:55 - 00001082 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Users\** **\AppData\Roaming\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-09 22:55 - 2013-01-04 01:30 - 00047104 ___SH C:\Users\** **\Desktop\Thumbs.db
2013-07-09 22:55 - 2012-07-26 08:53 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-09 22:54 - 2013-07-09 22:54 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\** **\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-09 21:26 - 2013-07-09 21:26 - 00156240 _____ C:\WINDOWS\Minidump\070913-29453-01.dmp
2013-07-04 21:04 - 2013-02-23 17:38 - 00000000 ____D C:\NetxpVerein
2013-06-28 22:30 - 2013-01-04 00:52 - 01781388 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-06-28 19:11 - 2013-06-28 19:11 - 00000000 ____D C:\Users\Mechtild **\AppData\Roaming\TeamViewer
2013-06-28 19:09 - 2013-01-04 00:31 - 00000000 ___RD C:\Users\Mechtild **\Desktop
2013-06-20 20:08 - 2013-06-20 20:08 - 00001764 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-06-20 20:08 - 2013-06-20 20:07 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-20 20:08 - 2013-06-20 20:07 - 00000000 ____D C:\Program Files\iTunes
2013-06-20 20:07 - 2013-06-20 20:07 - 00000000 ____D C:\Program Files\iPod
2013-06-20 20:07 - 2012-06-03 17:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-20 19:59 - 2012-07-26 08:53 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-06-19 20:19 - 2010-01-23 12:40 - 00000000 ____D C:\WINDOWS\system32\Drivers\NIS
2013-06-19 08:51 - 2010-01-23 12:40 - 00142496 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2013-06-19 08:51 - 2010-01-23 12:40 - 00007611 _____ C:\WINDOWS\system32\Drivers\SYMEVENT.CAT

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-17 19:46

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-07-2013 02
Ran by ** ** at 2013-07-18 12:59:19
Running from C:\Users\** **\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 13.1.1)
Acronis True Image WD*Edition (Version: 13.0.14189)
Adobe AIR (Version: 2.7.0.19530)
Adobe Community Help (Version: 3.2.1)
Adobe Community Help (Version: 3.2.1.650)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Photoshop Elements 9 (Version: 9.0.3.0)
Adobe Photoshop Lightroom 3.5 (Version: 3.5.1)
Adobe Premiere Elements 9 (Version: 9.0)
Adobe Premiere Elements 9 (Version: 9.0.1)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Advanced File Security Basic
AeroFly Professional Deluxe (inkl. Add-On 1) (Version: 1.9.0103)
AllDup 3.4.13 (Version: 3.4.13)
Anti-Twin (Installation 07.06.2010)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Audacity 2.0.2 (Version: 2.0.2)
AusweisApp (Version: 1.10.0)
Baden-Württemberg Süd 2.0 (Version: 2.0)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.0.1)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.8.0.1)
Canon Internet Library for ZoomBrowser EX (Version: 1.7.0.1)
Canon MG5200 series Benutzerregistrierung
Canon MG5200 series MP Drivers
Canon MOV Decoder (Version: 1.7.0.6)
Canon MOV Encoder (Version: 1.5.0.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.6.0.5)
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Canon Utilities CameraWindow DC 8 (Version: 8.3.0.6)
Canon Utilities CameraWindow Launcher (Version: 7.5.0.2)
Canon Utilities Digital Photo Professional 3.9 (Version: 3.9.0.3)
Canon Utilities Movie Uploader for YouTube (Version: 1.1.0.4)
Canon Utilities MyCamera (Version: 7.4.0.2)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.6.0.23)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.4.0.4)
CCleaner (Version: 3.24)
CDBurnerXP (Version: 4.5.0.3717)
CD-LabelPrint
ChargeProfessional (Version: 2.16)
ChargeProfessional 1.71
Chipcardmaster 7.03
cyberJack Base Components (Version: 6.9.12)
Das Interaktive Kartenwerk. Deutschland (Version: 2.1.6)
DDBAC (Version: 5.3.10)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Elements 9 Organizer (Version: 9.0)
Elements STI Installer (Version: 1.0)
Eraser 6.0.10.2620 (Version: 6.0.2620)
eReg (Version: 1.20.138.34)
ESET Online Scanner v3
File Type Assistant (Version: 2012.10.26.0)
Gigaset QuickSync (Version: 8.2.0865.2)
Grabster AV 400 (Version: 1.3.0)
Greenshot
IrfanView (remove only)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 18 (Version: 6.0.180)
Java(TM) 6 Update 2 (Version: 1.6.0.20)
Java(TM) 6 Update 21 (Version: 6.0.210)
LAME v3.99.3 (for Windows)
Lexware Info Service (Version: 2.90.00.0009)
Lexware online banking (Version: 19.00.00.0059)
Logitech SetPoint 6.51 (Version: 6.51.8)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (Version: 2.0.1578.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero Backup Drivers (Version: 1.0.11100.8.0)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.69.0)
Nokia PC Suite (Version: 7.1.51.0)
Nokia Software Updater (Version: 3.0.560)
Nokia Suite (Version: 3.3.86.0)
Nordrhein-Westfalen West 2.0 (Version: 2.0)
Norton Internet Security (Version: 20.4.0.40)
Norton Management (Version: 3.2.0.19)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Grafiktreiber 307.74 (Version: 307.74)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Systemsteuerung 307.74 (Version: 307.74)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
PaperPort Image Printer (Version: 1.00.0000)
PC Connectivity Solution (Version: 11.5.29.0)
PeaZip 3.0
PVSonyDll (Version: 1.00.0001)
Quicken 2014 (Version: 21.31.00.0109)
Quicken Import Export Server 2011 (Version: 18.00.00.0081)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
ScanSoft PaperPort 11 (Version: 11.2.0000)
ScanSoft PDF Create! 4 (Version: 4.01.0009)
SCHLECKER Foto Digital Service (Version: 4.8.7)
Servicepack Datumsaktualisierung (Version: 1.00.00.0005)
SmartSound Quicktracks for Premiere Elements 9.0 (Version: 3.12.3090)
SyncToy 2.1 (x86) (Version: 2.1.0)
TeamViewer 8 (Version: 8.0.16642)
The Simpsons Hit & Run(TM) (Version: 1.00.000)
TuneUp Utilities 2013 (Version: 13.0.3020.2)
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.77)
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.3020.2)
TuneUp Utilities Language Pack (de-DE) (Version: 9.0.6010.8)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.5 (Version: 2.0.5)
Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5) (Version: 06/09/2010 4.5)
Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7) (Version: 06/09/2010 7.01.0.7)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WISO Steuer-Sparbuch 2013 (HKCU Version: 20.00.8137)
 

==================== Restore Points  =========================


==================== Hosts content: ==========================

2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {026051DD-5B76-447A-B500-DFF813F45F59} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2326591026-2755835626-2187243960-1005 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {0416C00C-A8FD-47A0-8571-9962FA18FE49} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe No File
Task: {052133DB-F4AA-42CB-BD2B-4A53CEDC4C83} - System32\Tasks\User_Feed_Synchronization-{168551CE-9DA4-498D-B959-09B0EB78EE57} => C:\WINDOWS\system32\msfeedssync.exe [2012-07-26] (Microsoft Corporation)
Task: {0BF0B6B1-5307-42CB-A4E2-7E236AB2B2BB} - System32\Tasks\AdobeAAMUpdater-1.0-Acer_Aspire-** ** (Wrk) => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {0DA30D54-42BC-48FA-9D70-91C6EF983B6F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe No File
Task: {0E78FEE0-C387-4530-AC36-4D46887FBFD5} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {0FB9F3EA-4F42-41A0-B8CE-06CDEF09B849} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {10E507CF-A2CC-4195-8FD5-DCBA1B5CE5C7} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe No File
Task: {1374F7A3-3E3B-4A04-AF6C-15C6B153A322} - System32\Tasks\Netxp-Verein-Sicherung-Boogie-Freunde-Balingen e.V.--1058694068 => C:\NetxpVerein\NetxpVereinBackup.exe [2013-02-19] (Netxp GmbH)
Task: {159DA30B-9B91-4267-A71F-5B7ACC15230D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {174644D4-4E5F-4B13-893F-DC718163E165} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {19FE374E-9920-4751-B6B5-D54D2833825A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {21EBABC3-315E-4262-91EA-833D48E9208B} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {29393176-E37F-4C1D-8A34-617ED715EB8B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe No File
Task: {307D6D3E-9D87-4CFD-B668-C60E8C86B0E3} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {311C4CC9-7320-42AB-B437-C1D02EEB6587} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {342D8E10-501F-4B38-A4C0-F2DE193B46E9} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {34EC503E-E4D2-431E-8BCC-2AD20472B578} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {35608D9A-ADF5-4352-BD94-50BA48AAD939} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe No File
Task: {363B18FF-B363-4665-B1C4-DD7823139C45} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)
Task: {36F2C165-3DE0-49AB-BBC6-F3FD6D2DE937} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe No File
Task: {3799C698-B9E2-4D51-86FC-B9B20E8DEF91} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {37BC8A3D-D499-403D-B362-05AD8E3213F0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe No File
Task: {3979CF68-CD08-46D3-A340-CB769AE09013} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {3B292858-FAAA-4B61-9C76-6902AEB7607B} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {3EC42D4C-09B0-49D9-A6A8-F2E1A94C0A74} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {401A6E28-E7D0-4D18-BC47-BFAC50D16D00} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {4248D63C-1E29-40FC-9857-A91082A09C41} - System32\Tasks\Update Manager => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: {4294B8A6-13BD-4733-8559-C8D558B6F597} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {44E19131-88E9-4238-9DCD-22306E438BB1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {47BC98EF-171C-42A7-86B8-ACCB62C6B2A7} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {499C0FBE-D932-4A65-BF16-1ABAF008C9A9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe No File
Task: {4A33F285-53E5-42EB-8814-24276795E146} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe No File
Task: {4B47A55C-78E7-4233-B948-81C7D5F30F62} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files\Norton Management\Engine\3.2.0.19\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {4F2DA3E8-0B43-47C0-8811-45ECA435391F} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {52B73E22-7AA0-4874-9C94-BC5B8E0E67DD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {542EB8E9-BA71-4AFA-A440-48904A1E4546} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe No File
Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {56883940-B816-41B0-81DE-4DB71BF95777} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {58F1DD5D-0672-4784-9448-CB7E68F41189} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe No File
Task: {5AD5C29C-DE77-4141-A77C-2E338FBEDC8B} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {5B88CA1D-EEEA-4BAC-9E36-D94BA7D5CC37} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {5BC5CACF-33CB-40B7-9B74-8A135499E95B} - System32\Tasks\ProgramUpdateCheck => C:\Program Files\File Type Assistant\TSAssist.exe [2012-10-06] (Trusted Software ApS)
Task: {60282143-D420-407C-9DE2-470855BFB129} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2326591026-2755835626-2187243960-1005
Task: {611BA3F1-1CA9-4166-B348-D7F4A9A747B2} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {6495D7D8-52C0-4309-9097-247A7B9574CC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {658A2BD5-F249-48E9-A726-A75502D50D58} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {65B54126-3662-4E42-AF58-7C1EE4BFD6CB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe No File
Task: {67FF304D-1A11-4CB0-909A-A92DCFD95294} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {68070BBC-F2DE-4476-95C6-C2ED1ECE3D0F} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {6C5A8B1A-4F41-46CB-9C9C-E86BE1930F86} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe No File
Task: {6D3224E7-E43C-4CAC-82AA-ED821C932F0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {74748E76-21FC-465C-ABE1-5E465834A900} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {753C8596-7415-46D3-AF5E-9EEC299E7D90} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {7EBC5A66-ABD2-4B81-872F-BC7CA4AD5D55} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {889B5714-5944-4B05-B083-CED6A3E893B9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {8D54A94F-088B-4371-99CD-54DA83DAF3E1} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2326591026-2755835626-2187243960-1001
Task: {8E694376-21AC-46FA-8E80-C453341417E4} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {9511B98D-9409-4972-AA98-96B0C8550EDD} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe No File
Task: {973628F1-FAD0-487A-B3EC-A318007483E8} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {976205DD-9CC9-4090-BD10-81092715D366} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation)
Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {9B1694D0-0BD7-4710-B929-5FE53A5AF23A} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2326591026-2755835626-2187243960-1003 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {9C3ADA14-4FAF-445F-B971-A69F60A7C497} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {9D175E12-DB50-4682-9F62-F923B154AA57} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A014EC55-F9EB-479D-9F4C-ACBE30C9E949} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {A942F6F0-B7E9-47EA-9E44-EB6BF7A6226B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe No File
Task: {A9F2A00E-ABA7-4DC8-8BCF-81B1D9CF701A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe No File
Task: {AFE9EACD-AC61-4642-A077-BB06D1147FC5} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {B6E8E3D3-C908-44A4-A599-96EB689A74E0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe No File
Task: {B7B01D23-875F-4D30-B56B-55B8A39FD23E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe No File
Task: {B9ADA005-AEF4-4108-9ACA-64287AE0ED57} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {BB4910D3-79D9-461E-AC1B-915B8E8672A3} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BC858B0C-7D0F-436F-B08B-50D51DF74306} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {C465A656-3917-43C0-B40A-4EBBE8708BB9} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {C66B8D31-A32F-4AF7-800E-475B2C2BE27D} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {C7B00221-71A0-4FB5-84F5-F1A8A2CA1B2A} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {CB6C4DEB-EA80-4DA1-8C97-27BDCACC5911} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {CF7DEDB9-97B8-4B32-A4AB-B1D22D0DE7B9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe No File
Task: {D1CDD09C-5F29-4A7F-8FB4-897B439CC9A9} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {D3F6D3D2-56BF-4D2F-B5F2-8B6C7740E37A} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2326591026-2755835626-2187243960-1003
Task: {DBFEB605-058F-437D-A564-4AA088D80C2A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {E3F2C42C-4547-49CD-A14F-FDDA37794A75} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {E3FC5136-FFFE-42DA-BB1D-6C62CAEB4585} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {E60C98D3-B41B-482A-AC61-DD19EDF2841D} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {E6F303A7-A45D-45F0-89AF-79C1ED63EB1D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe No File
Task: {ECF892A2-31E3-4DB8-8F12-CB5A4718F3B6} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: {EDB897D8-6E64-432E-843E-469FACCC54E9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe No File
Task: {EE5A381C-19C7-4883-828E-DE71B8EBD3B9} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files\Norton Management\Engine\3.2.0.19\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {EE7F17CC-FCDC-4547-8FC2-B3B4A8B8B1DD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe No File
Task: {EF671D6A-2C53-459B-B40B-693DE52C844B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe No File
Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {EFF9D33E-9D91-4C22-8322-C8C8217054CB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe No File
Task: {F273F7E8-98FA-47D0-BFE3-8B71C8C3E9A8} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {F413C755-E3DC-4075-BB1E-AC60C1CA9AEA} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {F69E710E-D481-4685-9A82-C1B0C2369EB5} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {F6E06073-27B2-48BB-8FA1-AAA8B50066D0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {F9AD723E-8C76-41BC-9AAD-3F44EA0A1222} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Netxp-Verein-Sicherung-Boogie-Freunde-Balingen e.V.--1058694068.job => C:\NetxpVerein\NetxpVereinBackup.exe
Task: C:\WINDOWS\Tasks\Netxp-Verein-Sicherung-Boogie-Freunde-Balingen-1306544401.job => C:\NetxpVerein\NetxpVereinBackup.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2013 00:59:20 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator

Error: (07/18/2013 00:59:20 PM) (Source: VSS) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator

Error: (07/17/2013 07:49:18 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/17/2013 07:49:11 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/17/2013 07:47:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/17/2013 07:46:58 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/16/2013 10:01:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/16/2013 09:59:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/16/2013 09:16:20 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\WINDOWS\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x8004230f).

Error: (07/16/2013 09:16:15 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {00000000-0000-0000-0000-000000000000}
  Snapshotkontext: 4194317
  Ausführungskontext: Coordinator
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Volumename: \\?\Volume{548f4d37-02e8-11df-a741-806e6f6e6963}\
  Ausführungskontext: Coordinator


System errors:
=============
Error: (07/17/2013 07:16:45 PM) (Source: DCOM) (User: ACER_ASPIRE)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Acer_Aspire** **S-1-5-21-2326591026-2755835626-2187243960-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (07/17/2013 07:16:20 PM) (Source: DCOM) (User: ACER_ASPIRE)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Acer_Aspire** **S-1-5-21-2326591026-2755835626-2187243960-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (07/17/2013 07:16:20 PM) (Source: DCOM) (User: ACER_ASPIRE)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Acer_Aspire** **S-1-5-21-2326591026-2755835626-2187243960-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (07/17/2013 07:16:19 PM) (Source: DCOM) (User: ACER_ASPIRE)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Acer_Aspire** **S-1-5-21-2326591026-2755835626-2187243960-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (07/17/2013 07:15:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet.

Error: (07/17/2013 07:13:43 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Features zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/17/2013 07:14:08 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎17.‎07.‎2013 um 00:02:26 unerwartet heruntergefahren.

Error: (07/17/2013 00:03:50 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet.

Error: (07/17/2013 00:02:00 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Features zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/17/2013 00:02:26 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎16.‎07.‎2013 um 23:43:16 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (03/15/2011 00:13:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2203 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/10/2010 08:39:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 913 seconds with 660 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-02-18 21:35:18.287
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-02-18 21:35:18.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-02-18 21:35:18.006
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-02-18 21:35:17.522
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-02-18 21:35:17.428
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-02-18 21:35:17.350
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-02-18 21:35:13.990
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-02-18 21:35:12.381
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-02-07 18:45:19.794
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-02-07 18:45:19.700
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 2047.43 MB
Available physical RAM: 1135.64 MB
Total Pagefile: 4095.43 MB
Available Pagefile: 3026.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1827.92 MB

==================== Drives ================================

Drive c: (ACER PL1 W8) (Fixed) (Total:229.44 GB) (Free:141.33 GB) NTFS
Drive d: (ACER PL1 Sys) (Fixed) (Total:228.69 GB) (Free:175.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive m: (ACER PL3 DA) (Fixed) (Total:931.51 GB) (Free:750.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 94EF6939)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 07C1EE5C)
Partition 1: (Not Active) - (Size=8 GB) - (Type=12)
Partition 2: (Active) - (Size=229 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=229 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Gruß wh56

cosinus 18.07.2013 20:44
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\** ** (Wrk)\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe [x] <===== ATTENTION
HKU\** ** (Wrk)\...\Winlogon: [Shell] cmd.exe [ 2012-07-26] (Microsoft Corporation) <==== ATTENTION
HKU\** ** (Wrk)\...\Command Processor: "C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe" <===== ATTENTION!
C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe
Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


wh56 18.07.2013 20:56
Hallo Cosinus,

danke Ihr seit wirklich schnell!

Hier nun das Ergebnis

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-07-2013 02
Ran by ** ** at 2013-07-18 21:54:05 Run:1
Running from C:\Users\** **\Downloads
Boot Mode: Normal

==============================================

HKU\** ** (Wrk)\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\\** ** (Wrk)\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
HKU\\** ** (Wrk)\Software\Microsoft\Command Processor\\AutoRun => Value not found.
"C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe" => File/Directory not found.

==== End of Fixlog ====
Gruß wh56

cosinus 18.07.2013 21:07
Läuft die Anmeldung wieder normal?

wh56 18.07.2013 21:29
hallo sosinus
leider nein, immer noch die dosbox.
wenn ich Explorer.exe eingebe läuft der user hoch (bin jetzt wieder drin).
die Meldung in der Box lautet:

Der Befehl c:\user\name\appdata\lokal\temp\cgvrsxaqeyexbffxb.exe ist entweder falsch geschrieben oder konnte nicht gefunden werden.

Sorry, weiß nicht wie ich den Text kopiert bekomme "String C" geht nicht.

Ich erinnere mich, diese oder eine ähnliche Datei ganz am Anfang gelöscht zu haben. Sie war die neueste exe, die nach dem Befall auf dem Rechner war.

cosinus 18.07.2013 22:17
Bitte ein neues Log mit FRST machen und nach Möglichkeit NICHTS im Log editieren

wh56 19.07.2013 06:59
Hallo cosinus,

ich habe nun nochmals den scan ausgeführt. Ergebnisse siehe Anlage. Das befallene Konto ist 1234 5678 (Wrk). Wegen "real names" musste ich aber doch editieren:
Admin: Vorname 1234
Nachname 5678
Vorname Konto 2 ****
Vorname Konto 3 !!!!
Vorname Konto 4 ????
Vorname Konto 5 §§§§
Nachbame Konto 5 $$$$
Jeweils zwischen Vor- und Nachname ein "Space"

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013
Ran by 1234 5678 (administrator) on 19-07-2013 07:22:22
Running from C:\Users\1234 5678\Downloads
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\system32\brsvc01a.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(brother Industries Ltd) C:\Windows\system32\brss01a.exe
(REINER SCT) C:\Windows\system32\cjpcsc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Greenshot\Greenshot.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================== Registry (Whitelisted) ==================

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\**** 5678\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\**** 5678\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\**** 5678\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray                                                                                                                                                                                                                  [ 2012-01-10] (Nokia)
HKU\**** 5678\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\**** 5678\...\RunOnce: [WAB Migrate] - %ProgramFiles%\Windows Mail\wab.exe /Upgrade [ 2012-07-26] (Microsoft Corporation)
HKU\**** 5678\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\**** 5678\...\Policies\system: [LogonHoursAction] 2
HKU\!!!! 5678\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\!!!! 5678\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\!!!! 5678\...\Run: [PC Suite Tray] - "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [ 2010-05-14] (Nokia)
HKU\!!!! 5678\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\!!!! 5678\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\!!!! 5678\...\Policies\system: [LogonHoursAction] 2
HKU\§§§§ $$$$\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\§§§§ $$$$\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\§§§§ $$$$\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\§§§§ $$$$\...\RunOnce: [WAB Migrate] - %ProgramFiles%\Windows Mail\wab.exe /Upgrade [ 2012-07-26] (Microsoft Corporation)
HKU\§§§§ $$$$\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\§§§§ $$$$\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [ 2010-07-12] ()
HKU\UpdatusUser\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray                                                                                                                                                                                                                  [ 2012-01-10] (Nokia)
HKU\UpdatusUser\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x]
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\1234 5678 (Wrk)\...\Run: [Greenshot] - "C:\Program Files\Greenshot\Greenshot.exe" [x]
HKU\1234 5678 (Wrk)\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [ 2012-01-10] (Nokia)
HKU\1234 5678 (Wrk)\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\1234 5678 (Wrk)\...\Policies\system: [LogonHoursAction] 2
HKU\1234 5678 (Wrk)\...\Winlogon: [Shell] cmd.exe [ 2012-07-26] (Microsoft Corporation) <==== ATTENTION
HKU\1234 5678 (Wrk)\...\Command Processor: "C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe" <===== ATTENTION!
IMEO\mediabuilder.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\nsu3ui.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\paprport.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\pdfdirect.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\pppagevw.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\ppscandr.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\scannerwizard.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\teamviewer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IMEO\trueimagelauncher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62

FireFox:
========
FF ProfilePath: C:\Users\1234 5678\AppData\Roaming\Mozilla\Firefox\Profiles\k915aems.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\1234 5678\AppData\Roaming\Mozilla\Firefox\Profiles\k915aems.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [fe_9.0@nokia.com] C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF HKLM\...\Thunderbird\Extensions: [te_9.0@nokia.com] C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"]},"first_run_tabs":["hxxp://www.google.com/","hxxp://welcome_page"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Norton Identity Safe) - C:\Users\1234 5678 (Wrk)\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0\npcoplgn.dll (Symantec Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

========================== Services (Whitelisted) =================

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [846576 2012-05-10] (Acronis)
S4 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-01-17] (Acronis)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [508848 2011-05-09] (REINER SCT)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MCLIENT; C:\Program Files\Norton Management\Engine\3.2.0.19\diMaster.dll [535416 2012-10-11] (Symantec Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13864 2012-07-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-12-06] (Protect Software GmbH)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENT\0302000.013\ccSetx86.sys [134304 2012-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-11-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-11-19] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\system32\drivers\ftdibus.sys [57672 2009-06-10] (FTDI Ltd.)
S3 GigasetGenericUSB; C:\Windows\system32\DRIVERS\GigasetGenericUSB.sys [44032 2013-03-05] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130717.001\IDSvix86.sys [386720 2012-11-19] (Symantec Corporation)
R3 LMouFilt; C:\Windows\system32\DRIVERS\LMouFilt.Sys [39608 2012-09-18] (Logitech, Inc.)
R0 m5287; C:\Windows\System32\drivers\m5287.sys [76544 2004-12-15] (ULi Electronics Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130718.004\NAVENG.SYS [93272 2013-05-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130718.004\NAVEX15.SYS [1611992 2013-05-31] (Symantec Corporation)
R3 Ph3xIB32; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [1311232 2011-05-31] (NXP Semiconductors)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-01-11] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10200 2013-01-11] ()
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NIS\1404000.028\SYMELAM.SYS [21400 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
R3 teamviewervpn; C:\Windows\system32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [125472 2013-03-27] (Acronis)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2013-03-27] (Acronis)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x86.sys [249200 2012-10-02] (Marvell)
U3 idsvc;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-19 07:21 - 2013-07-19 07:21 - 01218862 _____ (Farbar) C:\Users\1234 5678\Downloads\FRST.exe
2013-07-19 07:20 - 2013-07-19 07:20 - 01218862 _____ (Farbar) C:\Users\1234 5678\Downloads\FRST(1).exe
2013-07-18 19:24 - 2013-07-18 19:24 - 00041801 _____ C:\Users\1234 5678\Desktop\Addition.txt
2013-07-18 12:59 - 2013-07-18 19:35 - 00041801 _____ C:\Users\1234 5678\Downloads\2013-07-18 Addition.txt
2013-07-18 12:59 - 2013-07-18 19:25 - 00032345 _____ C:\Users\1234 5678\Downloads\2013-07-18 FRST.txt
2013-07-18 12:58 - 2013-07-18 12:58 - 00000000 ____D C:\FRST
2013-07-17 22:34 - 2013-07-17 22:55 - 00021385 _____ C:\Users\1234 5678\Desktop\GMER.log
2013-07-16 23:19 - 2013-07-17 23:02 - 00084450 _____ C:\Users\1234 5678\Downloads\Extras.Txt
2013-07-16 23:17 - 2013-07-17 23:02 - 00128916 _____ C:\Users\1234 5678\Downloads\OTL.Txt
2013-07-16 23:12 - 2013-07-16 23:12 - 00377856 _____ C:\Users\1234 5678\Downloads\gmer_2.1.19163.exe
2013-07-16 23:05 - 2013-07-16 23:05 - 00602112 _____ (OldTimer Tools) C:\Users\1234 5678\Downloads\OTL.exe
2013-07-16 23:04 - 2013-07-16 23:04 - 00000490 _____ C:\Users\1234 5678\Downloads\defogger_disable.log
2013-07-16 23:04 - 2013-07-16 23:04 - 00000000 _____ C:\Users\1234 5678\defogger_reenable
2013-07-16 23:02 - 2013-07-16 23:02 - 00050477 _____ C:\Users\1234 5678\Downloads\Defogger.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-16 18:46 - 2013-07-17 22:59 - 00001284 _____ C:\Users\1234 5678\Desktop\checkup.txt
2013-07-16 18:40 - 2013-07-16 18:40 - 00891022 _____ C:\Users\1234 5678\Downloads\SecurityCheck.exe
2013-07-16 05:26 - 2013-07-17 23:01 - 00000333 _____ C:\Users\1234 5678\Desktop\eset Ergebnisse.txt
2013-07-10 06:45 - 2013-07-10 06:45 - 02347384 _____ (ESET) C:\Users\1234 5678\Downloads\esetsmartinstaller_enu.exe
2013-07-10 06:45 - 2013-07-10 06:45 - 00000000 ____D C:\Program Files\ESET
2013-07-10 06:40 - 2013-07-10 06:40 - 00171096 _____ C:\WINDOWS\Minidump\071013-32265-01.dmp
2013-07-10 06:31 - 2013-07-10 06:30 - 04745728 _____ (AVAST Software) C:\Users\1234 5678\Desktop\aswMBR.exe
2013-07-10 06:30 - 2013-07-10 06:30 - 04745728 _____ (AVAST Software) C:\Users\1234 5678\Downloads\aswMBR.exe
2013-07-09 22:55 - 2013-07-09 22:55 - 00001082 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Users\1234 5678\AppData\Roaming\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-09 22:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-07-09 22:54 - 2013-07-09 22:54 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\1234 5678\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-09 21:26 - 2013-07-09 21:26 - 00156240 _____ C:\WINDOWS\Minidump\070913-29453-01.dmp
2013-06-28 19:11 - 2013-06-28 19:11 - 00000000 ____D C:\Users\!!!! 5678\AppData\Roaming\TeamViewer
2013-06-20 20:08 - 2013-06-20 20:08 - 00001764 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-06-20 20:07 - 2013-06-20 20:08 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-20 20:07 - 2013-06-20 20:08 - 00000000 ____D C:\Program Files\iTunes
2013-06-20 20:07 - 2013-06-20 20:07 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2013-07-19 07:21 - 2013-07-19 07:21 - 01218862 _____ (Farbar) C:\Users\1234 5678\Downloads\FRST.exe
2013-07-19 07:20 - 2013-07-19 07:20 - 01218862 _____ (Farbar) C:\Users\1234 5678\Downloads\FRST(1).exe
2013-07-18 23:10 - 2013-02-23 17:38 - 00000000 ____D C:\NetxpVerein
2013-07-18 22:26 - 2013-01-04 00:54 - 01706534 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-18 22:26 - 2012-04-11 20:05 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-18 22:13 - 2013-02-11 22:08 - 03747031 _____ C:\WINDOWS\setupact.log
2013-07-18 22:13 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-18 22:11 - 2012-07-26 06:17 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-07-18 22:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-07-18 19:35 - 2013-07-18 12:59 - 00041801 _____ C:\Users\1234 5678\Downloads\2013-07-18 Addition.txt
2013-07-18 19:25 - 2013-07-18 12:59 - 00032345 _____ C:\Users\1234 5678\Downloads\2013-07-18 FRST.txt
2013-07-18 19:24 - 2013-07-18 19:24 - 00041801 _____ C:\Users\1234 5678\Desktop\Addition.txt
2013-07-18 19:24 - 2013-01-04 00:31 - 00000000 ___RD C:\Users\1234 5678\Desktop
2013-07-18 13:06 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-07-18 12:58 - 2013-07-18 12:58 - 00000000 ____D C:\FRST
2013-07-17 23:02 - 2013-07-16 23:19 - 00084450 _____ C:\Users\1234 5678\Downloads\Extras.Txt
2013-07-17 23:02 - 2013-07-16 23:17 - 00128916 _____ C:\Users\1234 5678\Downloads\OTL.Txt
2013-07-17 23:01 - 2013-07-16 05:26 - 00000333 _____ C:\Users\1234 5678\Desktop\eset Ergebnisse.txt
2013-07-17 22:59 - 2013-07-16 18:46 - 00001284 _____ C:\Users\1234 5678\Desktop\checkup.txt
2013-07-17 22:55 - 2013-07-17 22:34 - 00021385 _____ C:\Users\1234 5678\Desktop\GMER.log
2013-07-16 23:12 - 2013-07-16 23:12 - 00377856 _____ C:\Users\1234 5678\Downloads\gmer_2.1.19163.exe
2013-07-16 23:05 - 2013-07-16 23:05 - 00602112 _____ (OldTimer Tools) C:\Users\1234 5678\Downloads\OTL.exe
2013-07-16 23:04 - 2013-07-16 23:04 - 00000490 _____ C:\Users\1234 5678\Downloads\defogger_disable.log
2013-07-16 23:04 - 2013-07-16 23:04 - 00000000 _____ C:\Users\1234 5678\defogger_reenable
2013-07-16 23:04 - 2013-01-04 00:31 - 00000000 ____D C:\Users\1234 5678
2013-07-16 23:02 - 2013-07-16 23:02 - 00050477 _____ C:\Users\1234 5678\Downloads\Defogger.exe
2013-07-16 21:58 - 2010-04-13 21:00 - 00000000 ____D C:\Users\!!!! 5678\AppData\Roaming\TuneUp Software
2013-07-16 21:37 - 2010-01-17 00:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 21:16 - 2010-01-23 11:17 - 75699896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-16 20:55 - 2013-07-16 20:55 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-16 20:55 - 2012-12-17 21:40 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-07-16 20:55 - 2012-12-17 21:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-07-16 20:55 - 2012-12-17 21:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-07-16 20:55 - 2010-10-06 15:59 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-07-16 20:55 - 2010-01-17 10:48 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-16 18:42 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-07-16 18:40 - 2013-07-16 18:40 - 00891022 _____ C:\Users\1234 5678\Downloads\SecurityCheck.exe
2013-07-16 18:35 - 2013-02-19 22:41 - 00019200 _____ C:\WINDOWS\PFRO.log
2013-07-16 18:25 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\IME
2013-07-16 18:25 - 2011-06-07 23:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-15 22:14 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-07-10 06:45 - 2013-07-10 06:45 - 02347384 _____ (ESET) C:\Users\1234 5678\Downloads\esetsmartinstaller_enu.exe
2013-07-10 06:45 - 2013-07-10 06:45 - 00000000 ____D C:\Program Files\ESET
2013-07-10 06:40 - 2013-07-10 06:40 - 00171096 _____ C:\WINDOWS\Minidump\071013-32265-01.dmp
2013-07-10 06:40 - 2013-02-19 22:05 - 286054769 _____ C:\WINDOWS\MEMORY.DMP
2013-07-10 06:40 - 2013-01-13 16:40 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-10 06:30 - 2013-07-10 06:31 - 04745728 _____ (AVAST Software) C:\Users\1234 5678\Desktop\aswMBR.exe
2013-07-10 06:30 - 2013-07-10 06:30 - 04745728 _____ (AVAST Software) C:\Users\1234 5678\Downloads\aswMBR.exe
2013-07-10 06:16 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\twain_32
2013-07-09 22:55 - 2013-07-09 22:55 - 00001082 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Users\1234 5678\AppData\Roaming\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-09 22:55 - 2013-07-09 22:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-09 22:55 - 2013-01-04 01:30 - 00047104 ___SH C:\Users\1234 5678\Desktop\Thumbs.db
2013-07-09 22:55 - 2012-07-26 08:53 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-09 22:54 - 2013-07-09 22:54 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\1234 5678\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-09 21:26 - 2013-07-09 21:26 - 00156240 _____ C:\WINDOWS\Minidump\070913-29453-01.dmp
2013-06-28 22:30 - 2013-01-04 00:52 - 01781388 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-06-28 19:11 - 2013-06-28 19:11 - 00000000 ____D C:\Users\!!!! 5678\AppData\Roaming\TeamViewer
2013-06-28 19:09 - 2013-01-04 00:31 - 00000000 ___RD C:\Users\!!!! 5678\Desktop
2013-06-20 20:08 - 2013-06-20 20:08 - 00001764 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-06-20 20:08 - 2013-06-20 20:07 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-20 20:08 - 2013-06-20 20:07 - 00000000 ____D C:\Program Files\iTunes
2013-06-20 20:07 - 2013-06-20 20:07 - 00000000 ____D C:\Program Files\iPod
2013-06-20 20:07 - 2012-06-03 17:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-20 19:59 - 2012-07-26 08:53 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-06-19 20:19 - 2010-01-23 12:40 - 00000000 ____D C:\WINDOWS\system32\Drivers\NIS
2013-06-19 08:51 - 2010-01-23 12:40 - 00142496 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2013-06-19 08:51 - 2010-01-23 12:40 - 00007611 _____ C:\WINDOWS\system32\Drivers\SYMEVENT.CAT

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-17 19:46

==================== End Of Log ============================
--- --- ---


Das Tool hat nach einem Update gefragt. Ich bin dem Link gefolgt, habe den Download gemacht, dann aber wieder die gleiche Meldung bekommen (out of date). Schließlich dann den scan doch mit der alten Version ausgeführt.

Gruß wh56

cosinus 19.07.2013 15:00
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\1234 5678 (Wrk)\...\Winlogon: [Shell] cmd.exe [ 2012-07-26] (Microsoft Corporation) <==== ATTENTION
HKU\1234 5678 (Wrk)\...\Command Processor: "C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe" <===== ATTENTION!
C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe
Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


wh56 19.07.2013 17:02
Hallo cosinus

hier der aktuelle log

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-07-2013
Ran by 1234 5678 at 2013-07-19 17:56:24 Run:2
Running from C:\Users\1234 5678\Downloads
Boot Mode: Normal

==============================================

HKU\1234 5678 (Wrk)\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\1234 5678 (Wrk)\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
"C:\Users\WILHEL~2\AppData\Local\Temp\cgvrsxaqeyexbffxb.exe" => File/Directory not found.

==== End of Fixlog ====
Anmeldung funktioniert wieder. Super!!!

Was muss ich nun noch tun um die Sache ab zu schließen. Hälst Du es für sinnvoll die "real names" der Benutzerkonten zu ersetzten?

Habt Ihr auch Tipps für das Entfernen meiner alten XP Partition (auch aus dem Dual-Boot System)

Herzlichen Dank für Deine Hilfe

Gruß wh56

cosinus 20.07.2013 00:46
Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

wh56 22.07.2013 06:37
Hallo Cosinus,

das Tool hat keine Malware gefunden

Code:
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.22.01

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16484
name :: ACER_ASPIRE [administrator]

22.07.2013 06:39:15
mbar-log-2013-07-22 (06-39-15).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 364533
Time elapsed: 34 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.22.01

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16484
name :: ACER_ASPIRE [administrator]

22.07.2013 06:39:15
mbar-log-2013-07-22 (06-39-15).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 364533
Time elapsed: 34 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

MfG wh56

cosinus 22.07.2013 22:45
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

wh56 23.07.2013 22:50
Hallo Cosinus,

JRT läuft leider nicht unter normalem Benutzer (W8),(Blue screen). 2. Versuch als Admin hat dann funktioniert. Aber beim 1. Durchlauf hat er noch ein paar Dinge bereinigt

JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 8 Pro x86
Ran by name on 23.07.2013 at 23:11:59,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\name\AppData\Roaming\mozilla\firefox\profiles\k915aems.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2013 at 23:15:41,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---


ADW Cleaner ergab folgendes Ergebnis:

AdwCleaner Logfile:
Code:
# AdwCleaner v2.306 - Datei am 23/07/2013 um 23:18:56 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 8 Pro  (32 bits)
# Benutzer : 1234 5678 - ACER_ASPIRE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\1234 5678\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16482

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\1234 5678\AppData\Roaming\Mozilla\Firefox\Profiles\k915aems.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\1234 5678 (Wrk)\AppData\Roaming\Mozilla\Firefox\Profiles\u2skdy4y.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\1234 5678\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\1234 5678 (Wrk)\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1184 octets] - [23/07/2013 23:18:56]

########## EOF - C:\AdwCleaner[S1].txt - [1244 octets] ##########
--- --- ---


und nun zum Schluss noch das OTL Ergebnis:

OTL Logfile:
Code:
OTL logfile created on: 23.07.2013 23:25:29 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\1234 5678\Downloads
 Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,05% Memory free
4,00 Gb Paging File | 2,83 Gb Available in Paging File | 70,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229,44 Gb Total Space | 141,33 Gb Free Space | 61,60% Space Free | Partition Type: NTFS
Drive D: | 228,69 Gb Total Space | 175,15 Gb Free Space | 76,59% Space Free | Partition Type: NTFS
Drive M: | 931,51 Gb Total Space | 750,85 Gb Free Space | 80,61% Space Free | Partition Type: NTFS
 
Computer Name: ACER_ASPIRE | User Name: 1234 5678 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\1234 5678\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\taskhostex.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\RuntimeBroker.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dasHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT)
PRC - C:\Programme\Greenshot\Greenshot.exe ()
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll ()
MOD - C:\Programme\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll ()
MOD - C:\Programme\Greenshot\Greenshot.exe ()
MOD - C:\Programme\Greenshot\GreenshotPlugin.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (wlidsvc) -- C:\Windows\System32\wlidsvc.dll (Microsoft Corporation)
SRV - (netprofm) -- C:\Windows\System32\netprofmsvc.dll (Microsoft Corporation)
SRV - (LSM) -- C:\Windows\System32\lsm.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TimeBroker) -- C:\Windows\System32\TimeBrokerServer.dll (Microsoft Corporation)
SRV - (SystemEventsBroker) -- C:\Windows\System32\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll (Microsoft Corporation)
SRV - (AudioEndpointBuilder) -- C:\Windows\System32\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV - (MCLIENT) -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (Symantec Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WSService) -- C:\Windows\System32\WSService.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (fhsvc) -- C:\Windows\System32\fhsvc.dll (Microsoft Corporation)
SRV - (BrokerInfrastructure) -- C:\Windows\System32\bisrv.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WiaRpc) -- C:\Windows\System32\wiarpc.dll (Microsoft Corporation)
SRV - (Wcmsvc) -- C:\Windows\System32\wcmsvc.dll (Microsoft Corporation)
SRV - (VaultSvc) -- C:\Windows\System32\vaultsvc.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (svsvc) -- C:\Windows\System32\svsvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (NcaSvc) -- C:\Windows\System32\NcaSvc.dll (Microsoft Corporation)
SRV - (NcdAutoSetup) -- C:\Windows\System32\NcdAutoSetup.dll (Microsoft Corporation)
SRV - (KeyIso) -- C:\Windows\System32\keyiso.dll (Microsoft Corporation)
SRV - (EFS) -- C:\Windows\System32\efssvc.dll (Microsoft Corporation)
SRV - (DsmSvc) -- C:\Windows\System32\DeviceSetupManager.dll (Microsoft Corporation)
SRV - (DeviceAssociationService) -- C:\Windows\System32\das.dll (Microsoft Corporation)
SRV - (AllUserInstallAgent) -- C:\Windows\System32\AUInstallAgent.dll (Microsoft Corporation)
SRV - (vmicvss) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmictimesync) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicshutdown) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicrdv) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmickvpexchange) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicheartbeat) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)
SRV - (AdobeActiveFileMonitor9.0) -- C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymEvent) -- C:\Windows\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130723.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130723.002\NAVENG.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\Drivers\NIS\1404000.028\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\Drivers\NIS\1404000.028\symds.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1404000.028\srtsp.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\Drivers\NIS\1404000.028\symnets.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\Windows\System32\Drivers\NIS\1404000.028\ccsetx86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\Drivers\mbam.sys (Malwarebytes Corporation)
DRV - (timounter) -- C:\Windows\System32\Drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\Windows\System32\Drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\Windows\System32\Drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\Drivers\snapman.sys (Acronis)
DRV - (GigasetGenericUSB) -- C:\Windows\System32\Drivers\GigasetGenericUSB.sys (Siemens Home and Office Communication Devices GmbH & Co. KG)
DRV - (SymIRON) -- C:\Windows\System32\Drivers\NIS\1404000.028\ironx86.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\Drivers\NIS\1404000.028\srtspx.sys (Symantec Corporation)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\Drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ACEDRV07) -- C:\Windows\System32\Drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (pdc) -- C:\Windows\System32\Drivers\pdc.sys (Microsoft Corporation)
DRV - (teamviewervpn) -- C:\Windows\System32\Drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (BthAvrcpTg) -- C:\Windows\System32\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV - (bthhfhid) -- C:\Windows\System32\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV - (hidi2c) -- C:\Windows\System32\Drivers\hidi2c.sys (Microsoft Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130720.001\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (USBHUB3) -- C:\Windows\System32\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV - (FxPPM) -- C:\Windows\System32\Drivers\fxppm.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (dam) -- C:\Windows\System32\Drivers\dam.sys (Microsoft Corporation)
DRV - (sdstor) -- C:\Windows\System32\Drivers\sdstor.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\Drivers\WSDScan.sys (Microsoft Corporation)
DRV - (ccSet_MCLIENT) -- C:\Windows\System32\Drivers\MCLIENT\0302000.013\ccSetx86.sys (Symantec Corporation)
DRV - (yukonw8) -- C:\Windows\System32\Drivers\yk63x86.sys (Marvell)
DRV - (cnghwassist) -- C:\Windows\System32\Drivers\cnghwassist.sys (Microsoft Corporation)
DRV - (USBXHCI) -- C:\Windows\System32\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV - (UCX01000) -- C:\Windows\System32\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV - (GPIOClx0101) -- C:\Windows\System32\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV - (msgpiowin32) -- C:\Windows\System32\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\Drivers\tpm.sys (Microsoft Corporation)
DRV - (LHidFilt) -- C:\Windows\System32\Drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\Drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (condrv) -- C:\Windows\System32\Drivers\condrv.sys (Microsoft Corporation)
DRV - (acpiex) -- C:\Windows\System32\Drivers\acpiex.sys (Microsoft Corporation)
DRV - (LSI_SSS) -- C:\Windows\System32\Drivers\lsi_sss.sys (LSI Corporation)
DRV - (EhStorTcgDrv) -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV - (EhStorClass) -- C:\Windows\System32\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV - (3ware) -- C:\Windows\System32\Drivers\3ware.sys (LSI)
DRV - (VSTXRAID) -- C:\Windows\System32\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV - (VerifierExt) -- C:\Windows\System32\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV - (UASPStor) -- C:\Windows\System32\Drivers\uaspstor.sys (Microsoft Corporation)
DRV - (storahci) -- C:\Windows\System32\Drivers\storahci.sys (Microsoft Corporation)
DRV - (spaceport) -- C:\Windows\System32\Drivers\spaceport.sys (Microsoft Corporation)
DRV - (mvumis) -- C:\Windows\System32\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV - (WFPLWFS) -- C:\Windows\System32\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV - (CLFS) -- C:\Windows\System32\Drivers\clfs.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\Drivers\terminpt.sys (Microsoft Corporation)
DRV - (WdFilter) -- C:\Windows\System32\Drivers\WdFilter.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\Drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\Drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\Drivers\storvsc.sys (Microsoft Corporation)
DRV - (WdBoot) -- C:\Windows\System32\Drivers\WdBoot.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\Drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (BasicDisplay) -- C:\Windows\System32\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV - (mshidumdf) -- C:\Windows\System32\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV - (HyperVideo) -- C:\Windows\System32\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV - (BasicRender) -- C:\Windows\System32\Drivers\BasicRender.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\Drivers\vms3cap.sys (Microsoft Corporation)
DRV - (npsvctrig) -- C:\Windows\System32\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV - (kdnic) -- C:\Windows\System32\Drivers\kdnic.sys (Microsoft Corporation)
DRV - (acpitime) -- C:\Windows\System32\Drivers\acpitime.sys (Microsoft Corporation)
DRV - (gencounter) -- C:\Windows\System32\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV - (acpipagr) -- C:\Windows\System32\Drivers\acpipagr.sys (Microsoft Corporation)
DRV - (WpdUpFltr) -- C:\Windows\System32\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\Drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (hyperkbd) -- C:\Windows\System32\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV - (SerCx) -- C:\Windows\System32\Drivers\SerCx.sys (Microsoft Corporation)
DRV - (SpbCx) -- C:\Windows\System32\Drivers\SpbCx.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\Drivers\winusb.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (BthHFEnum) -- C:\Windows\System32\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\Drivers\dmvsc.sys (Microsoft Corporation)
DRV - (wpcfltr) -- C:\Windows\System32\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV - (NdisImPlatform) -- C:\Windows\System32\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV - (MsLldp) -- C:\Windows\System32\Drivers\mslldp.sys (Microsoft Corporation)
DRV - (Ndu) -- C:\Windows\System32\Drivers\Ndu.sys (Microsoft Corporation)
DRV - (SymELAM) -- C:\Windows\System32\Drivers\NIS\1404000.028\symelam.sys (Symantec Corporation)
DRV - (NBVol) -- C:\Windows\System32\Drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\Windows\System32\Drivers\NBVolUp.sys (Nero AG)
DRV - (nmwcd) -- C:\Windows\System32\Drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\Drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\Drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\Drivers\ccdcmbo.sys (Nokia)
DRV - (Netaapl) -- C:\Windows\System32\Drivers\netaapl.sys (Apple Inc.)
DRV - (Ph3xIB32) -- C:\Windows\System32\Drivers\Ph3xIB32.sys (NXP Semiconductors)
DRV - (cjusb) -- C:\Windows\System32\Drivers\cjusb.sys (REINER SCT)
DRV - (afcdp) -- C:\Windows\System32\Drivers\afcdp.sys (Acronis)
DRV - (FTSER2K) -- C:\Windows\System32\Drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\Windows\System32\Drivers\ftdibus.sys (FTDI Ltd.)
DRV - (bizVSerial) -- C:\Windows\System32\Drivers\bizVSerialNT.sys (franson.biz)
DRV - (Afc) -- C:\Windows\System32\Drivers\afc.sys (Arcsoft, Inc.)
DRV - (m5287) -- C:\Windows\System32\Drivers\m5287.sys (ULi Electronics Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 49 4C B9 F6 96 CA 01  [binary data]
IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B4F0963A3-1658-4fde-9585-23A25CC288BF%7D:1.10.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.02.19 22:30:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.07.16 21:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.01.12 14:38:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2013.03.29 21:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F0963A3-1658-4fde-9585-23A25CC288BF}: C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2013.03.29 21:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.11.20 21:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.19 22:30:43 | 000,000,000 | ---D | M]
 
[2013.01.12 14:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1234 5678\AppData\Roaming\mozilla\Extensions
[2013.05.31 08:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1234 5678\AppData\Roaming\mozilla\Firefox\Profiles\k915aems.default\extensions
[2013.05.31 08:38:17 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\1234 5678\AppData\Roaming\mozilla\firefox\profiles\k915aems.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.27 21:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.06.02 13:19:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.02 13:19:39 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.03.29 21:28:45 | 000,000,000 | ---D | M] (AusweisApp) -- C:\PROGRAM FILES\AUSWEISAPP\MOZILLA\ECARDCLIENTPIN_FFXX_WIN
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/,homepage_is_newtabpage:false,browser:{suppress_switch_to_metro_mode_on_set_default:true},distribution:{skip_first_run_ui:false,import_search_engine:false,import_history:false,create_all_shortcuts:true,do_not_launch_chrome:true,make_chrome_default:false,verbose_logging:false,suppress_first_run_default_browser_prompt:true,ping_delay:-60},sync_promo:{show_on_first_run_allowed:false},session:{restore_on_startup:4,urls_to_restore_on_startup:[hxxp://www.google.com/]},first_run_tabs:[hxxp://www.google.com/,hxxp://welcome_page]
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\1234 5678 (Wrk)\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\1234 5678 (Wrk)\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\1234 5678 (Wrk)\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
 
O1 HOSTS File: ([2012.07.26 06:17:20 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (AusweisApp 1.8.0.0) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Programme\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe ()
O4 - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001..\Run: [Greenshot] C:\Programme\Greenshot\Greenshot.exe ()
O4 - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2326591026-2755835626-2187243960-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D6F67C3-5CA9-456A-98CF-BD49C1B8E9AE}: DhcpNameServer = 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D927EA9C-28BE-4735-849E-CE62205AEBB4}: DhcpNameServer = 10.74.210.210 10.74.210.211
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\mediabuilder.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nsu3ui.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\paprport.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pdfdirect.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pppagevw.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\ppscandr.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\scannerwizard.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\trueimagelauncher.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.11.02 02:28:06 | 000,000,050 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.23 05:59:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.07.22 06:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.07.18 12:58:08 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.16 20:55:52 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.07.16 20:55:44 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.07.10 06:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.07.10 06:31:27 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\1234 5678\Desktop\aswMBR.exe
[2013.07.09 22:55:26 | 000,000,000 | ---D | C] -- C:\Users\1234 5678\AppData\Roaming\Malwarebytes
[2013.07.09 22:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.09 22:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.09 22:55:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.07.09 22:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.07.09 22:54:55 | 000,000,000 | ---D | C] -- C:\Users\1234 5678\AppData\Local\Programs
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.23 23:26:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.07.23 23:23:05 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.07.23 23:21:01 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.07.23 23:20:56 | 1610,158,080 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.22 22:34:13 | 000,769,776 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.07.22 22:34:13 | 000,717,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.07.22 22:34:13 | 000,160,980 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.07.22 22:34:13 | 000,137,152 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.07.16 23:04:11 | 000,000,000 | ---- | M] () -- C:\Users\1234 5678\defogger_reenable
[2013.07.16 20:55:35 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.07.16 20:55:35 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.07.16 20:55:35 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.07.16 20:55:35 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.07.16 20:55:35 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.07.16 20:55:35 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.07.10 06:40:20 | 286,054,769 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013.07.10 06:30:55 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\1234 5678\Desktop\aswMBR.exe
[2013.07.09 22:55:21 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.16 23:04:11 | 000,000,000 | ---- | C] () -- C:\Users\1234 5678\defogger_reenable
[2013.07.09 22:55:21 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.19 22:05:12 | 000,459,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.14 20:40:05 | 002,822,336 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2013.01.14 20:40:05 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2013.01.14 20:40:03 | 000,010,200 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2013.01.10 20:37:59 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll
[2013.01.04 23:15:15 | 000,293,889 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013.01.04 01:19:36 | 000,000,680 | RHS- | C] () -- C:\Users\1234 5678\ntuser.pol
[2013.01.04 00:53:43 | 000,021,532 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll
[2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll
[2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll
[2012.07.26 10:41:52 | 000,769,776 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.26 10:41:52 | 000,305,546 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2012.07.26 10:41:52 | 000,160,980 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.26 10:41:52 | 000,040,390 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2012.07.26 08:55:27 | 000,717,034 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.26 08:55:27 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012.07.26 08:55:27 | 000,137,152 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.26 08:55:27 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012.07.26 08:53:47 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012.07.26 08:53:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2012.07.26 08:03:55 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 03:20:38 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2012.07.25 22:41:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 22:24:47 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2012.07.14 04:00:46 | 000,043,882 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2012.06.02 22:25:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2012.06.02 16:31:24 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2012.03.21 21:16:44 | 000,007,631 | ---- | C] () -- C:\Users\1234 5678\AppData\Local\Resmon.ResmonCfg
[2010.03.13 18:10:19 | 000,000,538 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2013.01.21 21:02:28 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.07.26 05:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


Ich hoffe Du bist zufrieden und ich kann die Sache abschließen

Herzlichen Dank für Deine Mühe

Gute Nacht

Gruß wh56


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:58 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131