Trojaner-Board - Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr

Hallo,
seit einiger Zeit braucht mein laptop EEEEEEWIG sich zu booten, seit kurzem hab ich ständig Fehlermeldungen bei t-online-email und Aufhänger. Seit ein paar Tagen öffnen sich willkürlich pop-up-Fenster und das laptop hängt sich auf....auch ohne pop ups.
Hier mal die Vorarbeit und schon mal VIELEN DANK für die Hilfe.
LG
Mundi

defogger:

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 10:56 on 03/03/2014 (Raimund)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

FRST und addition:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014

Ran by Raimund (administrator) on RAIMUND-PC on 03-03-2014 10:57:37

Running from C:\Users\Raimund\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe

(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Deutsche Telekom AG) C:\Users\Raimund\AppData\Local\DTAG\Dtor.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe

(Memeo) C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe

(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

(NVIDIA) C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

() C:\Program Files\Memeo\AutoBackup\InstantBackup.exe

(Axentra Corporation) C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-06-08] (NVIDIA Corporation)

HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-06-08] (NVIDIA Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)

HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)

HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()

HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)

HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-29] (Nuance Communications, Inc.)

HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.)

HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.)

HKLM\...\Run: [ToADiMon.exe] - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [286720 2010-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

HKLM\...\Run: [Memeo Instant Backup] - C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-13] (Memeo Inc.)

HKLM\...\Run: [Memeo AutoSync] - C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-13] (Memeo Inc.)

HKLM\...\Run: [Seagate Dashboard] - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-02] ()

HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)

HKLM\...\Run: [Sweetpacks Communicator] - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM\...\Run: [] - [X]

HKU\.DEFAULT\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-19\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)

HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-03-17] (Hewlett-Packard Company)

HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [Adobe Reader Synchronizer] - C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272704 2013-12-18] (Adobe Systems Incorporated)

HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [DTAGSSDVDReport] - C:\Users\Raimund\AppData\Local\Dtag\Dtor.exe [4960192 2012-10-17] (Deutsche Telekom AG)

HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\MountPoints2: {e634a84b-2703-11df-b15a-806e6f6e6963} - G:\Menu.exe

Startup: C:\Users\Raimund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-9.html

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={BCE9DD1B-3643-11E2-90E0-001377D48AE0}

URLSearchHook: HKLM - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)

URLSearchHook: HKCU - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)

SearchScopes: HKLM - DefaultScope {EF986012-BAC9-477D-B337-8A2C55A9753B} URL = 

SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={BCE9DD1B-3643-11E2-90E0-001377D48AE0}

SearchScopes: HKCU - DefaultScope {EF986012-BAC9-477D-B337-8A2C55A9753B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297969&CUI=UN22117582881162115&UM=1

SearchScopes: HKCU - {5119FB30-9FFF-47B4-8A80-19A544DEC875} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742

SearchScopes: HKCU - {68B6BBB4-2B92-42B8-9071-45F275E0AF04} URL = hxxp://rover.ebay.com/rover/1/707-1403-276402/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={sear chTerms}

SearchScopes: HKCU - {7956413B-17A5-4099-912A-FA61DDCBE3C3} URL = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi

SearchScopes: HKCU - {DD1D79C2-C6C2-4E82-8BD6-C2A07E973047} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi

SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={BCE9DD1B-3643-11E2-90E0-001377D48AE0}

SearchScopes: HKCU - {EF986012-BAC9-477D-B337-8A2C55A9753B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297969&CUI=UN22117582881162115&UM=1

BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File

BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)

BHO: FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)

BHO: LyricsPal - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - C:\Program Files\XingHaoLyrics\lrcspal.dll No File

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

Toolbar: HKLM - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)

Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

Toolbar: HKCU - FileConverter 1.3 B2 Toolbar - {99A9C3BA-07F6-4699-BC81-65CAB16E204B} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)

DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

ShellExecuteHooks: Internet Shortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - C:\Windows\System32\ieframe.dll [9739264 2014-02-05] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

========================== Services (Whitelisted) =================
 

R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-13] (Memeo)

R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)

R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [191080 2010-03-22] (NVIDIA)

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()

S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] ()

R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-02] (Memeo)

R2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [195176 2009-11-06] (NVIDIA)
 

==================== Drivers (Whitelisted) ====================
 

S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [83880 2008-01-18] (MCCI Corporation)

S3 a016mdfl; C:\Windows\System32\DRIVERS\a016mdfl.sys [15016 2008-01-18] (MCCI Corporation)

S3 a016mdm; C:\Windows\System32\DRIVERS\a016mdm.sys [110504 2008-01-18] (MCCI Corporation)

S3 a016mgmt; C:\Windows\System32\DRIVERS\a016mgmt.sys [104488 2008-01-18] (MCCI Corporation)

S3 a016obex; C:\Windows\System32\DRIVERS\a016obex.sys [100648 2008-01-18] (MCCI Corporation)

R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-13] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-13] (Symantec Corporation)

S3 GWHid; C:\Windows\System32\DRIVERS\GWHid.sys [18992 2008-10-31] (Microsoft Corporation)

R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140228.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)

R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-05-23] (SAMSUNG ELECTRONICS CO., LTD.)

S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140302.024\NAVENG.SYS [93272 2013-12-13] (Symantec Corporation)

R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140302.024\NAVEX15.SYS [1612376 2013-12-13] (Symantec Corporation)

R3 SRTSP; C:\Windows\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-07-31] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-07-31] (Symantec Corporation)

R1 SYMTDIv; C:\Windows\system32\drivers\NIS\1501000.012\SYMTDIV.SYS [383576 2013-09-26] (Symantec Corporation)

S3 VL807; C:\Windows\System32\DRIVERS\VL807.sys [27184 2008-10-31] ()

R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242560 2008-04-05] (Vimicro Corporation)

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 netr28u; system32\DRIVERS\netr28u.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S2 PCASp50; System32\Drivers\PCASp50.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-03-03 10:57 - 2014-03-03 10:59 - 00017858 _____ () C:\Users\Raimund\Desktop\FRST.txt

2014-03-03 10:57 - 2014-03-03 10:57 - 00000000 ____D () C:\FRST

2014-03-03 10:56 - 2014-03-03 10:56 - 00000476 _____ () C:\Users\Raimund\Desktop\defogger_disable.log

2014-03-03 10:56 - 2014-03-03 10:56 - 00000000 _____ () C:\Users\Raimund\defogger_reenable

2014-03-03 10:52 - 2014-03-03 10:52 - 00380416 _____ () C:\Users\Raimund\Desktop\Gmer-19357.exe

2014-03-03 10:51 - 2014-03-03 10:51 - 01145344 _____ (Farbar) C:\Users\Raimund\Desktop\FRST.exe

2014-03-03 10:50 - 2014-03-03 10:50 - 00050477 _____ () C:\Users\Raimund\Desktop\Defogger.exe

2014-03-02 00:39 - 2014-03-02 00:41 - 00000000 ____D () C:\Users\Raimund\Documents\Intelli-studio

2014-02-20 11:08 - 2014-03-02 00:41 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Intelli-studio

2014-02-20 11:08 - 2014-02-20 11:20 - 00001865 _____ () C:\Users\Public\Desktop\Intelli-studio.lnk

2014-02-15 15:26 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-15 15:26 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-15 15:26 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-15 15:26 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-15 15:26 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-15 15:26 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-15 15:26 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-02-15 15:26 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-15 15:26 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-02-15 15:26 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-15 15:26 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-15 15:26 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-15 15:26 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-15 15:26 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-15 15:26 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-02-15 15:26 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-14 15:07 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
 

==================== One Month Modified Files and Folders =======
 

2014-03-03 10:59 - 2014-03-03 10:57 - 00017858 _____ () C:\Users\Raimund\Desktop\FRST.txt

2014-03-03 10:57 - 2014-03-03 10:57 - 00000000 ____D () C:\FRST

2014-03-03 10:56 - 2014-03-03 10:56 - 00000476 _____ () C:\Users\Raimund\Desktop\defogger_disable.log

2014-03-03 10:56 - 2014-03-03 10:56 - 00000000 _____ () C:\Users\Raimund\defogger_reenable

2014-03-03 10:56 - 2008-12-04 23:31 - 00000000 ____D () C:\Users\Raimund

2014-03-03 10:52 - 2014-03-03 10:52 - 00380416 _____ () C:\Users\Raimund\Desktop\Gmer-19357.exe

2014-03-03 10:51 - 2014-03-03 10:51 - 01145344 _____ (Farbar) C:\Users\Raimund\Desktop\FRST.exe

2014-03-03 10:50 - 2014-03-03 10:50 - 00050477 _____ () C:\Users\Raimund\Desktop\Defogger.exe

2014-03-03 10:33 - 2008-09-18 01:46 - 02009085 _____ () C:\Windows\WindowsUpdate.log

2014-03-03 10:30 - 2009-11-03 22:40 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-03-03 10:29 - 2008-12-04 23:31 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite

2014-03-03 10:29 - 2008-07-08 15:39 - 00109085 _____ () C:\ProgramData\nvModes.dat

2014-03-03 10:29 - 2008-07-08 15:39 - 00109085 _____ () C:\ProgramData\nvModes.001

2014-03-03 10:29 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-03 10:29 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-03 10:29 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-03 00:09 - 2008-07-09 07:09 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-03-03 00:09 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-03-03 00:03 - 2012-12-12 16:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-02 00:41 - 2014-03-02 00:39 - 00000000 ____D () C:\Users\Raimund\Documents\Intelli-studio

2014-03-02 00:41 - 2014-02-20 11:08 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Intelli-studio

2014-02-27 14:05 - 2006-11-02 11:33 - 01619710 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-26 23:54 - 2010-06-08 20:30 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Skype

2014-02-20 22:03 - 2012-12-12 16:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-02-20 22:03 - 2012-12-12 16:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-02-20 11:20 - 2014-02-20 11:08 - 00001865 _____ () C:\Users\Public\Desktop\Intelli-studio.lnk

2014-02-20 11:16 - 2006-11-02 13:52 - 00108264 _____ () C:\Windows\setupact.log

2014-02-20 11:07 - 2008-07-08 15:23 - 00000000 ____D () C:\Program Files\Samsung

2014-02-17 14:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-02-15 15:40 - 2013-08-15 14:27 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-15 15:34 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-02-05 09:58 - 2014-02-15 15:26 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-05 09:56 - 2014-02-15 15:26 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-05 09:53 - 2014-02-15 15:26 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-05 09:51 - 2014-02-15 15:26 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-05 09:50 - 2014-02-15 15:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-05 09:49 - 2014-02-15 15:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-05 09:49 - 2014-02-15 15:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-02-05 09:48 - 2014-02-15 15:26 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-05 09:48 - 2014-02-15 15:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-02-05 09:48 - 2014-02-15 15:26 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-05 09:48 - 2014-02-15 15:26 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-05 09:48 - 2014-02-15 15:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-05 09:47 - 2014-02-15 15:26 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-05 09:47 - 2014-02-15 15:26 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-05 09:47 - 2014-02-15 15:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-02-05 09:46 - 2014-02-15 15:26 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-03 19:51 - 2008-01-21 03:47 - 01245526 _____ () C:\Windows\PFRO.log
 

Some content of TEMP:

====================

C:\Users\Raimund\AppData\Local\Temp\AdobeUpdater12345.exe

C:\Users\Raimund\AppData\Local\Temp\ose00000.exe

C:\Users\Raimund\AppData\Local\Temp\_is2FA7.exe

C:\Users\Raimund\AppData\Local\Temp\_is3EE3.exe

C:\Users\Raimund\AppData\Local\Temp\_is3F9.exe

C:\Users\Raimund\AppData\Local\Temp\_is74B2.exe

C:\Users\Raimund\AppData\Local\Temp\_isA9B.exe

C:\Users\Raimund\AppData\Local\Temp\_isAA62.exe

C:\Users\Raimund\AppData\Local\Temp\_isAFE1.exe

C:\Users\Raimund\AppData\Local\Temp\_isB46.exe

C:\Users\Raimund\AppData\Local\Temp\_isBB05.exe

C:\Users\Raimund\AppData\Local\Temp\_isBE8D.exe

C:\Users\Raimund\AppData\Local\Temp\_isCD7B.exe

C:\Users\Raimund\AppData\Local\Temp\_isE733.exe

C:\Users\Raimund\AppData\Local\Temp\_isF4AB.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-03-03 10:35
 

==================== End Of Log ============================

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-03-2014

Ran by Raimund at 2014-03-03 10:59:21

Running from C:\Users\Raimund\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 

==================== Installed Programs ======================
 

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)

Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)

Apple Software Update (HKLM\...\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}) (Version: 2.0.2.92 - Apple Inc.)

Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )

BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden

Bundled software uninstaller (HKLM\...\bi_uninstaller) (Version:  - ) <==== ATTENTION

C4700 (Version: 130.0.373.000 - Hewlett-Packard) Hidden

CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2403 - CyberLink Corp.)

CyberLink Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.0.3825 - CyberLink Corp.)

Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden

DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)

Die ersten 10 Jahre (HKLM\...\{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}) (Version: 1.00.0000 - )

Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - )

Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)

Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname)

Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden

Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.0 - )

FileConverter 1.3 B2 Toolbar (HKLM\...\FileConverter_1.3_B2 Toolbar) (Version: 6.12.0.11 - FileConverter 1.3 B2)

FILEminimizer Pictures (HKLM\...\FILEminimizer Pictures_is1) (Version:  - balesio AG)

GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden

HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)

HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)

HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{2012D762-5DCA-455A-B5FE-EDF79BC93E18}) (Version: 13.0 - HP)

HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)

HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)

HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)

HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)

HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden

hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden

HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden

HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden

hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden

imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)

Intel PROSet Wireless (Version:  - ) Hidden

Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)

Internet Explorer (Version: 9 - Microsoft Corporation) Hidden

Internet Explorer Toolbar 4.6 by SweetPacks (HKLM\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION

LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: .2406 - CyberLink Corp.)

LightScribe System Software  1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)

LyricsPal (HKLM\...\lrcspal@xinghao.net) (Version:  - XingHao Software) <==== ATTENTION

MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden

Memeo AutoSync (HKLM\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version:  - Memeo Inc.)

Memeo Instant Backup (HKLM\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden

Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)

Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)

Microsoft Works Suite-Add-Ins für Microsoft Word (HKLM\...\{25F60491-F5AB-4985-9354-37C146783F35}) (Version: 2.0.0.0000 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden

Norton Internet Security (HKLM\...\NIS) (Version: 21.1.0.18 - Symantec Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)

NVIDIA Performance (HKLM\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)

NVIDIA Performance (Version: 6.5 - NVIDIA Corporation) Hidden

NVIDIA System Monitor (HKLM\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)

NVIDIA System Monitor (Version: 6.5 - NVIDIA Corporation) Hidden

NVIDIA System Update (HKLM\...\InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}) (Version: 3.00 - NVIDIA Corporation)

NVIDIA System Update (Version: 3.00 - NVIDIA Corporation) Hidden

PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.)

Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.50 - Ihr Firmenname)

Play AVStation (Version: 4.1.20.50 - Ihr Firmenname) Hidden

PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.7 - )

PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 5.0.3927 - CyberLink Corp.)

PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corp.)

PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 085120(3.7)_Vista_SSPC - CyberLink Corp.)

PS_AIO_06_C4700_SW_Min (Version: 130.0.373.000 - Hewlett-Packard) Hidden

Q-plus Bridge 10 (HKLM\...\Q-plus Bridge 10) (Version:  - )

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)

Reclams Kreuzworträtsellexikon (HKLM\...\Reclams Kreuzworträtsellexikon) (Version:  - )

SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)

Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)

Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.5 - Samsung)

Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD)

Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden

Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden

ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)

Seagate Dashboard (HKLM\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)

Shockwave (HKLM\...\Shockwave) (Version:  - )

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)

Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)

Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)

SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden

SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden

Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden

SweetIM for Messenger 3.7 (HKLM\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION

SweetPacks bundle uninstaller (HKLM\...\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}) (Version: 1.0.0001 - SweetIM Technologies Ltd.) <==== ATTENTION

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)

Telefonauskunft und Rückwärtssuche auf CD-ROM (HKLM\...\{42F81BE4-63FC-455C-8F80-2158612EDA9E}) (Version: 1.00.0000 - telegate MEDIA AG)

T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )

T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )

Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden

TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden

Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

USB FLYING STICK (HKLM\...\FT7195) (Version:  - )

User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )

Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)

WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden

WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.)

Works Suite-Betriebssystem-Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden

Works-Synchronisierung (Version: 1.0.0.0000 - Firmenname) Hidden
 

==================== Restore Points  =========================
 

14-09-2013 12:58:04 Windows Update

16-10-2013 12:14:51 Windows Update

14-11-2013 14:14:59 Windows Update

14-12-2013 14:31:52 Windows Update

16-01-2014 08:54:29 Windows Update

29-01-2014 13:32:04 Windows Update

15-02-2014 14:20:27 Windows Update

27-02-2014 12:58:14 Windows Update
 

==================== Hosts content: ==========================
 

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {04699375-5AFB-4BAF-9F2A-09D8C0497F4E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION

Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION

Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION

Task: {1C1403F7-AA79-4AEB-B025-B6645E4819B1} - System32\Tasks\{5DE02A4D-873C-479A-83A9-AEEDE6DE5690} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {206E3C38-F33B-415D-9450-1CD60B8135E8} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation) <==== ATTENTION

Task: {3048F55A-A266-40E3-8960-C82CC5E9F0A2} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-04] (Samsung Electronics Co., Ltd.) <==== ATTENTION

Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {3DFD267D-6C28-4D9F-9B75-BDF1CC00D3CC} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation) <==== ATTENTION

Task: {3E21E1AC-D61F-4D06-85AE-7BA3CE25479D} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.) <==== ATTENTION

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION

Task: {46A2672D-D19D-4A06-92B0-76E399E1AFAE} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION

Task: {492B8F7F-EE8B-4BD2-96F0-3CD390189FA9} - System32\Tasks\Microsoft\Windows\MUI\Mcbuilder => C:\Windows\System32\mcbuilder.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION

Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\system32\BthUdTask.exe [2009-04-11] (Microsoft Corporation) <==== ATTENTION

Task: {557A9153-8060-4500-85DA-841BFEE856A2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) <==== ATTENTION

Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs [2008-01-21] () <==== ATTENTION

Task: {56FC5C7B-173D-4CF6-8A5E-EACC301EBB6F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics) <==== ATTENTION

Task: {57030356-4699-4E1F-9939-F9D4460CD4DA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION

Task: {5936C79A-731F-4716-BE59-35B58194ECE5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION

Task: {601584B6-D7D9-4A55-AB93-0E04245E4CF8} - System32\Tasks\{D59EAB00-DDF4-401D-A6F0-FD1318A8749C} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION

Task: {6FA7AB56-F5FB-4F1B-85A9-EF399DDC1807} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation) <==== ATTENTION

Task: {77DFA1C0-895B-437F-ADEA-FA41F08AA14D} - System32\Tasks\{DF54DA06-F274-4D0E-9C61-9805C7A90D51} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION

Task: {78DABEC8-68B8-4590-81BD-4532D98F07C2} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION

Task: {7B50DB5F-DB88-4F32-93EF-7D1870D6D1DC} - System32\Tasks\{07FD2472-DFFD-4A34-9BEB-67BC0F5F1AE5} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION

Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe [2009-04-11] (Microsoft Corporation) <==== ATTENTION

Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION

Task: {8EBE5DF9-0174-4C6E-9167-772BB0717C65} - System32\Tasks\Microsoft\Windows\RestartManager\{3054AEBE-DDE9-49f7-94D3-B64A2AD72371} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) <==== ATTENTION

Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.) <==== ATTENTION

Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION

Task: {B018E776-CC9A-4984-BA5D-7C8A743A6DBE} - System32\Tasks\User_Feed_Synchronization-{F96F0F53-13D2-475D-B150-9A388DCD819E} => C:\Windows\system32\msfeedssync.exe [2012-07-01] (Microsoft Corporation) <==== ATTENTION

Task: {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION

Task: {C7A04EA0-1AFF-4F27-BE45-EA5FEA5CBA37} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Raimund => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) <==== ATTENTION

Task: {CB742042-B33B-4C37-8B78-850310DE2EDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated) <==== ATTENTION

Task: {CBD7E95B-A075-44E2-BBE3-E5FCD4C7688A} - System32\Tasks\{1A0563EE-C4EE-4504-82C5-85208CF9817E} => C:\Program Files\Skype\Phone\Skype.exe [2013-04-19] (Skype Technologies S.A.) <==== ATTENTION

Task: {CE3C7B64-1AB7-4FA9-83BD-864EC211E4D1} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.) <==== ATTENTION

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () <==== ATTENTION

Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => Sc.exe config upnphost start= auto <==== ATTENTION

Task: {F6C840F6-CE8D-462C-8D55-120313D3D39D} - System32\Tasks\{336BC3DC-756E-41D4-86F0-869C4B6BF4E0} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION

Task: {F8015734-01C2-441E-B19B-54B7A1112A9F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29] (Apple Inc.) <==== ATTENTION

Task: {F887B50F-E636-4A82-A80A-3D80F59A5956} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2010-03-03 22:28 - 2009-08-20 01:19 - 00074984 _____ () C:\Program Files\FILEminimizer Pictures\FILEMShell.dll

2008-07-08 15:32 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll

2008-07-08 15:31 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

2008-07-08 15:31 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll

2007-07-12 05:55 - 2007-07-12 05:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll

2007-08-14 05:59 - 2007-08-14 05:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll

2007-07-12 05:55 - 2007-07-12 05:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

2011-06-02 00:06 - 2011-06-02 00:06 - 00108296 _____ () C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll

2011-06-02 00:11 - 2011-06-02 00:11 - 00030984 _____ () C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll

2011-06-02 00:10 - 2011-06-02 00:10 - 00011016 _____ () C:\Program Files\Seagate\Seagate Dashboard\Plugins\de-DE\Memeo.Dashboard.SeagateSharePlusPlugin.resources.dll

2008-07-08 15:26 - 2006-12-19 14:23 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe

2011-05-13 00:44 - 2011-05-13 00:44 - 00325344 _____ () C:\Program Files\Memeo\AutoBackup\InstantBackup.exe

2011-05-13 00:45 - 2011-05-13 00:45 - 02896608 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll

2011-05-13 00:45 - 2011-05-13 00:45 - 00027360 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll

2011-05-13 00:45 - 2011-05-13 00:45 - 00028672 _____ () C:\Program Files\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll

2010-03-22 23:59 - 2010-03-22 23:59 - 00504293 _____ () C:\Program Files\Memeo\AutoBackup\sqlite3.dll

2011-06-01 17:16 - 2011-06-01 17:16 - 00241664 _____ () C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll

2011-06-01 17:16 - 2011-06-01 17:16 - 00971776 _____ () C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (03/03/2014 10:30:02 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/03/2014 10:29:41 AM) (Source: MemeoBackgroundService) (User: )

Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---

   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)

   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)

   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
 

Error: (03/02/2014 08:14:58 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/02/2014 08:14:39 PM) (Source: MemeoBackgroundService) (User: )

Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---

   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)

   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)

   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
 

Error: (03/02/2014 06:13:52 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/02/2014 06:13:37 PM) (Source: MemeoBackgroundService) (User: )

Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---

   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)

   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)

   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
 

Error: (03/01/2014 04:16:09 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/01/2014 04:15:41 PM) (Source: MemeoBackgroundService) (User: )

Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---

   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)

   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)

   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
 

Error: (02/28/2014 02:14:41 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (02/28/2014 02:14:17 PM) (Source: MemeoBackgroundService) (User: )

Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---

   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)

   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)

   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
 
 

System errors:

=============

Error: (03/03/2014 10:33:52 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)

Description: 0x80070032
 

Error: (03/03/2014 10:30:03 AM) (Source: Service Control Manager) (User: )

Description: Parallel port driver%%1058
 

Error: (03/03/2014 10:30:03 AM) (Source: Service Control Manager) (User: )

Description: PCASp50 NDIS Protocol Driver%%2
 

Error: (03/02/2014 08:17:43 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)

Description: 0x80070032
 

Error: (03/02/2014 08:14:58 PM) (Source: Service Control Manager) (User: )

Description: Parallel port driver%%1058
 

Error: (03/02/2014 08:14:58 PM) (Source: Service Control Manager) (User: )

Description: PCASp50 NDIS Protocol Driver%%2
 

Error: (03/02/2014 06:16:35 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)

Description: 0x80070032
 

Error: (03/02/2014 06:13:53 PM) (Source: Service Control Manager) (User: )

Description: Parallel port driver%%1058
 

Error: (03/02/2014 06:13:53 PM) (Source: Service Control Manager) (User: )

Description: PCASp50 NDIS Protocol Driver%%2
 

Error: (03/01/2014 04:18:51 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)

Description: 0x80070032
 
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2014-02-10 19:36:27.988

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-02-10 19:36:26.970

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-02-10 19:36:26.656

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-02-10 19:36:26.335

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-02-10 19:33:09.428

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-02-10 19:33:08.434

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-02-10 19:33:08.068

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-02-10 19:33:07.636

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-01-01 19:52:04.922

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-01-01 19:52:04.615

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 40%

Total physical RAM: 3065.88 MB

Available physical RAM: 1817.85 MB

Total Pagefile: 6352.15 MB

Available Pagefile: 5103.37 MB

Total Virtual: 2047.88 MB

Available Virtual: 1885.17 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:144.09 GB) (Free:30.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: () (Fixed) (Total:144 GB) (Free:143.9 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 298 GB) (Disk ID: B6394A61)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Gmer (ist in den bluescreen gegangen, falls die Info hilft)

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2014-03-03 11:35:55

Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2SS0 298,09GB

Running: Gmer-19357.exe; Driver: C:\Users\Raimund\AppData\Local\Temp\pxliqfoc.sys
 
 

---- System - GMER 2.1 ----
 

SSDT   8782D038                                                                                         ZwAlertResumeThread

SSDT   8782D0D0                                                                                         ZwAlertThread

SSDT   8751FCE8                                                                                         ZwAllocateVirtualMemory

SSDT   871CFB18                                                                                         ZwAlpcConnectPort

SSDT   873C2EA0                                                                                         ZwAssignProcessToJobObject

SSDT   872DFE30                                                                                         ZwCreateMutant

SSDT   873C2C98                                                                                         ZwCreateSymbolicLinkObject

SSDT   87621A78                                                                                         ZwCreateThread

SSDT   873C2F38                                                                                         ZwDebugActiveProcess

SSDT   872DF090                                                                                         ZwDuplicateObject

SSDT   876A2CB8                                                                                         ZwFreeVirtualMemory

SSDT   872DFED8                                                                                         ZwImpersonateAnonymousToken

SSDT   872DFF70                                                                                         ZwImpersonateThread

SSDT   8709E330                                                                                         ZwLoadDriver

SSDT   8741C490                                                                                         ZwMapViewOfSection

SSDT   872DFD98                                                                                         ZwOpenEvent

SSDT   873C20C0                                                                                         ZwOpenProcess

SSDT   8751FD70                                                                                         ZwOpenProcessToken

SSDT   872DFC68                                                                                         ZwOpenSection

SSDT   872DF118                                                                                         ZwOpenThread

SSDT   873C2DF8                                                                                         ZwProtectVirtualMemory

SSDT   8782D168                                                                                         ZwResumeThread

SSDT   8782D330                                                                                         ZwSetContextThread

SSDT   8741C350                                                                                         ZwSetInformationProcess

SSDT   873C2FD0                                                                                         ZwSetSystemInformation

SSDT   872DFD00                                                                                         ZwSuspendProcess

SSDT   8782D200                                                                                         ZwSuspendThread

SSDT   873B1C28                                                                                         ZwTerminateProcess

SSDT   8782D298                                                                                         ZwTerminateThread

SSDT   8741C3F8                                                                                         ZwUnmapViewOfSection

SSDT   876A2D60                                                                                         ZwWriteVirtualMemory

SSDT   873C2D40                                                                                         ZwCreateThreadEx
 

---- Kernel code sections - GMER 2.1 ----
 

.text  ntoskrnl.exe!KeInsertQueue + 30D                                                                 82081814 8 Bytes  [38, D0, 82, 87, D0, D0, 82, ...]

.text  ntoskrnl.exe!KeInsertQueue + 321                                                                 82081828 4 Bytes  [E8, FC, 51, 87]

.text  ntoskrnl.exe!KeInsertQueue + 32D                                                                 82081834 4 Bytes  [18, FB, 1C, 87] {SBB BL, BH; SBB AL, 0x87}

.text  ntoskrnl.exe!KeInsertQueue + 381                                                                 82081888 4 Bytes  [A0, 2E, 3C, 87]

.text  ntoskrnl.exe!KeInsertQueue + 3E5                                                                 820818EC 4 Bytes  [30, FE, 2D, 87]

.text  ...                                                                                              

.text  C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                         section is writeable [0x9100C340, 0x3E9407, 0xE8000020]
 

---- Registry - GMER 2.1 ----
 

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002787923ce                      

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027879245e                      

Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0002787923ce (not active ControlSet)  

Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027879245e (not active ControlSet)  
 

---- Disk sectors - GMER 2.1 ----
 

Disk   \Device\Harddisk0\DR0                                                                            unknown MBR code
 

---- EOF - GMER 2.1 ----

Hallo cosinus,
anbei die gewünschten Dateien...allerdings mit (leider) einem großen ABER:
der erste Versuch endete damit, daß adw und jrt durchliefen und das FRST sich aufhängte...mein Vater, dem dieses laptop gehört war der Meinung dann nochmal ALLES starten zu müssen....JRT ist aus dem 2.Versuch, adw ist laut ihm der 1. und FRST dann der, der geklappt hat.
SORRY und LG

ADW

Code:

# AdwCleaner v3.020 - Bericht erstellt am 05/03/2014 um 13:15:20

# Aktualisiert 27/02/2014 von Xplode

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Benutzername : Raimund - RAIMUND-PC

# Gestartet von : C:\Users\Raimund\Desktop\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Program Files\Conduit

Ordner Gelöscht : C:\Program Files\SweetIM

Ordner Gelöscht : C:\Program Files\FileConverter_1.3_B2

Ordner Gelöscht : C:\Users\Raimund\AppData\Local\Conduit

Ordner Gelöscht : C:\Users\Raimund\AppData\Local\Wajam

Ordner Gelöscht : C:\Users\Raimund\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\Raimund\AppData\LocalLow\PriceGong

Ordner Gelöscht : C:\Users\Raimund\AppData\LocalLow\SweetIM

Ordner Gelöscht : C:\Users\Raimund\AppData\LocalLow\FileConverter_1.3_B2

Ordner Gelöscht : C:\Users\Raimund\AppData\Roaming\OpenCandy

Ordner Gelöscht : C:\Users\Raimund\AppData\Roaming\Systweak
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3297969

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99A9C3BA-07F6-4699-BC81-65CAB16E204B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5AEA34E-7BA3-42F6-9AF8-4A5F97BB53AB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99A9C3BA-07F6-4699-BC81-65CAB16E204B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99A9C3BA-07F6-4699-BC81-65CAB16E204B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5AEA34E-7BA3-42F6-9AF8-4A5F97BB53AB}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99A9C3BA-07F6-4699-BC81-65CAB16E204B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5AEA34E-7BA3-42F6-9AF8-4A5F97BB53AB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{917FA563-AD66-4693-8E74-42B400DC020D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A840F179-E355-4089-A259-6BBBB8588095}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99A9C3BA-07F6-4699-BC81-65CAB16E204B}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{99A9C3BA-07F6-4699-BC81-65CAB16E204B}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{99A9C3BA-07F6-4699-BC81-65CAB16E204B}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{99A9C3BA-07F6-4699-BC81-65CAB16E204B}]

Schlüssel Gelöscht : HKCU\Software\BI

Schlüssel Gelöscht : HKCU\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\IM

Schlüssel Gelöscht : HKCU\Software\ImInstaller

Schlüssel Gelöscht : HKCU\Software\systweak

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\XingHaoLyrics

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FileConverter_1.3_B2

Schlüssel Gelöscht : HKLM\Software\Conduit

Schlüssel Gelöscht : HKLM\Software\systweak

Schlüssel Gelöscht : HKLM\Software\FileConverter_1.3_B2

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileConverter_1.3_B2 Toolbar

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FileConverter_1.3_B2 Toolbar

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
 

***** [ Browser ] *****
 

-\\ Internet Explorer v9.0.8112.16533
 

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 

*************************
 

AdwCleaner[R0].txt - [9772 octets] - [05/03/2014 13:14:31]

AdwCleaner[S0].txt - [9632 octets] - [05/03/2014 13:15:20]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9692 octets] ##########

JRT

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.2 (02.20.2014:1)

OS: Windows Vista (TM) Home Premium x86

Ran by Raimund on 05.03.2014 at 19:52:52,19

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 05.03.2014 at 19:55:01,85

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014

Ran by Raimund (administrator) on RAIMUND-PC on 05-03-2014 19:39:37

Running from C:\Users\Raimund\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(Microsoft Corporation) C:\Windows\System32\lpksetup.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe

(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe

(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe

(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe

(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Deutsche Telekom AG) C:\Users\Raimund\AppData\Local\DTAG\Dtor.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(NVIDIA) C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Microsoft Corporation) C:\Windows\system32\conime.exe

(Secunia) C:\Program Files\Secunia\PSI\sua.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

(Microsoft Corporation) C:\Windows\system32\msiexec.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-06-08] (NVIDIA Corporation)

HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-06-08] (NVIDIA Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)

HKLM\...\Run: [ToADiMon.exe] - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [286720 2010-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKU\.DEFAULT\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)

HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-03-17] (Hewlett-Packard Company)

HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [Adobe Reader Synchronizer] - C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272704 2013-12-18] (Adobe Systems Incorporated)

HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [DTAGSSDVDReport] - C:\Users\Raimund\AppData\Local\Dtag\Dtor.exe [4960192 2012-10-17] (Deutsche Telekom AG)

HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

Startup: C:\Users\Raimund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {5119FB30-9FFF-47B4-8A80-19A544DEC875} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742

SearchScopes: HKCU - {7956413B-17A5-4099-912A-FA61DDCBE3C3} URL = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi

SearchScopes: HKCU - {DD1D79C2-C6C2-4E82-8BD6-C2A07E973047} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi

BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

ShellExecuteHooks: Internet Shortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - C:\Windows\System32\ieframe.dll [9739264 2014-02-05] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

========================== Services (Whitelisted) =================
 

R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [191080 2010-03-22] (NVIDIA)

S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] ()

R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)

R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

R2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [195176 2009-11-06] (NVIDIA)
 

==================== Drivers (Whitelisted) ====================
 

S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [83880 2008-01-18] (MCCI Corporation)

S3 a016mdfl; C:\Windows\System32\DRIVERS\a016mdfl.sys [15016 2008-01-18] (MCCI Corporation)

S3 a016mdm; C:\Windows\System32\DRIVERS\a016mdm.sys [110504 2008-01-18] (MCCI Corporation)

S3 a016mgmt; C:\Windows\System32\DRIVERS\a016mgmt.sys [104488 2008-01-18] (MCCI Corporation)

S3 a016obex; C:\Windows\System32\DRIVERS\a016obex.sys [100648 2008-01-18] (MCCI Corporation)

S3 GWHid; C:\Windows\System32\DRIVERS\GWHid.sys [18992 2008-10-31] (Microsoft Corporation)

R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-05-23] (SAMSUNG ELECTRONICS CO., LTD.)

S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-03-04] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107224 2014-03-05] (Malwarebytes Corporation)

S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)

S3 VL807; C:\Windows\System32\DRIVERS\VL807.sys [27184 2008-10-31] ()

R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242560 2008-04-05] (Vimicro Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

S3 catchme; \??\C:\Users\Raimund\AppData\Local\Temp\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 netr28u; system32\DRIVERS\netr28u.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S2 PCASp50; System32\Drivers\PCASp50.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-03-05 13:22 - 2014-03-05 13:22 - 00000000 ____D () C:\Windows\ERUNT

2014-03-05 13:14 - 2014-03-05 19:32 - 00000000 ____D () C:\AdwCleaner

2014-03-05 13:13 - 2014-03-05 13:13 - 01244192 _____ () C:\Users\Raimund\Desktop\adwcleaner.exe

2014-03-05 13:13 - 2014-03-05 13:13 - 01037734 _____ (Thisisu) C:\Users\Raimund\Desktop\JRT.exe

2014-03-05 12:47 - 2014-03-05 19:36 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-03-05 12:18 - 2014-03-05 12:18 - 00008981 _____ () C:\ComboFix.txt

2014-03-05 11:50 - 2014-03-05 12:18 - 00000000 ____D () C:\Qoobox

2014-03-05 11:50 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-03-05 11:50 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-03-05 11:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-03-05 11:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-03-05 11:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-03-05 11:50 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-03-05 11:50 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-03-05 11:50 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-03-05 11:48 - 2014-03-05 12:16 - 00000000 ____D () C:\Windows\erdnt

2014-03-05 11:22 - 2014-03-05 11:22 - 05186850 ____R (Swearware) C:\Users\Raimund\Desktop\ComboFix.exe

2014-03-05 09:25 - 2014-03-05 09:25 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help

2014-03-05 09:25 - 2014-03-05 09:25 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help

2014-03-04 18:41 - 2014-03-04 18:41 - 00000000 ____D () C:\Windows\system32\Adobe

2014-03-04 18:28 - 2014-03-04 18:28 - 00000000 ____D () C:\Users\Raimund\AppData\Local\WindowsUpdate

2014-03-04 18:27 - 2014-03-04 18:27 - 00000000 ____D () C:\Users\Raimund\AppData\Local\Secunia PSI

2014-03-04 18:27 - 2014-03-04 18:27 - 00000000 ____D () C:\Program Files\Secunia

2014-03-04 18:25 - 2014-03-04 18:26 - 05329480 _____ (Secunia) C:\Users\Raimund\Downloads\PSISetup_3.0.0.9016.exe

2014-03-04 08:56 - 2014-03-05 09:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-03-04 08:56 - 2014-03-05 09:17 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-04 08:56 - 2014-03-04 08:56 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-04 08:53 - 2014-03-05 09:16 - 00000000 ____D () C:\Users\Raimund\Desktop\mbar

2014-03-04 08:53 - 2014-03-04 08:53 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-04 08:52 - 2014-03-04 08:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Raimund\Desktop\mbar-1.07.0.1009.exe

2014-03-03 11:35 - 2014-03-03 11:35 - 00005976 _____ () C:\Users\Raimund\Desktop\Gmer.log

2014-03-03 11:04 - 2014-03-03 11:05 - 00143376 _____ () C:\Windows\Minidump\Mini030314-01.dmp

2014-03-03 10:59 - 2014-03-03 11:01 - 00044220 _____ () C:\Users\Raimund\Desktop\Addition.txt

2014-03-03 10:57 - 2014-03-05 19:39 - 00010173 _____ () C:\Users\Raimund\Desktop\FRST.txt

2014-03-03 10:57 - 2014-03-05 13:25 - 00000000 ____D () C:\FRST

2014-03-03 10:56 - 2014-03-03 10:56 - 00000476 _____ () C:\Users\Raimund\Desktop\defogger_disable.log

2014-03-03 10:56 - 2014-03-03 10:56 - 00000000 _____ () C:\Users\Raimund\defogger_reenable

2014-03-03 10:52 - 2014-03-03 10:52 - 00380416 _____ () C:\Users\Raimund\Desktop\Gmer-19357.exe

2014-03-03 10:51 - 2014-03-03 10:51 - 01145344 _____ (Farbar) C:\Users\Raimund\Desktop\FRST.exe

2014-03-03 10:50 - 2014-03-03 10:50 - 00050477 _____ () C:\Users\Raimund\Desktop\Defogger.exe

2014-03-02 00:39 - 2014-03-02 00:41 - 00000000 ____D () C:\Users\Raimund\Documents\Intelli-studio

2014-02-20 11:08 - 2014-03-02 00:41 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Intelli-studio

2014-02-15 15:26 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-15 15:26 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-15 15:26 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-15 15:26 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-15 15:26 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-15 15:26 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-15 15:26 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-02-15 15:26 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-15 15:26 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-02-15 15:26 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-15 15:26 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-15 15:26 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-15 15:26 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-15 15:26 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-15 15:26 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-02-15 15:26 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-14 15:07 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
 

==================== One Month Modified Files and Folders =======
 

2014-03-05 19:43 - 2014-03-03 10:57 - 00010173 _____ () C:\Users\Raimund\Desktop\FRST.txt

2014-03-05 19:36 - 2014-03-05 12:47 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-03-05 19:36 - 2008-09-18 01:46 - 01885886 _____ () C:\Windows\WindowsUpdate.log

2014-03-05 19:35 - 2008-07-08 15:39 - 00109085 _____ () C:\ProgramData\nvModes.dat

2014-03-05 19:35 - 2008-07-08 15:39 - 00109085 _____ () C:\ProgramData\nvModes.001

2014-03-05 19:35 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-05 19:35 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-05 19:35 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-05 19:34 - 2008-07-09 07:09 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-03-05 19:34 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-03-05 19:32 - 2014-03-05 13:14 - 00000000 ____D () C:\AdwCleaner

2014-03-05 19:03 - 2012-12-12 16:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-05 14:39 - 2008-12-04 23:35 - 00109880 _____ () C:\Users\Raimund\AppData\Local\GDIPFONTCACHEV1.DAT

2014-03-05 13:25 - 2014-03-03 10:57 - 00000000 ____D () C:\FRST

2014-03-05 13:22 - 2014-03-05 13:22 - 00000000 ____D () C:\Windows\ERUNT

2014-03-05 13:13 - 2014-03-05 13:13 - 01244192 _____ () C:\Users\Raimund\Desktop\adwcleaner.exe

2014-03-05 13:13 - 2014-03-05 13:13 - 01037734 _____ (Thisisu) C:\Users\Raimund\Desktop\JRT.exe

2014-03-05 12:55 - 2008-07-08 15:40 - 00000000 ____D () C:\Program Files\Microsoft Office

2014-03-05 12:46 - 2006-11-02 13:47 - 00393680 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-05 12:45 - 2008-01-21 03:47 - 01654448 _____ () C:\Windows\PFRO.log

2014-03-05 12:44 - 2008-12-07 14:25 - 00000000 ____D () C:\ProgramData\CyberLink

2014-03-05 12:44 - 2008-07-08 15:25 - 00000000 ____D () C:\Program Files\CyberLink

2014-03-05 12:44 - 2008-07-08 15:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2014-03-05 12:37 - 2008-12-19 21:41 - 00000000 ____D () C:\ProgramData\ScanSoft

2014-03-05 12:18 - 2014-03-05 12:18 - 00008981 _____ () C:\ComboFix.txt

2014-03-05 12:18 - 2014-03-05 11:50 - 00000000 ____D () C:\Qoobox

2014-03-05 12:18 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default

2014-03-05 12:18 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public

2014-03-05 12:16 - 2014-03-05 11:48 - 00000000 ____D () C:\Windows\erdnt

2014-03-05 12:13 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini

2014-03-05 11:33 - 2008-07-08 15:40 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-03-05 11:31 - 2010-06-08 20:29 - 00000000 ___RD () C:\Program Files\Skype

2014-03-05 11:30 - 2010-06-08 20:29 - 00000000 ____D () C:\ProgramData\Skype

2014-03-05 11:22 - 2014-03-05 11:22 - 05186850 ____R (Swearware) C:\Users\Raimund\Desktop\ComboFix.exe

2014-03-05 11:04 - 2010-11-24 17:58 - 00003309 _____ () C:\ProgramData\hpzinstall.log

2014-03-05 11:04 - 2009-12-18 18:33 - 00000142 _____ () C:\Windows\ktel.ini

2014-03-05 11:03 - 2010-11-24 18:00 - 00000000 ____D () C:\Program Files\HP

2014-03-05 10:56 - 2010-01-17 21:49 - 00000000 ____D () C:\Users\Raimund\AppData\Local\CrashDumps

2014-03-05 10:54 - 2012-05-31 17:02 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Memeo

2014-03-05 10:43 - 2009-11-20 17:04 - 00000000 ____D () C:\ProgramData\Norton

2014-03-05 09:40 - 2010-06-08 20:30 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Skype

2014-03-05 09:28 - 2014-03-04 08:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-03-05 09:25 - 2014-03-05 09:25 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help

2014-03-05 09:25 - 2014-03-05 09:25 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help

2014-03-05 09:23 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2014-03-05 09:22 - 2008-12-30 22:12 - 00000000 ____D () C:\Program Files\Microsoft Works

2014-03-05 09:17 - 2014-03-04 08:56 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-05 09:16 - 2014-03-04 08:53 - 00000000 ____D () C:\Users\Raimund\Desktop\mbar

2014-03-04 18:41 - 2014-03-04 18:41 - 00000000 ____D () C:\Windows\system32\Adobe

2014-03-04 18:28 - 2014-03-04 18:28 - 00000000 ____D () C:\Users\Raimund\AppData\Local\WindowsUpdate

2014-03-04 18:27 - 2014-03-04 18:27 - 00000000 ____D () C:\Users\Raimund\AppData\Local\Secunia PSI

2014-03-04 18:27 - 2014-03-04 18:27 - 00000000 ____D () C:\Program Files\Secunia

2014-03-04 18:26 - 2014-03-04 18:25 - 05329480 _____ (Secunia) C:\Users\Raimund\Downloads\PSISetup_3.0.0.9016.exe

2014-03-04 08:56 - 2014-03-04 08:56 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-04 08:53 - 2014-03-04 08:53 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-04 08:52 - 2014-03-04 08:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Raimund\Desktop\mbar-1.07.0.1009.exe

2014-03-03 11:35 - 2014-03-03 11:35 - 00005976 _____ () C:\Users\Raimund\Desktop\Gmer.log

2014-03-03 11:05 - 2014-03-03 11:04 - 00143376 _____ () C:\Windows\Minidump\Mini030314-01.dmp

2014-03-03 11:04 - 2012-12-12 15:31 - 346647914 _____ () C:\Windows\MEMORY.DMP

2014-03-03 11:04 - 2012-12-12 15:31 - 00000000 ____D () C:\Windows\Minidump

2014-03-03 11:01 - 2014-03-03 10:59 - 00044220 _____ () C:\Users\Raimund\Desktop\Addition.txt

2014-03-03 10:56 - 2014-03-03 10:56 - 00000476 _____ () C:\Users\Raimund\Desktop\defogger_disable.log

2014-03-03 10:56 - 2014-03-03 10:56 - 00000000 _____ () C:\Users\Raimund\defogger_reenable

2014-03-03 10:56 - 2008-12-04 23:31 - 00000000 ____D () C:\Users\Raimund

2014-03-03 10:52 - 2014-03-03 10:52 - 00380416 _____ () C:\Users\Raimund\Desktop\Gmer-19357.exe

2014-03-03 10:51 - 2014-03-03 10:51 - 01145344 _____ (Farbar) C:\Users\Raimund\Desktop\FRST.exe

2014-03-03 10:50 - 2014-03-03 10:50 - 00050477 _____ () C:\Users\Raimund\Desktop\Defogger.exe

2014-03-02 00:41 - 2014-03-02 00:39 - 00000000 ____D () C:\Users\Raimund\Documents\Intelli-studio

2014-03-02 00:41 - 2014-02-20 11:08 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Intelli-studio

2014-02-27 14:05 - 2006-11-02 11:33 - 01619710 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-20 22:03 - 2012-12-12 16:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-02-20 22:03 - 2012-12-12 16:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-02-20 11:16 - 2006-11-02 13:52 - 00108264 _____ () C:\Windows\setupact.log

2014-02-20 11:07 - 2008-07-08 15:23 - 00000000 ____D () C:\Program Files\Samsung

2014-02-17 14:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-02-15 15:40 - 2013-08-15 14:27 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-15 15:34 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-02-05 09:58 - 2014-02-15 15:26 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-05 09:56 - 2014-02-15 15:26 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-05 09:53 - 2014-02-15 15:26 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-05 09:51 - 2014-02-15 15:26 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-05 09:50 - 2014-02-15 15:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-05 09:49 - 2014-02-15 15:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-05 09:49 - 2014-02-15 15:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-02-05 09:48 - 2014-02-15 15:26 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-05 09:48 - 2014-02-15 15:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-02-05 09:48 - 2014-02-15 15:26 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-05 09:48 - 2014-02-15 15:26 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-05 09:48 - 2014-02-15 15:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-05 09:47 - 2014-02-15 15:26 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-05 09:47 - 2014-02-15 15:26 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-05 09:47 - 2014-02-15 15:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-02-05 09:46 - 2014-02-15 15:26 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-03-05 19:41
 

==================== End Of Log ============================

--- --- ---