Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Entfernung von Malwarebytes Antimalware

Entfernung von Malwarebytes Antimalware


Log-Analyse und Auswertung: Entfernung von Malwarebytes Antimalware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 20.09.2013, 17:20   #1
Super-Chef
 
Entfernung von Malwarebytes Antimalware - Icon17

Entfernung von Malwarebytes Antimalware


Hallo erst mal,
ich hab bei einen Scan mit Antimalwarebytes verschiedene Schadprogramme entdeckt die ich in Quarantäne verschoben habe. Siehe Log
[CODE]Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.20.05

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
krohn :: KROHN-PC [Administrator]

20.09.2013 15:36:42
mbam-log-2013-09-20 (15-36-42).txt

Art des Suchlaufs: Quick-Scan




Danach hab ich den defogger gestarted, siehe log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:59 on 20/09/2013 (krohn)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
dann habe ich den FRST scan ausgeführt,
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-09-2013 01
Ran by krohn (administrator) on KROHN-PC on 20-09-2013 17:07:41
Running from C:\Users\krohn\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\krohn\Downloads\Defogger.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [eDataSecurity Loader] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [BisonInst0402] - C:\Windows\BR040286.exe [53248 2007-05-08] (Bison Inc.)
HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\LManager.exe [752136 2007-06-27] (Dritek System Inc.)
HKLM\...\Run: [PlayMovie] - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [206952 2007-05-24] (CyberLink Corp.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [159744 2007-06-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [WarReg_PopUp] - C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [eAudio] - C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-06-11] (CyberLink)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5993136 2012-04-27] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [403656 2012-04-27] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1173680 2012-04-27] (Acronis)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1648264 2013-04-30] (Ask)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Runonce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-04-26] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-04-26] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=44AC001DD948BB14&affID=119557&tsp=5001
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=44AC001DD948BB14&affID=119557&tsp=5001
SearchScopes: HKCU - {1DFC6D38-3227-4A91-9686-E72319AD5091} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=f9f0f1e6-3dee-4c85-bc6e-ea1013c78796&apn_sauid=6969A6D6-E27E-4EE0-963C-CDC3A8A53FBC
SearchScopes: HKCU - {B2D94C9A-F539-4091-BF5B-C76DB6ACA770} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKCU - {B759C320-04C2-4C6F-AC7F-BE3D24C30D98} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://www.popcap.com/webgames/popcaploader_v10_de.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=44AC001DD948BB14&affID=119557&tsp=5001
CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=44AC001DD948BB14&affID=119557&tsp=5001"
CHR DefaultSearchURL: (Delta Search) - hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=44AC001DD948BB14&affID=119557&tsp=5001
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Picasa) - C:\Users\krohn\Picasa3\npPicasa3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Avira Toolbar) - C:\Users\krohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.26.54987_0
CHR Extension: (Delta Toolbar) - C:\Users\krohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
CHR Extension: (Lyrics Say) - C:\Users\krohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmhcdakklnadpfeflffckpmjijiblia\1.132_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\krohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (BrowseFox) - C:\Users\krohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppdjnkblmcjfnlogjjhpigpdgpcgdpll\1.0.0_0
CHR HKLM\...\Chrome\Extension: [aaaangaohdajkgeopjhpbnlpkehbhmbj] - C:\Users\krohn\AppData\Local\APN\GoogleCRXs\aaaangaohdajkgeopjhpbnlpkehbhmbj_7.15.26.0.crx
CHR HKLM\...\Chrome\Extension: [nfmhcdakklnadpfeflffckpmjijiblia] - C:\Program Files\LyricsWOW\132.crx
CHR HKLM\...\Chrome\Extension: [ppdjnkblmcjfnlogjjhpigpdgpcgdpll] - C:\Program Files\BrowseFox\ppdjnkblmcjfnlogjjhpigpdgpcgdpll.crx

========================== Services (Whitelisted) =================

S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [821552 2012-04-27] (Acronis)
S2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3491792 2012-07-09] (Acronis)
S2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] ()
S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT)
S2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-03-14] (Acer Inc.)
S2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-05-22] (Acer Inc.)
S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-02-13] (Acer Inc.)
S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-05-10] ()
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S2 gupdate1c9e872e1296470; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-08] (Google Inc.)
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] ()
S2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [5924008 2012-04-27] (Acronis)
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
S2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-14] (acer)

==================== Drivers (Whitelisted) ====================

S3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [974248 2007-07-26] (Bison Electronics. Inc. )
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S1 DritekPortIO; C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-09-20] (Malwarebytes Corporation)
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [775232 2012-07-09] (Acronis)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126880 2012-07-09] (Acronis)
R0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [86496 2012-07-09] (Acronis)
S3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [19456 2010-02-08] (WiFi Media Connect)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-20 17:07 - 2013-09-20 17:07 - 00000000 ____D C:\FRST
2013-09-20 17:04 - 2013-09-20 17:04 - 01950622 _____ (Farbar) C:\Users\krohn\Downloads\FRST64.exe
2013-09-20 17:03 - 2013-09-20 17:03 - 01083549 _____ (Farbar) C:\Users\krohn\Downloads\FRST.exe
2013-09-20 16:59 - 2013-09-20 16:59 - 00000472 _____ C:\Users\krohn\Downloads\defogger_disable.log
2013-09-20 16:59 - 2013-09-20 16:59 - 00000000 _____ C:\Users\krohn\defogger_reenable
2013-09-20 16:57 - 2013-09-20 16:57 - 00050477 _____ C:\Users\krohn\Downloads\Defogger.exe
2013-09-20 16:46 - 2013-09-20 16:46 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-09-20 15:33 - 2013-09-20 15:33 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-20 15:30 - 2013-09-20 15:30 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\krohn\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-15 13:00 - 2013-09-20 16:39 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-15 13:00 - 2013-09-15 13:00 - 00000000 ____D C:\Users\krohn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-11 18:54 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 18:54 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 18:54 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 18:54 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 18:54 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-11 18:54 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 18:54 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-11 18:54 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 18:54 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 18:54 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-11 18:54 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-11 18:54 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 18:54 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 18:54 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 18:54 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-11 18:54 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 17:54 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 17:54 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-11 17:40 - 2013-09-19 21:35 - 00001801 _____ C:\Users\krohn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk
2013-09-10 18:23 - 2013-09-10 18:26 - 97243424 _____ C:\Users\krohn\Downloads\avira_free_antivirus_de.exe
2013-09-10 18:22 - 2013-09-10 18:22 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-10 18:22 - 2013-09-10 18:22 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-10 18:22 - 2013-09-10 18:22 - 00000000 ____D C:\Users\krohn\AppData\Local\avgchrome
2013-09-10 18:22 - 2013-09-10 18:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-10 18:22 - 2013-09-10 18:22 - 00000000 ____D C:\Program Files\Delta
2013-09-10 18:21 - 2013-09-10 18:21 - 00000000 ____D C:\ProgramData\Babylon
2013-09-07 15:59 - 2013-09-07 15:59 - 00400125 _____ C:\Users\krohn\Downloads\josephine (4).xps
2013-09-07 15:59 - 2013-09-07 15:59 - 00400125 _____ C:\Users\krohn\Downloads\josephine (4) (1).xps
2013-09-07 15:42 - 2013-09-07 15:42 - 00400125 _____ C:\Users\krohn\Downloads\josephine (3).xps
2013-09-07 15:42 - 2013-09-07 15:42 - 00400125 _____ C:\Users\krohn\Downloads\josephine (3) (1).xps
2013-09-07 15:35 - 2013-09-07 15:35 - 00000180 _____ C:\Users\krohn\Downloads\load.js
2013-09-07 15:29 - 2013-09-07 15:29 - 01502546 _____ C:\Users\krohn\Downloads\josephine (2).xps
2013-09-07 15:26 - 2013-09-07 15:26 - 00126404 _____ C:\Users\krohn\Downloads\josephine.xps
2013-09-07 15:26 - 2013-09-07 15:26 - 00126404 _____ C:\Users\krohn\Downloads\josephine (1).xps
2013-08-31 16:26 - 2013-08-31 16:26 - 01393938 _____ C:\Users\krohn\Downloads\grand resort .xps
2013-08-31 16:26 - 2013-08-31 16:26 - 01393938 _____ C:\Users\krohn\Downloads\grand resort  (1).xps
2013-08-27 19:55 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-25 21:57 - 2013-08-25 21:57 - 00001668 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-25 21:56 - 2013-08-25 21:57 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-25 21:56 - 2013-08-25 21:57 - 00000000 ____D C:\Program Files\iTunes
2013-08-25 21:56 - 2013-08-25 21:56 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2013-09-20 17:07 - 2013-09-20 17:07 - 00000000 ____D C:\FRST
2013-09-20 17:04 - 2013-09-20 17:04 - 01950622 _____ (Farbar) C:\Users\krohn\Downloads\FRST64.exe
2013-09-20 17:03 - 2013-09-20 17:03 - 01083549 _____ (Farbar) C:\Users\krohn\Downloads\FRST.exe
2013-09-20 16:59 - 2013-09-20 16:59 - 00000472 _____ C:\Users\krohn\Downloads\defogger_disable.log
2013-09-20 16:59 - 2013-09-20 16:59 - 00000000 _____ C:\Users\krohn\defogger_reenable
2013-09-20 16:59 - 2008-03-24 13:38 - 00000000 ____D C:\Users\krohn
2013-09-20 16:57 - 2013-09-20 16:57 - 00050477 _____ C:\Users\krohn\Downloads\Defogger.exe
2013-09-20 16:48 - 2006-11-02 12:33 - 01573698 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-20 16:46 - 2013-09-20 16:46 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-09-20 16:44 - 2007-10-13 02:02 - 00297338 _____ C:\Windows\PFRO.log
2013-09-20 16:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system
2013-09-20 16:39 - 2013-09-15 13:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-20 15:33 - 2013-09-20 15:33 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-20 15:33 - 2012-07-05 14:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-20 15:30 - 2013-09-20 15:30 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\krohn\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-19 21:37 - 2007-10-13 02:07 - 01068763 _____ C:\Windows\WindowsUpdate.log
2013-09-19 21:37 - 2006-11-02 15:01 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-19 21:37 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-19 21:37 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-19 21:37 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-19 21:35 - 2013-09-11 17:40 - 00001801 _____ C:\Users\krohn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk
2013-09-19 21:31 - 2008-03-24 13:57 - 00027335 _____ C:\Users\krohn\AppData\Roaming\nvModes.001
2013-09-19 21:29 - 2009-07-04 00:45 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-19 21:24 - 2012-10-26 17:12 - 00001356 _____ C:\Users\krohn\AppData\Local\d3d9caps.dat
2013-09-19 21:13 - 2012-06-15 16:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-19 20:49 - 2012-06-15 16:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-19 20:49 - 2011-12-09 17:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-19 20:28 - 2009-07-04 00:45 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-17 13:22 - 2009-06-08 22:08 - 00001052 _____ C:\Windows\Tasks\Google Software Updater.job
2013-09-15 13:00 - 2013-09-15 13:00 - 00000000 ____D C:\Users\krohn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-12 19:06 - 2006-11-02 14:47 - 00398936 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 18:54 - 2013-08-20 23:23 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 18:49 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-10 18:26 - 2013-09-10 18:23 - 97243424 _____ C:\Users\krohn\Downloads\avira_free_antivirus_de.exe
2013-09-10 18:22 - 2013-09-10 18:22 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-10 18:22 - 2013-09-10 18:22 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-10 18:22 - 2013-09-10 18:22 - 00000000 ____D C:\Users\krohn\AppData\Local\avgchrome
2013-09-10 18:22 - 2013-09-10 18:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-10 18:22 - 2013-09-10 18:22 - 00000000 ____D C:\Program Files\Delta
2013-09-10 18:21 - 2013-09-10 18:21 - 00000000 ____D C:\ProgramData\Babylon
2013-09-09 15:17 - 2008-03-29 17:48 - 00002605 _____ C:\Users\krohn\Desktop\Microsoft Word.lnk
2013-09-07 16:05 - 2009-03-02 19:40 - 00002681 _____ C:\Users\krohn\Desktop\CorelDRAW X4.lnk
2013-09-07 15:59 - 2013-09-07 15:59 - 00400125 _____ C:\Users\krohn\Downloads\josephine (4).xps
2013-09-07 15:59 - 2013-09-07 15:59 - 00400125 _____ C:\Users\krohn\Downloads\josephine (4) (1).xps
2013-09-07 15:42 - 2013-09-07 15:42 - 00400125 _____ C:\Users\krohn\Downloads\josephine (3).xps
2013-09-07 15:42 - 2013-09-07 15:42 - 00400125 _____ C:\Users\krohn\Downloads\josephine (3) (1).xps
2013-09-07 15:35 - 2013-09-07 15:35 - 00000180 _____ C:\Users\krohn\Downloads\load.js
2013-09-07 15:29 - 2013-09-07 15:29 - 01502546 _____ C:\Users\krohn\Downloads\josephine (2).xps
2013-09-07 15:26 - 2013-09-07 15:26 - 00126404 _____ C:\Users\krohn\Downloads\josephine.xps
2013-09-07 15:26 - 2013-09-07 15:26 - 00126404 _____ C:\Users\krohn\Downloads\josephine (1).xps
2013-09-04 19:00 - 2008-03-24 13:57 - 00027335 _____ C:\Users\krohn\AppData\Roaming\nvModes.dat
2013-08-31 16:26 - 2013-08-31 16:26 - 01393938 _____ C:\Users\krohn\Downloads\grand resort .xps
2013-08-31 16:26 - 2013-08-31 16:26 - 01393938 _____ C:\Users\krohn\Downloads\grand resort  (1).xps
2013-08-25 21:57 - 2013-08-25 21:57 - 00001668 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-25 21:57 - 2013-08-25 21:56 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-25 21:57 - 2013-08-25 21:56 - 00000000 ____D C:\Program Files\iTunes
2013-08-25 21:56 - 2013-08-25 21:56 - 00000000 ____D C:\Program Files\iPod
2013-08-25 21:56 - 2008-06-01 17:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-25 20:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-21 22:53 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-21 22:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE

ZeroAccess:
C:\Users\krohn\AppData\Local\{ecbf0d19-cdda-fb12-959d-4ce4e3362c24}
C:\Users\krohn\AppData\Local\{ecbf0d19-cdda-fb12-959d-4ce4e3362c24}\@
C:\Users\krohn\AppData\Local\{ecbf0d19-cdda-fb12-959d-4ce4e3362c24}\n
C:\Users\krohn\AppData\Local\{ecbf0d19-cdda-fb12-959d-4ce4e3362c24}\U\800000cb.@

Some content of TEMP:
====================
C:\Users\krohn\AppData\Local\temp\APNStub.exe
C:\Users\krohn\AppData\Local\temp\AskSLib.dll
C:\Users\krohn\AppData\Local\temp\iv_uninstall.exe
C:\Users\krohn\AppData\Local\temp\jre-7u11-windows-i586-iftw.exe
C:\Users\krohn\AppData\Local\temp\jre-7u13-windows-i586-iftw.exe
C:\Users\krohn\AppData\Local\temp\jre-7u17-windows-i586-iftw.exe
C:\Users\krohn\AppData\Local\temp\jre-7u21-windows-i586-iftw.exe
C:\Users\krohn\AppData\Local\temp\jre-7u25-windows-i586-iftw.exe
C:\Users\krohn\AppData\Local\temp\jre-7u7-windows-i586-iftw.exe
C:\Users\krohn\AppData\Local\temp\jre-7u9-windows-i586-iftw.exe
C:\Users\krohn\AppData\Local\temp\RtkBtMnt.exe
C:\Users\krohn\AppData\Local\temp\Setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-20 16:59

==================== End Of Log ============================
hier die Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-09-2013 01
Ran by krohn at 2013-09-20 17:09:27
Running from C:\Users\krohn\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Installed Programs =======================

Acer Arcade Deluxe (Version: 1.12.4327)
Acer Crystal Eye (Version: 7.32.701.12a)
Acer Crystal Eye webcam (Version: 2.0.0.9)
Acer eAudio Management (Version: 2.5.4012)
Acer eDataSecurity Management (Version: 2.5.4241)
Acer eLock Management (Version: 2.5.4005)
Acer Empowering Technology (Version: 2.5.4006)
Acer eNet Management (Version: 2.6.4007)
Acer ePower Management (Version: 2.5.4021)
Acer ePresentation Management (Version: 2.5.4002)
Acer eSettings Management (Version: 2.5.4008)
Acer GridVista (Version: 2.68.622)
Acer Mobility Center Plug-In (Version: 1.0.3003)
Acer ScreenSaver (Version: 1.12.20070515)
Acer Tour (Version: 2.0.1003)
Acronis*True*Image*Home 2012 (Version: 15.0.7119)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader 8.1.3 (Version: 8.1.3)
Adobe Shockwave Player 11 (Version: 11)
ALPS Touch Pad Driver
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.26.0)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.6.45268)
Big Kahuna Reef 2
Bonjour (Version: 3.0.0.10)
BUDNI Fotowelt
Cake Mania
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.5.0.3)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.1.6)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC (Version: 7.1.0.7)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities MyCamera DC (Version: 7.0.1.8)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities ZoomBrowser EX (Version: 6.1.0.20)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
CorelDRAW 11 SA (Version: 11)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0)
CorelDRAW Graphics Suite X4 - Content (Version: 14.0)
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0)
CorelDRAW Graphics Suite X4 - Extra Content (Version: 14.0)
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0)
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0)
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0)
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang BR (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang CZ (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang ES (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang FR (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang IT (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang NL (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang PL (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang SU (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang SV (Version: 14.0)
CorelDRAW Graphics Suite X4 - PP (Version: 14.0)
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0)
CorelDRAW Graphics Suite X4 (Version: 14.0)
CorelDRAW SA 11 (Version: 11)
CorelDRAW(R) Graphics Suite X4
CorelDRAW(R) Graphics Suite X4 - Extra Content
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: 1.0)
Dynasty
Firebird SQL Server - MAGIX Edition (Version: 2.0.1.13)
Galapago
Google Chrome (Version: 29.0.1547.66)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
Google Updater (Version: 2.4.2432.1652)
HDAUDIO Soft Data Fax Modem with SmartCP
iCloud (Version: 2.1.2.8)
Intel(R) Matrix Storage Manager
iPhone-Konfigurationsprogramm (Version: 2.1.0.163)
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
Launch Manager
LightScribe  1.4.142.1 (Version: 1.4.142.1)
Luxor 2
MAGIX Foto Manager 8 6.0.1.457 (D) (Version: 6.0.1.457)
MAGIX Fotobuch 3.6 (Version: 3.6)
MAGIX Music Cleaning Lab 15 deluxe 10.0.0.0 (D) (Version: 10.0.0.0)
MAGIX Online Druck Service 3.4.3.0 (D) (Version: 3.4.3.0)
MAGIX Screenshare 4.3.6.1987 (D) (Version: 4.3.6.1987)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2000 Professional (Version: 9.00.2816)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MobileMe Control Panel (Version: 3.1.8.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mufin MusicFinder Base 1.5.3.255 (D) (Version: 1.5.3.255)
Mystery Case Files - Prime Suspects
Mystery Case Files Ravenhearst
NTI Backup NOW! 4.7 (Version: 4)
NTI CD & DVD-Maker (Version: 7)
NVIDIA Drivers
OverDisk (remove only)
PowerProducer 3.72 (Version: 074324(3.7)_Vista_Acer)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5443)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (Version: 3.51.01)
Safari (Version: 5.34.57.2)
SES Driver (Version: 1.0.0)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Star Defender 3
TextMaker Viewer
Treasures of the Deep
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VBA (2701.01) (Version: 6.03.00.9402)
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69)
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69)
Visual Basic for Applications (R) Core (Version: 6.4.99.69)
Wi-Fi MediaConnect (Version: 1.6.43)
WinRAR
Zuma Deluxe

==================== Restore Points  =========================

05-09-2013 17:49:09 Geplanter Prüfpunkt
06-09-2013 19:01:18 Windows Update
07-09-2013 11:13:31 Geplanter Prüfpunkt
08-09-2013 12:06:05 Geplanter Prüfpunkt
09-09-2013 14:01:51 Geplanter Prüfpunkt
10-09-2013 15:57:20 Windows Update
11-09-2013 16:48:34 Windows Update
12-09-2013 18:07:21 Geplanter Prüfpunkt
15-09-2013 11:03:22 Windows Update
16-09-2013 09:27:00 Geplanter Prüfpunkt
17-09-2013 02:59:38 Geplanter Prüfpunkt
18-09-2013 20:56:59 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2012-07-05 11:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0511E366-F7F2-4530-8703-A7B62DD31564} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-12] (Google)
Task: {05350024-A54D-4167-B80C-B0D776B4E46B} - System32\Tasks\Microsoft\Windows\RestartManager\{8A3E5540-6B9A-4176-8DB5-F8400BFDE015} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {143072E1-F9CB-4C46-BD1C-F75B60DEB657} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-04-30] ()
Task: {149578B3-5D03-4C12-A3BE-628FC7755166} - System32\Tasks\EPUpdater => C:\Users\krohn\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
Task: {1C74CF97-BB15-431A-9159-7741A6E70EDD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {28AAF5C6-4A74-48F9-BED5-6AFEECC0C83E} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.)
Task: {2F793755-BC24-4932-ADC6-89B00194C049} - System32\Tasks\BitGuard => Sc.exe start BitGuard
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {44C0E2BD-6AAE-4367-905A-9CCB4A6E5307} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19] (Adobe Systems Incorporated)
Task: {574E055A-585C-4D44-B739-9220FCFA690E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-08] (Google Inc.)
Task: {734079EB-691F-4124-B189-08730E9939C2} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {7A7BDAB1-DC93-4730-9293-74F9A5625C82} - System32\Tasks\Lyrics Say Update => C:\Program Files\LyricsWOW\wowupd.exe
Task: {96EDD72E-0B8F-4AFE-AF76-E70F3A854D6D} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9A771CDD-FB7D-4803-8F30-46C8B810FAC9} - System32\Tasks\Microsoft\Windows\RestartManager\{F3197102-C274-464e-B2F1-D42F2EE43EB1} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {9D12689E-91F9-4C3F-A311-4FDDD9BC1C35} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {B91CA4B7-839D-4600-806A-08A57E641817} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-08] (Google Inc.)
Task: {C987E37B-0010-4825-B8E0-3A0FE21FBD99} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F97D1BA2-AA1B-4496-B6E8-2E1704E60D1B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-04-27 19:09 - 2012-04-27 19:09 - 00018784 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
2010-12-04 16:57 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2007-04-25 16:30 - 2007-04-25 16:30 - 00315392 _____ (HiTRUST) C:\Windows\system32\eDSshellExt.dll
2006-11-29 21:30 - 2006-11-29 21:30 - 00401408 _____ (HiTRUST) C:\Windows\system32\CryptoAPI.dll
2013-09-20 15:33 - 2011-06-01 10:16 - 00496976 _____ (vbAccelerator) C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
2013-09-20 15:33 - 2012-05-22 17:05 - 00046416 _____ (vbAccelerator) C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
2013-09-19 20:49 - 2013-09-19 20:49 - 16244616 ____R (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\Flash32_11_8_800_175.ocx

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:375A40C3
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:7B212553
AlternateDataStreams: C:\ProgramData\TEMP:A95A95AC
AlternateDataStreams: C:\ProgramData\TEMP:AA9519A6
AlternateDataStreams: C:\ProgramData\TEMP:B203B914
AlternateDataStreams: C:\ProgramData\TEMP:B623B5B8

==================== Faulty Device Manager Devices =============

Name: Anwenderinfrarotgeräte
Description: Anwenderinfrarotgeräte
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (09/20/2013 04:45:22 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/20/2013 03:22:41 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/19/2013 09:19:20 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/19/2013 09:01:07 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16506 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: bb8
Anfangszeit: 01ceb56a315becd1
Zeitpunkt der Beendigung: 307

Error: (09/16/2013 00:49:49 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KROHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\YBCBENDJ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#WWW.SUPERFISH.COM\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/16/2013 00:49:49 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KROHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\YBCBENDJ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#WWW.SUPERFISH.COM\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/16/2013 00:49:29 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KROHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\YBCBENDJ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#NDIRECT.PPRO.DE\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/16/2013 00:49:29 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KROHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\YBCBENDJ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#NDIRECT.PPRO.DE\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/16/2013 00:00:56 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KROHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\YBCBENDJ\WWW.AJAXCDN.ORG\SWF.SWF\DM_COOKIE.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/16/2013 00:00:56 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KROHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\YBCBENDJ\WWW.AJAXCDN.ORG\SWF.SWF\DM_COOKIE.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (09/20/2013 04:46:38 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/20/2013 04:46:01 PM) (Source: Service Control Manager) (User: )
Description: spldr
ssmdrv
Wanarpv6

Error: (09/20/2013 04:46:01 PM) (Source: Service Control Manager) (User: )
Description: ComputerbrowserServer%%1068

Error: (09/20/2013 04:45:27 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/20/2013 04:45:24 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (09/20/2013 04:45:22 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/20/2013 04:45:16 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/20/2013 04:44:49 PM) (Source: LSM) (User: )
Description: Der Terminaldienst konnte nicht gestartet werden. Relevanter Statuscode: Der Dienst kann nicht im abgesicherten Modus gestartet werden.
.

Error: (09/20/2013 04:44:49 PM) (Source: DCOM) (User: )
Description: 1084TermService{F9A874B6-F8A8-4D73-B5A8-AB610816828B}

Error: (09/20/2013 03:28:51 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (09/20/2013 04:45:22 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/20/2013 03:22:41 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/19/2013 09:19:20 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/19/2013 09:01:07 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16506bb801ceb56a315becd1307

Error: (09/16/2013 00:49:49 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\KROHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\YBCBENDJ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#WWW.SUPERFISH.COM\SETTINGS.SOL

Error: (09/16/2013 00:49:49 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\KROHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\YBCBENDJ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#WWW.SUPERFISH.COM\SETTINGS.SOL

Error: (09/16/2013 00:49:29 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\KROHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\YBCBENDJ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#NDIRECT.PPRO.DE\SETTINGS.SOL

Error: (09/16/2013 00:49:29 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\KROHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\YBCBENDJ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#NDIRECT.PPRO.DE\SETTINGS.SOL

Error: (09/16/2013 00:00:56 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\KROHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\YBCBENDJ\WWW.AJAXCDN.ORG\SWF.SWF\DM_COOKIE.SOL

Error: (09/16/2013 00:00:56 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\KROHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\YBCBENDJ\WWW.AJAXCDN.ORG\SWF.SWF\DM_COOKIE.SOL


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 2045.27 MB
Available physical RAM: 1310.75 MB
Total Pagefile: 4323.82 MB
Available Pagefile: 3757 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.07 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:69.77 GB) (Free:18.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:61.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 9B1A69F6)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=70 GB) - (Type=06)
Partition 3: (Not Active) - (Size=70 GB) - (Type=07 NTFS)

==================== End Of Log ============================
und zuletzt den GMER Scan gemacht


Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-20 17:46:41
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\krohn\AppData\Local\Temp\pwdoqpow.sys


---- Kernel code sections - GMER 2.1 ----

?               System32\drivers\jrbftb.sys                                                         Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!EnableWindow       759FCD8B 5 Bytes  JMP 72389EBC C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!SetWindowsHookExW  759F87AD 5 Bytes  JMP 723825B4 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!CallNextHookEx     759F8E3B 5 Bytes  JMP 723A7FF9 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!EnableWindow       759FCD8B 5 Bytes  JMP 72389EBC C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!DefWindowProcW     75A103B4 7 Bytes  JMP 723A805C C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!SetWindowsHookExW  759F87AD 5 Bytes  JMP 723825B4 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CallNextHookEx     759F8E3B 5 Bytes  JMP 723A7FF9 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!EnableWindow       759FCD8B 5 Bytes  JMP 72389EBC C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DefWindowProcW     75A103B4 7 Bytes  JMP 723A805C C:\Windows\system32\IEFRAME.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                              tdrpman.sys

Device          \Driver\volmgr \Device\VolMgrControl                                                fltsrv.sys
Device          \Driver\volmgr \Device\HarddiskVolume1                                              fltsrv.sys
Device          \Driver\volmgr \Device\HarddiskVolume2                                              fltsrv.sys
Device          \Driver\volmgr \Device\HarddiskVolume3                                              fltsrv.sys
Device          \Driver\partmgr \Device\PartmgrControl                                              fltsrv.sys
Device          \Driver\disk \Device\Harddisk0\DR0                                                  fltsrv.sys

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                               unknown MBR code

---- EOF - GMER 2.1 ----

Kann mir bitte jemand sagen ob ich nun Antimalwarebytes gefahrlos von meinem Rechner entfernen kann und damit auch die files in Quarantäne, oder muss ich noch etwas beachten?

Vielen Dank im vorraus.
Alt 20.09.2013, 17:46   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Entfernung von Malwarebytes Antimalware - Standard

Entfernung von Malwarebytes Antimalware


Hi,

ich versteh grad nicht warum du MBAM deinstallieren willst, aber der Rechner ist definitiv noch verseucht.
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________
Antwort

Themen zu Entfernung von Malwarebytes Antimalware
adobe, antimalwarebytes, antivirus, avira, avira searchfree toolbar, bonjour, browsefox, browser, combofix, defender, desktop, entfernen, epupdater, explorer, farbar, farbar recovery scan tool, flash player, home, homepage, launch, mozilla, nodrives, picasa, plug-in, pop-up-blocker, popup, realtek, registry, required, rundll, scan, services.exe, software, svchost.exe, system, temp, vista, wsearch


« Windows XP: Doppelt unterstrichene, farbige Wörter mit WebLink | Windows7: Mozilla firefox öfnet immer http://arl16.ezpowerads.com Fenster »


Ähnliche Themen: Entfernung von Malwarebytes Antimalware


  1. Kinderkrankheiten Malwarebytes Antimalware, Emsisoft EEK und FRST64?
    Diskussionsforum - 26.11.2014 (7)
  2. Malwarebytes-Antimalware oder Noreton Internet Security
    Alles rund um Windows - 22.06.2014 (1)
  3. Malwarebytes Antimalware zeigte PUP.Optional.GetNow.A
    Log-Analyse und Auswertung - 26.05.2014 (16)
  4. mehrere Trojaner gefunden durch Malwarebytes Antimalware
    Log-Analyse und Auswertung - 28.02.2012 (44)
  5. Antimalware Doctor entdeckt - mit Malwarebytes gelöscht - was nun?
    Plagegeister aller Art und deren Bekämpfung - 15.06.2011 (26)
  6. Antimalware Doctor eingefangen - Malwarebytes hängt sich auf
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (32)
  7. Entfernung von Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (3)
  8. Antimalware Doctor - Probleme mit System trotz Entfernung durch Anti Malware
    Plagegeister aller Art und deren Bekämpfung - 24.08.2010 (9)
  9. Antimalware doctor: Malwarebytes hat Probleme beim löschen ?
    Plagegeister aller Art und deren Bekämpfung - 24.08.2010 (6)
  10. Antimalware Doctor Befall - Entfernung erfolgreich? -Log check
    Plagegeister aller Art und deren Bekämpfung - 14.08.2010 (21)
  11. Erfolgreiche Antimalware Doctor Entfernung? Firefox öffnet selbstständig Websites
    Log-Analyse und Auswertung - 18.06.2010 (3)
  12. AW: Antimalware Doctor Entfernung-Hilfe
    Mülltonne - 09.06.2010 (1)
  13. Abstürze nach Entfernung von Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 13.05.2010 (13)
  14. Windows XP SP3 Antimalware Doctor Entfernung erfolgreich?
    Log-Analyse und Auswertung - 12.05.2010 (9)
  15. Antimalware Doctor Problem bei Entfernung und Log Auswertung
    Plagegeister aller Art und deren Bekämpfung - 03.05.2010 (18)
  16. Malware-Reste nach Entfernung des Antimalware Doctors? Problem u.a.: Windows Firewall
    Log-Analyse und Auswertung - 26.04.2010 (8)
  17. Malwarebytes Antimalware warnt vor Hijack.ControlPanelStyle
    Plagegeister aller Art und deren Bekämpfung - 25.04.2009 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Entfernung von Malwarebytes Antimalware - Hallo erst mal, ich hab bei einen Scan mit Antimalwarebytes verschiedene Schadprogramme entdeckt die ich in Quarantäne verschoben habe. Siehe Log [CODE]Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.20.05 Windows Vista - Entfernung von Malwarebytes Antimalware...
Archiv
Du betrachtest: Entfernung von Malwarebytes Antimalware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129