Trojaner-Board - Browserfenster lässt sich nicht deinstallieren Virusquelle: http:/ delta-homes.com

Zunächst der Log von AdwCleaner:AdwCleaner Logfile:

Code:

# AdwCleaner v3.010 - Bericht erstellt am 29/10/2013 um 17:45:25

# Updated 20/10/2013 von Xplode

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzername : Hermann - ACERLAPTOP

# Gestartet von : C:\Users\Hermann\Downloads\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

[#] Dienst Gelöscht : BackupStack

Dienst Gelöscht : winzipersvc

[#] Dienst Gelöscht : WsysSvc
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\Babylon

Ordner Gelöscht : C:\ProgramData\BitGuard

Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive

Ordner Gelöscht : C:\ProgramData\DealPlyLive

Ordner Gelöscht : C:\ProgramData\eSafe

Ordner Gelöscht : C:\ProgramData\Systweak

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper

Ordner Gelöscht : C:\Program Files (x86)\Advanced System Protector

Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals

Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive

Ordner Gelöscht : C:\Program Files (x86)\DealPlyLive

Ordner Gelöscht : C:\Program Files (x86)\MetaCrawler

Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup 

Ordner Gelöscht : C:\Program Files (x86)\openit

Ordner Gelöscht : C:\Program Files (x86)\Whilokii

Ordner Gelöscht : C:\Program Files (x86)\WinZipper

Ordner Gelöscht : C:\Users\Hermann\AppData\Local\BonanzaDealsLive

Ordner Gelöscht : C:\Users\Hermann\AppData\Local\DealPlyLive

Ordner Gelöscht : C:\Users\Hermann\AppData\LocalLow\MetaCrawler

Ordner Gelöscht : C:\Users\Hermann\AppData\LocalLow\searchgol

Ordner Gelöscht : C:\Users\Hermann\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z

Ordner Gelöscht : C:\Users\Hermann\AppData\Roaming\DealPly

Ordner Gelöscht : C:\Users\Hermann\AppData\Roaming\digitalsite

Ordner Gelöscht : C:\Users\Hermann\AppData\Roaming\DSite

Ordner Gelöscht : C:\Users\Hermann\AppData\Roaming\eUpdate

Ordner Gelöscht : C:\Users\Hermann\AppData\Roaming\MetaCrawler

Ordner Gelöscht : C:\Users\Hermann\AppData\Roaming\Systweak

Ordner Gelöscht : C:\Users\Hermann\AppData\Roaming\UpdaterEX

Ordner Gelöscht : C:\Users\Hermann\AppData\Roaming\WinZipper

Ordner Gelöscht : C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 

Ordner Gelöscht : C:\Users\Hermann\Documents\optimizer pro

Datei Gelöscht : C:\Users\Public\Desktop\Advanced System Protector.lnk

Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk

Datei Gelöscht : C:\Windows\System32\roboot64.exe

Datei Gelöscht : C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

Datei Gelöscht : C:\Users\Hermann\Desktop\MyPC Backup.lnk

Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector

Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector_startup

Datei Gelöscht : C:\Windows\Tasks\Dealply.job

Datei Gelöscht : C:\Windows\System32\Tasks\Dealply

Datei Gelöscht : C:\Windows\Tasks\digitalsite.job

Datei Gelöscht : C:\Windows\System32\Tasks\digitalsite

Datei Gelöscht : C:\Windows\Tasks\DSite.job

Datei Gelöscht : C:\Windows\System32\Tasks\DSite

Datei Gelöscht : C:\Windows\Tasks\MetaCrawler.job

Datei Gelöscht : C:\Windows\System32\Tasks\MetaCrawler

Datei Gelöscht : C:\Windows\Tasks\UpdaterEX.job

Datei Gelöscht : C:\Windows\System32\Tasks\UpdaterEX
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Desinfiziert : C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Verknüpfung Desinfiziert : C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Verknüpfung Desinfiziert : C:\Users\Hermann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Verknüpfung Desinfiziert : C:\Users\Hermann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

Schlüssel Gelöscht : HKCU\Software\5b53de88b76ee947

Schlüssel Gelöscht : HKLM\SOFTWARE\5b53de88b76ee947

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive

Schlüssel Gelöscht : HKCU\Software\DealPlyLive

Schlüssel Gelöscht : HKCU\Software\dsiteproducts

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\smartbar

Schlüssel Gelöscht : HKCU\Software\systweak

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker

Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive

Schlüssel Gelöscht : HKLM\Software\DealPlyLive

Schlüssel Gelöscht : HKLM\Software\delta-homesSoftware

Schlüssel Gelöscht : HKLM\Software\eSafeSecControl

Schlüssel Gelöscht : HKLM\Software\InstallCore

Schlüssel Gelöscht : HKLM\Software\qvo6Software

Schlüssel Gelöscht : HKLM\Software\systweak

Schlüssel Gelöscht : HKLM\Software\V9

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16720
 

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 

*************************
 

AdwCleaner[R0].txt - [12012 octets] - [29/10/2013 17:43:41]

AdwCleaner[S0].txt - [9336 octets] - [29/10/2013 17:45:25]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9396 octets] ##########

--- --- ---
Jetzt Junkware Removal[CODE][~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Professional x64
Ran by Hermann on 29.10.2013 at 18:38:20,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{47222A32-D609-5E22-2A53-46D3A2D0413B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5094D06B-637F-9B72-0AA2-2702C3F93FD5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.10.2013 at 18:50:54,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/CODE]

[CODE][
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013

Ran by Hermann (administrator) on ACERLAPTOP on 29-10-2013 19:08:14

Running from C:\Users\Hermann\Downloads

Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe

(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe

(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(BatBrowse) C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

(Farbar) C:\Users\Hermann\Downloads\FRST64 (1).exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-01-20] ()

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-14] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)

HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)

HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150016 2008-08-20] (Hewlett-Packard)

AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-05-15] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-05-15] (NVIDIA Corporation)

Startup: C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.5.lnk

ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.5.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKLM - {47222A32-D609-5E22-2A53-46D3A2D0413B} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMQ01ABD075_13ALF1X1SXX13ALF1X1S&ts=1377026120

SearchScopes: HKCU - DefaultScope {47222A32-D609-5E22-2A53-46D3A2D0413B} URL = 

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: BatBrowse - {b67b3dbb-c1c9-49d2-b016-2748b0b5017e} - C:\Program Files (x86)\BatBrowse\BatBrowseBHO.dll (BatBrowse)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - metacrawler  Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

Chrome: 

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx
 

==================== Services (Whitelisted) =================
 

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()

S2 CLKMSVC10_039CBDDF; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\NavFilter\kmsvc.exe [241648 2011-01-28] (CyberLink)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)

R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)

R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()

R2 Update BatBrowse; C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe [65824 2013-10-22] (BatBrowse)

R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros)
 

==================== Drivers (Whitelisted) ====================
 

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-25] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-25] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20131025.002\IDSvia64.sys [521816 2013-10-29] (Symantec Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131029.001\ENG64.SYS [126040 2013-09-25] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131029.001\EX64.SYS [2099288 2013-09-25] (Symantec Corporation)

S3 RTL2832UBDA; C:\Windows\SysWow64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)

S3 RTL2832UUSB; C:\Windows\SysWow64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)

S3 RTL2832U_IRHID; C:\Windows\SysWow64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-25] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)

S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)

R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-05-19] (CyberLink Corp.)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-29 19:07 - 2013-10-29 19:07 - 01956538 _____ (Farbar) C:\Users\Hermann\Downloads\FRST64 (1).exe

2013-10-29 18:50 - 2013-10-29 18:50 - 00001781 _____ C:\Users\Hermann\Desktop\JRT.txt

2013-10-29 18:38 - 2013-10-29 18:38 - 00000000 ____D C:\Windows\ERUNT

2013-10-29 18:37 - 2013-10-29 18:37 - 01033335 _____ (Thisisu) C:\Users\Hermann\Downloads\JRT.exe

2013-10-29 17:43 - 2013-10-29 17:45 - 00000000 ____D C:\AdwCleaner

2013-10-29 17:42 - 2013-10-29 17:42 - 01060070 _____ C:\Users\Hermann\Downloads\adwcleaner.exe

2013-10-29 17:02 - 2013-10-29 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-29 17:01 - 2013-10-29 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-29 17:01 - 2013-10-29 17:01 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2013-10-29 17:00 - 2013-10-29 17:00 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-29 16:59 - 2013-10-29 17:19 - 00000000 ____D C:\Users\Hermann\Desktop\mbar

2013-10-29 16:58 - 2013-10-29 16:58 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Hermann\Downloads\mbar-1.07.0.1007.exe

2013-10-29 15:42 - 2013-10-29 15:43 - 00023606 _____ C:\Users\Hermann\Downloads\Addition.txt

2013-10-29 15:41 - 2013-10-29 15:41 - 00000000 ____D C:\FRST

2013-10-29 15:40 - 2013-10-29 15:40 - 01956538 _____ (Farbar) C:\Users\Hermann\Downloads\FRST64.exe

2013-10-29 10:19 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe

2013-10-29 10:18 - 2013-10-29 18:52 - 00000000 ____D C:\Program Files (x86)\BatBrowse

2013-10-29 10:18 - 2013-10-29 10:18 - 00000000 ____D C:\Users\Hermann\AppData\Roaming\0D0S1L2Z1P1B

2013-10-28 16:15 - 2013-10-28 16:15 - 00000460 _____ C:\Users\Hermann\Desktop\ACERLAPTOP 04.09.2013 1554 Lauf (E) - Verknüpfung.lnk

2013-10-18 23:04 - 2013-10-18 23:04 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360

2013-10-11 15:57 - 2013-10-11 15:58 - 00102957 _____ C:\Users\Hermann\Desktop\Zustandsbericht Reisemobil.zip

2013-10-11 00:04 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-10-11 00:04 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-10-11 00:04 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-11 00:04 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-11 00:04 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-11 00:04 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-11 00:04 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-11 00:04 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-10-11 00:04 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-11 00:04 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-10-10 21:41 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-10 21:41 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-10 21:41 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-10 21:41 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2013-10-10 21:41 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-10 21:41 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-10 21:41 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-10 21:41 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-10-10 21:41 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-10 21:41 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-10-10 21:41 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-10-10 21:41 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-10-10 21:41 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2013-10-10 21:41 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-10-10 21:41 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2013-10-10 21:41 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-10-10 21:41 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-10-10 21:41 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-10-10 21:41 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-10-10 21:41 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-10 21:41 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2013-10-10 21:41 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-10 21:41 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-10 21:41 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-10 21:41 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-10 21:41 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2013-10-10 21:41 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2013-10-10 21:41 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2013-10-10 21:41 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-10 21:41 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-10 21:41 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-10 21:41 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-10 21:41 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-10 21:41 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-10 21:41 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-10 21:41 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-10 21:41 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-10 21:41 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2013-10-10 21:41 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2013-10-10 21:41 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2013-10-10 21:41 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-10 21:41 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2013-10-10 21:41 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2013-10-10 21:40 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-10 21:40 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-10 21:40 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 21:40 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-08 13:07 - 2013-10-08 13:07 - 00000000 ____D C:\Users\Hermann\Documents\HP Photosmart Projects

2013-10-07 18:31 - 2013-10-28 15:20 - 00000000 ____D C:\Users\Hermann\AppData\Local\CrashDumps

2013-10-04 20:45 - 2013-10-04 20:45 - 01457152 _____ C:\Users\Hermann\Downloads\BatchedSearchResultsReport_2013-10-04_20-43-20.xls

2013-10-03 15:44 - 2013-10-03 15:55 - 20586496 _____ C:\Users\Hermann\Downloads\SkypeSetup [1].exe

2013-10-03 15:44 - 2013-10-03 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-10-03 15:42 - 2013-10-03 15:54 - 00675952 _____ C:\Users\Hermann\Downloads\SkypeSetup.exe

2013-10-02 15:22 - 2013-10-08 14:46 - 00000000 ____D C:\Users\Bobby\Scans

2013-10-02 15:21 - 2013-10-02 15:22 - 00000000 ____D C:\Users\Bobby

2013-10-02 14:59 - 2013-10-02 14:59 - 00000000 ____D C:\Users\Hermann\AppData\Local\HP

2013-10-02 12:38 - 2013-10-02 15:15 - 00000000 ____D C:\Users\Hermann\AppData\Roaming\HP

2013-10-02 12:38 - 2013-10-02 12:38 - 00000000 ____D C:\ProgramData\WEBREG

2013-10-02 12:36 - 2013-10-02 12:36 - 00002169 _____ C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk

2013-10-02 12:36 - 2013-10-02 12:36 - 00000000 ____D C:\ProgramData\HP Product Assistant

2013-10-02 12:35 - 2013-10-02 15:23 - 00000000 ____D C:\UniScan

2013-10-02 12:35 - 2013-10-02 12:35 - 00001353 _____ C:\Users\Public\Desktop\HP Solution Center.lnk

2013-10-02 12:34 - 2013-10-02 12:59 - 00000000 ____D C:\Program Files (x86)\HP

2013-10-02 12:31 - 2013-10-02 12:42 - 00000359 _____ C:\ProgramData\hpzinstall.log

2013-10-01 19:54 - 2013-10-02 15:29 - 00000000 ____D C:\ProgramData\HP

2013-09-29 18:29 - 2013-09-29 18:41 - 00000566 _____ C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Deutsche Bank - Global Markets.website

2013-09-29 16:45 - 2013-09-29 16:45 - 00000000 ____D C:\Users\Hermann\AppData\Roaming\SanDisk SecureAccess
 

==================== One Month Modified Files and Folders =======
 

2013-10-29 19:07 - 2013-10-29 19:07 - 01956538 _____ (Farbar) C:\Users\Hermann\Downloads\FRST64 (1).exe

2013-10-29 18:52 - 2013-10-29 10:18 - 00000000 ____D C:\Program Files (x86)\BatBrowse

2013-10-29 18:50 - 2013-10-29 18:50 - 00001781 _____ C:\Users\Hermann\Desktop\JRT.txt

2013-10-29 18:38 - 2013-10-29 18:38 - 00000000 ____D C:\Windows\ERUNT

2013-10-29 18:37 - 2013-10-29 18:37 - 01033335 _____ (Thisisu) C:\Users\Hermann\Downloads\JRT.exe

2013-10-29 18:30 - 2013-08-22 21:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-29 17:54 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-29 17:54 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-29 17:51 - 2013-05-15 13:02 - 01085133 _____ C:\Windows\WindowsUpdate.log

2013-10-29 17:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-29 17:47 - 2009-07-14 05:51 - 00042356 _____ C:\Windows\setupact.log

2013-10-29 17:45 - 2013-10-29 17:43 - 00000000 ____D C:\AdwCleaner

2013-10-29 17:45 - 2013-08-19 12:15 - 00001001 _____ C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-10-29 17:45 - 2013-08-19 12:15 - 00000000 ___RD C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-10-29 17:42 - 2013-10-29 17:42 - 01060070 _____ C:\Users\Hermann\Downloads\adwcleaner.exe

2013-10-29 17:19 - 2013-10-29 17:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-29 17:19 - 2013-10-29 16:59 - 00000000 ____D C:\Users\Hermann\Desktop\mbar

2013-10-29 17:02 - 2013-10-29 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-29 17:01 - 2013-10-29 17:01 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2013-10-29 17:00 - 2013-10-29 17:00 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-29 16:58 - 2013-10-29 16:58 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Hermann\Downloads\mbar-1.07.0.1007.exe

2013-10-29 15:43 - 2013-10-29 15:42 - 00023606 _____ C:\Users\Hermann\Downloads\Addition.txt

2013-10-29 15:41 - 2013-10-29 15:41 - 00000000 ____D C:\FRST

2013-10-29 15:41 - 2011-04-12 08:43 - 00654166 _____ C:\Windows\system32\perfh007.dat

2013-10-29 15:41 - 2011-04-12 08:43 - 00130006 _____ C:\Windows\system32\perfc007.dat

2013-10-29 15:41 - 2009-07-14 06:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-29 15:40 - 2013-10-29 15:40 - 01956538 _____ (Farbar) C:\Users\Hermann\Downloads\FRST64.exe

2013-10-29 15:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

2013-10-29 13:23 - 2013-08-20 22:05 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CE278DBB-5B65-4B0F-914C-5D925E2EE7DC}

2013-10-29 11:38 - 2013-08-20 22:15 - 00000113 _____ C:\Users\Hermann\AppData\Roaming\WB.CFG

2013-10-29 11:38 - 2013-08-20 22:15 - 00000006 _____ C:\Users\Hermann\AppData\Roaming\WBPU-TTL.DAT

2013-10-29 10:18 - 2013-10-29 10:18 - 00000000 ____D C:\Users\Hermann\AppData\Roaming\0D0S1L2Z1P1B

2013-10-29 10:04 - 2010-11-21 04:47 - 00056286 _____ C:\Windows\PFRO.log

2013-10-28 16:15 - 2013-10-28 16:15 - 00000460 _____ C:\Users\Hermann\Desktop\ACERLAPTOP 04.09.2013 1554 Lauf (E) - Verknüpfung.lnk

2013-10-28 15:20 - 2013-10-07 18:31 - 00000000 ____D C:\Users\Hermann\AppData\Local\CrashDumps

2013-10-19 20:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

2013-10-18 23:04 - 2013-10-18 23:04 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360

2013-10-18 22:59 - 2013-09-25 18:14 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration

2013-10-18 22:59 - 2013-09-25 18:14 - 00002321 _____ C:\Users\Public\Desktop\Norton 360.lnk

2013-10-18 22:59 - 2013-09-25 18:13 - 00000000 ____D C:\Windows\system32\Drivers\N360x64

2013-10-15 09:32 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-11 15:58 - 2013-10-11 15:57 - 00102957 _____ C:\Users\Hermann\Desktop\Zustandsbericht Reisemobil.zip

2013-10-11 07:20 - 2009-07-14 05:45 - 00342944 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-11 00:06 - 2013-08-19 18:19 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-11 00:02 - 2013-08-19 19:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-11 00:02 - 2013-08-19 19:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-10-10 23:58 - 2013-08-19 19:12 - 00000000 ____D C:\Windows\system32\MRT

2013-10-10 23:57 - 2013-08-19 19:12 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-09 13:31 - 2013-08-22 21:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-10-09 13:31 - 2013-08-22 21:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-10-09 13:31 - 2013-08-22 21:36 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-10-08 22:22 - 2013-08-19 18:19 - 00000000 ____D C:\Users\Hermann\AppData\Local\Microsoft Help

2013-10-08 14:46 - 2013-10-02 15:22 - 00000000 ____D C:\Users\Bobby\Scans

2013-10-08 13:07 - 2013-10-08 13:07 - 00000000 ____D C:\Users\Hermann\Documents\HP Photosmart Projects

2013-10-05 16:24 - 2013-08-19 12:15 - 00086064 _____ C:\Users\Hermann\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-05 12:46 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Hermann\Documents\Briefe

2013-10-04 20:45 - 2013-10-04 20:45 - 01457152 _____ C:\Users\Hermann\Downloads\BatchedSearchResultsReport_2013-10-04_20-43-20.xls

2013-10-03 15:55 - 2013-10-03 15:44 - 20586496 _____ C:\Users\Hermann\Downloads\SkypeSetup [1].exe

2013-10-03 15:54 - 2013-10-03 15:42 - 00675952 _____ C:\Users\Hermann\Downloads\SkypeSetup.exe

2013-10-03 15:44 - 2013-10-03 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-10-02 15:29 - 2013-10-01 19:54 - 00000000 ____D C:\ProgramData\HP

2013-10-02 15:23 - 2013-10-02 12:35 - 00000000 ____D C:\UniScan

2013-10-02 15:22 - 2013-10-02 15:21 - 00000000 ____D C:\Users\Bobby

2013-10-02 15:15 - 2013-10-02 12:38 - 00000000 ____D C:\Users\Hermann\AppData\Roaming\HP

2013-10-02 15:02 - 2013-08-19 12:14 - 00000000 ____D C:\Users\Hermann\AppData\Local\VirtualStore

2013-10-02 14:59 - 2013-10-02 14:59 - 00000000 ____D C:\Users\Hermann\AppData\Local\HP

2013-10-02 12:59 - 2013-10-02 12:34 - 00000000 ____D C:\Program Files (x86)\HP

2013-10-02 12:42 - 2013-10-02 12:31 - 00000359 _____ C:\ProgramData\hpzinstall.log

2013-10-02 12:38 - 2013-10-02 12:38 - 00000000 ____D C:\ProgramData\WEBREG

2013-10-02 12:36 - 2013-10-02 12:36 - 00002169 _____ C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk

2013-10-02 12:36 - 2013-10-02 12:36 - 00000000 ____D C:\ProgramData\HP Product Assistant

2013-10-02 12:35 - 2013-10-02 12:35 - 00001353 _____ C:\Users\Public\Desktop\HP Solution Center.lnk

2013-09-29 18:41 - 2013-09-29 18:29 - 00000566 _____ C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Deutsche Bank - Global Markets.website

2013-09-29 16:45 - 2013-09-29 16:45 - 00000000 ____D C:\Users\Hermann\AppData\Roaming\SanDisk SecureAccess
 

Some content of TEMP:

====================

C:\Users\Hermann\AppData\Local\Temp\BackupSetup.exe

C:\Users\Hermann\AppData\Local\Temp\ose00000.exe

C:\Users\Hermann\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-29 15:06
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---
/CODE]

Ic war halt vorsichtig und hatte erst mal angefragt.
Hier nun die 3 Log-Dateien

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.10.31.02
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16721

Hermann :: ACERLAPTOP [Administrator]
 

31.10.2013 12:40:05

mbam-log-2013-10-31 (12-40-05).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 238563

Laufzeit: 3 Minute(n), 54 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013

Ran by Hermann (administrator) on ACERLAPTOP on 31-10-2013 12:49:57

Running from C:\Users\Hermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PMSN3BV

Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe

(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe

() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe

(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-01-20] ()

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-14] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)

HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)

HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150016 2008-08-20] (Hewlett-Packard)

AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-05-15] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-05-15] (NVIDIA Corporation)

Startup: C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.5.lnk

ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.5.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKLM - {47222A32-D609-5E22-2A53-46D3A2D0413B} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMQ01ABD075_13ALF1X1SXX13ALF1X1S&ts=1377026120

SearchScopes: HKCU - DefaultScope {47222A32-D609-5E22-2A53-46D3A2D0413B} URL = 

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

Chrome: 

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx
 

==================== Services (Whitelisted) =================
 

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()

S2 CLKMSVC10_039CBDDF; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\NavFilter\kmsvc.exe [241648 2011-01-28] (CyberLink)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)

R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)

R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()

R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros)
 

==================== Drivers (Whitelisted) ====================
 

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-25] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-25] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20131029.002\IDSvia64.sys [521816 2013-10-29] (Symantec Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131030.017\ENG64.SYS [126040 2013-09-25] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131030.017\EX64.SYS [2099288 2013-09-25] (Symantec Corporation)

S3 RTL2832UBDA; C:\Windows\SysWow64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)

S3 RTL2832UUSB; C:\Windows\SysWow64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)

S3 RTL2832U_IRHID; C:\Windows\SysWow64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-25] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)

S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)

R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-05-19] (CyberLink Corp.)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-31 12:36 - 2013-10-31 12:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Hermann\Downloads\mbam-setup-1.75.0.1300 (2).exe

2013-10-31 12:23 - 2013-10-31 12:23 - 01956614 _____ (Farbar) C:\Users\Hermann\Downloads\FRST64 (2).exe

2013-10-30 17:54 - 2013-10-30 17:56 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Hermann\Downloads\mbam-setup-1.75.0.1300 (1).exe

2013-10-30 16:22 - 2013-10-30 16:22 - 00000000 ____D C:\Users\Hermann\AppData\Roaming\Malwarebytes

2013-10-30 16:07 - 2013-10-31 12:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-30 16:07 - 2013-10-30 17:59 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-30 16:07 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-30 16:03 - 2013-10-30 16:04 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Hermann\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-30 11:34 - 2013-10-30 11:34 - 00000000 ____D C:\Program Files (x86)\ESET

2013-10-30 11:31 - 2013-10-30 11:33 - 02347384 _____ (ESET) C:\Users\Hermann\Downloads\esetsmartinstaller_enu.exe

2013-10-29 19:09 - 2013-10-29 19:09 - 00033431 _____ C:\Users\Hermann\Downloads\FRST.txt

2013-10-29 19:07 - 2013-10-29 19:07 - 01956538 _____ (Farbar) C:\Users\Hermann\Downloads\FRST64 (1).exe

2013-10-29 18:50 - 2013-10-29 18:50 - 00001781 _____ C:\Users\Hermann\Desktop\JRT.txt

2013-10-29 18:38 - 2013-10-29 18:38 - 00000000 ____D C:\Windows\ERUNT

2013-10-29 18:37 - 2013-10-29 18:37 - 01033335 _____ (Thisisu) C:\Users\Hermann\Downloads\JRT.exe

2013-10-29 17:43 - 2013-10-29 17:45 - 00000000 ____D C:\AdwCleaner

2013-10-29 17:42 - 2013-10-29 17:42 - 01060070 _____ C:\Users\Hermann\Downloads\adwcleaner.exe

2013-10-29 17:02 - 2013-10-29 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-29 17:01 - 2013-10-30 11:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-29 17:00 - 2013-10-30 10:54 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-29 16:59 - 2013-10-30 11:11 - 00000000 ____D C:\Users\Hermann\Desktop\mbar

2013-10-29 16:58 - 2013-10-29 16:58 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Hermann\Downloads\mbar-1.07.0.1007.exe

2013-10-29 15:42 - 2013-10-29 15:43 - 00023606 _____ C:\Users\Hermann\Downloads\Addition.txt

2013-10-29 15:41 - 2013-10-29 15:41 - 00000000 ____D C:\FRST

2013-10-29 15:40 - 2013-10-29 15:40 - 01956538 _____ (Farbar) C:\Users\Hermann\Downloads\FRST64.exe

2013-10-29 10:19 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe

2013-10-29 10:18 - 2013-10-29 10:18 - 00000000 ____D C:\Users\Hermann\AppData\Roaming\0D0S1L2Z1P1B

2013-10-28 16:15 - 2013-10-28 16:15 - 00000460 _____ C:\Users\Hermann\Desktop\ACERLAPTOP 04.09.2013 1554 Lauf (E) - Verknüpfung.lnk

2013-10-18 23:04 - 2013-10-18 23:04 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360

2013-10-11 15:57 - 2013-10-11 15:58 - 00102957 _____ C:\Users\Hermann\Desktop\Zustandsbericht Reisemobil.zip

2013-10-11 00:04 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-10-11 00:04 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-10-11 00:04 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-10-11 00:04 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-11 00:04 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-11 00:04 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-11 00:04 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-11 00:04 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-11 00:04 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-11 00:04 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-10-11 00:04 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-11 00:04 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-10-10 21:41 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-10 21:41 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-10 21:41 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-10 21:41 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2013-10-10 21:41 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-10 21:41 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-10 21:41 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-10 21:41 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-10-10 21:41 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-10 21:41 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-10-10 21:41 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-10-10 21:41 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-10-10 21:41 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2013-10-10 21:41 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-10-10 21:41 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2013-10-10 21:41 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-10-10 21:41 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-10-10 21:41 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-10-10 21:41 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-10-10 21:41 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-10 21:41 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2013-10-10 21:41 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-10 21:41 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-10 21:41 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-10 21:41 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-10 21:41 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2013-10-10 21:41 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2013-10-10 21:41 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2013-10-10 21:41 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-10 21:41 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-10 21:41 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-10 21:41 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-10 21:41 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-10 21:41 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-10 21:41 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-10 21:41 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-10 21:41 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-10 21:41 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2013-10-10 21:41 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2013-10-10 21:41 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2013-10-10 21:41 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-10 21:41 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2013-10-10 21:41 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2013-10-10 21:40 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-10 21:40 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-10 21:40 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 21:40 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-08 13:07 - 2013-10-08 13:07 - 00000000 ____D C:\Users\Hermann\Documents\HP Photosmart Projects

2013-10-07 18:31 - 2013-10-28 15:20 - 00000000 ____D C:\Users\Hermann\AppData\Local\CrashDumps

2013-10-04 20:45 - 2013-10-04 20:45 - 01457152 _____ C:\Users\Hermann\Downloads\BatchedSearchResultsReport_2013-10-04_20-43-20.xls

2013-10-03 15:44 - 2013-10-03 15:55 - 20586496 _____ C:\Users\Hermann\Downloads\SkypeSetup [1].exe

2013-10-03 15:44 - 2013-10-03 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-10-02 15:22 - 2013-10-08 14:46 - 00000000 ____D C:\Users\Bobby\Scans

2013-10-02 15:21 - 2013-10-02 15:22 - 00000000 ____D C:\Users\Bobby

2013-10-02 14:59 - 2013-10-02 14:59 - 00000000 ____D C:\Users\Hermann\AppData\Local\HP

2013-10-02 12:38 - 2013-10-02 15:15 - 00000000 ____D C:\Users\Hermann\AppData\Roaming\HP

2013-10-02 12:38 - 2013-10-02 12:38 - 00000000 ____D C:\ProgramData\WEBREG

2013-10-02 12:36 - 2013-10-02 12:36 - 00002169 _____ C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk

2013-10-02 12:36 - 2013-10-02 12:36 - 00000000 ____D C:\ProgramData\HP Product Assistant

2013-10-02 12:35 - 2013-10-02 15:23 - 00000000 ____D C:\UniScan

2013-10-02 12:35 - 2013-10-02 12:35 - 00001353 _____ C:\Users\Public\Desktop\HP Solution Center.lnk

2013-10-02 12:34 - 2013-10-02 12:59 - 00000000 ____D C:\Program Files (x86)\HP

2013-10-02 12:31 - 2013-10-02 12:42 - 00000359 _____ C:\ProgramData\hpzinstall.log

2013-10-01 19:54 - 2013-10-02 15:29 - 00000000 ____D C:\ProgramData\HP
 

==================== One Month Modified Files and Folders =======
 

2013-10-31 12:40 - 2013-05-15 13:02 - 01320207 _____ C:\Windows\WindowsUpdate.log

2013-10-31 12:38 - 2013-10-30 16:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-31 12:37 - 2013-10-31 12:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Hermann\Downloads\mbam-setup-1.75.0.1300 (2).exe

2013-10-31 12:34 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-31 12:34 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-31 12:30 - 2013-08-22 21:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-31 12:27 - 2010-11-21 04:47 - 00058910 _____ C:\Windows\PFRO.log

2013-10-31 12:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-31 12:27 - 2009-07-14 05:51 - 00042804 _____ C:\Windows\setupact.log

2013-10-31 12:23 - 2013-10-31 12:23 - 01956614 _____ (Farbar) C:\Users\Hermann\Downloads\FRST64 (2).exe

2013-10-31 09:17 - 2011-04-12 08:43 - 00654166 _____ C:\Windows\system32\perfh007.dat

2013-10-31 09:17 - 2011-04-12 08:43 - 00130006 _____ C:\Windows\system32\perfc007.dat

2013-10-31 09:17 - 2009-07-14 06:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-30 17:59 - 2013-10-30 16:07 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-30 17:56 - 2013-10-30 17:54 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Hermann\Downloads\mbam-setup-1.75.0.1300 (1).exe

2013-10-30 16:22 - 2013-10-30 16:22 - 00000000 ____D C:\Users\Hermann\AppData\Roaming\Malwarebytes

2013-10-30 16:04 - 2013-10-30 16:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Hermann\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-30 15:50 - 2013-08-20 22:05 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CE278DBB-5B65-4B0F-914C-5D925E2EE7DC}

2013-10-30 11:34 - 2013-10-30 11:34 - 00000000 ____D C:\Program Files (x86)\ESET

2013-10-30 11:33 - 2013-10-30 11:31 - 02347384 _____ (ESET) C:\Users\Hermann\Downloads\esetsmartinstaller_enu.exe

2013-10-30 11:11 - 2013-10-29 17:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-30 11:11 - 2013-10-29 16:59 - 00000000 ____D C:\Users\Hermann\Desktop\mbar

2013-10-30 10:54 - 2013-10-29 17:00 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-29 19:09 - 2013-10-29 19:09 - 00033431 _____ C:\Users\Hermann\Downloads\FRST.txt

2013-10-29 19:07 - 2013-10-29 19:07 - 01956538 _____ (Farbar) C:\Users\Hermann\Downloads\FRST64 (1).exe

2013-10-29 18:50 - 2013-10-29 18:50 - 00001781 _____ C:\Users\Hermann\Desktop\JRT.txt

2013-10-29 18:38 - 2013-10-29 18:38 - 00000000 ____D C:\Windows\ERUNT

2013-10-29 18:37 - 2013-10-29 18:37 - 01033335 _____ (Thisisu) C:\Users\Hermann\Downloads\JRT.exe

2013-10-29 17:45 - 2013-10-29 17:43 - 00000000 ____D C:\AdwCleaner

2013-10-29 17:45 - 2013-08-19 12:15 - 00001001 _____ C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-10-29 17:45 - 2013-08-19 12:15 - 00000000 ___RD C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-10-29 17:42 - 2013-10-29 17:42 - 01060070 _____ C:\Users\Hermann\Downloads\adwcleaner.exe

2013-10-29 17:02 - 2013-10-29 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-29 16:58 - 2013-10-29 16:58 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Hermann\Downloads\mbar-1.07.0.1007.exe

2013-10-29 15:43 - 2013-10-29 15:42 - 00023606 _____ C:\Users\Hermann\Downloads\Addition.txt

2013-10-29 15:41 - 2013-10-29 15:41 - 00000000 ____D C:\FRST

2013-10-29 15:40 - 2013-10-29 15:40 - 01956538 _____ (Farbar) C:\Users\Hermann\Downloads\FRST64.exe

2013-10-29 15:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

2013-10-29 11:38 - 2013-08-20 22:15 - 00000113 _____ C:\Users\Hermann\AppData\Roaming\WB.CFG

2013-10-29 11:38 - 2013-08-20 22:15 - 00000006 _____ C:\Users\Hermann\AppData\Roaming\WBPU-TTL.DAT

2013-10-29 10:18 - 2013-10-29 10:18 - 00000000 ____D C:\Users\Hermann\AppData\Roaming\0D0S1L2Z1P1B

2013-10-28 16:15 - 2013-10-28 16:15 - 00000460 _____ C:\Users\Hermann\Desktop\ACERLAPTOP 04.09.2013 1554 Lauf (E) - Verknüpfung.lnk

2013-10-28 15:20 - 2013-10-07 18:31 - 00000000 ____D C:\Users\Hermann\AppData\Local\CrashDumps

2013-10-19 20:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

2013-10-18 23:04 - 2013-10-18 23:04 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360

2013-10-18 22:59 - 2013-09-25 18:14 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration

2013-10-18 22:59 - 2013-09-25 18:14 - 00002321 _____ C:\Users\Public\Desktop\Norton 360.lnk

2013-10-18 22:59 - 2013-09-25 18:13 - 00000000 ____D C:\Windows\system32\Drivers\N360x64

2013-10-15 09:32 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-11 15:58 - 2013-10-11 15:57 - 00102957 _____ C:\Users\Hermann\Desktop\Zustandsbericht Reisemobil.zip

2013-10-11 07:20 - 2009-07-14 05:45 - 00342944 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-11 00:06 - 2013-08-19 18:19 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-11 00:02 - 2013-08-19 19:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-11 00:02 - 2013-08-19 19:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-10-10 23:58 - 2013-08-19 19:12 - 00000000 ____D C:\Windows\system32\MRT

2013-10-10 23:57 - 2013-08-19 19:12 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-09 13:31 - 2013-08-22 21:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-10-09 13:31 - 2013-08-22 21:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-10-09 13:31 - 2013-08-22 21:36 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-10-08 22:22 - 2013-08-19 18:19 - 00000000 ____D C:\Users\Hermann\AppData\Local\Microsoft Help

2013-10-08 14:46 - 2013-10-02 15:22 - 00000000 ____D C:\Users\Bobby\Scans

2013-10-08 13:07 - 2013-10-08 13:07 - 00000000 ____D C:\Users\Hermann\Documents\HP Photosmart Projects

2013-10-05 16:24 - 2013-08-19 12:15 - 00086064 _____ C:\Users\Hermann\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-05 12:46 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Hermann\Documents\Briefe

2013-10-04 20:45 - 2013-10-04 20:45 - 01457152 _____ C:\Users\Hermann\Downloads\BatchedSearchResultsReport_2013-10-04_20-43-20.xls

2013-10-03 15:55 - 2013-10-03 15:44 - 20586496 _____ C:\Users\Hermann\Downloads\SkypeSetup [1].exe

2013-10-03 15:44 - 2013-10-03 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-10-02 15:29 - 2013-10-01 19:54 - 00000000 ____D C:\ProgramData\HP

2013-10-02 15:23 - 2013-10-02 12:35 - 00000000 ____D C:\UniScan

2013-10-02 15:22 - 2013-10-02 15:21 - 00000000 ____D C:\Users\Bobby

2013-10-02 15:15 - 2013-10-02 12:38 - 00000000 ____D C:\Users\Hermann\AppData\Roaming\HP

2013-10-02 15:02 - 2013-08-19 12:14 - 00000000 ____D C:\Users\Hermann\AppData\Local\VirtualStore

2013-10-02 14:59 - 2013-10-02 14:59 - 00000000 ____D C:\Users\Hermann\AppData\Local\HP

2013-10-02 12:59 - 2013-10-02 12:34 - 00000000 ____D C:\Program Files (x86)\HP

2013-10-02 12:42 - 2013-10-02 12:31 - 00000359 _____ C:\ProgramData\hpzinstall.log

2013-10-02 12:38 - 2013-10-02 12:38 - 00000000 ____D C:\ProgramData\WEBREG

2013-10-02 12:36 - 2013-10-02 12:36 - 00002169 _____ C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk

2013-10-02 12:36 - 2013-10-02 12:36 - 00000000 ____D C:\ProgramData\HP Product Assistant

2013-10-02 12:35 - 2013-10-02 12:35 - 00001353 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
 

Some content of TEMP:

====================

C:\Users\Hermann\AppData\Local\Temp\BackupSetup.exe

C:\Users\Hermann\AppData\Local\Temp\ose00000.exe

C:\Users\Hermann\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-29 15:06
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Soweit die Theorie. Ein neuer Addition-Text findet sich nicht. Ich werde die gesamte FRST-Prozedur noch mal wiederholen

Hier folgt noch "Addition". Die entsprechende Box musste vor dem Scan noch aktiviert werden.

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2013

Ran by Hermann at 2013-10-31 13:04:57

Running from C:\Users\Hermann\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Norton 360 Premier Edition (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton 360 Premier Edition (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 Premier Edition (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 

==================== Installed Programs ======================
 

AAVUpdateManager (x32 Version: 18.00.0000)

Acer Arcade Deluxe (x32 Version: 4.1.8623)

Acer Arcade Movie (x32 Version: 9.0.7417)

Acer Crystal Eye Webcam (x32 Version: 1.5.2108.00)

Acer ePower Management (x32 Version: 6.00.3010)

Acer Updater (x32 Version: 1.02.3502)

Adobe AIR (x32 Version: 3.8.0.870)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)

Advertising Center (x32 Version: 0.0.0.1)

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.8.8)

BatBrowse 1.0.0 (Version: 1.0.0)

BufferChm (x32 Version: 130.0.327.000)

clear.fi Client (x32 Version: 1.00.3008)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)

Destinations (x32 Version: 140.0.77.000)

DocProc (x32 Version: 13.0.0.0)

Dolby Home Theater v4 (x32 Version: 7.2.7000.7)

Extended Update (HKCU)

Google Update Helper (x32 Version: 1.3.23.0)

GPBaseService2 (x32 Version: 130.0.367.000)

HP Imaging Device Functions 13.0 (Version: 13.0)

HP Photosmart Essential 3.5 (Version: 3.5)

HP Scanjet 2400 (Version: 13.0)

HP Solution Center 13.0 (Version: 13.0)

HP Update (x32 Version: 4.000.011.006)

hpg2410 (x32 Version: 14.0.0.0)

HPPhotosmartEssential (x32 Version: 2.04.0000)

HPProductAssistant (x32 Version: 130.0.367.000)

Image Editor Packages (HKCU)

ImagXpress (x32 Version: 7.0.74.0)

Intel(R) Management Engine Components (x32 Version: 8.0.0.1351)

Intel(R) OpenCL CPU Runtime (x32)

Intel(R) Processor Graphics (x32 Version: 8.15.10.2653)

Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032)

Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220)

Intel® Trusted Connect Service Client (Version: 1.23.216.0)

Launch Manager (x32 Version: 5.1.15)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)

MediaShow Espresso (x32 Version: 5.5.1403_23691)

metaCrawler (x32)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft Office 2010 Service Pack 1 (SP1) (x32)

Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

Nero 9 Essentials (x32)

Nero BurnRights (x32 Version: 3.4.10.100)

Nero BurnRights Help (x32 Version: 3.4.4.100)

Nero ControlCenter (x32 Version: 9.0.0.1)

Nero CoverDesigner (x32 Version: 4.4.9.203)

Nero CoverDesigner Help (x32 Version: 4.4.6.100)

Nero DiscSpeed (x32 Version: 5.4.7.202)

Nero DiscSpeed Help (x32 Version: 5.4.4.100)

Nero DriveSpeed (x32 Version: 4.4.10.100)

Nero DriveSpeed Help (x32 Version: 4.4.4.100)

Nero InfoTool (x32 Version: 6.4.7.204)

Nero InfoTool Help (x32 Version: 6.4.4.100)

Nero Installer (x32 Version: 4.4.8.1)

Nero StartSmart (x32 Version: 9.4.11.207)

Nero StartSmart Help (x32 Version: 9.4.1.100)

Nero StartSmart OEM (x32 Version: 9.4.10.100)

neroxml (x32 Version: 1.0.0)

Norton 360 (x32 Version: 21.1.0.18)

NVIDIA Grafiktreiber 311.00 (Version: 311.00)

NVIDIA Install Application (Version: 2.1002.108.688)

NVIDIA Optimus 1.11.3 (Version: 1.11.3)

NVIDIA PhysX (x32 Version: 9.12.1031)

NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)

NVIDIA Systemsteuerung 311.00 (Version: 311.00)

NVIDIA Update 1.11.3 (Version: 1.11.3)

NVIDIA Update Components (Version: 1.11.3)

OCR Software by I.R.I.S. 13.0 (Version: 13.0)

PlayReady PC Runtime amd64 (Version: 1.3.0)

Qualcomm Atheros WiFi Driver Installation (x32 Version: 3.1)

REALTEK DTV USB DEVICE (x32 Version: 1.00.0000)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6570)

Realtek PCIE Card Reader (x32 Version: 6.1.7601.85)

Scan (x32 Version: 140.0.80.000)

SolutionCenter (x32 Version: 130.0.369.000)

Steuer-Spar-Erklärung 2013 (x32 Version: 18.09)

Überwachungstool für die Intel® Turbo-Boost-Technik 2.5 (Version: 2.5.1.0)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553065) (x32)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2566458) (x32)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)

Update for Zip Extractor (HKCU)

VLC media player 2.0.5 (x32 Version: 2.0.5)

WebReg (x32 Version: 130.0.128.017)

WinRAR 4.20 (64-Bit) (Version: 4.20.0)

WinZipper (x32 Version: 1.4.8)

Zip Extractor Packages (HKCU)
 

==================== Restore Points  =========================
 

29-09-2013 17:00:02 Windows-Sicherung

29-09-2013 18:08:26 Windows-Sicherung

02-10-2013 11:57:48 Removed Scan

02-10-2013 11:58:18 Removed Destinations

02-10-2013 11:58:42 Installed Scan

02-10-2013 11:59:14 Installed Destinations

05-10-2013 11:22:49 Norton 360 Registry Clean

10-10-2013 22:51:59 Windows Update

29-10-2013 14:38:36 Geplanter Prüfpunkt
 

==================== Hosts content: ==========================
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0F01DAEB-C157-403F-9A06-69273FB8F1AF} - \Dealply No Task File

Task: {1935D499-7A00-4811-BCC3-F850F0F640DB} - \DigitalSite No Task File

Task: {587108E5-6216-4579-9DA0-D268BA79DCF0} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)

Task: {7A8F25EE-86BC-4CA4-A5C6-B847DA31032B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)

Task: {87FC3D49-D708-4C68-8721-EC58B98E3058} - \UpdaterEX No Task File

Task: {8BF943DC-2A48-4D6F-AC2B-7F5FD7A44C16} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)

Task: {A7B99B0C-3A72-4173-A03D-B52AC0EA491F} - \MetaCrawler No Task File

Task: {B7294118-4E07-46B6-B3C9-0374A5C1CA39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)

Task: {BADF51C0-4A92-4032-992A-EA4C38B56D9C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\wscstub.exe [2013-10-08] (Symantec Corporation)

Task: {C997B960-5B1A-44F1-A7F0-276B3785EDC0} - \Advanced System Protector No Task File

Task: {D0B7B812-8CE5-4C5E-AF8F-32B0E6385B16} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3312357363-170735279-3078533786-1002

Task: {D9D64127-8F5F-4339-AD27-759F631475CC} - \DSite No Task File

Task: {EAE93784-D5F8-4EFD-90F9-678C692036F9} - \Advanced System Protector_startup No Task File

Task: {F72F0086-22BA-4285-98C0-9B5296F384A5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2012-02-14 08:53 - 2012-02-14 08:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-01-20 15:18 - 2012-01-20 15:18 - 00403968 _____ () C:\Program Files\Intel\TurboBoost\de\SignalIslandUi.resources.dll

2013-08-25 11:59 - 2013-08-25 11:59 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll

2013-05-15 13:15 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

2013-05-15 15:22 - 2011-12-16 09:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (10/31/2013 00:27:50 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/31/2013 11:46:57 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/31/2013 07:34:21 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/30/2013 10:29:22 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/30/2013 03:47:25 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/30/2013 11:33:57 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (10/30/2013 11:33:44 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (10/30/2013 11:33:44 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (10/30/2013 11:33:38 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (10/30/2013 10:27:42 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (10/30/2013 11:11:22 AM) (Source: mbamchameleon) (User: )

Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON 360\ENGINE\21.1.0.18\N360.EXE
 

Error: (10/30/2013 11:11:22 AM) (Source: mbamchameleon) (User: )

Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON 360\ENGINE\21.1.0.18\N360.EXE
 

Error: (10/30/2013 10:54:24 AM) (Source: mbamchameleon) (User: )

Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON 360\ENGINE\21.1.0.18\N360.EXE
 

Error: (10/30/2013 10:54:24 AM) (Source: mbamchameleon) (User: )

Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON 360\ENGINE\21.1.0.18\N360.EXE
 

Error: (10/30/2013 10:54:23 AM) (Source: mbamchameleon) (User: )

Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON 360\ENGINE\21.1.0.18\N360.EXE
 

Error: (10/30/2013 10:54:23 AM) (Source: mbamchameleon) (User: )

Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON 360\ENGINE\21.1.0.18\N360.EXE
 

Error: (10/30/2013 10:54:21 AM) (Source: mbamchameleon) (User: )

Description: \Device\HarddiskVolume2\Program Files (x86)\Norton 360\Engine\21.1.0.18\n360.exe
 

Error: (10/30/2013 10:54:21 AM) (Source: mbamchameleon) (User: )

Description: \Device\HarddiskVolume2\Program Files (x86)\Norton 360\Engine\21.1.0.18\n360.exe
 

Error: (10/30/2013 10:54:20 AM) (Source: mbamchameleon) (User: )

Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON 360\ENGINE\21.1.0.18\N360.EXE
 

Error: (10/30/2013 10:54:19 AM) (Source: mbamchameleon) (User: )

Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON 360\ENGINE\21.1.0.18\N360.EXE
 
 

Microsoft Office Sessions:

=========================

Error: (10/31/2013 00:27:50 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/31/2013 11:46:57 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/31/2013 07:34:21 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/30/2013 10:29:22 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/30/2013 03:47:25 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/30/2013 11:33:57 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Hermann\Downloads\esetsmartinstaller_enu.exe
 

Error: (10/30/2013 11:33:44 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Hermann\Downloads\esetsmartinstaller_enu.exe
 

Error: (10/30/2013 11:33:44 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Hermann\Downloads\esetsmartinstaller_enu.exe
 

Error: (10/30/2013 11:33:38 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Hermann\Downloads\esetsmartinstaller_enu.exe
 

Error: (10/30/2013 10:27:42 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 27%

Total physical RAM: 8030.36 MB

Available physical RAM: 5842.84 MB

Total Pagefile: 16058.89 MB

Available Pagefile: 13480.22 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:698.54 GB) (Free:608.38 GB) NTFS

Drive e: () (Fixed) (Total:14.9 GB) (Free:14.27 GB) FAT32
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 108480FC)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=699 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 15 GB) (Disk ID: CAF8C4FE)

Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
 

==================== End Of Log ============================