Trojaner-Board - MalCrypt.Indus! / Telekom "Rechnung"

Hey,
also:

Log von MBAM:

Code:

 

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2014.01.06.05
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

BUERO :: MH-TEC [Administrator]
 

Schutz: Aktiviert
 

06.01.2014 21:26:31

MBAM-log-2014-01-07 (00-09-01).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|N:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: Heuristiks/Extra | P2P

Durchsuchte Objekte: 207145

Laufzeit: 2 Stunde(n), 39 Minute(n), 17 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 6

C:\System Volume Information\_restore{4A9536AC-71AB-4233-8026-214BA3CAF49C}\RP1160\A0190834.exe (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.

C:\System Volume Information\_restore{4A9536AC-71AB-4233-8026-214BA3CAF49C}\RP1160\A0190835.dll (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.

C:\System Volume Information\_restore{4A9536AC-71AB-4233-8026-214BA3CAF49C}\RP1160\A0190836.exe (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.

C:\System Volume Information\_restore{4A9536AC-71AB-4233-8026-214BA3CAF49C}\RP1163\A0191872.rbf (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt.

C:\System Volume Information\_restore{4A9536AC-71AB-4233-8026-214BA3CAF49C}\RP1163\A0191944.msi (PUP.Optional.SmartBar) -> Keine Aktion durchgeführt.

C:\System Volume Information\_restore{4A9536AC-71AB-4233-8026-214BA3CAF49C}\RP1169\A0192587.exe (PUP.Optional.LyricsAd) -> Keine Aktion durchgeführt.
 

(Ende)

Log von FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014

Ran by BUERO (administrator) on MH-TEC on 07-01-2014 09:30:26

Running from C:\Dokumente und Einstellungen\BUERO\Desktop

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(brother Industries Ltd) C:\WINDOWS\system32\BRSVC01A.EXE

(brother Industries Ltd) C:\WINDOWS\system32\BRSS01A.EXE

(Apple Inc.) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Programme\Bonjour\mDNSResponder.exe

(Sanford, L.P.) C:\Programme\DYMO\DYMO Label Software\DymoPnpService.exe

(GEAR Software) C:\WINDOWS\system32\gearsec.exe

() C:\Programme\Canon\IJPLM\ijplmsvc.exe

(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe

(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Symantec Corporation) C:\Programme\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe

(Symantec Corporation) C:\Programme\Norton Ghost\Agent\VProSvc.exe

() C:\Programme\CyberLink\Shared Files\RichVideo.exe

(Microsoft Corporation) C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe

(Symantec) C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe

(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

(Symantec Corporation) C:\Programme\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe

(Hewlett-Packard) C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

(Hewlett-Packard Company) C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

(Nuance Communications, Inc.) C:\Programme\ScanSoft\PaperPort\pptd40nt.exe

(Brother Industries, Ltd.) C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe

() C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

(Brother Industries, Ltd.) C:\Programme\Brother\ControlCenter3\BrccMCtl.exe

(Brother Industries, Ltd.) C:\Programme\Brother\Brmfcmon\BrMfimon.exe

(Symantec Corporation) C:\Programme\Norton Ghost\Agent\VProTray.exe

(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

(Nero AG) C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe

(1&1 Internet AG) C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe

(touchbyte GmbH) C:\Programme\PhotoSync\PhotoSync.exe

(Sanford, L.P.) C:\Programme\DYMO\DYMO Label Software\DymoQuickPrint.exe

(Nero AG) C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe

(pdfforge  hxxp://www.pdfforge.org/) C:\Programme\PDFCreator\PDFCreator.exe

(Dropbox, Inc.) C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Dropbox\bin\Dropbox.exe

() C:\Programme\FastStone Capture\FSCapture.exe

(Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

(TeamViewer GmbH) C:\Programme\TeamViewer\Version9\TeamViewer.exe

(TeamViewer GmbH) C:\Programme\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Programme\TeamViewer\Version9\TeamViewer_Desktop.exe

(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.exe [16844800 2007-09-11] (Realtek Semiconductor Corp.)

HKLM\...\Run: [Alcmtr] - C:\WINDOWS\Alcmtr.exe [69632 2005-05-03] (Realtek Semiconductor Corp.)

HKLM\...\Run: [StartCCC] - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()

HKLM\...\Run: [NeroFilterCheck] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)

HKLM\...\Run: [StatusClient 2.6] - C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe [61440 2004-02-27] (Hewlett-Packard)

HKLM\...\Run: [TomcatStartup 2.5] - C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe [188416 2004-05-20] (Hewlett-Packard)

HKLM\...\Run: [HP Software Update] - C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe [49152 2004-01-07] (Hewlett-Packard Company)

HKLM\...\Run: [SSBkgdUpdate] - C:\Programme\Gemeinsame Dateien\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)

HKLM\...\Run: [PaperPort PTD] - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)

HKLM\...\Run: [IndexSearch] - C:\Programme\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)

HKLM\...\Run: [BrMfcWnd] - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe [1122304 2008-11-12] (Brother Industries, Ltd.)

HKLM\...\Run: [ControlCenter3] - C:\Programme\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-08-12] (Brother Industries, Ltd.)

HKLM\...\Run: [BCSSync] - C:\Programme\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [AppleSyncNotifier] - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)

HKLM\...\Run: [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [176128 2005-07-06] (HP)

HKLM\...\Run: [APSDaemon] - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)

HKLM\...\Run: [Norton Ghost 15.0] - C:\Programme\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)

HKLM\...\Run: [CanonQuickMenu] - C:\Programme\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)

HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe [139264 2006-11-16] (Nero AG)

HKCU\...\Run: [1&1 EasyLogin] - C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe [1067008 2013-11-28] (1&1 Internet AG)

HKCU\...\Run: [PhotoSync] - C:\Programme\PhotoSync\PhotoSync.exe [1663144 2013-12-03] (touchbyte GmbH)

HKCU\...\Run: [DymoQuickPrint] - C:\Programme\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)

HKCU\...\Run: [Google Update] - C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [116648 2013-10-11] (Google Inc.)

MountPoints2: {c3966800-c758-11dd-9e93-001d60cb0891} - J:\Launch.exe

HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe [ 2006-11-16] (Nero AG)

HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe [ 2006-11-16] (Nero AG)

Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk

ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PDFCreator.lnk

ShortcutTarget: PDFCreator.lnk -> C:\Programme\PDFCreator\PDFCreator.exe (pdfforge  hxxp://www.pdfforge.org/)

Startup: C:\Dokumente und Einstellungen\BUERO\Startmenü\Programme\Autostart\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Dokumente und Einstellungen\BUERO\Startmenü\Programme\Autostart\FastStone Capture.lnk

ShortcutTarget: FastStone Capture.lnk -> C:\Programme\FastStone Capture\FSCapture.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBA7C54A7AA9DCE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

SearchScopes: HKLM - DefaultScope value is missing.

BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: 1&&1 Internet AG Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Mozilla\Firefox\Profiles\lbdawg16.default

FF NewTab: about:blank

FF Homepage: google.de

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF Plugin: @dymo.com/DymoLabelFramework - C:\Programme\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Programme\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)

FF Plugin: @real.com/nppl3260;version=6.0.11.3088 - C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.2.3146 - C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.11.3006 - C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=8 - C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: ScheduleOnce Google Calendar Add-on - C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Mozilla\Firefox\Profiles\lbdawg16.default\Extensions\{a644a980-c5f5-11dd-ad8b-0800200c9a66}.xpi

FF Extension: ScheduleOnce Gmail Add-on - C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Mozilla\Firefox\Profiles\lbdawg16.default\Extensions\{CB03C4C2-AD8F-11DE-A8F9-FF7A56D89593}.xpi

FF Extension: FoxTab - C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Mozilla\Firefox\Profiles\lbdawg16.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\

FF Extension: Norton Toolbar - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF

FF Extension: Norton Vulnerability Protection - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF
 

========================== Services (Whitelisted) =================
 

S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2008-09-30] ()

R2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184 2012-08-11] (Apple Inc.)

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-09-28] ()

R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)

R2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2002-04-11] (brother Industries Ltd)

R2 DymoPnpService; C:\Programme\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)

R2 GEARSecurity; C:\Windows\System32\GEARSec.exe [53248 2005-09-09] (GEAR Software)

S3 GenericMount Helper Service; C:\Programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1574408 2010-02-12] (Symantec)

S2 gupdate1c9bcf7f04ebeaa; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-04-14] (Google Inc.)

S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-04-14] (Google Inc.)

S2 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194104 2011-09-11] (Google)

R2 IJPLMSVC; C:\Programme\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()

S3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [821648 2012-09-09] (Apple Inc.)

S3 LiveUpdate; C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation)

R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-12-20] (Mozilla Foundation)

R2 MSSQLSERVER; C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

S4 MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)

R2 NIS; C:\Programme\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)

R2 Norton Ghost; C:\Programme\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)

S3 odserv; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)

S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)

R3 osppsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)

R2 RichVideo; C:\Programme\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] ()

S4 SQLBrowser; C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [238944 2010-12-10] (Microsoft Corporation)

R2 SQLWriter; C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [86880 2010-12-10] (Microsoft Corporation)

S4 Ssdipter; C:\WINDOWS\system32\migpwd.exe [52736 2006-02-28] (Microsoft Corporation)

S3 Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)

R3 SymSnapService; C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe [1964528 2009-09-21] (Symantec)

R2 TeamViewer9; C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe [5341536 2013-12-17] (TeamViewer GmbH)

R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf"
 

==================== Drivers (Whitelisted) ====================
 

R3 AtcL001; C:\Windows\System32\DRIVERS\l151x86.sys [39424 2007-07-03] (Atheros Communications Inc.)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin)

S3 avshws; C:\Windows\System32\DRIVERS\camsource.sys [27576 2010-01-15] (Senstic)

R1 BHDrvx86; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131218.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)

S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)

R1 eeCtrl; C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)

S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)

R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [57840 2010-02-12] (Symantec Corporation)

S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [562176 2008-09-09] (Hauppauge Computer Works, Inc.)

S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-09-09] (Hauppauge Computer Works, Inc.)

S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP)

S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP)

S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP)

R1 hwinterface; C:\Windows\System32\Drivers\hwinterface.sys [3026 2007-11-09] (Logix4u)

R3 IDSxpx86; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140106.001\IDSxpx86.sys [382608 2013-12-13] (Symantec Corporation)

R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [63360 2007-08-31] (JMicron Technology Corp.)

S3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [6400 2009-04-07] (Windows (R) Codename Longhorn DDK provider)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R3 mobiolavs; C:\Windows\System32\DRIVERS\mobiolavs.sys [26512 2011-04-06] (SHAPE Services GmbH)

R3 MOBIOLA_Wave; C:\Windows\System32\drivers\mobiolawave.sys [24128 2011-04-06] (SHAPE Services)

S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()

R3 NAVENG; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140106.008\NAVENG.SYS [93272 2013-12-13] (Symantec Corporation)

R3 NAVEX15; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140106.008\NAVEX15.SYS [1612376 2013-12-13] (Symantec Corporation)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

R2 PLCNDIS5; C:\Windows\system32\plcndis5.sys [17280 2004-05-17] (Intellon, Inc.)

R1 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)

R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)

R1 SYMTDI; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDI.SYS [396760 2013-04-25] (Symantec Corporation)

S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [15096 2009-09-21] (Symantec Corporation)

S3 Wdm1; C:\Windows\System32\Drivers\usbbc.sys [15576 2001-01-08] ()

S4 IntelIde; No ImagePath

U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U2 V2iMount; 

U1 WS2IFSL; 

U2 wuaserv; 
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-07 09:30 - 2014-01-07 09:30 - 00027138 _____ C:\Dokumente und Einstellungen\BUERO\Desktop\FRST.txt

2014-01-06 23:44 - 2014-01-06 23:44 - 01064805 _____ (Farbar) C:\Dokumente und Einstellungen\BUERO\Desktop\FRST.exe

2014-01-06 21:20 - 2014-01-06 21:20 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 9

2014-01-06 21:18 - 2014-01-06 21:18 - 00000654 _____ C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk

2014-01-06 21:18 - 2014-01-06 21:18 - 00000000 ____D C:\Programme\CCleaner

2014-01-06 21:18 - 2014-01-06 21:18 - 00000000 ____D C:\FRST

2014-01-06 21:18 - 2014-01-06 21:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakCA.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC9.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC8.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC7.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC6.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC5.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC4.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC3.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC2.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC1.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC0.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBF.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBE.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBD.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBC.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBB.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBA.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB9.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB8.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB7.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB6.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB5.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB4.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB3.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB2.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB1.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB0.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAF.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAE.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAD.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAA.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA9.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA8.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA7.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA6.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA5.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA4.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA3.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA2.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA1.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA0.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9A.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak99.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak98.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak97.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak96.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak95.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak94.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak93.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak92.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak91.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak90.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8A.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak89.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak88.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak87.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak86.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak85.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak84.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak83.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak82.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak81.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak80.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak79.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak77.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak76.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak75.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak74.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak73.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak72.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak71.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak70.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6A.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak69.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak68.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak67.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak66.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak65.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak64.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak63.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak62.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak61.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak60.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5F.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5E.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5D.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5C.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5B.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5A.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak59.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak58.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak57.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak56.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak55.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak54.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak53.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak52.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak51.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak50.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4D.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4C.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4B.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4A.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak49.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak48.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak47.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak46.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak45.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak44.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak43.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak42.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak41.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak40.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3F.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3E.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3D.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3C.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3B.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3A.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak39.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak38.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak37.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak36.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak35.tmp

2014-01-06 20:37 - 2014-01-06 20:39 - 00000000 ____D C:\AdwCleaner

2014-01-06 09:30 - 2014-01-06 09:40 - 00000000 ___HD C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\61BA4677

2013-12-20 08:41 - 2013-12-20 08:41 - 00000000 ____D C:\Programme\Mozilla Firefox

2013-12-13 07:47 - 2013-12-13 07:47 - 01008768 _____ (mquadr.at software engineering und consulting GmbH) C:\WINDOWS\system32\ieconfig_1und1.dll

2013-12-13 07:47 - 2013-12-13 07:47 - 00000000 ___HD C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{411234A5-A7C5-4628-A4D3-64C942F8C38C}

2013-12-12 16:32 - 2013-12-12 16:33 - 00013889 _____ C:\WINDOWS\KB2898785-IE8.log

2013-12-12 16:31 - 2013-12-12 16:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$

2013-12-12 16:30 - 2014-01-06 21:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$

2013-12-12 16:30 - 2013-12-12 16:31 - 00006182 _____ C:\WINDOWS\KB2904266.log

2013-12-12 16:07 - 2013-12-12 16:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$

2013-12-12 16:06 - 2013-12-12 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$

2013-12-12 16:06 - 2013-12-12 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$

2013-12-12 07:38 - 2013-12-12 16:31 - 00012465 _____ C:\WINDOWS\KB2898715.log

2013-12-12 07:37 - 2013-12-12 16:07 - 00011978 _____ C:\WINDOWS\KB2893984.log

2013-12-12 07:37 - 2013-12-12 16:07 - 00011252 _____ C:\WINDOWS\KB2893294.log

2013-12-12 07:33 - 2013-12-12 16:06 - 00010619 _____ C:\WINDOWS\KB2892075.log

2013-12-11 16:11 - 2013-12-11 16:15 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Desktop\2013-12-11

2013-12-11 13:26 - 2013-12-11 13:26 - 00001887 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk

2013-12-11 13:26 - 2013-12-11 13:26 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
 

==================== One Month Modified Files and Folders =======
 

2014-01-07 09:30 - 2014-01-07 09:30 - 00027138 _____ C:\Dokumente und Einstellungen\BUERO\Desktop\FRST.txt

2014-01-07 09:26 - 2007-11-09 12:08 - 01282651 ____C C:\WINDOWS\WindowsUpdate.log

2014-01-07 09:24 - 2009-06-29 11:35 - 00001090 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-07 09:23 - 2007-12-14 21:11 - 00000000 ____D C:\Dokumente und Einstellungen\MH-TEC\backup QWB

2014-01-07 09:19 - 2007-12-13 11:59 - 00000000 ___HD C:\Dokumente und Einstellungen\BUERO\Netzwerkumgebung

2014-01-07 09:00 - 2013-08-26 07:28 - 00000520 _____ C:\WINDOWS\Tasks\Automatische Wartung.job

2014-01-07 08:40 - 2013-12-02 11:30 - 00001210 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-285142168-2798360531-1939436973-1005UA.job

2014-01-07 08:40 - 2012-04-02 06:22 - 00000884 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-01-07 08:40 - 2007-11-09 12:11 - 00032356 _____ C:\WINDOWS\SchedLgU.Txt

2014-01-07 08:24 - 2009-06-29 11:35 - 00001086 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-07 08:11 - 2013-08-02 15:09 - 00000418 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{74FD4F50-8C7C-4CE2-9314-C2D14F1EC678}.job

2014-01-07 08:09 - 2009-10-06 14:18 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Dropbox

2014-01-07 07:50 - 2009-06-09 10:14 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\TeamViewer

2014-01-07 07:44 - 2009-10-13 15:28 - 00000000 ___RD C:\Dokumente und Einstellungen\BUERO\Eigene Dateien\My Dropbox

2014-01-07 07:40 - 2007-12-13 11:59 - 00000000 ___RD C:\Dokumente und Einstellungen\BUERO\Startmenü\Programme

2014-01-07 07:37 - 2007-12-15 00:10 - 00010440 _____ C:\statusclient.log

2014-01-07 07:37 - 2007-11-09 12:53 - 00089536 ____C C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

2014-01-07 07:36 - 2007-11-09 12:07 - 00000257 ____C C:\WINDOWS\wiadebug.log

2014-01-07 07:33 - 2007-11-09 12:00 - 00001158 ____C C:\WINDOWS\system32\wpa.dbl

2014-01-07 07:32 - 2007-11-09 12:07 - 00000050 ____C C:\WINDOWS\wiaservc.log

2014-01-07 07:31 - 2007-11-09 12:11 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT

2014-01-07 00:10 - 2013-12-12 16:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$

2014-01-07 00:10 - 2007-12-13 11:59 - 00000300 __SHC C:\Dokumente und Einstellungen\BUERO\ntuser.ini

2014-01-07 00:10 - 2007-12-13 11:59 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO

2014-01-07 00:10 - 2007-11-09 12:50 - 00393216 _____ C:\WINDOWS\system32\config\ACEEvent.evt

2014-01-07 00:10 - 2007-11-09 12:05 - 00350584 ____C C:\WINDOWS\system32\FNTCACHE.DAT

2014-01-07 00:09 - 2013-06-12 18:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$

2014-01-06 23:44 - 2014-01-06 23:44 - 01064805 _____ (Farbar) C:\Dokumente und Einstellungen\BUERO\Desktop\FRST.exe

2014-01-06 21:20 - 2014-01-06 21:20 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 9

2014-01-06 21:20 - 2009-06-09 10:14 - 00000000 ____D C:\Programme\TeamViewer

2014-01-06 21:20 - 2007-11-09 12:05 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme

2014-01-06 21:18 - 2014-01-06 21:18 - 00000654 _____ C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk

2014-01-06 21:18 - 2014-01-06 21:18 - 00000000 ____D C:\Programme\CCleaner

2014-01-06 21:18 - 2014-01-06 21:18 - 00000000 ____D C:\FRST

2014-01-06 21:18 - 2014-01-06 21:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner

2014-01-06 21:18 - 2007-11-09 12:05 - 00000000 ___RD C:\Programme

2014-01-06 21:09 - 2013-08-23 08:08 - 00086463 _____ C:\WINDOWS\setupapi.log

2014-01-06 21:07 - 2011-11-22 15:26 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton Ghost

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakCA.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC9.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC8.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC7.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC6.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC5.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC4.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC3.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC2.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC1.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC0.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBF.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBE.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBD.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBC.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBB.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBA.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB9.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB8.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB7.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB6.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB5.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB4.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB3.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB2.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB1.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB0.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAF.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAE.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAD.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAA.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA9.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA8.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA7.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA6.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA5.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA4.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA3.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA2.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA1.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA0.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9A.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak99.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak98.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak97.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak96.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak95.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak94.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak93.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak92.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak91.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak90.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8A.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak89.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak88.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak87.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak86.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak85.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak84.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak83.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak82.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak81.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak80.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak79.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak77.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak76.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak75.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak74.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak73.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak72.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak71.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak70.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6A.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak69.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak68.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak67.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak66.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak65.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak64.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak63.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak62.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak61.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak60.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5F.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5E.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5D.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5C.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5B.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5A.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak59.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak58.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak57.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak56.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak55.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak54.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak53.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak52.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak51.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak50.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4D.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4C.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4B.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4A.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak49.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak48.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak47.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak46.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak45.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak44.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak43.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak42.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak41.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak40.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3F.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3E.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3D.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3C.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3B.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3A.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak39.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak38.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak37.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak36.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak35.tmp

2014-01-06 20:40 - 2013-04-10 15:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813170$

2014-01-06 20:39 - 2014-01-06 20:37 - 00000000 ____D C:\AdwCleaner

2014-01-06 19:54 - 2008-08-14 07:21 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Canon

2014-01-06 17:40 - 2013-08-23 11:52 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware

2014-01-06 12:40 - 2013-12-02 11:30 - 00001158 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-285142168-2798360531-1939436973-1005Core.job

2014-01-06 12:18 - 2009-04-14 12:54 - 00001044 ____C C:\WINDOWS\Tasks\Google Software Updater.job

2014-01-06 09:44 - 2010-12-21 16:40 - 00004096 ___SH C:\VSNAP.IDX

2014-01-06 09:40 - 2014-01-06 09:30 - 00000000 ___HD C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\61BA4677

2014-01-03 16:47 - 2013-08-21 12:59 - 00000208 _____ C:\Dokumente und Einstellungen\BUERO\Desktop\Commerzbank AG - Commerzbank-Homepage.url

2014-01-03 09:50 - 2013-08-20 19:18 - 00000281 _____ C:\Dokumente und Einstellungen\BUERO\Desktop\Internet-Filiale - Taunus Sparkasse.url

2013-12-27 12:01 - 2007-11-09 13:02 - 00000000 ____D C:\WINDOWS\repair

2013-12-27 12:01 - 2007-11-09 12:08 - 00000000 ____D C:\WINDOWS\Registration

2013-12-27 09:03 - 2013-06-07 09:19 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM

2013-12-23 16:49 - 2011-05-25 14:20 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt

2013-12-23 11:28 - 2004-07-25 17:02 - 00000250 ____C C:\Dokumente und Einstellungen\BUERO\Desktop\LEO.url

2013-12-21 15:54 - 2012-05-14 10:24 - 00000000 ____D C:\Programme\Mozilla Maintenance Service

2013-12-20 13:37 - 2007-11-09 12:08 - 00000000 ____D C:\Programme\Outlook Express

2013-12-20 13:03 - 2008-01-16 08:50 - 00000116 ____C C:\WINDOWS\NeroDigital.ini

2013-12-20 08:41 - 2013-12-20 08:41 - 00000000 ____D C:\Programme\Mozilla Firefox

2013-12-19 13:01 - 2007-12-13 12:05 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Adobe

2013-12-19 13:01 - 2007-11-09 12:45 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe

2013-12-18 16:56 - 2008-09-28 15:11 - 00000276 ____C C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2013-12-18 13:05 - 2010-08-06 12:55 - 00001062 ____C C:\WINDOWS\Brpfx04a.ini

2013-12-18 07:42 - 2011-05-31 14:11 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Anwendungsdaten\IDA-STEP

2013-12-13 07:47 - 2013-12-13 07:47 - 01008768 _____ (mquadr.at software engineering und consulting GmbH) C:\WINDOWS\system32\ieconfig_1und1.dll

2013-12-13 07:47 - 2013-12-13 07:47 - 00000000 ___HD C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{411234A5-A7C5-4628-A4D3-64C942F8C38C}

2013-12-12 16:34 - 2007-11-09 12:12 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help

2013-12-12 16:33 - 2013-12-12 16:32 - 00013889 _____ C:\WINDOWS\KB2898785-IE8.log

2013-12-12 16:33 - 2011-09-07 20:43 - 00067367 ____C C:\WINDOWS\updspapi.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00920718 ____C C:\WINDOWS\iis6.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00776944 ____C C:\WINDOWS\FaxSetup.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00392826 ____C C:\WINDOWS\ocgen.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00362167 ____C C:\WINDOWS\tsoc.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00261066 ____C C:\WINDOWS\comsetup.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00250626 ____C C:\WINDOWS\msmqinst.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00161317 ____C C:\WINDOWS\ntdtcsetup.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00136957 ____C C:\WINDOWS\netfxocm.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00054558 ____C C:\WINDOWS\MedCtrOC.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00043950 ____C C:\WINDOWS\ocmsn.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00039524 ____C C:\WINDOWS\msgsocm.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00038564 ____C C:\WINDOWS\tabletoc.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00001393 _____ C:\WINDOWS\imsins.log

2013-12-12 16:31 - 2013-12-12 16:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$

2013-12-12 16:31 - 2013-12-12 16:30 - 00006182 _____ C:\WINDOWS\KB2904266.log

2013-12-12 16:31 - 2013-12-12 07:38 - 00012465 _____ C:\WINDOWS\KB2898715.log

2013-12-12 16:31 - 2011-08-24 15:06 - 00001393 _____ C:\WINDOWS\imsins.BAK

2013-12-12 16:31 - 2007-11-09 12:39 - 00894496 ____C C:\WINDOWS\system32\TZLog.log

2013-12-12 16:24 - 2013-08-14 18:29 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-12-12 16:08 - 2007-12-13 17:53 - 88123800 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2013-12-12 16:07 - 2013-12-12 16:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$

2013-12-12 16:07 - 2013-12-12 07:37 - 00011978 _____ C:\WINDOWS\KB2893984.log

2013-12-12 16:07 - 2013-12-12 07:37 - 00011252 _____ C:\WINDOWS\KB2893294.log

2013-12-12 16:06 - 2013-12-12 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$

2013-12-12 16:06 - 2013-12-12 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$

2013-12-12 16:06 - 2013-12-12 07:33 - 00010619 _____ C:\WINDOWS\KB2892075.log

2013-12-12 07:40 - 2012-04-02 06:22 - 00692616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2013-12-12 07:40 - 2011-05-25 06:29 - 00071048 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2013-12-11 16:15 - 2013-12-11 16:11 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Desktop\2013-12-11

2013-12-11 13:26 - 2013-12-11 13:26 - 00001887 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk

2013-12-11 13:26 - 2013-12-11 13:26 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth

2013-12-11 11:52 - 2010-10-13 09:29 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Desktop\Bilder

2013-12-09 12:21 - 2011-02-17 13:50 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Desktop\Videos MH-TEC

2013-12-09 08:54 - 2012-07-09 08:13 - 00065536 __SHC C:\Dokumente und Einstellungen\BUERO\Desktop\Thumbs.db
 

Some content of TEMP:

====================

C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Temp\EasyLogin_setup_DE.exe

C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Temp\hpzscr01.exe

C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Temp\jre-7u45-windows-i586-iftw.exe

C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Temp\Notification.exe

C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Temp\photosync_setup_en_211.exe

C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Temp\photosync_setup_en_212.exe

C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Temp\Quarantine.exe

C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Temp\SpotifyUninstall.exe

C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Temp\uninst1.exe

C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Temp\znnausu9.dll
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe

[2007-11-09 12:00] - [2008-04-14 03:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e 
 

C:\Windows\System32\winlogon.exe

[2007-11-09 12:00] - [2008-04-14 03:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a 
 

C:\Windows\System32\svchost.exe

[2007-11-09 12:00] - [2008-04-14 03:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 
 

C:\Windows\System32\services.exe

[2007-11-09 12:00] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc 
 

C:\Windows\System32\User32.dll

[2007-11-09 12:00] - [2008-04-14 03:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd 
 

C:\Windows\System32\userinit.exe

[2007-11-09 12:00] - [2008-04-14 03:23] - 0026624 ___AC (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 
 

C:\Windows\System32\rpcss.dll

[2007-11-09 12:00] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) 3127afbf2c1ed0ab14a1bbb7aaecb85b 
 

C:\Windows\System32\Drivers\volsnap.sys

[2007-11-09 12:00] - [2008-04-14 02:52] - 0053760 ___AC (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d 
 
 

==================== End Of Log ============================

--- --- ---

Hey,

jo, WinXp ist klar, wird umgerüstet.

Combofix Log:

Code:

Combofix Logfile:
 

        Code:


        
ComboFix 14-01-04.03 - BUERO 07.01.2014  14:35:20.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3071.1840 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\BUERO\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\BUERO\Anwendungsdaten\1&1

c:\dokumente und einstellungen\BUERO\Anwendungsdaten\1&1\1&1 EasyLogin\customer.xml

c:\dokumente und einstellungen\BUERO\Anwendungsdaten\1&1\1&1 EasyLogin\EasyLogin.log

c:\dokumente und einstellungen\BUERO\Anwendungsdaten\1&1\1&1 EasyLogin\update\EasyLogin_setup_DE.exe

c:\dokumente und einstellungen\BUERO\Lokale Einstellungen\Anwendungsdaten\assembly\tmp

c:\dokumente und einstellungen\BUERO\Lokale Einstellungen\Anwendungsdaten\assembly\tmp\S9MR8DU3\DYMO.DLS.DLL

c:\dokumente und einstellungen\BUERO\WINDOWS

C:\Thumbs.db

c:\windows\IsUn0407.exe

c:\windows\jestertb.dll

c:\windows\system32\drivers\hwinterface.sys

c:\windows\system32\Thumbs.db

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_hwinterface

-------\Service_hwinterface

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-12-07 bis 2014-01-07  ))))))))))))))))))))))))))))))

.

.

2014-01-06 20:18 . 2014-01-06 20:18        --------        d-----w-        C:\FRST

2014-01-06 20:18 . 2014-01-06 20:18        --------        d-----w-        c:\programme\CCleaner

2014-01-06 19:44 . 2014-01-06 19:44        --------        d-----w-        C:\bak63.tmp

2014-01-06 19:37 . 2014-01-06 19:39        --------        d-----w-        C:\AdwCleaner

2014-01-06 08:30 . 2014-01-06 08:40        --------        d--h--w-        c:\dokumente und einstellungen\BUERO\Anwendungsdaten\61BA4677

2013-12-13 06:47 . 2013-12-13 06:47        1008768        ----a-w-        c:\windows\system32\ieconfig_1und1.dll

2013-12-13 06:47 . 2013-12-13 06:47        --------        d--h--w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{411234A5-A7C5-4628-A4D3-64C942F8C38C}

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-12 06:40 . 2012-04-02 05:22        692616        -c--a-w-        c:\windows\system32\FlashPlayerApp.exe

2013-12-12 06:40 . 2011-05-25 05:29        71048        -c--a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2013-11-13 02:59 . 2007-11-09 11:00        150528        ----a-w-        c:\windows\system32\imagehlp.dll

2013-11-07 05:38 . 2007-11-09 11:00        591360        ----a-w-        c:\windows\system32\rpcrt4.dll

2013-11-06 01:36 . 2008-05-05 05:25        8192        ----a-w-        c:\windows\system32\xpsp4res.dll

2013-10-30 02:51 . 2007-11-09 11:00        1879168        ----a-w-        c:\windows\system32\win32k.sys

2013-10-29 07:57 . 2007-11-09 11:00        920064        ----a-w-        c:\windows\system32\wininet.dll

2013-10-29 07:57 . 2007-11-09 11:00        43520        ----a-w-        c:\windows\system32\licmgr10.dll

2013-10-29 07:57 . 2007-11-09 11:00        1469440        ----a-w-        c:\windows\system32\inetcpl.cpl

2013-10-29 07:57 . 2007-11-09 11:00        18944        ----a-w-        c:\windows\system32\corpol.dll

2013-10-29 00:45 . 2007-11-09 11:00        385024        ----a-w-        c:\windows\system32\html.iec

2013-10-23 23:45 . 2007-11-09 11:00        172032        ----a-w-        c:\windows\system32\scrrun.dll

2013-10-12 15:56 . 2007-11-09 11:00        279552        ----a-w-        c:\windows\system32\oakley.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"1&1 EasyLogin"="c:\programme\1&1\1&1 EasyLogin\EasyLogin.exe" [2013-11-28 1067008]

"PhotoSync"="c:\programme\PhotoSync\PhotoSync.exe" [2013-12-03 1663144]

"DymoQuickPrint"="c:\programme\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2011-01-28 1825360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-11 16844800]

"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"StatusClient 2.6"="c:\programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]

"TomcatStartup 2.5"="c:\programme\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]

"HP Software Update"="c:\programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152]

"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]

"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]

"BrMfcWnd"="c:\programme\Brother\Brmfcmon\BrMfcWnd.exe" [2008-11-12 1122304]

"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2008-08-12 114688]

"BCSSync"="c:\programme\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-06 176128]

"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"Norton Ghost 15.0"="c:\programme\Norton Ghost\Agent\VProTray.exe" [2010-03-03 2598760]

"CanonQuickMenu"="c:\programme\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2011-07-05 421888]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\BUERO\Startmenü\Programme\Autostart\

Dropbox.lnk - c:\dokumente und einstellungen\BUERO\Anwendungsdaten\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

FastStone Capture.lnk - c:\programme\FastStone Capture\FSCapture.exe -Silent [2007-2-12 1111552]

.

c:\dokumente und einstellungen\BUERO\Startmenü\Programme\Autostart\

Dropbox.lnk - c:\dokumente und einstellungen\BUERO\Anwendungsdaten\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

FastStone Capture.lnk - c:\programme\FastStone Capture\FSCapture.exe -Silent [2007-2-12 1111552]

.

c:\dokumente und einstellungen\BUERO\Startmenü\Programme\Autostart\

Dropbox.lnk - c:\dokumente und einstellungen\BUERO\Anwendungsdaten\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

FastStone Capture.lnk - c:\programme\FastStone Capture\FSCapture.exe -Silent [2007-2-12 1111552]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-23 113664]

PDFCreator.lnk - c:\programme\PDFCreator\PDFCreator.exe [2009-5-28 2883584]

.

c:\dokumente und einstellungen\BUERO\Startmenü\Programme\Autostart\

Dropbox.lnk - c:\dokumente und einstellungen\BUERO\Anwendungsdaten\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

FastStone Capture.lnk - c:\programme\FastStone Capture\FSCapture.exe -Silent [2007-2-12 1111552]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^BUERO^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

path=c:\dokumente und einstellungen\BUERO\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1&1 EasyLogin]

2013-11-28 15:17        1067008        ----a-w-        c:\programme\1&1\1&1 EasyLogin\EasyLogin.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

2007-08-29 14:57        1966080        -c--a-w-        c:\windows\system32\xRaidSetup.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-29 19:59        937920        -c--a-r-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2013-10-11 06:13        116648        ----atw-        c:\dokumente und einstellungen\BUERO\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-09-09 21:30        421776        ----a-w-        c:\programme\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

2007-03-20 12:36        36864        -c--a-w-        c:\windows\RaidTool\xInsIDE.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-05 21:55        54832        -c--a-w-        c:\programme\CyberLink\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]

2003-05-08 10:00        49152        -c--a-w-        c:\programme\ScanSoft\OmniPageSE2.0\opwareSE2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 16:36        421888        ----a-w-        c:\programme\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 14:10        56928        -c--a-w-        c:\programme\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-04-14 11:54        39408        -c--a-w-        c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"PPort11reminder"="c:\programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\dokumente und einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=

"c:\\Programme\\FileZilla\\FileZilla.exe"=

"c:\\Programme\\Real\\RealPlayer\\realplay.exe"=

"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Dokumente und Einstellungen\\BUERO\\Lokale Einstellungen\\Anwendungsdaten\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Dokumente und Einstellungen\\BUERO\\Lokale Einstellungen\\Anwendungsdaten\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Programme\\devolo\\bridgesetup\\bridgesetup.exe"=

"c:\\Programme\\devolo\\informer\\devinf.exe"=

"c:\\Programme\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Programme\\Mozilla Firefox\\firefox.exe"=

"c:\\Programme\\Brother\\Brmfl08i\\FAXRX.exe"=

"c:\\Programme\\Brother\\BRAdmin Light\\BRAdmLight.exe"=

"c:\\Programme\\Messenger\\msmsgs.exe"=

"c:\\Programme\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Programme\\iTunes\\iTunes.exe"=

"c:\\Programme\\TeamViewer\\Version9\\TeamViewer.exe"=

"c:\\Programme\\TeamViewer\\Version9\\TeamViewer_Service.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5720:TCP"= 5720:TCP:Jumi Controller

"5720:UDP"= 5720:UDP:Jumi Controller

"1782:TCP"= 1782:TCP:CamSourceServiceWin.exe Operation Port (1782)

"54925:UDP"= 54925:UDP:Brother Network Scanner

"5900:TCP"= 5900:TCP:vnc5900

"5800:TCP"= 5800:TCP:vnc5800

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1404000.028\symds.sys [07.06.2013 10:03 367704]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1404000.028\symefa.sys [07.06.2013 10:03 934488]

R1 BHDrvx86;BHDrvx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131218.001\BHDrvx86.sys [18.12.2013 01:32 1098968]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1404000.028\ccsetx86.sys [07.06.2013 10:03 134744]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1404000.028\ironx86.sys [07.06.2013 10:03 175264]

R2 DymoPnpService;DYMO PnP Service;c:\programme\DYMO\DYMO Label Software\DymoPnpService.exe [28.01.2011 20:34 32336]

R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [23.08.2013 11:52 418376]

R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [23.08.2013 11:52 701512]

R2 NIS;Norton Internet Security;c:\programme\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [07.06.2013 10:02 144368]

R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\plcndis5.sys [17.05.2004 10:21 17280]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [09.11.2007 11:41 39424]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [21.11.2013 12:16 108120]

R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [21.09.2009 20:26 57840]

R3 IDSxpx86;IDSxpx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140106.001\IDSXpx86.sys [07.01.2014 07:53 382608]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23.08.2013 11:52 22856]

R3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys [23.07.2012 06:44 24128]

R3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [23.07.2012 06:44 26512]

R3 SymSnapService;SymSnapService;c:\programme\Norton Ghost\Shared\Drivers\SymSnapService.exe [21.09.2009 20:19 1964528]

S2 gupdate1c9bcf7f04ebeaa;Google Update Service (gupdate1c9bcf7f04ebeaa);c:\programme\Google\Update\GoogleUpdate.exe [14.04.2009 12:55 133104]

S2 TeamViewer9;TeamViewer 9;c:\programme\TeamViewer\Version9\TeamViewer_Service.exe [06.01.2014 21:20 5341536]

S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [07.07.2011 07:44 4352]

S3 avshws;PocketCam from iPhone;c:\windows\system32\drivers\camsource.sys [15.01.2010 23:06 27576]

S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [07.07.2011 07:43 265088]

S3 GenericMount Helper Service;GenericMount Helper Service;c:\programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [21.09.2009 20:25 1574408]

S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [07.05.2009 07:02 562176]

S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [07.05.2009 07:02 15616]

S3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [07.04.2009 15:34 6400]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [26.06.2009 13:54 18432]

S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [09.11.2007 12:00 5120]

S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [14.12.2007 13:56 15576]

S4 Ssdipter;Ssdipter;c:\windows\system32\migpwd.exe [09.11.2007 12:00 52736]

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2014-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:40]

.

2013-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34]

.

2014-01-07 c:\windows\Tasks\Google Software Updater.job

- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-14 11:02]

.

2014-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2009-04-14 11:55]

.

2014-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2009-04-14 11:55]

.

2014-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-285142168-2798360531-1939436973-1005Core.job

- c:\dokumente und einstellungen\BUERO\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2013-12-02 06:13]

.

2014-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-285142168-2798360531-1939436973-1005UA.job

- c:\dokumente und einstellungen\BUERO\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2013-12-02 06:13]

.

2014-01-07 c:\windows\Tasks\User_Feed_Synchronization-{74FD4F50-8C7C-4CE2-9314-C2D14F1EC678}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://t-online.de/

uInternet Settings,ProxyOverride = <local>;*.local

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\dokumente und einstellungen\BUERO\Anwendungsdaten\Mozilla\Firefox\Profiles\lbdawg16.default\

FF - prefs.js: browser.startup.homepage - google.de

FF - ExtSQL: 2049-12-31 14:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\dokumente und einstellungen\BUERO\Anwendungsdaten\Mozilla\Firefox\Profiles\lbdawg16.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\dokumente und einstellungen\BUERO\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\dokumente und einstellungen\BUERO\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\dokumente und einstellungen\BUERO\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\dokumente und einstellungen\BUERO\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2014-01-07 14:47

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]

"ImagePath"="\"c:\programme\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\programme\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-285142168-2798360531-1939436973-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(768)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(4960)

c:\programme\TeamViewer\Version9\tv_w32.dll

c:\programme\iTunes\iTunesMiniPlayer.dll

c:\programme\iTunes\iTunesMiniPlayer.Resources\de.lproj\iTunesMiniPlayerLocalized.dll

c:\programme\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\webcheck.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\brss01a.exe

c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\programme\Bonjour\mDNSResponder.exe

c:\windows\System32\GEARSec.exe

c:\programme\Canon\IJPLM\IJPLMSVC.EXE

c:\programme\Java\jre7\bin\jqs.exe

c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\programme\Norton Ghost\Agent\VProSvc.exe

c:\programme\CyberLink\Shared Files\RichVideo.exe

c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\RTHDCPL.EXE

c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

c:\programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

c:\programme\TeamViewer\Version9\TeamViewer.exe

c:\programme\Brother\ControlCenter3\brccMCtl.exe

c:\programme\Brother\Brmfcmon\BrMfimon.exe

c:\programme\TeamViewer\Version9\tv_w32.exe

c:\programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe

c:\dokumente und einstellungen\BUERO\Anwendungsdaten\Dropbox\bin\Dropbox.exe

c:\programme\FastStone Capture\FSCapture.exe

c:\programme\teamviewer\version9\TeamViewer_Desktop.exe

c:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2014-01-07  14:56:11 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2014-01-07 13:55

.

Vor Suchlauf: 161 Verzeichnis(se), 32.211.591.168 Bytes frei

Nach Suchlauf: 165 Verzeichnis(se), 33.458.135.040 Bytes frei

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - F96614C3BFFD55D771FC6EABBA12B279

 
--- --- ---

72B8CE41AF0DE751C946802B3ED844B4

FRST LOG

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014

Ran by BUERO (administrator) on MH-TEC on 07-01-2014 14:57:56

Running from C:\Dokumente und Einstellungen\BUERO\Desktop

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(brother Industries Ltd) C:\WINDOWS\system32\BRSS01A.EXE

(Apple Inc.) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Programme\Bonjour\mDNSResponder.exe

(Sanford, L.P.) C:\Programme\DYMO\DYMO Label Software\DymoPnpService.exe

(GEAR Software) C:\WINDOWS\system32\gearsec.exe

() C:\Programme\Canon\IJPLM\ijplmsvc.exe

(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe

(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Symantec Corporation) C:\Programme\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe

(Symantec Corporation) C:\Programme\Norton Ghost\Agent\VProSvc.exe

() C:\Programme\CyberLink\Shared Files\RichVideo.exe

(Microsoft Corporation) C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Symantec) C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe

(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

(Symantec Corporation) C:\Programme\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe

(Hewlett-Packard) C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

(Hewlett-Packard Company) C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

(Nuance Communications, Inc.) C:\Programme\ScanSoft\PaperPort\pptd40nt.exe

(Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Brother Industries, Ltd.) C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe

() C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

(TeamViewer GmbH) C:\Programme\TeamViewer\Version9\TeamViewer.exe

(Brother Industries, Ltd.) C:\Programme\Brother\ControlCenter3\BrccMCtl.exe

(Brother Industries, Ltd.) C:\Programme\Brother\Brmfcmon\BrMfimon.exe

(Symantec Corporation) C:\Programme\Norton Ghost\Agent\VProTray.exe

(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

(Nero AG) C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe

(1&1 Internet AG) C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe

(touchbyte GmbH) C:\Programme\PhotoSync\PhotoSync.exe

(Sanford, L.P.) C:\Programme\DYMO\DYMO Label Software\DymoQuickPrint.exe

(TeamViewer GmbH) C:\Programme\TeamViewer\Version9\tv_w32.exe

(pdfforge  hxxp://www.pdfforge.org/) C:\Programme\PDFCreator\PDFCreator.exe

(Nero AG) C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe

(Dropbox, Inc.) C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Dropbox\bin\Dropbox.exe

() C:\Programme\FastStone Capture\FSCapture.exe

(TeamViewer GmbH) C:\Programme\TeamViewer\Version9\TeamViewer_Desktop.exe

(ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Adobe Systems Incorporated) C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.exe [16844800 2007-09-11] (Realtek Semiconductor Corp.)

HKLM\...\Run: [StartCCC] - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()

HKLM\...\Run: [NeroFilterCheck] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)

HKLM\...\Run: [StatusClient 2.6] - C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe [61440 2004-02-27] (Hewlett-Packard)

HKLM\...\Run: [TomcatStartup 2.5] - C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe [188416 2004-05-20] (Hewlett-Packard)

HKLM\...\Run: [HP Software Update] - C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe [49152 2004-01-07] (Hewlett-Packard Company)

HKLM\...\Run: [SSBkgdUpdate] - C:\Programme\Gemeinsame Dateien\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)

HKLM\...\Run: [PaperPort PTD] - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)

HKLM\...\Run: [IndexSearch] - C:\Programme\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)

HKLM\...\Run: [BrMfcWnd] - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe [1122304 2008-11-12] (Brother Industries, Ltd.)

HKLM\...\Run: [ControlCenter3] - C:\Programme\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-08-12] (Brother Industries, Ltd.)

HKLM\...\Run: [BCSSync] - C:\Programme\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [AppleSyncNotifier] - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)

HKLM\...\Run: [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [176128 2005-07-06] (HP)

HKLM\...\Run: [APSDaemon] - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)

HKLM\...\Run: [Norton Ghost 15.0] - C:\Programme\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)

HKLM\...\Run: [CanonQuickMenu] - C:\Programme\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)

HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)

HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe [139264 2006-11-16] (Nero AG)

HKCU\...\Run: [1&1 EasyLogin] - C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe [1067008 2013-11-28] (1&1 Internet AG)

HKCU\...\Run: [PhotoSync] - C:\Programme\PhotoSync\PhotoSync.exe [1663144 2013-12-03] (touchbyte GmbH)

HKCU\...\Run: [DymoQuickPrint] - C:\Programme\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)

HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe [ 2006-11-16] (Nero AG)

HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe [ 2006-11-16] (Nero AG)

Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk

ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PDFCreator.lnk

ShortcutTarget: PDFCreator.lnk -> C:\Programme\PDFCreator\PDFCreator.exe (pdfforge  hxxp://www.pdfforge.org/)

Startup: C:\Dokumente und Einstellungen\BUERO\Startmenü\Programme\Autostart\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Dokumente und Einstellungen\BUERO\Startmenü\Programme\Autostart\FastStone Capture.lnk

ShortcutTarget: FastStone Capture.lnk -> C:\Programme\FastStone Capture\FSCapture.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBA7C54A7AA9DCE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

SearchScopes: HKLM - DefaultScope value is missing.

BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: 1&&1 Internet AG Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Mozilla\Firefox\Profiles\lbdawg16.default

FF NewTab: about:blank

FF Homepage: google.de

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF Plugin: @dymo.com/DymoLabelFramework - C:\Programme\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Programme\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)

FF Plugin: @real.com/nppl3260;version=6.0.11.3088 - C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.2.3146 - C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.11.3006 - C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=8 - C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: ScheduleOnce Google Calendar Add-on - C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Mozilla\Firefox\Profiles\lbdawg16.default\Extensions\{a644a980-c5f5-11dd-ad8b-0800200c9a66}.xpi

FF Extension: ScheduleOnce Gmail Add-on - C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Mozilla\Firefox\Profiles\lbdawg16.default\Extensions\{CB03C4C2-AD8F-11DE-A8F9-FF7A56D89593}.xpi

FF Extension: FoxTab - C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Mozilla\Firefox\Profiles\lbdawg16.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\

FF Extension: Norton Toolbar - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF

FF Extension: Norton Vulnerability Protection - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF
 

========================== Services (Whitelisted) =================
 

S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2008-09-30] ()

R2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184 2012-08-11] (Apple Inc.)

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-09-28] ()

R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)

S2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2002-04-11] (brother Industries Ltd)

R2 DymoPnpService; C:\Programme\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)

R2 GEARSecurity; C:\Windows\System32\GEARSec.exe [53248 2005-09-09] (GEAR Software)

S3 GenericMount Helper Service; C:\Programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1574408 2010-02-12] (Symantec)

S2 gupdate1c9bcf7f04ebeaa; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-04-14] (Google Inc.)

S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-04-14] (Google Inc.)

S2 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194104 2011-09-11] (Google)

R2 IJPLMSVC; C:\Programme\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()

S3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [821648 2012-09-09] (Apple Inc.)

S3 LiveUpdate; C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation)

R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-12-20] (Mozilla Foundation)

R2 MSSQLSERVER; C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

S4 MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)

R2 NIS; C:\Programme\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)

R2 Norton Ghost; C:\Programme\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)

S3 odserv; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)

S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)

S3 osppsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)

R2 RichVideo; C:\Programme\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] ()

S4 SQLBrowser; C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [238944 2010-12-10] (Microsoft Corporation)

R2 SQLWriter; C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [86880 2010-12-10] (Microsoft Corporation)

S4 Ssdipter; C:\WINDOWS\system32\migpwd.exe [52736 2006-02-28] (Microsoft Corporation)

S3 Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)

R3 SymSnapService; C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe [1964528 2009-09-21] (Symantec)

S2 TeamViewer9; C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe [5341536 2013-12-17] (TeamViewer GmbH)

R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf"
 

==================== Drivers (Whitelisted) ====================
 

R3 AtcL001; C:\Windows\System32\DRIVERS\l151x86.sys [39424 2007-07-03] (Atheros Communications Inc.)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin)

S3 avshws; C:\Windows\System32\DRIVERS\camsource.sys [27576 2010-01-15] (Senstic)

R1 BHDrvx86; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131218.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)

S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)

R1 eeCtrl; C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)

S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)

R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [57840 2010-02-12] (Symantec Corporation)

S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [562176 2008-09-09] (Hauppauge Computer Works, Inc.)

S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-09-09] (Hauppauge Computer Works, Inc.)

S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP)

S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP)

S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP)

R3 IDSxpx86; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140106.001\IDSxpx86.sys [382608 2013-12-13] (Symantec Corporation)

R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [63360 2007-08-31] (JMicron Technology Corp.)

S3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [6400 2009-04-07] (Windows (R) Codename Longhorn DDK provider)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R3 mobiolavs; C:\Windows\System32\DRIVERS\mobiolavs.sys [26512 2011-04-06] (SHAPE Services GmbH)

R3 MOBIOLA_Wave; C:\Windows\System32\drivers\mobiolawave.sys [24128 2011-04-06] (SHAPE Services)

S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()

R3 NAVENG; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140106.023\NAVENG.SYS [93272 2013-12-13] (Symantec Corporation)

R3 NAVEX15; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140106.023\NAVEX15.SYS [1612376 2013-12-13] (Symantec Corporation)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

R2 PLCNDIS5; C:\Windows\system32\plcndis5.sys [17280 2004-05-17] (Intellon, Inc.)

R1 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)

R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)

R1 SYMTDI; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDI.SYS [396760 2013-04-25] (Symantec Corporation)

S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [15096 2009-09-21] (Symantec Corporation)

S3 Wdm1; C:\Windows\System32\Drivers\usbbc.sys [15576 2001-01-08] ()

R3 catchme; \??\C:\ComboFix\catchme.sys [x]

S4 IntelIde; No ImagePath

U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U2 V2iMount; 

U2 wuaserv; 

U3 mbr; \??\C:\DOKUME~1\BUERO\LOKALE~1\Temp\mbr.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-07 14:57 - 2014-01-07 14:58 - 00026448 _____ C:\Dokumente und Einstellungen\BUERO\Desktop\FRST.txt

2014-01-07 14:56 - 2014-01-07 14:56 - 00024593 _____ C:\ComboFix.txt

2014-01-07 14:40 - 2014-01-07 14:40 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG

2014-01-07 14:40 - 2014-01-07 14:40 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG

2014-01-07 14:40 - 2014-01-07 14:40 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG

2014-01-07 14:40 - 2014-01-07 14:40 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG

2014-01-07 14:40 - 2014-01-07 14:40 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG

2014-01-07 14:32 - 2014-01-07 14:32 - 00000000 _RSHD C:\cmdcons

2014-01-07 14:32 - 2010-12-20 21:19 - 00000211 _____ C:\Boot.bak

2014-01-07 14:32 - 2004-08-03 23:00 - 00262448 __RSH C:\cmldr

2014-01-07 14:30 - 2014-01-07 14:56 - 00000000 ____D C:\Qoobox

2014-01-07 14:30 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe

2014-01-07 14:30 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe

2014-01-07 14:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

2014-01-07 14:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe

2014-01-07 14:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe

2014-01-07 14:30 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

2014-01-07 14:30 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe

2014-01-07 14:30 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe

2014-01-07 14:30 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe

2014-01-07 14:29 - 2014-01-07 14:54 - 00000000 ____D C:\WINDOWS\erdnt

2014-01-07 14:27 - 2014-01-07 14:28 - 05160001 ____R (Swearware) C:\Dokumente und Einstellungen\BUERO\Desktop\ComboFix.exe

2014-01-06 23:44 - 2014-01-06 23:44 - 01064805 _____ (Farbar) C:\Dokumente und Einstellungen\BUERO\Desktop\FRST.exe

2014-01-06 21:20 - 2014-01-06 21:20 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 9

2014-01-06 21:18 - 2014-01-06 21:18 - 00000654 _____ C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk

2014-01-06 21:18 - 2014-01-06 21:18 - 00000000 ____D C:\Programme\CCleaner

2014-01-06 21:18 - 2014-01-06 21:18 - 00000000 ____D C:\FRST

2014-01-06 21:18 - 2014-01-06 21:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakCA.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC9.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC8.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC7.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC6.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC5.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC4.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC3.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC2.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC1.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC0.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBF.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBE.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBD.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBC.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBB.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBA.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB9.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB8.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB7.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB6.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB5.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB4.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB3.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB2.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB1.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB0.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAF.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAE.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAD.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAA.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA9.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA8.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA7.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA6.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA5.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA4.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA3.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA2.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA1.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA0.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9A.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak99.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak98.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak97.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak96.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak95.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak94.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak93.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak92.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak91.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak90.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8A.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak89.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak88.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak87.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak86.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak85.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak84.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak83.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak82.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak81.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak80.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak79.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak77.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak76.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak75.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak74.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak73.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak72.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak71.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak70.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6A.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak69.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak68.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak67.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak66.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak65.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak64.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak63.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak62.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak61.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak60.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5F.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5E.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5D.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5C.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5B.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5A.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak59.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak58.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak57.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak56.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak55.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak54.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak53.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak52.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak51.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak50.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4D.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4C.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4B.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4A.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak49.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak48.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak47.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak46.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak45.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak44.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak43.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak42.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak41.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak40.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3F.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3E.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3D.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3C.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3B.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3A.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak39.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak38.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak37.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak36.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak35.tmp

2014-01-06 20:37 - 2014-01-06 20:39 - 00000000 ____D C:\AdwCleaner

2014-01-06 09:30 - 2014-01-06 09:40 - 00000000 ___HD C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\61BA4677

2013-12-20 08:41 - 2013-12-20 08:41 - 00000000 ____D C:\Programme\Mozilla Firefox

2013-12-13 07:47 - 2013-12-13 07:47 - 01008768 _____ (mquadr.at software engineering und consulting GmbH) C:\WINDOWS\system32\ieconfig_1und1.dll

2013-12-13 07:47 - 2013-12-13 07:47 - 00000000 ___HD C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{411234A5-A7C5-4628-A4D3-64C942F8C38C}

2013-12-12 16:32 - 2013-12-12 16:33 - 00013889 _____ C:\WINDOWS\KB2898785-IE8.log

2013-12-12 16:31 - 2013-12-12 16:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$

2013-12-12 16:30 - 2014-01-07 00:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$

2013-12-12 16:30 - 2013-12-12 16:31 - 00006182 _____ C:\WINDOWS\KB2904266.log

2013-12-12 16:07 - 2013-12-12 16:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$

2013-12-12 16:06 - 2013-12-12 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$

2013-12-12 16:06 - 2013-12-12 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$

2013-12-12 07:38 - 2013-12-12 16:31 - 00012465 _____ C:\WINDOWS\KB2898715.log

2013-12-12 07:37 - 2013-12-12 16:07 - 00011978 _____ C:\WINDOWS\KB2893984.log

2013-12-12 07:37 - 2013-12-12 16:07 - 00011252 _____ C:\WINDOWS\KB2893294.log

2013-12-12 07:33 - 2013-12-12 16:06 - 00010619 _____ C:\WINDOWS\KB2892075.log

2013-12-11 16:11 - 2013-12-11 16:15 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Desktop\2013-12-11

2013-12-11 13:26 - 2013-12-11 13:26 - 00001887 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk

2013-12-11 13:26 - 2013-12-11 13:26 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
 

==================== One Month Modified Files and Folders =======
 

2014-01-07 14:58 - 2014-01-07 14:57 - 00026448 _____ C:\Dokumente und Einstellungen\BUERO\Desktop\FRST.txt

2014-01-07 14:56 - 2014-01-07 14:56 - 00024593 _____ C:\ComboFix.txt

2014-01-07 14:56 - 2014-01-07 14:30 - 00000000 ____D C:\Qoobox

2014-01-07 14:54 - 2014-01-07 14:29 - 00000000 ____D C:\WINDOWS\erdnt

2014-01-07 14:52 - 2007-12-15 00:10 - 00010444 _____ C:\statusclient.log

2014-01-07 14:52 - 2007-11-09 12:50 - 00458752 _____ C:\WINDOWS\system32\config\ACEEvent.evt

2014-01-07 14:51 - 2009-10-13 15:28 - 00000000 ___RD C:\Dokumente und Einstellungen\BUERO\Eigene Dateien\My Dropbox

2014-01-07 14:51 - 2009-10-06 14:18 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Dropbox

2014-01-07 14:50 - 2007-11-09 12:07 - 00000259 ____C C:\WINDOWS\wiadebug.log

2014-01-07 14:47 - 2007-11-09 12:00 - 00000227 _____ C:\WINDOWS\system.ini

2014-01-07 14:46 - 2009-06-29 11:35 - 00001086 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-07 14:46 - 2007-11-09 12:00 - 00001158 ____C C:\WINDOWS\system32\wpa.dbl

2014-01-07 14:43 - 2007-11-09 12:08 - 01315438 ____C C:\WINDOWS\WindowsUpdate.log

2014-01-07 14:42 - 2007-11-09 12:07 - 00000050 ____C C:\WINDOWS\wiaservc.log

2014-01-07 14:41 - 2010-12-21 16:40 - 00004096 ___SH C:\VSNAP.IDX

2014-01-07 14:41 - 2007-11-09 13:04 - 48496640 _____ C:\WINDOWS\system32\config\software.bak

2014-01-07 14:41 - 2007-11-09 13:04 - 08912896 _____ C:\WINDOWS\system32\config\system.bak

2014-01-07 14:41 - 2007-11-09 13:04 - 00524288 _____ C:\WINDOWS\system32\config\default.bak

2014-01-07 14:41 - 2007-11-09 12:11 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT

2014-01-07 14:41 - 2007-11-09 12:05 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak

2014-01-07 14:41 - 2007-11-09 12:05 - 00061440 _____ C:\WINDOWS\system32\config\SECURITY.bak

2014-01-07 14:40 - 2014-01-07 14:40 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG

2014-01-07 14:40 - 2014-01-07 14:40 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG

2014-01-07 14:40 - 2014-01-07 14:40 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG

2014-01-07 14:40 - 2014-01-07 14:40 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG

2014-01-07 14:40 - 2014-01-07 14:40 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG

2014-01-07 14:40 - 2011-05-25 14:20 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt

2014-01-07 14:40 - 2007-12-13 11:59 - 00000300 __SHC C:\Dokumente und Einstellungen\BUERO\ntuser.ini

2014-01-07 14:39 - 2007-12-13 11:59 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO

2014-01-07 14:32 - 2014-01-07 14:32 - 00000000 _RSHD C:\cmdcons

2014-01-07 14:32 - 2007-11-09 12:00 - 00000327 __RSH C:\boot.ini

2014-01-07 14:30 - 2007-11-09 12:11 - 00032356 _____ C:\WINDOWS\SchedLgU.Txt

2014-01-07 14:28 - 2014-01-07 14:27 - 05160001 ____R (Swearware) C:\Dokumente und Einstellungen\BUERO\Desktop\ComboFix.exe

2014-01-07 14:27 - 2007-12-14 21:11 - 00000000 ____D C:\Dokumente und Einstellungen\MH-TEC\backup QWB

2014-01-07 14:24 - 2009-06-29 11:35 - 00001090 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-07 13:40 - 2013-12-02 11:30 - 00001210 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-285142168-2798360531-1939436973-1005UA.job

2014-01-07 13:40 - 2012-04-02 06:22 - 00000884 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-01-07 12:40 - 2013-12-02 11:30 - 00001158 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-285142168-2798360531-1939436973-1005Core.job

2014-01-07 12:18 - 2009-04-14 12:54 - 00001044 ____C C:\WINDOWS\Tasks\Google Software Updater.job

2014-01-07 12:01 - 2007-11-09 13:02 - 00000000 ____D C:\WINDOWS\repair

2014-01-07 12:01 - 2007-11-09 12:08 - 00000000 ____D C:\WINDOWS\Registration

2014-01-07 09:56 - 2013-08-21 12:59 - 00000208 _____ C:\Dokumente und Einstellungen\BUERO\Desktop\Commerzbank AG - Commerzbank-Homepage.url

2014-01-07 09:19 - 2007-12-13 11:59 - 00000000 ___HD C:\Dokumente und Einstellungen\BUERO\Netzwerkumgebung

2014-01-07 08:11 - 2013-08-02 15:09 - 00000418 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{74FD4F50-8C7C-4CE2-9314-C2D14F1EC678}.job

2014-01-07 07:50 - 2009-06-09 10:14 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\TeamViewer

2014-01-07 07:40 - 2007-12-13 11:59 - 00000000 ___RD C:\Dokumente und Einstellungen\BUERO\Startmenü\Programme

2014-01-07 07:37 - 2007-11-09 12:53 - 00089536 ____C C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

2014-01-07 00:10 - 2013-12-12 16:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$

2014-01-07 00:10 - 2007-11-09 12:05 - 00350584 ____C C:\WINDOWS\system32\FNTCACHE.DAT

2014-01-07 00:09 - 2013-06-12 18:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$

2014-01-06 23:44 - 2014-01-06 23:44 - 01064805 _____ (Farbar) C:\Dokumente und Einstellungen\BUERO\Desktop\FRST.exe

2014-01-06 21:20 - 2014-01-06 21:20 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 9

2014-01-06 21:20 - 2009-06-09 10:14 - 00000000 ____D C:\Programme\TeamViewer

2014-01-06 21:20 - 2007-11-09 12:05 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme

2014-01-06 21:18 - 2014-01-06 21:18 - 00000654 _____ C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk

2014-01-06 21:18 - 2014-01-06 21:18 - 00000000 ____D C:\Programme\CCleaner

2014-01-06 21:18 - 2014-01-06 21:18 - 00000000 ____D C:\FRST

2014-01-06 21:18 - 2014-01-06 21:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner

2014-01-06 21:18 - 2007-11-09 12:05 - 00000000 ___RD C:\Programme

2014-01-06 21:09 - 2013-08-23 08:08 - 00086463 _____ C:\WINDOWS\setupapi.log

2014-01-06 21:07 - 2011-11-22 15:26 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton Ghost

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakCA.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC9.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC8.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC7.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC6.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC5.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC4.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC3.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC2.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC1.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakC0.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBF.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBE.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBD.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBC.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBB.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakBA.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB9.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB8.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB7.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB6.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB5.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB4.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB3.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB2.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB1.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakB0.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAF.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAE.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAD.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakAA.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA9.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA8.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA7.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA6.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA5.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA4.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA3.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA2.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA1.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bakA0.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak9A.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak99.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak98.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak97.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak96.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak95.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak94.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak93.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak92.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak91.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak90.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak8A.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak89.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak88.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak87.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak86.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak85.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak84.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak83.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak82.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak81.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak80.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak7B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak79.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak77.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak76.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak75.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak74.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak73.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak72.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak71.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak70.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6F.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6E.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6D.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6C.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6B.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak6A.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak69.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak68.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak67.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak66.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak65.tmp

2014-01-06 20:45 - 2014-01-06 20:45 - 00000000 ____D C:\bak64.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak63.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak62.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak61.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak60.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5F.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5E.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5D.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5C.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5B.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak5A.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak59.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak58.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak57.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak56.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak55.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak54.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak53.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak52.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak51.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak50.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4D.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4C.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4B.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak4A.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak49.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak48.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak47.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak46.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak45.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak44.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak43.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak42.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak41.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak40.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3F.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3E.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3D.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3C.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3B.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak3A.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak39.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak38.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak37.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak36.tmp

2014-01-06 20:44 - 2014-01-06 20:44 - 00000000 ____D C:\bak35.tmp

2014-01-06 20:40 - 2013-04-10 15:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813170$

2014-01-06 20:39 - 2014-01-06 20:37 - 00000000 ____D C:\AdwCleaner

2014-01-06 19:54 - 2008-08-14 07:21 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Canon

2014-01-06 17:40 - 2013-08-23 11:52 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware

2014-01-06 09:40 - 2014-01-06 09:30 - 00000000 ___HD C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\61BA4677

2014-01-03 09:50 - 2013-08-20 19:18 - 00000281 _____ C:\Dokumente und Einstellungen\BUERO\Desktop\Internet-Filiale - Taunus Sparkasse.url

2013-12-27 09:03 - 2013-06-07 09:19 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM

2013-12-23 11:28 - 2004-07-25 17:02 - 00000250 ____C C:\Dokumente und Einstellungen\BUERO\Desktop\LEO.url

2013-12-21 15:54 - 2012-05-14 10:24 - 00000000 ____D C:\Programme\Mozilla Maintenance Service

2013-12-20 13:37 - 2007-11-09 12:08 - 00000000 ____D C:\Programme\Outlook Express

2013-12-20 13:03 - 2008-01-16 08:50 - 00000116 ____C C:\WINDOWS\NeroDigital.ini

2013-12-20 08:41 - 2013-12-20 08:41 - 00000000 ____D C:\Programme\Mozilla Firefox

2013-12-19 13:01 - 2007-12-13 12:05 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Anwendungsdaten\Adobe

2013-12-19 13:01 - 2007-11-09 12:45 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe

2013-12-18 16:56 - 2008-09-28 15:11 - 00000276 ____C C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2013-12-18 13:05 - 2010-08-06 12:55 - 00001062 ____C C:\WINDOWS\Brpfx04a.ini

2013-12-18 07:42 - 2011-05-31 14:11 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Lokale Einstellungen\Anwendungsdaten\IDA-STEP

2013-12-13 07:47 - 2013-12-13 07:47 - 01008768 _____ (mquadr.at software engineering und consulting GmbH) C:\WINDOWS\system32\ieconfig_1und1.dll

2013-12-13 07:47 - 2013-12-13 07:47 - 00000000 ___HD C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{411234A5-A7C5-4628-A4D3-64C942F8C38C}

2013-12-12 16:34 - 2007-11-09 12:12 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help

2013-12-12 16:33 - 2013-12-12 16:32 - 00013889 _____ C:\WINDOWS\KB2898785-IE8.log

2013-12-12 16:33 - 2011-09-07 20:43 - 00067367 ____C C:\WINDOWS\updspapi.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00920718 ____C C:\WINDOWS\iis6.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00776944 ____C C:\WINDOWS\FaxSetup.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00392826 ____C C:\WINDOWS\ocgen.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00362167 ____C C:\WINDOWS\tsoc.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00261066 ____C C:\WINDOWS\comsetup.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00250626 ____C C:\WINDOWS\msmqinst.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00161317 ____C C:\WINDOWS\ntdtcsetup.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00136957 ____C C:\WINDOWS\netfxocm.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00054558 ____C C:\WINDOWS\MedCtrOC.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00043950 ____C C:\WINDOWS\ocmsn.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00039524 ____C C:\WINDOWS\msgsocm.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00038564 ____C C:\WINDOWS\tabletoc.log

2013-12-12 16:33 - 2011-08-24 15:06 - 00001393 _____ C:\WINDOWS\imsins.log

2013-12-12 16:31 - 2013-12-12 16:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$

2013-12-12 16:31 - 2013-12-12 16:30 - 00006182 _____ C:\WINDOWS\KB2904266.log

2013-12-12 16:31 - 2013-12-12 07:38 - 00012465 _____ C:\WINDOWS\KB2898715.log

2013-12-12 16:31 - 2011-08-24 15:06 - 00001393 _____ C:\WINDOWS\imsins.BAK

2013-12-12 16:31 - 2007-11-09 12:39 - 00894496 ____C C:\WINDOWS\system32\TZLog.log

2013-12-12 16:24 - 2013-08-14 18:29 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-12-12 16:08 - 2007-12-13 17:53 - 88123800 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2013-12-12 16:07 - 2013-12-12 16:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$

2013-12-12 16:07 - 2013-12-12 07:37 - 00011978 _____ C:\WINDOWS\KB2893984.log

2013-12-12 16:07 - 2013-12-12 07:37 - 00011252 _____ C:\WINDOWS\KB2893294.log

2013-12-12 16:06 - 2013-12-12 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$

2013-12-12 16:06 - 2013-12-12 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$

2013-12-12 16:06 - 2013-12-12 07:33 - 00010619 _____ C:\WINDOWS\KB2892075.log

2013-12-12 07:40 - 2012-04-02 06:22 - 00692616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2013-12-12 07:40 - 2011-05-25 06:29 - 00071048 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2013-12-11 16:15 - 2013-12-11 16:11 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Desktop\2013-12-11

2013-12-11 13:26 - 2013-12-11 13:26 - 00001887 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk

2013-12-11 13:26 - 2013-12-11 13:26 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth

2013-12-11 11:52 - 2010-10-13 09:29 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Desktop\Bilder

2013-12-09 12:21 - 2011-02-17 13:50 - 00000000 ____D C:\Dokumente und Einstellungen\BUERO\Desktop\Videos MH-TEC

2013-12-09 08:54 - 2012-07-09 08:13 - 00065536 __SHC C:\Dokumente und Einstellungen\BUERO\Desktop\Thumbs.db
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe

[2007-11-09 12:00] - [2008-04-14 03:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e 
 

C:\Windows\System32\winlogon.exe

[2007-11-09 12:00] - [2008-04-14 03:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a 
 

C:\Windows\System32\svchost.exe

[2007-11-09 12:00] - [2008-04-14 03:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 
 

C:\Windows\System32\services.exe

[2007-11-09 12:00] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc 
 

C:\Windows\System32\User32.dll

[2007-11-09 12:00] - [2008-04-14 03:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd 
 

C:\Windows\System32\userinit.exe

[2007-11-09 12:00] - [2008-04-14 03:23] - 0026624 ___AC (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 
 

C:\Windows\System32\rpcss.dll

[2007-11-09 12:00] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) 3127afbf2c1ed0ab14a1bbb7aaecb85b 
 

C:\Windows\System32\Drivers\volsnap.sys

[2007-11-09 12:00] - [2008-04-14 02:52] - 0053760 ___AC (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d 
 
 

==================== End Of Log ============================

--- --- ---